* Remove PolicyService APIs policiesRequired, policiesUpdated,
isSupported, clearUnsupportedPolicies, and isActiveAdmin
* Add PolicyService API setAccountPolicy, which is the sole
method by which security policies are promulgated
* Add protocolPoliciesEnabled and protocolPoliciesUnsupported
to the Policy class; these are packed, localized strings
indicating policies that the protocol itself have enabled
and/or cannot support (i.e. these are policies that are
unknown to the DPM, e.g. don't load attachments)
* Differentiate in security notifications between three kinds
of policy changes - changes that don't require user
intervention (e.g. reducing requirements), changes that
require user intervention (the legacy notification), and
changes that make the account unsyncable (e.g. the server
adding an unsupportable policy). Handle all possible policy
changes cleanly.
* Make security notifications per account (with multiple
accounts, notifications would get arbitrarily munged)
* Expose ALL enforced policies via the account settings
screen in two categories: policies enforced (including
both policies enforced by the DPM and policies enforced
by the protocol) and policies unsupported (note that these
can only be seen if policies are changed after an account
is created; we do not allow the creation of an account
when any required policies are unsupported). Add a
button that forces a sync attempt, for accounts that
are locked out, but whose policies have changed on
the server (this would otherwise require a reboot).
* Updated unit tests
Bug: 5398682
Bug: 5393724
Bug: 5379682
Change-Id: I4a3df823913a809874ed959d228177f0fc799281
* Apparently, this is required via Microsoft specifications, though
there had been an earlier decision not to do this
Bug: 5384246
Change-Id: I05b6c2d21d3b295ad696f26a7a13cba6f1974e83
* A change in history requirement is not intended to force a new
password immediately; we just tell the DPM what the new
requirement is...
* This is one cause of the below-referenced bug
Bug: 5221119
Change-Id: I890b42d4eab4fbd9d34665fbea138f179d5d3215
* We weren't checking for it in determining whether our policies
were active; because of this, we never actually SET the policy
in the DPM
Bug: 5193399
Change-Id: I276901be21be681f66891f5374ec58cf1ea7b4be
* This CL fixes the referenced bug, but it does NOT explain how
mAccount; best guess is that the process was killed and then
restarted when the result from DPM was available.
* Assuming this is the case, we remove the background task loading
mAccount, avoiding a possible race.
* Also, it's not clear why clearNotifications didn't use the
account id argument; what if there's more than one account that
uses security? Filing a bug about this.
Bug: 5048912
Change-Id: I734834337ab6e409d77624e7c7370350de76becb
This is a manual cherry-pick of c379ebe372
This reverts commit 7fd14be804
The introduction of proper SD cards breaks the invariant that "external"
storage can be encrypted. Unfortunately, this means that accounts with
that policy bit set will have to be removed for now.
Accounts with the security policy set will be forced to go through
security provisioning on the next sync, using the regular mechanisms of
showing a notification with "Security update required", and then having
it fail. :(
Bug: 4466311
Change-Id: I68119b14f8d198779c2073296e228bc6772136ee
This sends the bit to the DPM. Separate changes have been/will be made
to change the provision parser and support it in the DPM.
Bug: 4185316
Change-Id: I44872ceb095a28539b047a0641cc499c7186a9b3
* Since DPM can erroneously report a password failure (specifically,
isActivePasswordSufficient() can return false when, in fact, the
active password is just fine)
* This is the proximate cause of the referenced bug; we just weren't
prepared to have the DPM mislead us...
Bug: 4464610
Change-Id: Ifcb85c0729e9a1884fbcf7b4180eb332bbfef1b5
* Replace crazy (and soon to be "full") bit fields stored in an account's
securityFlags with a row in a newly created Policy table (thus, fully
expandable)
* Update code from database version 17 to 18; adds Policy table, a
policyKey row in Account, and a revised trigger that deletes Policy
information for deleted Accounts
* Update old PolicySet unit tests to work against the new Policy class
* Add test for the conversion of securityFlags to Policy
* Tested in a variety of scenarios; appears to be functionally equivalent
Change-Id: I1505ee75230d6a0d3c2b62a46326f39c2c7f9eb5
Refactor the changes introduced in Ib02842bb.
- Now Welcome and AccountSettingsXL accept intents with URLs of the following
style, and get IDs from query params, rather than extras.
Welcome:
content://ui.email.android.com/view/mailbox?ACCOUNT_ID=1&MAILBOX_ID=2&MESSAGE_ID=3
AccountSettingsXL:
content://ui.email.android.com/settings?ACCOUNT_ID=1
- Now the "new message" and "login failed" notifications use these new style
intents, so the system wouldn't merge PendingIntents for different accounts.
Also:
- Moved all notification creation logic to NotificationController.
(Except the one in CalendarSyncEnabler; which is used only to support
upgrading from pre-froyo and I don't think it's worth refactoring.)
- Note the "password expired/expiring" and "security needed" notifications
aren't changed; they still use extras to store account IDs. This is okay
because these notifications are not per-account.
Bug 4065269
Change-Id: I70737438d2e7c45fd7488a5b0a7105c8568e02f7
* We needed to set DevicePolicyMnager.PASSWORD_QUALITY_COMPLEX
* Setting this, we also need to clear some of the defaults for complex
mode that are not correct for Exchange's definition of "complex".
* Unit tests
Bug: 4092218
Change-Id: Iea7bd05d48f1aa9406222c1db5937cfd7f2662b8
* This is is a minimal implementation that only supports the external
encryption policy when there is no physical/removable storage, and
the emulated external storage is located within an encrypted backing
store.
Bug: 3351426
Change-Id: Id96e9277f810beeebf816a914acd3d733eb713ea
* When security settings notification is clicked, inform user that
they need to change settings (before dumping them in security
settings.)
* On an authentication failure, present a dialog to the user explaining
that the username or password may be incorrect.
* When the device pin/password is expiring or expired, present a dialog
to the user explaining that it needs to be updated.
Bug: 3238657
Change-Id: I8fca446fa3c1bf87a95938553dbdc362c3df220e
* Use strings that fit properly in new notifications
* General cleanups & rewrites from Roy
* Remove showWarningNotification() and use postAccountNotification()
This is part I. Part II will add dialogs triggered by some of these
notifications, to provide more explanation to the user of what's wrong
and how to fix it.
Bug: 3238657
Change-Id: Ib51bcb4412f8a09a6f97653f0b5f8642efe2ac1e
* There are three pieces to this CL (sorry):
1) Move and/or rename some constants into emailcommon
2) Move Utility to emailcommon, moving the few UI
related utilities back into Email (FolderProperties
and UiUtilities)
3) Remove all references to resources from emailcommon
* The three pieces relate in that, between them, they allow
the emailcommon static library to compile cleanly
Bug: 3442973
Change-Id: Ic5e3abaa2a1b36999e0b6653c6c2134ea1bd544f
* Split PolicySet from SecurityPolicy and move to emailcommon
* Define PolicyService that sync adapter services can use to
interact with the Email DPM administrator
* Implement PolicyServiceProxy for exchange
* Implement PolicyService in email
* Modify imports, references, etc. as required
Bug: 3442973
Change-Id: I92015e21f780a68754b318da89fbb33570f334a2
* Add check for null Account, as this method can be called from a
background thread, and the Account might have been deleted by the
time we're called
Bug: 3396365
Change-Id: Ie125ed714c73d51beaedc818b6b731cea941666f
* This fixes the case of:
* a device that does *not* support device encryption
* connecting to an account that *does* require device encryption
* but also supports "non-provisioned devices" (making the encryption
requirement optional.)
* Added unit test
Bug: 3367191
Change-Id: I894e68c4119a102dad02d2e0815fccdae1e87189
* Use getStorageEncryptionStatus() to check device status
* Also, check granted policy on USES_ENCRYPTED_STORAGE
Bug: 3346641
Change-Id: I9e9a45a6d1d3cf4714e27b69cdb5952c841c640d
* Add encrypted-storage to uses-policies
* Add new field to PolicySet
* Add "false" to all constructor callers
* Add unit tests (including fixing some existing unit tests)
* Add new logic to AccountSecurity activity t0 dispatch both password
and encryption requests.
Bug: 3346641
Change-Id: I54f39bc9b6fbe21c033a05b36b83081e5c78a296
* DeviceAdminReceiver is actually a BroadcastReceiver, must follow
guidelines to prevent ANR or early process kill.
* Remove all uses of AsyncTask from DeviceAdminReceiver
* Pass all calls through EmailBroadcastProcessorService
* Minor restructuring of EmailBroadcastProcessorService to support
this use.
Change-Id: Ic6257ea5eff1bd466a736e0f93cb89b1cf8aa73e
* All active admin checks now go through common method
* Common code check both isAdminActive and the new (upgrade) policies
Bug: 3253179
Change-Id: Ie81f35906c164051f38c1f1f637d0c04b37eef16
* Set aggregated expiration values with DPM
* Fix min/max logic when aggregating, and fix unit test
* Add expiration tests when checking if policies are active
* Add expire-password to uses-policies set
* Handle password refresh (clear notifications and sec. holds)
* Handle password expiration (warning and/or wipe synced data)
* Unit tests for provider-level methods
* Refactor common security notification logic
* Placeholder notification strings (need final)
Bug: 3197935
Change-Id: Idf1975edd81dd7f55729156dc6b1002b7d09841f
- Now we show separate notification for each account
- New notification has sender photo, sender name, and subject
of the latest email
- Added the NotificationController class, which is intended to manage
all notifications besides "new message" eventually.
The framework doesn't seem to be 100% ready, and it's not clear how to
add the 3rd line in the expanded notification at this point. Need to
revisit it later to verify UI details.
Change-Id: I40193ee372cb6b2b7245c1588890f238b2469699
* EAS can send both "simple password" and a non-zero number of
required complex characters; we're supposed to ignore the
complex character requirement in this case
* Force complex characters to zero if password is "simple"
* Update constructor test to check the fix
Bug: 2903349
Change-Id: I3d42bd3c8f3667d8f3027da9e91e0dd18722d9bf
* In a recent change, we mistakenly removed the logic for handling
too-long inactivity timeouts; we should just fall back to the maximum
since this is stricter than what we're being asked to enforce
* Restore this logic and update the unit test
* The regression was caused by change Ida5663a9, to wit:
Backport: Handle "Allow non-provisionable devices" properly
Bug: 2886746
Change-Id: I99cf9a37441b80477cc1c2c7ec2a78f8a14a83da
- Added unit tests
- I see the "open a cursor, move to the first row, read a column" pattern over
and over. Added a utility method for this. (Let's try not to bloat the
binary by copying code around!)
- Added helper classes for database related tests
- Removed code dup
Change-Id: I380959215cc1661b252158f0f6e35369b499cdf8
* Backport from master branch
* Send policy key of "0" when validating; this gets us the policies
even if "Allow..." is enabled (currently, we simply don't see the
policies)
* If we don't support all of the policies, send back the response
code indicating support for partial support. If we get a positive
response back, then we're good to go - the server allows devices
with partial support. Otherwise, we fail as we always have - with
the toast indicating that the device doesn't support required
policies
* Remove PolicySet.isSupported() and ensure proper field ranges
within the constructor
* Update tests as appropriate
Bug: 2759782
Change-Id: Ida5663a9b35c75ecc61a5f442be0bd60b433cb73
* The setup flow is changed such that the user is asked to activate
device administration before leaving the setup flow, rather than
having to wait for the notification to appear, etc.
* Accounts requiring security are created in a security hold state
to prevent initial sync until device administration is active
Change-Id: I7e33cf98466370ae27414b99018f7aee71e9e237
* Minimum complex characters
* Password history (i.e. disallow re-use of past n passwords)
* Password expiration
* Password expiration is NOT yet supported in the framework; there
is a TODO in this CL and a trivial change will be needed when
support arrives; for now, we report this as unsupported
* The two implemented policies are testable
Change-Id: I477adbc000577c57d1ab1788378c97a60018c10c
* Send policy key of "0" when validating; this gets us the policies
even if "Allow..." is enabled (currently, we simply don't see the
policies)
* If we don't support all of the policies, send back the response
code indicating support for partial support. If we get a positive
response back, then we're good to go - the server allows devices
with partial support. Otherwise, we fail as we always have - with
the toast indicating that the device doesn't support required
policies
* Remove PolicySet.isSupported() and ensure proper field ranges
within the constructor
* Update tests as appropriate
Bug: 2759782
Change-Id: I5f354a0e2d81844aff75d8a8a6de3b97f0020c1f
This reverts commit 3ee0cad5f5.
Because commit 284b62e1b8c3419bfd02c6fea5ba0a68146c06f8 fixes the underlying
conflict between DeviceAdmin policies and apps attempting to disable the
Keyguard Lock, this patch is no longer required.
Accounts with a server policy requiring a device PIN or Password will
now work properly.
Bug: 2737842
Change-Id: I533c27a01a8a331dc11a0cb84bcc78f48edf621c
* The device policies that enforce the use of a device PIN or password
can be sidestepped by apps that implement KeyguardManager.KeyguardLock
* This renders the policies unuseable
* To prevent this, the email app now scans for any packages holding the
DISABLE_KEYGUARD permission. The existence of any non-system app
with this permission will put all security-enabled EAS accounts into
a security hold, and post a dialog describing the problem.
* The user must uninstall any such app(s) in order to sync their EAS data.
Bug: 2737842
Change-Id: I4c96d76b12d9242b5c755dd60d7578a825fae597
Marc Blank