* Remove PolicyService APIs policiesRequired, policiesUpdated,
isSupported, clearUnsupportedPolicies, and isActiveAdmin
* Add PolicyService API setAccountPolicy, which is the sole
method by which security policies are promulgated
* Add protocolPoliciesEnabled and protocolPoliciesUnsupported
to the Policy class; these are packed, localized strings
indicating policies that the protocol itself have enabled
and/or cannot support (i.e. these are policies that are
unknown to the DPM, e.g. don't load attachments)
* Differentiate in security notifications between three kinds
of policy changes - changes that don't require user
intervention (e.g. reducing requirements), changes that
require user intervention (the legacy notification), and
changes that make the account unsyncable (e.g. the server
adding an unsupportable policy). Handle all possible policy
changes cleanly.
* Make security notifications per account (with multiple
accounts, notifications would get arbitrarily munged)
* Expose ALL enforced policies via the account settings
screen in two categories: policies enforced (including
both policies enforced by the DPM and policies enforced
by the protocol) and policies unsupported (note that these
can only be seen if policies are changed after an account
is created; we do not allow the creation of an account
when any required policies are unsupported). Add a
button that forces a sync attempt, for accounts that
are locked out, but whose policies have changed on
the server (this would otherwise require a reboot).
* Updated unit tests
Bug: 5398682
Bug: 5393724
Bug: 5379682
Change-Id: I4a3df823913a809874ed959d228177f0fc799281
We seemed to not properly fallback to querying the database if the cache
did not contain a mailbox of a specific type. We may want to consider
caching mailboxes related to PIM data, but for now this is a quick fix.
Also fixes unit tests.
Bug: 5019661
Change-Id: Idcac0a6f15aa7f174890ae586f478fbb8f6e05b7
This fixes a crash on account deletion, leaving around bad accounts that
were in limbo
Also remove a test for an unsupported operation
Bug: 5051951
Change-Id: Ieebc7f769075614ae1a656cf123d8ce0313e611d
* Move AccountReconciler to the Email app (from EmailCommon)
* Ensure that Controller.deleteAccountSync() performs ALL actions
needed to clean up after an account deletion (delete attachment
files, reset policies, refresh the UI, etc.)
* Add reconcileAccounts() API to AccountService
* Remove accountDeleted() and restoreAccountsIfNeede() from the
AccountService API
* Remove unused callback
Bug: 4883073
Bug: 4767084
Change-Id: I43ffaf009db1a6f306bb0f2a74fb4dd3b2c4b966
This is a manual cherry-pick of c379ebe372
This reverts commit 7fd14be804
The introduction of proper SD cards breaks the invariant that "external"
storage can be encrypted. Unfortunately, this means that accounts with
that policy bit set will have to be removed for now.
Accounts with the security policy set will be forced to go through
security provisioning on the next sync, using the regular mechanisms of
showing a notification with "Security update required", and then having
it fail. :(
Bug: 4466311
Change-Id: I68119b14f8d198779c2073296e228bc6772136ee
* Guarantee that up to 16 Account (with HostAuths), and Policy rows
are always cached. Also, 6 commonly used Mailboxes per Account
(Inbox, Outbox, Drafts, Sent, Trash, and Search)
* Precache these rows when EmailProvider starts up
* Ensure that newly added, precachable rows are cached when created
* Clean up some inefficient/wrong caching code
* Fix a commonly called method in NotificationManager in which we
load a single Mailbox row using selection vs withAppendedId
* Confirm that we don't read from the database in typical use and
heavy message loading
* Add a special URI for finding mailbox by type (using the cache)
* Add special-case code for EmailContent.count(Account.CONTENT_URI)
which is used in a number of places (including on the UI thread)
and whose value is easily determined
* Add a special URI to get the default account id
* Confirm that all unit tests work
The goal here is to be able to load all Account, HostAuth, Policy,
and Mailbox objects (by id) without worrying about disk access.
There will still be a single disk read for uncommon Mailbox reads,
but this should be considered acceptable.
Change-Id: Ibc9aa7acc73185e360b0b6f3053b90a985e97210
TODO: Unit tests
This sends the bit to the DPM. Separate changes have been/will be made
to change the provision parser and support it in the DPM.
Bug: 4185316
Change-Id: I44872ceb095a28539b047a0641cc499c7186a9b3
* Replace crazy (and soon to be "full") bit fields stored in an account's
securityFlags with a row in a newly created Policy table (thus, fully
expandable)
* Update code from database version 17 to 18; adds Policy table, a
policyKey row in Account, and a revised trigger that deletes Policy
information for deleted Accounts
* Update old PolicySet unit tests to work against the new Policy class
* Add test for the conversion of securityFlags to Policy
* Tested in a variety of scenarios; appears to be functionally equivalent
Change-Id: I1505ee75230d6a0d3c2b62a46326f39c2c7f9eb5
* We needed to set DevicePolicyMnager.PASSWORD_QUALITY_COMPLEX
* Setting this, we also need to clear some of the defaults for complex
mode that are not correct for Exchange's definition of "complex".
* Unit tests
Bug: 4092218
Change-Id: Iea7bd05d48f1aa9406222c1db5937cfd7f2662b8
* This is is a minimal implementation that only supports the external
encryption policy when there is no physical/removable storage, and
the emulated external storage is located within an encrypted backing
store.
Bug: 3351426
Change-Id: Id96e9277f810beeebf816a914acd3d733eb713ea
* There are three pieces to this CL (sorry):
1) Move and/or rename some constants into emailcommon
2) Move Utility to emailcommon, moving the few UI
related utilities back into Email (FolderProperties
and UiUtilities)
3) Remove all references to resources from emailcommon
* The three pieces relate in that, between them, they allow
the emailcommon static library to compile cleanly
Bug: 3442973
Change-Id: Ic5e3abaa2a1b36999e0b6653c6c2134ea1bd544f
* Split PolicySet from SecurityPolicy and move to emailcommon
* Define PolicyService that sync adapter services can use to
interact with the Email DPM administrator
* Implement PolicyServiceProxy for exchange
* Implement PolicyService in email
* Modify imports, references, etc. as required
Bug: 3442973
Change-Id: I92015e21f780a68754b318da89fbb33570f334a2
* This fixes the case of:
* a device that does *not* support device encryption
* connecting to an account that *does* require device encryption
* but also supports "non-provisioned devices" (making the encryption
requirement optional.)
* Added unit test
Bug: 3367191
Change-Id: I894e68c4119a102dad02d2e0815fccdae1e87189
* Add encrypted-storage to uses-policies
* Add new field to PolicySet
* Add "false" to all constructor callers
* Add unit tests (including fixing some existing unit tests)
* Add new logic to AccountSecurity activity t0 dispatch both password
and encryption requests.
Bug: 3346641
Change-Id: I54f39bc9b6fbe21c033a05b36b83081e5c78a296
* Set aggregated expiration values with DPM
* Fix min/max logic when aggregating, and fix unit test
* Add expiration tests when checking if policies are active
* Add expire-password to uses-policies set
* Handle password refresh (clear notifications and sec. holds)
* Handle password expiration (warning and/or wipe synced data)
* Unit tests for provider-level methods
* Refactor common security notification logic
* Placeholder notification strings (need final)
Bug: 3197935
Change-Id: Idf1975edd81dd7f55729156dc6b1002b7d09841f
* EAS can send both "simple password" and a non-zero number of
required complex characters; we're supposed to ignore the
complex character requirement in this case
* Force complex characters to zero if password is "simple"
* Update constructor test to check the fix
Bug: 2903349
Change-Id: I3d42bd3c8f3667d8f3027da9e91e0dd18722d9bf
* In a recent change, we mistakenly removed the logic for handling
too-long inactivity timeouts; we should just fall back to the maximum
since this is stricter than what we're being asked to enforce
* Restore this logic and update the unit test
* The regression was caused by change Ida5663a9, to wit:
Backport: Handle "Allow non-provisionable devices" properly
Bug: 2886746
Change-Id: I99cf9a37441b80477cc1c2c7ec2a78f8a14a83da
- Added unit tests
- I see the "open a cursor, move to the first row, read a column" pattern over
and over. Added a utility method for this. (Let's try not to bloat the
binary by copying code around!)
- Added helper classes for database related tests
- Removed code dup
Change-Id: I380959215cc1661b252158f0f6e35369b499cdf8
* Backport from master branch
* Send policy key of "0" when validating; this gets us the policies
even if "Allow..." is enabled (currently, we simply don't see the
policies)
* If we don't support all of the policies, send back the response
code indicating support for partial support. If we get a positive
response back, then we're good to go - the server allows devices
with partial support. Otherwise, we fail as we always have - with
the toast indicating that the device doesn't support required
policies
* Remove PolicySet.isSupported() and ensure proper field ranges
within the constructor
* Update tests as appropriate
Bug: 2759782
Change-Id: Ida5663a9b35c75ecc61a5f442be0bd60b433cb73
* Minimum complex characters
* Password history (i.e. disallow re-use of past n passwords)
* Password expiration
* Password expiration is NOT yet supported in the framework; there
is a TODO in this CL and a trivial change will be needed when
support arrives; for now, we report this as unsupported
* The two implemented policies are testable
Change-Id: I477adbc000577c57d1ab1788378c97a60018c10c
* Send policy key of "0" when validating; this gets us the policies
even if "Allow..." is enabled (currently, we simply don't see the
policies)
* If we don't support all of the policies, send back the response
code indicating support for partial support. If we get a positive
response back, then we're good to go - the server allows devices
with partial support. Otherwise, we fail as we always have - with
the toast indicating that the device doesn't support required
policies
* Remove PolicySet.isSupported() and ensure proper field ranges
within the constructor
* Update tests as appropriate
Bug: 2759782
Change-Id: I5f354a0e2d81844aff75d8a8a6de3b97f0020c1f
This fixes the following exception.
java.lang.UnsupportedOperationException
at android.test.mock.MockContext.getApplicationContext(MockContext.java:82)
Bug 2725552
Change-Id: Iaca177defe5f5e836211c58270379da056fa64e0
* If the server asks for more than we can support, don't throw
and error from PolicySet creation. Let isSupported() do that.
* Overlong password lengths cannot be supported and isSupported is false.
* Overlong timeouts & max wipes can be reduced to supported
amount (this actually increases security) and isSupported is true.
* Clean up an obsolete comment
* Unit tests
Bug: 2567804
Change-Id: I2d664a7f2a315b9f9bdcb867fe2cd98f74de6f66
* Add "vibrate when silent" choice in UI
* Add storage for it in Email's provider. Existing accounts default to
their current settings (always vibrate / never vibrate).
* Respect new mode when notifications are posted
* Updated existing unit tests
Bug: 2457183
Change-Id: I5c933ac39dbef8b2028255f330e0b084a445421a
If the user revokes device admin status, reset our internal state and
the state of any accounts that might have been depending on it. This
halts syncing immediately and rewinds the security/provisioning state
of any such accounts to a known state (as if the account had just been
created.)
Bug: 2387961
* Add hold flag to Account flags
* Add code to set it (when EAS reports policy failure)
* Add code to clear it when we see changes from the device admin side
* unit tests
This should be sufficient to restart sync of an account which is on hold
due to security policy requirements. Note, this is considered a "retry",
and if the account still does not meet requirements for some reason, it
is expected that EAS sync will call policiesRequired() again.
* Create notification to display when syncs fail due to security
* Create psuedo-activity (no UI) to manage device admin state transitions
* Clean up and flesh out SecurityPolicy APIs'
* Add placeholders in EasSyncService showing how to react when policies
are not met and sync cannot continue.
Note: There are some STOPSHIP todo's at the top of SecurityPolicy.java.
These should explain any code that you might think is "missing".
* Begin wiring into system DevicePolicyManager requirements
* Semi-real implementations of isSupported() & isActive()
* Added new API (placeholder) updatePolicies()
* Updated existing unit tests as needed
Bug: 2387961