History log of /packages/apps/Email/src/com/android/email/SecurityPolicy.java
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
2a5080ef51ba236078e10b8bacd575c8c27678e0 04-May-2012 Marc Blank <mblank@google.com> Fix policy handling in Email1

Bug: 6414045
Change-Id: I1b6300243e061d8500d29849c4734fdbf69041ba
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
03cd72805dab0379ed255d151f1c17cc60655fc3 25-Apr-2012 Marc Blank <mblank@google.com> Revert to old Email app

* These are the last sources in the ICS-MR1 tree

Change-Id: Ida4651bddd92a06a518d00f3e1f275ab3a80c8ae
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
ebb79619e8ed3c9f0c051e7f323e3971bce7508d 09-Mar-2012 Marc Blank <mblank@google.com> Move account delete logic to EmailProvider

* This functionality had to move away from Controller

Change-Id: I557918a325eab8c83a9728fa1ce33dde8b86158f
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
fd81e1977954a710cd3630ef3a9ab6aebff1094c 21-Nov-2011 Marc Blank <mblank@google.com> Don't save Policy with Account

Change-Id: Ib3601daee8780640a07db573f623e99279c9f9b1
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
2736c1a11ce3ecdcd9d19aa9c324fb9ce0910c7b 20-Oct-2011 Marc Blank <mblank@google.com> Rewrite of security policy handling and service code

* Remove PolicyService APIs policiesRequired, policiesUpdated,
isSupported, clearUnsupportedPolicies, and isActiveAdmin
* Add PolicyService API setAccountPolicy, which is the sole
method by which security policies are promulgated
* Add protocolPoliciesEnabled and protocolPoliciesUnsupported
to the Policy class; these are packed, localized strings
indicating policies that the protocol itself have enabled
and/or cannot support (i.e. these are policies that are
unknown to the DPM, e.g. don't load attachments)
* Differentiate in security notifications between three kinds
of policy changes - changes that don't require user
intervention (e.g. reducing requirements), changes that
require user intervention (the legacy notification), and
changes that make the account unsyncable (e.g. the server
adding an unsupportable policy). Handle all possible policy
changes cleanly.
* Make security notifications per account (with multiple
accounts, notifications would get arbitrarily munged)
* Expose ALL enforced policies via the account settings
screen in two categories: policies enforced (including
both policies enforced by the DPM and policies enforced
by the protocol) and policies unsupported (note that these
can only be seen if policies are changed after an account
is created; we do not allow the creation of an account
when any required policies are unsupported). Add a
button that forces a sync attempt, for accounts that
are locked out, but whose policies have changed on
the server (this would otherwise require a reboot).
* Updated unit tests

Bug: 5398682
Bug: 5393724
Bug: 5379682
Change-Id: I4a3df823913a809874ed959d228177f0fc799281
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
c82c1caf0138dbcef044ee41d24791f2ebeeb88a 28-Sep-2011 Marc Blank <mblank@google.com> Include external storage in remote wipe

* Apparently, this is required via Microsoft specifications, though
there had been an earlier decision not to do this

Bug: 5384246
Change-Id: I05b6c2d21d3b295ad696f26a7a13cba6f1974e83
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
e86d8af163ada4d0b3f7c5cb0b32cfeb12da473c 29-Aug-2011 Marc Blank <mblank@google.com> Password history changes do NOT require user intervention

* A change in history requirement is not intended to force a new
password immediately; we just tell the DPM what the new
requirement is...
* This is one cause of the below-referenced bug

Bug: 5221119
Change-Id: I890b42d4eab4fbd9d34665fbea138f179d5d3215
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
ce582527bbdce6e7a5c255123e9f2b743467919e 22-Aug-2011 Marc Blank <mblank@google.com> Fix dont-allow-camera in Email DPM

* We weren't checking for it in determining whether our policies
were active; because of this, we never actually SET the policy
in the DPM

Bug: 5193399
Change-Id: I276901be21be681f66891f5374ec58cf1ea7b4be
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
c6df1d605fb3e235df6d4a21ae00632c9d6e3cc2 19-Jul-2011 Marc Blank <mblank@google.com> Prevent NPE's in AccountSecurity

* This CL fixes the referenced bug, but it does NOT explain how
mAccount; best guess is that the process was killed and then
restarted when the result from DPM was available.
* Assuming this is the case, we remove the background task loading
mAccount, avoiding a possible race.
* Also, it's not clear why clearNotifications didn't use the
account id argument; what if there's more than one account that
uses security? Filing a bug about this.

Bug: 5048912
Change-Id: I734834337ab6e409d77624e7c7370350de76becb
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
e76962b1b9c66ecc3fd49cd4c956f234365bfe5c 01-Jul-2011 Ben Komalo <benkomalo@google.com> Revert "Enable SD card encryption policy when emulated"

This is a manual cherry-pick of c379ebe3722b5d21201246a714eeea99d8679b96
This reverts commit 7fd14be80447de15bd5360321fa80e34f60fa251

The introduction of proper SD cards breaks the invariant that "external"
storage can be encrypted. Unfortunately, this means that accounts with
that policy bit set will have to be removed for now.

Accounts with the security policy set will be forced to go through
security provisioning on the next sync, using the regular mechanisms of
showing a notification with "Security update required", and then having
it fail. :(

Bug: 4466311
Change-Id: I68119b14f8d198779c2073296e228bc6772136ee
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
aa0a3553974972561e089f2780fb7f6743b3303e 16-Jun-2011 Ben Komalo <benkomalo@google.com> Handle upgrade from existing device admins

This ensures old admins that can't control the camera doesn't try to do
so

Bug: 4686257
Change-Id: Ia2bb8bf2ccf9fb3d1d45ce1ba0affd2ccc9822a9
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
d09cff08882e553afce919865a2cc60b657d4659 06-May-2011 Ben Komalo <benkomalo@google.com> Make "don't allow camera" a supported policy.

This sends the bit to the DPM. Separate changes have been/will be made
to change the provision parser and support it in the DPM.

Bug: 4185316
Change-Id: I44872ceb095a28539b047a0641cc499c7186a9b3
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
f5418f1f93b02e7fab9f15eb201800b65510998e 14-Jun-2011 Marc Blank <mblank@google.com> Move Account into its own top-level class

Change-Id: Ide7c991b7d4d418dbe17164421425bf898ba64ee
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
67fefe21b6220f9e08d4cdcb7a8cbcce4278f257 26-May-2011 Marc Blank <mblank@google.com> Remove change made to workaround DPM issue

Change-Id: I88a9663d513e13ecca5957c61e2e817a8bd847d5
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
28b48acab014687b67d1d4658c9b6304ad105ea3 25-May-2011 Marc Blank <mblank@google.com> resolved conflicts for merge of 7c270c50 to master

Change-Id: Id1694449a8a270429cf32b2ecd70da7afa3447a1
4f5d4e29a8180b5c1e8cd80f5e3e9c4ed098049c 24-May-2011 Marc Blank <mblank@google.com> Always set policies in DPM before checking whether they are active

* Since DPM can erroneously report a password failure (specifically,
isActivePasswordSufficient() can return false when, in fact, the
active password is just fine)
* This is the proximate cause of the referenced bug; we just weren't
prepared to have the DPM mislead us...

Bug: 4464610
Change-Id: Ifcb85c0729e9a1884fbcf7b4180eb332bbfef1b5
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
6d9d71683a067b7f2293b60f70dc60e151aa151b 17-May-2011 Marc Blank <mblank@google.com> Workaround bug in DPM related to initialization of our admin

Bug: 4436285

Change-Id: If6f0ccaa9e1479fae0dbd1853a462eaf7948ccfc
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
aeee10e57ef4d931e7708fde218d590453a82aea 28-Apr-2011 Marc Blank <mblank@google.com> Rework of security policy storage

* Replace crazy (and soon to be "full") bit fields stored in an account's
securityFlags with a row in a newly created Policy table (thus, fully
expandable)
* Update code from database version 17 to 18; adds Policy table, a
policyKey row in Account, and a revised trigger that deletes Policy
information for deleted Accounts
* Update old PolicySet unit tests to work against the new Policy class
* Add test for the conversion of securityFlags to Policy
* Tested in a variety of scenarios; appears to be functionally equivalent

Change-Id: I1505ee75230d6a0d3c2b62a46326f39c2c7f9eb5
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
308ce9284793b597797994dfb1fb25155cbe0b20 22-Mar-2011 Makoto Onuki <omakoto@google.com> Better fix for the PendingIntent issue.

Refactor the changes introduced in Ib02842bb.

- Now Welcome and AccountSettingsXL accept intents with URLs of the following
style, and get IDs from query params, rather than extras.

Welcome:
content://ui.email.android.com/view/mailbox?ACCOUNT_ID=1&MAILBOX_ID=2&MESSAGE_ID=3

AccountSettingsXL:
content://ui.email.android.com/settings?ACCOUNT_ID=1

- Now the "new message" and "login failed" notifications use these new style
intents, so the system wouldn't merge PendingIntents for different accounts.

Also:
- Moved all notification creation logic to NotificationController.
(Except the one in CalendarSyncEnabler; which is used only to support
upgrading from pre-froyo and I don't think it's worth refactoring.)

- Note the "password expired/expiring" and "security needed" notifications
aren't changed; they still use extras to store account IDs. This is okay
because these notifications are not per-account.

Bug 4065269

Change-Id: I70737438d2e7c45fd7488a5b0a7105c8568e02f7
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
22759bacd95385d95d3d9321f490763df1aba89d 16-Mar-2011 Andy Stadler <stadler@google.com> Handle complex chars policy correctly

* We needed to set DevicePolicyMnager.PASSWORD_QUALITY_COMPLEX
* Setting this, we also need to clear some of the defaults for complex
mode that are not correct for Exchange's definition of "complex".
* Unit tests

Bug: 4092218
Change-Id: Iea7bd05d48f1aa9406222c1db5937cfd7f2662b8
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
7fd14be80447de15bd5360321fa80e34f60fa251 03-Mar-2011 Andy Stadler <stadler@google.com> Enable SD card encryption policy when emulated

* This is is a minimal implementation that only supports the external
encryption policy when there is no physical/removable storage, and
the emulated external storage is located within an encrypted backing
store.

Bug: 3351426
Change-Id: Id96e9277f810beeebf816a914acd3d733eb713ea
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
f4894131427ec7562fcb05388b9f3aa094e388bc 19-Feb-2011 Andy Stadler <stadler@google.com> Add contextual dialogs after notifications

* When security settings notification is clicked, inform user that
they need to change settings (before dumping them in security
settings.)
* On an authentication failure, present a dialog to the user explaining
that the username or password may be incorrect.
* When the device pin/password is expiring or expired, present a dialog
to the user explaining that it needs to be updated.

Bug: 3238657
Change-Id: I8fca446fa3c1bf87a95938553dbdc362c3df220e
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
c6d344ad2aab6bc46a87033af53d5a19a080e5f4 17-Feb-2011 Andy Stadler <stadler@google.com> Refresh email notifications (part I)

* Use strings that fit properly in new notifications
* General cleanups & rewrites from Roy
* Remove showWarningNotification() and use postAccountNotification()

This is part I. Part II will add dialogs triggered by some of these
notifications, to provide more explanation to the user of what's wrong
and how to fix it.

Bug: 3238657
Change-Id: Ib51bcb4412f8a09a6f97653f0b5f8642efe2ac1e
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
31d9acbf0623872f9d4a2b3210b5970854b654c7 12-Feb-2011 Marc Blank <mblank@google.com> Email split, part huit: Refactor constants, clean emailcommon

* There are three pieces to this CL (sorry):
1) Move and/or rename some constants into emailcommon
2) Move Utility to emailcommon, moving the few UI
related utilities back into Email (FolderProperties
and UiUtilities)
3) Remove all references to resources from emailcommon
* The three pieces relate in that, between them, they allow
the emailcommon static library to compile cleanly

Bug: 3442973

Change-Id: Ic5e3abaa2a1b36999e0b6653c6c2134ea1bd544f
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
a7bc0319a75184ad706bb35c049af107ac3688e6 10-Feb-2011 Marc Blank <mblank@google.com> Email split, part six: EmailContent

* Moved EmailContent to emailcommon

Change-Id: Ib3db1bfcfe74554c0e5afd3cfce6d72f26e9aeb9
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
9ba506c4dd498150555f6c59aa758f7467bf9236 09-Feb-2011 Marc Blank <mblank@google.com> Email split, part deux: PolicyService

* Split PolicySet from SecurityPolicy and move to emailcommon
* Define PolicyService that sync adapter services can use to
interact with the Email DPM administrator
* Implement PolicyServiceProxy for exchange
* Implement PolicyService in email
* Modify imports, references, etc. as required

Bug: 3442973

Change-Id: I92015e21f780a68754b318da89fbb33570f334a2
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
844b14f851ce748b7b204125264bb3343c1a9039 27-Jan-2011 Marc Blank <mblank@google.com> Fix NPE in SecurityPolicy.policiesRequired

* Add check for null Account, as this method can be called from a
background thread, and the Account might have been deleted by the
time we're called

Bug: 3396365
Change-Id: Ie125ed714c73d51beaedc818b6b731cea941666f
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
a0d080558ff06f88f000cf424803c8241dd8d2eb 19-Jan-2011 Andy Stadler <stadler@google.com> Properly handle unsupported encryption policy

* This fixes the case of:
* a device that does *not* support device encryption
* connecting to an account that *does* require device encryption
* but also supports "non-provisioned devices" (making the encryption
requirement optional.)
* Added unit test

Bug: 3367191
Change-Id: I894e68c4119a102dad02d2e0815fccdae1e87189
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
c2e638351c19ab22ad9ab4cce2853414c34724c3 17-Jan-2011 Andy Stadler <stadler@google.com> Updates to follow DPM api changes

* Use getStorageEncryptionStatus() to check device status
* Also, check granted policy on USES_ENCRYPTED_STORAGE

Bug: 3346641

Change-Id: I9e9a45a6d1d3cf4714e27b69cdb5952c841c640d
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
469f2987dc11d153434e50eb04dd6b83b924d09d 13-Jan-2011 Andy Stadler <stadler@google.com> Add encryption to SecurityPolicy

* Add encrypted-storage to uses-policies
* Add new field to PolicySet
* Add "false" to all constructor callers
* Add unit tests (including fixing some existing unit tests)
* Add new logic to AccountSecurity activity t0 dispatch both password
and encryption requests.

Bug: 3346641
Change-Id: I54f39bc9b6fbe21c033a05b36b83081e5c78a296
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
a2269e84c6134bfd3506e5489c7ccfd60c32d41f 30-Dec-2010 Andy Stadler <stadler@android.com> Remove disk access from DeviceAdminReceiver callbacks

* DeviceAdminReceiver is actually a BroadcastReceiver, must follow
guidelines to prevent ANR or early process kill.
* Remove all uses of AsyncTask from DeviceAdminReceiver
* Pass all calls through EmailBroadcastProcessorService
* Minor restructuring of EmailBroadcastProcessorService to support
this use.

Change-Id: Ic6257ea5eff1bd466a736e0f93cb89b1cf8aa73e
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
e7f4d3ebfcf497c015ba65be7ecebea8926b995c 09-Dec-2010 Andy Stadler <stadler@google.com> Handle upgrade path for adding DPM policies

* All active admin checks now go through common method
* Common code check both isAdminActive and the new (upgrade) policies

Bug: 3253179
Change-Id: Ie81f35906c164051f38c1f1f637d0c04b37eef16
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
1ca111c19c83d54ad23bd8615d9c648e09ec3366 01-Dec-2010 Andy Stadler <stadler@google.com> Add password expiration plumbing

* Set aggregated expiration values with DPM
* Fix min/max logic when aggregating, and fix unit test
* Add expiration tests when checking if policies are active
* Add expire-password to uses-policies set
* Handle password refresh (clear notifications and sec. holds)
* Handle password expiration (warning and/or wipe synced data)
* Unit tests for provider-level methods
* Refactor common security notification logic
* Placeholder notification strings (need final)

Bug: 3197935
Change-Id: Idf1975edd81dd7f55729156dc6b1002b7d09841f
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
02d59d21949a77c60859b615312f02e6d8003490 25-Oct-2010 Marc Blank <mblank@google.com> Delete secured accounts if device admin is disabled

* Update unit test

Bug: 2817683
Change-Id: Ia7117c34e7bbba13ac4f2ff375d19b3ef94ef49c
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
899c5b866192a4c4a12413446d10e5d98dbf94fa 27-Sep-2010 Makoto Onuki <omakoto@google.com> Switch to tablet style notification

- Now we show separate notification for each account
- New notification has sender photo, sender name, and subject
of the latest email
- Added the NotificationController class, which is intended to manage
all notifications besides "new message" eventually.

The framework doesn't seem to be 100% ready, and it's not clear how to
add the 3rd line in the expanded notification at this point. Need to
revisit it later to verify UI details.

Change-Id: I40193ee372cb6b2b7245c1588890f238b2469699
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
0813c7051ff91e569c7100977502247d848283a1 22-Sep-2010 Andrew Stadler <stadler@android.com> resolved conflicts for merge of 0d9ed341 to master

Change-Id: I198f760ef1734cf4a64c875236a2352859dc1a72
6278dcdeafadc55fe1a57eec42a0807874377f62 22-Sep-2010 Andy Stadler <stadler@android.com> Fix test failures

Methods were used by tests only and being stripped by PG.

Bug: 2894378
Change-Id: Ieb1dd0daa8bd380c66a7b1e6151c5e5b22cbe38c
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
61911d4ff70132fa21c5ee7a987303479e8ef6ae 28-Aug-2010 Marc Blank <mblank@google.com> Fix another inconsistent set of PolicySet values

* EAS can send both "simple password" and a non-zero number of
required complex characters; we're supposed to ignore the
complex character requirement in this case
* Force complex characters to zero if password is "simple"
* Update constructor test to check the fix

Bug: 2903349
Change-Id: I3d42bd3c8f3667d8f3027da9e91e0dd18722d9bf
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
a30631da1cae25be3f75137133297e30cef2db9c 12-Aug-2010 Andrew Stadler <stadler@android.com> Clear password related policies in PolicySet when p/w not required

Merge from master of c263810b08943541135a24e2b7520692152455cc

Bug: 2883736
Change-Id: Iec4ed0e320d67aee8a89092ac650c0960540057b
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
c263810b08943541135a24e2b7520692152455cc 07-Aug-2010 Marc Blank <mblank@google.com> Clear password related policies in PolicySet when p/w not required

Bug: 2883736
Change-Id: I2c9c573aea9a4fef1699ff6339e8ef628d7f2269
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
b91eea011961889b355a3c5ad837745099c7749a 04-Aug-2010 Marc Blank <mblank@google.com> resolved conflicts for merge of fbf501fe to master

Change-Id: Ic68cbf2de1877ab06744287f57c1c33c4e0e573a
2b2b3448ec200f3d649e5f57309908d28ce3bfc7 02-Aug-2010 Marc Blank <mblank@google.com> Handle inactivity timeout > maximum allowed properly

* In a recent change, we mistakenly removed the logic for handling
too-long inactivity timeouts; we should just fall back to the maximum
since this is stricter than what we're being asked to enforce
* Restore this logic and update the unit test
* The regression was caused by change Ida5663a9, to wit:
Backport: Handle "Allow non-provisionable devices" properly

Bug: 2886746
Change-Id: I99cf9a37441b80477cc1c2c7ec2a78f8a14a83da
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
bcf32320e2600e96c8a9e997a8903bfc3893b35e 27-Jul-2010 Makoto Onuki <omakoto@google.com> Move isSecurityHold/clearAccountHoldFlags to Account

- Added unit tests
- I see the "open a cursor, move to the first row, read a column" pattern over
and over. Added a utility method for this. (Let's try not to bloat the
binary by copying code around!)
- Added helper classes for database related tests
- Removed code dup

Change-Id: I380959215cc1661b252158f0f6e35369b499cdf8
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
9444a54866458e5cba7ba35d4da93a127cef45eb 15-Jul-2010 Marc Blank <mblank@google.com> resolved conflicts for merge of 2cb5acc5 to master

Change-Id: I4b3379b7b8ebfca36eda3ae649f009659e682e87
8b36acb10d555b59ec0497f6c71426af823c7931 14-Jun-2010 Marc Blank <mblank@google.com> Backport: Handle "Allow non-provisionable devices" properly

* Backport from master branch
* Send policy key of "0" when validating; this gets us the policies
even if "Allow..." is enabled (currently, we simply don't see the
policies)
* If we don't support all of the policies, send back the response
code indicating support for partial support. If we get a positive
response back, then we're good to go - the server allows devices
with partial support. Otherwise, we fail as we always have - with
the toast indicating that the device doesn't support required
policies
* Remove PolicySet.isSupported() and ensure proper field ranges
within the constructor
* Update tests as appropriate

Bug: 2759782
Change-Id: Ida5663a9b35c75ecc61a5f442be0bd60b433cb73
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
d6d874f8c6ce2580ef9ec2406fe411af45b2d92d 02-Jun-2010 Marc Blank <mblank@google.com> Streamline security setup flow

* The setup flow is changed such that the user is asked to activate
device administration before leaving the setup flow, rather than
having to wait for the notification to appear, etc.
* Accounts requiring security are created in a security hold state
to prevent initial sync until device administration is active

Change-Id: I7e33cf98466370ae27414b99018f7aee71e9e237
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
9b4988de43dbee6c06066caab63806e8c8303d7d 10-Jun-2010 Marc Blank <mblank@google.com> Implement support for new security policies

* Minimum complex characters
* Password history (i.e. disallow re-use of past n passwords)
* Password expiration
* Password expiration is NOT yet supported in the framework; there
is a TODO in this CL and a trivial change will be needed when
support arrives; for now, we report this as unsupported
* The two implemented policies are testable

Change-Id: I477adbc000577c57d1ab1788378c97a60018c10c
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
1d6dab29562eca7978f179be5f5c75f22f44d734 14-Jun-2010 Marc Blank <mblank@google.com> Handle "Allow non-provisionable devices" properly

* Send policy key of "0" when validating; this gets us the policies
even if "Allow..." is enabled (currently, we simply don't see the
policies)
* If we don't support all of the policies, send back the response
code indicating support for partial support. If we get a positive
response back, then we're good to go - the server allows devices
with partial support. Otherwise, we fail as we always have - with
the toast indicating that the device doesn't support required
policies
* Remove PolicySet.isSupported() and ensure proper field ranges
within the constructor
* Update tests as appropriate

Bug: 2759782
Change-Id: I5f354a0e2d81844aff75d8a8a6de3b97f0020c1f
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
572c06f91be8c809b8978d985259564f88c6f212 11-Jun-2010 Andrew Stadler <stadler@android.com> DO NOT MERGE - Revert workaround for KeyguardLock problem

This reverts commit 3ee0cad5f5e21a24dbe43d21afaac1dd76a2059b.

Because commit 284b62e1b8c3419bfd02c6fea5ba0a68146c06f8 fixes the underlying
conflict between DeviceAdmin policies and apps attempting to disable the
Keyguard Lock, this patch is no longer required.

Accounts with a server policy requiring a device PIN or Password will
now work properly.

Bug: 2737842
Change-Id: I533c27a01a8a331dc11a0cb84bcc78f48edf621c
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
3ee0cad5f5e21a24dbe43d21afaac1dd76a2059b 04-Jun-2010 Andrew Stadler <stadler@android.com> DO NOT MERGE Workaround for KeyguardLock problem

* The device policies that enforce the use of a device PIN or password
can be sidestepped by apps that implement KeyguardManager.KeyguardLock
* This renders the policies unuseable
* To prevent this, the email app now scans for any packages holding the
DISABLE_KEYGUARD permission. The existence of any non-system app
with this permission will put all security-enabled EAS accounts into
a security hold, and post a dialog describing the problem.
* The user must uninstall any such app(s) in order to sync their EAS data.

Bug: 2737842
Change-Id: I4c96d76b12d9242b5c755dd60d7578a825fae597
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
968be441b4c253668c4ee1c7a3f8e4b0eb12cf24 21-May-2010 Makoto Onuki <omakoto@google.com> Don't store arbitrary Context in singletons, which causes memory leak.

We have singletons that store a Context passed to getInstance().
The problem is that when we call them, we casually pass any Context at hand.
If it's an activity (which is often the case), it'll never be GCed.

This CL make them store the application context insteaed.

Change-Id: I1abcc2c08d3f8201416d6c14720f041693823b4e
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
a87f8d8bbc0b704974c4230f518cf23b7215fc55 13-Apr-2010 Andrew Stadler <stadler@android.com> Changes to improve security policy setup

* SecurityPolicy: Fix bug that prevents any notifications after the
user hits "cancel all" from the notification pane.
* AccountSecurity: If the user cancels the device admin acceptance
activity, repost the notification.
* MesageList: Catch security hold condition when entering a mailbox, and
launch security setup activity.

Bug: 2585159
Change-Id: I60d5d8c693cc5f00fe98a9cc69265802f5bee813
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
856e09d76ab62272e660fd4a08e25637f17319a0 07-Apr-2010 Andrew Stadler <stadler@android.com> Properly reset security policy when device admin revoked

* Simplify the logic in the onDisabled() receiver. Make sure
security policy keys are *always* disabled.
* Eliminate unused variable and unused receiver.

Bug: 2576145
Change-Id: I3665a1d300edfb77e02737c08aee22bc977f4968
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
a843d40ba1d3eb77e76b4a28aa911588f0fd81a1 03-Apr-2010 Andrew Stadler <stadler@android.com> Improve handling of unsupported security policies

* If the server asks for more than we can support, don't throw
and error from PolicySet creation. Let isSupported() do that.
* Overlong password lengths cannot be supported and isSupported is false.
* Overlong timeouts & max wipes can be reduced to supported
amount (this actually increases security) and isSupported is true.
* Clean up an obsolete comment
* Unit tests

Bug: 2567804
Change-Id: I2d664a7f2a315b9f9bdcb867fe2cd98f74de6f66
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
9e2ddca59d048fc9ac55278b193ee36b330a7981 17-Mar-2010 Jim Shuma <jshuma@google.com> Add "vibrate when silent" mode to notifications

* Add "vibrate when silent" choice in UI
* Add storage for it in Email's provider. Existing accounts default to
their current settings (always vibrate / never vibrate).
* Respect new mode when notifications are posted
* Updated existing unit tests

Bug: 2457183
Change-Id: I5c933ac39dbef8b2028255f330e0b084a445421a
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
6d0016229adc13fefe68820fe4d6e46f530952ba 27-Feb-2010 Dianne Hackborn <hackbod@google.com> Move DeviceAdmin APIs to android.app.admin.
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
4ae83c58b3e136b4b1e859ee304ad1b332e9597f 17-Feb-2010 Dianne Hackborn <hackbod@google.com> Fix issue #2420412: API review: DeviceAdmin API changes
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
af55e3e436991fde91cdc80efe2786eb8f509d15 16-Feb-2010 Andrew Stadler <stadler@android.com> Respond to loss of device admin status

If the user revokes device admin status, reset our internal state and
the state of any accounts that might have been depending on it. This
halts syncing immediately and rewinds the security/provisioning state
of any such accounts to a known state (as if the account had just been
created.)

Bug: 2387961
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
d71d0b223a5cd02e2a8f1ec5c3f8cebab170d65f 10-Feb-2010 Andrew Stadler <stadler@android.com> Force security activation after new account create

On new accounts, we can accelerate the process of setting up security
by explicitly checking (at the end of the security process). The user
is not required to "answer" the asynchronous notification.

This is an imperfect solution, as a slow initial sync could leave the
user in a non-synced Inbox (with a notification waiting for them), but
we can come back to this after we evaluate real-world performance.

Bug: 2387961
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
50d1610c43c70039e9a02b862ec43cd6ee3d7906 09-Feb-2010 Andrew Stadler <stadler@android.com> Relax device admin policies when accounts deleted

If an account is deleted, immediately recompute the aggregate
security policy, and apply it immediately.

When applying policies, handle "no policy" case by releasing device admin
status entirely.
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
5893e9e008d46cf4be0c7f709a6e77e2652c3ddd 09-Feb-2010 Andrew Stadler <stadler@android.com> Rewrite notes to acknowledge wipe-after-bad-passwords

It turns out that we have already implemented the built-in version of
local-wipe-after-failed-passwords, and the notes about it were not
necessary.

It should be possible to connect to an account with local wipe
requirements and see proper operation.
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
2a5eeea9213005060256054ec773e72406415ce4 09-Feb-2010 Andrew Stadler <stadler@android.com> Adding security hold flag to accounts

* Add hold flag to Account flags
* Add code to set it (when EAS reports policy failure)
* Add code to clear it when we see changes from the device admin side
* unit tests

This should be sufficient to restart sync of an account which is on hold
due to security policy requirements. Note, this is considered a "retry",
and if the account still does not meet requirements for some reason, it
is expected that EAS sync will call policiesRequired() again.
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
09b45fdcffd7fc4e5ef2ac498576d713eaf2c3db 07-Feb-2010 Marc Blank <mblank@google.com> Additional work on EAS security

* Add more final plumbing for exchange security
* If policies are supported, we now check to see if they are active;
if so, we acknowledge this to the server, after which we are given a
final policy key which can be used for syncing

Change-Id: I5992c790294e35b5ec5343c7665e2e7fd31a75ca
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
3d2b3b3b3554be2ac23d9a49fee00faa9693e857 05-Feb-2010 Andrew Stadler <stadler@android.com> Logic to move phone into security-admin mode

* Create notification to display when syncs fail due to security
* Create psuedo-activity (no UI) to manage device admin state transitions
* Clean up and flesh out SecurityPolicy APIs'
* Add placeholders in EasSyncService showing how to react when policies
are not met and sync cannot continue.

Note: There are some STOPSHIP todo's at the top of SecurityPolicy.java.
These should explain any code that you might think is "missing".
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
d62860821c2dbc14ab493b888cb129bd5addd53d 02-Feb-2010 Andrew Stadler <stadler@android.com> Additional SecurityPolicy functionality

* Begin wiring into system DevicePolicyManager requirements
* Semi-real implementations of isSupported() & isActive()
* Added new API (placeholder) updatePolicies()
* Updated existing unit tests as needed

Bug: 2387961
/packages/apps/Email/src/com/android/email/SecurityPolicy.java
345fb8b737c1632fb2a7e69ac44b8612be6237ed 27-Jan-2010 Andrew Stadler <stadler@android.com> Add utilities for processing account security policies

* Add security sync key & signature columns
* Add utilities for easy read/write of security columns
* Write aggregator for multiple accounts
* Simple API's for exchange security (very preliminary)
* Unit tests of above

Bug: 2387961
/packages/apps/Email/src/com/android/email/SecurityPolicy.java