ADHOC
/
replicant-packages_apps_Email
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Clear password related policies in PolicySet when p/w not required 

Bug: 2883736
Change-Id: I2c9c573aea9a4fef1699ff6339e8ef628d7f2269
This commit is contained in:
Marc Blank 2010-08-06 19:57:05 -07:00
parent 36bdeeb0e1
commit c263810b08
2 changed files with 71 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
src/com/android/email/SecurityPolicy.java
View File

@ -469,31 +469,41 @@ public class SecurityPolicy {
public PolicySet(int minPasswordLength, int passwordMode, int maxPasswordFails, public PolicySet(int minPasswordLength, int passwordMode, int maxPasswordFails,
int maxScreenLockTime, boolean requireRemoteWipe, int passwordExpiration, int maxScreenLockTime, boolean requireRemoteWipe, int passwordExpiration,
int passwordHistory, int passwordComplexChars) throws IllegalArgumentException { int passwordHistory, int passwordComplexChars) throws IllegalArgumentException {
// This value has a hard limit which cannot be supported if exceeded. Setting the // If we're not enforcing passwords, make sure we clean up related values, since EAS
// exceeded value will force isSupported() to return false. // can send non-zero values for any or all of these
if (minPasswordLength > PASSWORD_LENGTH_MAX) { if (passwordMode == PASSWORD_MODE_NONE) {
throw new IllegalArgumentException("password length"); maxPasswordFails = 0;
} maxScreenLockTime = 0;
if ((passwordMode != PASSWORD_MODE_NONE) && (passwordMode != PASSWORD_MODE_SIMPLE) && minPasswordLength = 0;
(passwordMode != PASSWORD_MODE_STRONG)) { passwordComplexChars = 0;
throw new IllegalArgumentException("password mode"); passwordHistory = 0;
} passwordExpiration = 0;
if (passwordExpiration > PASSWORD_EXPIRATION_MAX) { } else {
throw new IllegalArgumentException("password expiration"); if ((passwordMode != PASSWORD_MODE_SIMPLE) &&
} (passwordMode != PASSWORD_MODE_STRONG)) {
if (passwordHistory > PASSWORD_HISTORY_MAX) { throw new IllegalArgumentException("password mode");
throw new IllegalArgumentException("password history"); }
} // The next four values have hard limits which cannot be supported if exceeded.
if (passwordComplexChars > PASSWORD_COMPLEX_CHARS_MAX) { if (minPasswordLength > PASSWORD_LENGTH_MAX) {
throw new IllegalArgumentException("complex chars"); throw new IllegalArgumentException("password length");
} }
// This value can be reduced (which actually increases security) if necessary if (passwordExpiration > PASSWORD_EXPIRATION_MAX) {
if (maxPasswordFails > PASSWORD_MAX_FAILS_MAX) { throw new IllegalArgumentException("password expiration");
maxPasswordFails = PASSWORD_MAX_FAILS_MAX; }
} if (passwordHistory > PASSWORD_HISTORY_MAX) {
// This value can be reduced (which actually increases security) if necessary throw new IllegalArgumentException("password history");
if (maxScreenLockTime > SCREEN_LOCK_TIME_MAX) { }
maxScreenLockTime = SCREEN_LOCK_TIME_MAX; if (passwordComplexChars > PASSWORD_COMPLEX_CHARS_MAX) {
throw new IllegalArgumentException("complex chars");
}
// This value can be reduced (which actually increases security) if necessary
if (maxPasswordFails > PASSWORD_MAX_FAILS_MAX) {
maxPasswordFails = PASSWORD_MAX_FAILS_MAX;
}
// This value can be reduced (which actually increases security) if necessary
if (maxScreenLockTime > SCREEN_LOCK_TIME_MAX) {
maxScreenLockTime = SCREEN_LOCK_TIME_MAX;
}
} }
mMinPasswordLength = minPasswordLength; mMinPasswordLength = minPasswordLength;
mPasswordMode = passwordMode; mPasswordMode = passwordMode;

55
tests/src/com/android/email/SecurityPolicyTests.java
View File

@ -103,7 +103,7 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
// We know that EMPTY_POLICY_SET doesn't generate an Exception or we wouldn't be here // We know that EMPTY_POLICY_SET doesn't generate an Exception or we wouldn't be here
// Try some illegal parameters // Try some illegal parameters
try { try {
new PolicySet(100, PolicySet.PASSWORD_MODE_NONE, 0, 0, false, 0, 0, 0); new PolicySet(100, PolicySet.PASSWORD_MODE_SIMPLE, 0, 0, false, 0, 0, 0);
fail("Too-long password allowed"); fail("Too-long password allowed");
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
} }
@ -112,12 +112,23 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
fail("Illegal password mode allowed"); fail("Illegal password mode allowed");
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
} }
PolicySet ps = new PolicySet(0, PolicySet.PASSWORD_MODE_NONE, 0, PolicySet ps = new PolicySet(0, PolicySet.PASSWORD_MODE_SIMPLE, 0,
PolicySet.SCREEN_LOCK_TIME_MAX + 1, false, 0, 0, 0); PolicySet.SCREEN_LOCK_TIME_MAX + 1, false, 0, 0, 0);
assertEquals(PolicySet.SCREEN_LOCK_TIME_MAX, ps.getMaxScreenLockTime()); assertEquals(PolicySet.SCREEN_LOCK_TIME_MAX, ps.getMaxScreenLockTime());
ps = new PolicySet(0, PolicySet.PASSWORD_MODE_NONE, ps = new PolicySet(0, PolicySet.PASSWORD_MODE_SIMPLE,
PolicySet.PASSWORD_MAX_FAILS_MAX + 1, 0, false, 0, 0, 0); PolicySet.PASSWORD_MAX_FAILS_MAX + 1, 0, false, 0, 0, 0);
assertEquals(PolicySet.PASSWORD_MAX_FAILS_MAX, ps.getMaxPasswordFails()); assertEquals(PolicySet.PASSWORD_MAX_FAILS_MAX, ps.getMaxPasswordFails());
// All password related fields should be zero when password mode is NONE
// Illegal values for these fields should be ignored
ps = new PolicySet(999/*length*/, PolicySet.PASSWORD_MODE_NONE,
999/*fails*/, 9999/*screenlock*/, false, 999/*expir*/, 999/*history*/,
999/*complex*/);
assertEquals(0, ps.mMinPasswordLength);
assertEquals(0, ps.mMaxScreenLockTime);
assertEquals(0, ps.mMaxPasswordFails);
assertEquals(0, ps.mPasswordExpiration);
assertEquals(0, ps.mPasswordHistory);
assertEquals(0, ps.mPasswordComplexChars);
} }
/** /**
@ -177,7 +188,7 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
// fail count and lock timer - min logic - will change because smaller #s here // fail count and lock timer - min logic - will change because smaller #s here
// password exp will change (max logic), but history and complex chars will be as before // password exp will change (max logic), but history and complex chars will be as before
// wipe required - OR logic - will change here because true // wipe required - OR logic - will change here because true
PolicySet p5in = new PolicySet(4, PolicySet.PASSWORD_MODE_NONE, 5, 6, true, 6, 0, 0); PolicySet p5in = new PolicySet(4, PolicySet.PASSWORD_MODE_SIMPLE, 5, 6, true, 6, 0, 0);
Account a5 = ProviderTestUtils.setupAccount("sec-5", false, mMockContext); Account a5 = ProviderTestUtils.setupAccount("sec-5", false, mMockContext);
p5in.writeAccount(a5, null, true, mMockContext); p5in.writeAccount(a5, null, true, mMockContext);
PolicySet p5out = sp.computeAggregatePolicy(); PolicySet p5out = sp.computeAggregatePolicy();
@ -217,9 +228,10 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
*/ */
@SmallTest @SmallTest
public void testFieldIsolation() { public void testFieldIsolation() {
PolicySet p = new PolicySet(PolicySet.PASSWORD_LENGTH_MAX, 0, 0, 0, false, 0, 0 ,0); PolicySet p = new PolicySet(PolicySet.PASSWORD_LENGTH_MAX, PolicySet.PASSWORD_MODE_SIMPLE,
0, 0, false, 0, 0 ,0);
assertEquals(PolicySet.PASSWORD_MODE_SIMPLE, p.mPasswordMode);
assertEquals(PolicySet.PASSWORD_LENGTH_MAX, p.mMinPasswordLength); assertEquals(PolicySet.PASSWORD_LENGTH_MAX, p.mMinPasswordLength);
assertEquals(0, p.mPasswordMode);
assertEquals(0, p.mMaxPasswordFails); assertEquals(0, p.mMaxPasswordFails);
assertEquals(0, p.mMaxScreenLockTime); assertEquals(0, p.mMaxScreenLockTime);
assertEquals(0, p.mPasswordExpiration); assertEquals(0, p.mPasswordExpiration);
@ -228,8 +240,8 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
assertFalse(p.mRequireRemoteWipe); assertFalse(p.mRequireRemoteWipe);
p = new PolicySet(0, PolicySet.PASSWORD_MODE_STRONG, 0, 0, false, 0, 0, 0); p = new PolicySet(0, PolicySet.PASSWORD_MODE_STRONG, 0, 0, false, 0, 0, 0);
assertEquals(0, p.mMinPasswordLength);
assertEquals(PolicySet.PASSWORD_MODE_STRONG, p.mPasswordMode); assertEquals(PolicySet.PASSWORD_MODE_STRONG, p.mPasswordMode);
assertEquals(0, p.mMinPasswordLength);
assertEquals(0, p.mMaxPasswordFails); assertEquals(0, p.mMaxPasswordFails);
assertEquals(0, p.mMaxScreenLockTime); assertEquals(0, p.mMaxScreenLockTime);
assertEquals(0, p.mPasswordExpiration); assertEquals(0, p.mPasswordExpiration);
@ -237,9 +249,10 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
assertEquals(0, p.mPasswordComplexChars); assertEquals(0, p.mPasswordComplexChars);
assertFalse(p.mRequireRemoteWipe); assertFalse(p.mRequireRemoteWipe);
p = new PolicySet(0, 0, PolicySet.PASSWORD_MAX_FAILS_MAX, 0, false, 0, 0, 0); p = new PolicySet(0, PolicySet.PASSWORD_MODE_SIMPLE, PolicySet.PASSWORD_MAX_FAILS_MAX, 0,
false, 0, 0, 0);
assertEquals(PolicySet.PASSWORD_MODE_SIMPLE, p.mPasswordMode);
assertEquals(0, p.mMinPasswordLength); assertEquals(0, p.mMinPasswordLength);
assertEquals(0, p.mPasswordMode);
assertEquals(PolicySet.PASSWORD_MAX_FAILS_MAX, p.mMaxPasswordFails); assertEquals(PolicySet.PASSWORD_MAX_FAILS_MAX, p.mMaxPasswordFails);
assertEquals(0, p.mMaxScreenLockTime); assertEquals(0, p.mMaxScreenLockTime);
assertEquals(0, p.mPasswordExpiration); assertEquals(0, p.mPasswordExpiration);
@ -247,9 +260,10 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
assertEquals(0, p.mPasswordComplexChars); assertEquals(0, p.mPasswordComplexChars);
assertFalse(p.mRequireRemoteWipe); assertFalse(p.mRequireRemoteWipe);
p = new PolicySet(0, 0, 0, PolicySet.SCREEN_LOCK_TIME_MAX, false, 0, 0, 0); p = new PolicySet(0, PolicySet.PASSWORD_MODE_SIMPLE, 0, PolicySet.SCREEN_LOCK_TIME_MAX,
false, 0, 0, 0);
assertEquals(PolicySet.PASSWORD_MODE_SIMPLE, p.mPasswordMode);
assertEquals(0, p.mMinPasswordLength); assertEquals(0, p.mMinPasswordLength);
assertEquals(0, p.mPasswordMode);
assertEquals(0, p.mMaxPasswordFails); assertEquals(0, p.mMaxPasswordFails);
assertEquals(PolicySet.SCREEN_LOCK_TIME_MAX, p.mMaxScreenLockTime); assertEquals(PolicySet.SCREEN_LOCK_TIME_MAX, p.mMaxScreenLockTime);
assertEquals(0, p.mPasswordExpiration); assertEquals(0, p.mPasswordExpiration);
@ -257,9 +271,9 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
assertEquals(0, p.mPasswordComplexChars); assertEquals(0, p.mPasswordComplexChars);
assertFalse(p.mRequireRemoteWipe); assertFalse(p.mRequireRemoteWipe);
p = new PolicySet(0, 0, 0, 0, true, 0, 0, 0); p = new PolicySet(0, PolicySet.PASSWORD_MODE_NONE, 0, 0, true, 0, 0, 0);
assertEquals(PolicySet.PASSWORD_MODE_NONE, p.mPasswordMode);
assertEquals(0, p.mMinPasswordLength); assertEquals(0, p.mMinPasswordLength);
assertEquals(0, p.mPasswordMode);
assertEquals(0, p.mMaxPasswordFails); assertEquals(0, p.mMaxPasswordFails);
assertEquals(0, p.mMaxScreenLockTime); assertEquals(0, p.mMaxScreenLockTime);
assertEquals(0, p.mPasswordExpiration); assertEquals(0, p.mPasswordExpiration);
@ -267,9 +281,10 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
assertEquals(0, p.mPasswordComplexChars); assertEquals(0, p.mPasswordComplexChars);
assertTrue(p.mRequireRemoteWipe); assertTrue(p.mRequireRemoteWipe);
p = new PolicySet(0, 0, 0, 0, false, PolicySet.PASSWORD_EXPIRATION_MAX, 0, 0); p = new PolicySet(0, PolicySet.PASSWORD_MODE_SIMPLE, 0, 0, false,
PolicySet.PASSWORD_EXPIRATION_MAX, 0, 0);
assertEquals(PolicySet.PASSWORD_MODE_SIMPLE, p.mPasswordMode);
assertEquals(0, p.mMinPasswordLength); assertEquals(0, p.mMinPasswordLength);
assertEquals(0, p.mPasswordMode);
assertEquals(0, p.mMaxPasswordFails); assertEquals(0, p.mMaxPasswordFails);
assertEquals(0, p.mMaxScreenLockTime); assertEquals(0, p.mMaxScreenLockTime);
assertEquals(PolicySet.PASSWORD_EXPIRATION_MAX, p.mPasswordExpiration); assertEquals(PolicySet.PASSWORD_EXPIRATION_MAX, p.mPasswordExpiration);
@ -277,9 +292,10 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
assertEquals(0, p.mPasswordComplexChars); assertEquals(0, p.mPasswordComplexChars);
assertFalse(p.mRequireRemoteWipe); assertFalse(p.mRequireRemoteWipe);
p = new PolicySet(0, 0, 0, 0, false, 0, PolicySet.PASSWORD_HISTORY_MAX, 0); p = new PolicySet(0, PolicySet.PASSWORD_MODE_SIMPLE, 0, 0, false, 0,
PolicySet.PASSWORD_HISTORY_MAX, 0);
assertEquals(PolicySet.PASSWORD_MODE_SIMPLE, p.mPasswordMode);
assertEquals(0, p.mMinPasswordLength); assertEquals(0, p.mMinPasswordLength);
assertEquals(0, p.mPasswordMode);
assertEquals(0, p.mMaxPasswordFails); assertEquals(0, p.mMaxPasswordFails);
assertEquals(0, p.mMaxScreenLockTime); assertEquals(0, p.mMaxScreenLockTime);
assertEquals(0, p.mPasswordExpiration); assertEquals(0, p.mPasswordExpiration);
@ -287,9 +303,10 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
assertEquals(0, p.mPasswordComplexChars); assertEquals(0, p.mPasswordComplexChars);
assertFalse(p.mRequireRemoteWipe); assertFalse(p.mRequireRemoteWipe);
p = new PolicySet(0, 0, 0, 0, false, 0, 0, PolicySet.PASSWORD_COMPLEX_CHARS_MAX); p = new PolicySet(0, PolicySet.PASSWORD_MODE_SIMPLE, 0, 0, false, 0, 0,
PolicySet.PASSWORD_COMPLEX_CHARS_MAX);
assertEquals(PolicySet.PASSWORD_MODE_SIMPLE, p.mPasswordMode);
assertEquals(0, p.mMinPasswordLength); assertEquals(0, p.mMinPasswordLength);
assertEquals(0, p.mPasswordMode);
assertEquals(0, p.mMaxPasswordFails); assertEquals(0, p.mMaxPasswordFails);
assertEquals(0, p.mMaxScreenLockTime); assertEquals(0, p.mMaxScreenLockTime);
assertEquals(0, p.mPasswordExpiration); assertEquals(0, p.mPasswordExpiration);