SecurityPolicyTests.java revision 17d3a29c9d8f7a27c463239f190bdcc4e0804527
1345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler/* 2345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * Copyright (C) 2010 The Android Open Source Project 3345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * 4345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * Licensed under the Apache License, Version 2.0 (the "License"); 5345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * you may not use this file except in compliance with the License. 6345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * You may obtain a copy of the License at 7345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * 8345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * http://www.apache.org/licenses/LICENSE-2.0 9345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * 10345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * Unless required by applicable law or agreed to in writing, software 11345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * distributed under the License is distributed on an "AS IS" BASIS, 12345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * See the License for the specific language governing permissions and 14345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * limitations under the License. 15345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler */ 16345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 17345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadlerpackage com.android.email; 18345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 19505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komaloimport android.app.admin.DevicePolicyManager; 20505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komaloimport android.content.Context; 21505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komaloimport android.content.ContextWrapper; 22505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komaloimport android.test.ProviderTestCase2; 23505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komaloimport android.test.suitebuilder.annotation.MediumTest; 24505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komaloimport android.test.suitebuilder.annotation.SmallTest; 25505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo 261ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadlerimport com.android.email.provider.ContentCache; 279ba506c4dd498150555f6c59aa758f7467bf9236Marc Blankimport com.android.email.provider.EmailProvider; 289ba506c4dd498150555f6c59aa758f7467bf9236Marc Blankimport com.android.email.provider.ProviderTestUtils; 29f5418f1f93b02e7fab9f15eb201800b65510998eMarc Blankimport com.android.emailcommon.provider.Account; 30a7bc0319a75184ad706bb35c049af107ac3688e6Marc Blankimport com.android.emailcommon.provider.EmailContent; 31a7bc0319a75184ad706bb35c049af107ac3688e6Marc Blankimport com.android.emailcommon.provider.EmailContent.Message; 3253ea83ebf91f820692e8fa8e781f5cc982dd94dbBen Komaloimport com.android.emailcommon.provider.Mailbox; 33aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blankimport com.android.emailcommon.provider.Policy; 34aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blankimport com.android.emailcommon.service.LegacyPolicySet; 35345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 36345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler/** 37345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * This is a series of unit tests for backup/restore of the SecurityPolicy class. 382b2b3448ec200f3d649e5f57309908d28ce3bfc7Marc Blank * 399b4988de43dbee6c06066caab63806e8c8303d7dMarc Blank * You can run this entire test case with: 409b4988de43dbee6c06066caab63806e8c8303d7dMarc Blank * runtest -c com.android.email.SecurityPolicyTests email 41345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler */ 429b4988de43dbee6c06066caab63806e8c8303d7dMarc Blank 43345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler@MediumTest 44345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadlerpublic class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> { 45345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 46345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler private Context mMockContext; 47aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank private SecurityPolicy mSecurityPolicy; 48d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler 49345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler public SecurityPolicyTests() { 5031d9acbf0623872f9d4a2b3210b5970854b654c7Marc Blank super(EmailProvider.class, EmailContent.AUTHORITY); 51345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler } 52345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 53aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank private static final Policy EMPTY_POLICY = new Policy(); 54aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank 55345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler @Override 56345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler protected void setUp() throws Exception { 57345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler super.setUp(); 58aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank mMockContext = new MockContext2(getMockContext(), mContext); 591ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // Invalidate all caches, since we reset the database for each test 606e418aa41a17136be0dddb816d843428a0a1e722Marc Blank ContentCache.invalidateAllCaches(); 61345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler } 62345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 63345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler /** 64345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * Delete any dummy accounts we set up for this test 65345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler */ 66345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler @Override 67345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler protected void tearDown() throws Exception { 68345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler super.tearDown(); 69345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler } 70345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 71345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler /** 720fb092b38912c7cff776a51872840bb2089ebe08Makoto Onuki * Private context wrapper used to add back getPackageName() for these tests. 730fb092b38912c7cff776a51872840bb2089ebe08Makoto Onuki * 74a0d080558ff06f88f000cf424803c8241dd8d2ebAndy Stadler * This class also implements {@link Context} method(s) that are called during tests. 75d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler */ 76d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler private static class MockContext2 extends ContextWrapper { 77d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler 78d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler private final Context mRealContext; 79d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler 80d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler public MockContext2(Context mockContext, Context realContext) { 81d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler super(mockContext); 82d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler mRealContext = realContext; 83d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler } 84d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler 85d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler @Override 860fb092b38912c7cff776a51872840bb2089ebe08Makoto Onuki public Context getApplicationContext() { 870fb092b38912c7cff776a51872840bb2089ebe08Makoto Onuki return this; 880fb092b38912c7cff776a51872840bb2089ebe08Makoto Onuki } 890fb092b38912c7cff776a51872840bb2089ebe08Makoto Onuki 900fb092b38912c7cff776a51872840bb2089ebe08Makoto Onuki @Override 91d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler public String getPackageName() { 92d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler return mRealContext.getPackageName(); 93d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler } 94a0d080558ff06f88f000cf424803c8241dd8d2ebAndy Stadler 95a0d080558ff06f88f000cf424803c8241dd8d2ebAndy Stadler @Override 96a0d080558ff06f88f000cf424803c8241dd8d2ebAndy Stadler public Object getSystemService(String name) { 97a0d080558ff06f88f000cf424803c8241dd8d2ebAndy Stadler return mRealContext.getSystemService(name); 98a0d080558ff06f88f000cf424803c8241dd8d2ebAndy Stadler } 99d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler } 100d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler 101d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler /** 102aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank * Create a Policy using the arguments formerly used to create a PolicySet; this minimizes the 103aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank * changes needed for re-using the PolicySet unit test logic 104345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler */ 105aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank private Policy setupPolicy(int minPasswordLength, int passwordMode, int maxPasswordFails, 106aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank int maxScreenLockTime, boolean requireRemoteWipe, int passwordExpirationDays, 107aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank int passwordHistory, int passwordComplexChars, boolean requireEncryption, 108e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo boolean dontAllowCamera) 109d09cff08882e553afce919865a2cc60b657d4659Ben Komalo throws IllegalArgumentException { 110aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy policy = new Policy(); 111aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank policy.mPasswordMinLength = minPasswordLength; 112aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank policy.mPasswordMode = passwordMode; 113aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank policy.mPasswordMaxFails = maxPasswordFails; 114aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank policy.mMaxScreenLockTime = maxScreenLockTime; 115aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank policy.mRequireRemoteWipe = requireRemoteWipe; 116aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank policy.mPasswordExpirationDays = passwordExpirationDays; 117aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank policy.mPasswordHistory = passwordHistory; 118aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank policy.mPasswordComplexChars = passwordComplexChars; 119aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank policy.mRequireEncryption = requireEncryption; 120d09cff08882e553afce919865a2cc60b657d4659Ben Komalo policy.mDontAllowCamera = dontAllowCamera; 121aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank return policy; 1221d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank } 1231d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank 124345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler /** 125345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * Test business logic of aggregating accounts with policies 126345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler */ 127345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler public void testAggregator() { 128aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank mSecurityPolicy = SecurityPolicy.getInstance(mMockContext); 129345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 130d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler // with no accounts, should return empty set 131aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank assertEquals(EMPTY_POLICY, mSecurityPolicy.computeAggregatePolicy()); 132345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 133d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler // with accounts having no security, empty set 134aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank ProviderTestUtils.setupAccount("no-sec-1", true, mMockContext); 135aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank ProviderTestUtils.setupAccount("no-sec-2", true, mMockContext); 136aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank assertEquals(EMPTY_POLICY, mSecurityPolicy.computeAggregatePolicy()); 137345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 138345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // with a single account in security mode, should return same security as in account 1393d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler // first test with partially-populated policies 140aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Account a3 = ProviderTestUtils.setupAccount("sec-3", true, mMockContext); 141aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p3ain = setupPolicy(10, Policy.PASSWORD_MODE_SIMPLE, 0, 0, false, 0, 0, 0, 142e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo false, false); 14317d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie SecurityPolicy.setAccountPolicy(mMockContext, a3, p3ain, null); 144aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p3aout = mSecurityPolicy.computeAggregatePolicy(); 1453d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler assertNotNull(p3aout); 1463d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler assertEquals(p3ain, p3aout); 1473d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler 1483d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler // Repeat that test with fully-populated policies 149aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p3bin = setupPolicy(10, Policy.PASSWORD_MODE_SIMPLE, 15, 16, false, 6, 2, 3, 150e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo false, false); 15117d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie SecurityPolicy.setAccountPolicy(mMockContext, a3, p3bin, null); 152aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p3bout = mSecurityPolicy.computeAggregatePolicy(); 1533d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler assertNotNull(p3bout); 1543d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler assertEquals(p3bin, p3bout); 155345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 156345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // add another account which mixes it up (some fields will change, others will not) 157345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // pw length and pw mode - max logic - will change because larger #s here 158345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // fail count and lock timer - min logic - will *not* change because larger #s here 159345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // wipe required - OR logic - will *not* change here because false 1601ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // expiration - will not change because 0 (unspecified) 1611ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // max complex chars - max logic - will change 162469f2987dc11d153434e50eb04dd6b83b924d09dAndy Stadler // encryption required - OR logic - will *not* change here because false 163d09cff08882e553afce919865a2cc60b657d4659Ben Komalo // don't allow camera - OR logic - will change here because it's true 164aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p4in = setupPolicy(20, Policy.PASSWORD_MODE_STRONG, 25, 26, false, 0, 5, 7, 165e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo false, true); 166aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Account a4 = ProviderTestUtils.setupAccount("sec-4", true, mMockContext); 16717d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie SecurityPolicy.setAccountPolicy(mMockContext, a4, p4in, null); 168aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p4out = mSecurityPolicy.computeAggregatePolicy(); 169345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertNotNull(p4out); 170aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank assertEquals(20, p4out.mPasswordMinLength); 171aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank assertEquals(Policy.PASSWORD_MODE_STRONG, p4out.mPasswordMode); 172aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank assertEquals(15, p4out.mPasswordMaxFails); 173345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(16, p4out.mMaxScreenLockTime); 1741ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(6, p4out.mPasswordExpirationDays); 1759b4988de43dbee6c06066caab63806e8c8303d7dMarc Blank assertEquals(5, p4out.mPasswordHistory); 1769b4988de43dbee6c06066caab63806e8c8303d7dMarc Blank assertEquals(7, p4out.mPasswordComplexChars); 177345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertFalse(p4out.mRequireRemoteWipe); 178469f2987dc11d153434e50eb04dd6b83b924d09dAndy Stadler assertFalse(p4out.mRequireEncryption); 1797fd14be80447de15bd5360321fa80e34f60fa251Andy Stadler assertFalse(p4out.mRequireEncryptionExternal); 180d09cff08882e553afce919865a2cc60b657d4659Ben Komalo assertTrue(p4out.mDontAllowCamera); 181345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 182345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // add another account which mixes it up (the remaining fields will change) 183345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // pw length and pw mode - max logic - will *not* change because smaller #s here 184345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // fail count and lock timer - min logic - will change because smaller #s here 185345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // wipe required - OR logic - will change here because true 1861ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // expiration time - min logic - will change because lower here 1871ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // history & complex chars - will not change because 0 (unspecified) 188469f2987dc11d153434e50eb04dd6b83b924d09dAndy Stadler // encryption required - OR logic - will change here because true 189d09cff08882e553afce919865a2cc60b657d4659Ben Komalo // don't allow camera - OR logic - will *not* change here because it's already true 190aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p5in = setupPolicy(4, Policy.PASSWORD_MODE_SIMPLE, 5, 6, true, 1, 0, 0, 191e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo true, false); 192aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Account a5 = ProviderTestUtils.setupAccount("sec-5", true, mMockContext); 19317d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie SecurityPolicy.setAccountPolicy(mMockContext, a5, p5in, null); 194aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p5out = mSecurityPolicy.computeAggregatePolicy(); 195345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertNotNull(p5out); 196aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank assertEquals(20, p5out.mPasswordMinLength); 197aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank assertEquals(Policy.PASSWORD_MODE_STRONG, p5out.mPasswordMode); 198aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank assertEquals(5, p5out.mPasswordMaxFails); 199345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(6, p5out.mMaxScreenLockTime); 2001ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(1, p5out.mPasswordExpirationDays); 201469f2987dc11d153434e50eb04dd6b83b924d09dAndy Stadler assertEquals(5, p5out.mPasswordHistory); 202469f2987dc11d153434e50eb04dd6b83b924d09dAndy Stadler assertEquals(7, p5out.mPasswordComplexChars); 203345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertTrue(p5out.mRequireRemoteWipe); 2047fd14be80447de15bd5360321fa80e34f60fa251Andy Stadler assertFalse(p5out.mRequireEncryptionExternal); 205d09cff08882e553afce919865a2cc60b657d4659Ben Komalo assertTrue(p5out.mDontAllowCamera); 206345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler } 207345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 208505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo private long assertAccountPolicyConsistent(long accountId, long oldKey) { 209505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo Account account = Account.restoreAccountWithId(mMockContext, accountId); 210505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo long policyKey = account.mPolicyKey; 211505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo 212505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo assertTrue(policyKey > 0); 213505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo 214505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo // Found a policy. Ensure it matches. 215505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo Policy policy = Policy.restorePolicyWithId(mMockContext, policyKey); 216505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo assertNotNull(policy); 217505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo assertEquals(account.mPolicyKey, policy.mId); 218505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo assertEquals( 219505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo accountId, 220505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo Policy.getAccountIdWithPolicyKey(mMockContext, policy.mId)); 221505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo 222505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo // Assert the old one isn't there. 223505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo if (oldKey > 0) { 224505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo assertNull("old policy not cleaned up", 225505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo Policy.restorePolicyWithId(mMockContext, oldKey)); 226505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo } 227505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo 228505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo return policyKey; 229505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo } 230505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo 231505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo @SmallTest 232505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo public void testSettingAccountPolicy() { 233505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo Account account = ProviderTestUtils.setupAccount("testaccount", true, mMockContext); 234505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo long accountId = account.mId; 235505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo Policy initial = setupPolicy(10, Policy.PASSWORD_MODE_SIMPLE, 0, 0, false, 0, 0, 0, 236e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo false, false); 23717d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie SecurityPolicy.setAccountPolicy(mMockContext, account, initial, null); 238505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo 239505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo long oldKey = assertAccountPolicyConsistent(account.mId, 0); 240505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo 241505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo Policy updated = setupPolicy(10, Policy.PASSWORD_MODE_SIMPLE, 0, 0, false, 0, 0, 0, 242e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo false, false); 24317d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie SecurityPolicy.setAccountPolicy(mMockContext, account, updated, null); 244505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo oldKey = assertAccountPolicyConsistent(account.mId, oldKey); 245505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo 246505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo // Remove the policy 24717d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie SecurityPolicy.clearAccountPolicy( 248505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo mMockContext, Account.restoreAccountWithId(mMockContext, accountId)); 249505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo assertNull("old policy not cleaned up", 250505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo Policy.restorePolicyWithId(mMockContext, oldKey)); 251505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo } 252505ac4b09bbe13ff099e40d94e45963e46a9261fBen Komalo 253345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler /** 2549b4988de43dbee6c06066caab63806e8c8303d7dMarc Blank * Test equality. Note, the tests for inequality are poor, as each field should 255345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * be tested individually. 256345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler */ 257345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler @SmallTest 2589b4988de43dbee6c06066caab63806e8c8303d7dMarc Blank public void testEquals() { 259aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p1 = 260e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo setupPolicy(1, Policy.PASSWORD_MODE_STRONG, 3, 4, true, 7, 8, 9, false, false); 261aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p2 = 262e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo setupPolicy(1, Policy.PASSWORD_MODE_STRONG, 3, 4, true, 7, 8, 9, false, false); 263aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p3 = 264e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo setupPolicy(2, Policy.PASSWORD_MODE_SIMPLE, 5, 6, true, 7, 8, 9, false, false); 265d09cff08882e553afce919865a2cc60b657d4659Ben Komalo Policy p4 = 266e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo setupPolicy(1, Policy.PASSWORD_MODE_STRONG, 3, 4, true, 7, 8, 9, false, true); 267345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertTrue(p1.equals(p2)); 268345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertFalse(p2.equals(p3)); 269d09cff08882e553afce919865a2cc60b657d4659Ben Komalo assertFalse(p1.equals(p4)); 270345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler } 271345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 2722a5eeea9213005060256054ec773e72406415ce4Andrew Stadler /** 2732a5eeea9213005060256054ec773e72406415ce4Andrew Stadler * Test the API to set/clear policy hold flags in an account 2742a5eeea9213005060256054ec773e72406415ce4Andrew Stadler */ 2752a5eeea9213005060256054ec773e72406415ce4Andrew Stadler public void testSetClearHoldFlag() { 2762a5eeea9213005060256054ec773e72406415ce4Andrew Stadler Account a2 = ProviderTestUtils.setupAccount("holdflag-2", false, mMockContext); 27717d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie a2.mFlags = Account.FLAGS_SYNC_DISABLED | Account.FLAGS_SECURITY_HOLD; 2782a5eeea9213005060256054ec773e72406415ce4Andrew Stadler a2.save(mMockContext); 2792a5eeea9213005060256054ec773e72406415ce4Andrew Stadler 2802a5eeea9213005060256054ec773e72406415ce4Andrew Stadler // confirm set until cleared 2812a5eeea9213005060256054ec773e72406415ce4Andrew Stadler Account a2a = Account.restoreAccountWithId(mMockContext, a2.mId); 28217d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie assertEquals(Account.FLAGS_SYNC_DISABLED | Account.FLAGS_SECURITY_HOLD, a2a.mFlags); 28317d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie 28417d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie // set account hold flag off 285aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank SecurityPolicy.setAccountHoldFlag(mMockContext, a2, false); 28617d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie assertEquals(Account.FLAGS_SYNC_DISABLED, a2.mFlags); 28717d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie 28817d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie // confirm account hold flag set 2892a5eeea9213005060256054ec773e72406415ce4Andrew Stadler Account a2b = Account.restoreAccountWithId(mMockContext, a2.mId); 29017d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie assertEquals(Account.FLAGS_SYNC_DISABLED, a2b.mFlags); 2912a5eeea9213005060256054ec773e72406415ce4Andrew Stadler } 2922a5eeea9213005060256054ec773e72406415ce4Andrew Stadler 2932a5eeea9213005060256054ec773e72406415ce4Andrew Stadler /** 294af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler * Test the response to disabling DeviceAdmin status 295af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler */ 296af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler public void testDisableAdmin() { 297aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Account a1 = ProviderTestUtils.setupAccount("disable-1", true, mMockContext); 298aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p1 = setupPolicy(10, Policy.PASSWORD_MODE_SIMPLE, 0, 0, false, 0, 0, 0, 299e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo false, false); 30017d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie SecurityPolicy.setAccountPolicy(mMockContext, a1, p1, "security-sync-key-1"); 301af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler 302aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Account a2 = ProviderTestUtils.setupAccount("disable-2", true, mMockContext); 303aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p2 = setupPolicy(20, Policy.PASSWORD_MODE_STRONG, 25, 26, false, 0, 0, 0, 304e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo false, false); 30517d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie SecurityPolicy.setAccountPolicy(mMockContext, a2, p2, "security-sync-key-2"); 306af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler 307aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Account a3 = ProviderTestUtils.setupAccount("disable-3", true, mMockContext); 30817d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie SecurityPolicy.clearAccountPolicy(mMockContext, a3); 309af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler 310aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank mSecurityPolicy = SecurityPolicy.getInstance(mMockContext); 311af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler 312aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank // Confirm that "enabling" device admin does not change security status (policy & sync key) 313aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy before = mSecurityPolicy.getAggregatePolicy(); 314aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank mSecurityPolicy.onAdminEnabled(true); // "enabled" should not change anything 315aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy after1 = mSecurityPolicy.getAggregatePolicy(); 316af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler assertEquals(before, after1); 317af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler Account a1a = Account.restoreAccountWithId(mMockContext, a1.mId); 318af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler assertNotNull(a1a.mSecuritySyncKey); 319aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank assertTrue(a1a.mPolicyKey > 0); 320af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler Account a2a = Account.restoreAccountWithId(mMockContext, a2.mId); 321af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler assertNotNull(a2a.mSecuritySyncKey); 322aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank assertTrue(a2a.mPolicyKey > 0); 323af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler Account a3a = Account.restoreAccountWithId(mMockContext, a3.mId); 324af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler assertNull(a3a.mSecuritySyncKey); 325aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank assertTrue(a3a.mPolicyKey == 0); 326af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler 3274e4aba9ebc43c6a83190f3a883fa05bb7d5100b3Marc Blank mSecurityPolicy.deleteSecuredAccounts(mMockContext); 3284e4aba9ebc43c6a83190f3a883fa05bb7d5100b3Marc Blank Policy after2 = mSecurityPolicy.getAggregatePolicy(); 3294e4aba9ebc43c6a83190f3a883fa05bb7d5100b3Marc Blank assertEquals(EMPTY_POLICY, after2); 3304e4aba9ebc43c6a83190f3a883fa05bb7d5100b3Marc Blank Account a1b = Account.restoreAccountWithId(mMockContext, a1.mId); 3314e4aba9ebc43c6a83190f3a883fa05bb7d5100b3Marc Blank assertNull(a1b); 3324e4aba9ebc43c6a83190f3a883fa05bb7d5100b3Marc Blank Account a2b = Account.restoreAccountWithId(mMockContext, a2.mId); 3334e4aba9ebc43c6a83190f3a883fa05bb7d5100b3Marc Blank assertNull(a2b); 3344e4aba9ebc43c6a83190f3a883fa05bb7d5100b3Marc Blank Account a3b = Account.restoreAccountWithId(mMockContext, a3.mId); 3354e4aba9ebc43c6a83190f3a883fa05bb7d5100b3Marc Blank assertNull(a3b.mSecuritySyncKey); 3361ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler } 3371ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 3381ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler /** 3391ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler * Test the scanner that finds expiring accounts 3401ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler */ 3411ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler public void testFindExpiringAccount() { 342aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank ProviderTestUtils.setupAccount("expiring-1", true, mMockContext); 3431ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 3441ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // With no expiring accounts, this should return null. 3457fd14be80447de15bd5360321fa80e34f60fa251Andy Stadler long nextExpiringAccountId = SecurityPolicy.findShortestExpiration(mMockContext); 3461ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(-1, nextExpiringAccountId); 3471ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 3481ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // Add a single expiring account 349aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Account a2 = 350aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank ProviderTestUtils.setupAccount("expiring-2", true, mMockContext); 351aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p2 = setupPolicy(20, Policy.PASSWORD_MODE_STRONG, 25, 26, false, 30, 0, 0, 352e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo false, true); 35317d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie SecurityPolicy.setAccountPolicy(mMockContext, a2, p2, null); 3541ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 3551ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // The expiring account should be returned 3567fd14be80447de15bd5360321fa80e34f60fa251Andy Stadler nextExpiringAccountId = SecurityPolicy.findShortestExpiration(mMockContext); 3571ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(a2.mId, nextExpiringAccountId); 3581ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 3591ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // Add an account with a longer expiration 360aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Account a3 = ProviderTestUtils.setupAccount("expiring-3", true, mMockContext); 361aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p3 = setupPolicy(20, Policy.PASSWORD_MODE_STRONG, 25, 26, false, 60, 0, 0, 362e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo false, true); 36317d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie SecurityPolicy.setAccountPolicy(mMockContext, a3, p3, null); 3641ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 3651ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // The original expiring account (a2) should be returned 3667fd14be80447de15bd5360321fa80e34f60fa251Andy Stadler nextExpiringAccountId = SecurityPolicy.findShortestExpiration(mMockContext); 3671ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(a2.mId, nextExpiringAccountId); 3681ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 3691ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // Add an account with a shorter expiration 370aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Account a4 = ProviderTestUtils.setupAccount("expiring-4", true, mMockContext); 371aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p4 = setupPolicy(20, Policy.PASSWORD_MODE_STRONG, 25, 26, false, 15, 0, 0, 372e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo false, true); 37317d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie SecurityPolicy.setAccountPolicy(mMockContext, a4, p4, null); 3741ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 3751ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // The new expiring account (a4) should be returned 3767fd14be80447de15bd5360321fa80e34f60fa251Andy Stadler nextExpiringAccountId = SecurityPolicy.findShortestExpiration(mMockContext); 3771ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(a4.mId, nextExpiringAccountId); 3781ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler } 3791ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 3801ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler /** 3811ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler * Test the scanner that wipes expiring accounts 3821ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler */ 3831ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler public void testWipeExpiringAccounts() { 384aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank mSecurityPolicy = SecurityPolicy.getInstance(mMockContext); 3851ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 3861ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // Two accounts - a1 is normal, a2 has security (but no expiration) 3871ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler Account a1 = ProviderTestUtils.setupAccount("expired-1", true, mMockContext); 388aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Account a2 = ProviderTestUtils.setupAccount("expired-2", true, mMockContext); 389aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p2 = setupPolicy(20, Policy.PASSWORD_MODE_STRONG, 25, 26, false, 0, 0, 0, 390e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo false, true); 39117d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie SecurityPolicy.setAccountPolicy(mMockContext, a2, p2, null); 3921ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 3931ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // Add a mailbox & messages to each account 3941ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler long account1Id = a1.mId; 3951ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler long account2Id = a2.mId; 3961ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler Mailbox box1 = ProviderTestUtils.setupMailbox("box1", account1Id, true, mMockContext); 3971ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler long box1Id = box1.mId; 3981ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler ProviderTestUtils.setupMessage("message1", account1Id, box1Id, false, true, mMockContext); 3991ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler ProviderTestUtils.setupMessage("message2", account1Id, box1Id, false, true, mMockContext); 4001ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler Mailbox box2 = ProviderTestUtils.setupMailbox("box2", account2Id, true, mMockContext); 4011ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler long box2Id = box2.mId; 4021ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler ProviderTestUtils.setupMessage("message3", account2Id, box2Id, false, true, mMockContext); 4031ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler ProviderTestUtils.setupMessage("message4", account2Id, box2Id, false, true, mMockContext); 4041ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 4051ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // Run the expiration code - should do nothing 40617d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie boolean wiped = SecurityPolicy.wipeExpiredAccounts(mMockContext); 4071ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertFalse(wiped); 4081ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // check mailboxes & messages not wiped 4091ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(2, EmailContent.count(mMockContext, Account.CONTENT_URI)); 4101ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(2, EmailContent.count(mMockContext, Mailbox.CONTENT_URI)); 4111ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(4, EmailContent.count(mMockContext, Message.CONTENT_URI)); 4121ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 4131ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // Add 3rd account that really expires 414aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Account a3 = ProviderTestUtils.setupAccount("expired-3", true, mMockContext); 415aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p3 = setupPolicy(20, Policy.PASSWORD_MODE_STRONG, 25, 26, false, 30, 0, 0, 416e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo false, true); 41717d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie SecurityPolicy.setAccountPolicy(mMockContext, a3, p3, null); 4181ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 4191ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // Add mailbox & messages to 3rd account 4201ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler long account3Id = a3.mId; 4211ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler Mailbox box3 = ProviderTestUtils.setupMailbox("box3", account3Id, true, mMockContext); 4221ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler long box3Id = box3.mId; 4231ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler ProviderTestUtils.setupMessage("message5", account3Id, box3Id, false, true, mMockContext); 4241ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler ProviderTestUtils.setupMessage("message6", account3Id, box3Id, false, true, mMockContext); 4251ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 4261ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // check new counts 4271ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(3, EmailContent.count(mMockContext, Account.CONTENT_URI)); 4281ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(3, EmailContent.count(mMockContext, Mailbox.CONTENT_URI)); 4291ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(6, EmailContent.count(mMockContext, Message.CONTENT_URI)); 4301ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 4311ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // Run the expiration code - wipe acct #3 43217d3a29c9d8f7a27c463239f190bdcc4e0804527Jerry Xie wiped = SecurityPolicy.wipeExpiredAccounts(mMockContext); 4331ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertTrue(wiped); 4341ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // check new counts - account survives but data is wiped 4351ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(3, EmailContent.count(mMockContext, Account.CONTENT_URI)); 4361ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(2, EmailContent.count(mMockContext, Mailbox.CONTENT_URI)); 4371ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(4, EmailContent.count(mMockContext, Message.CONTENT_URI)); 4381ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler 4391ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler // Check security hold states - only #3 should be in hold 4401ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler Account account = Account.restoreAccountWithId(mMockContext, account1Id); 4411ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(0, account.mFlags & Account.FLAGS_SECURITY_HOLD); 4421ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler account = Account.restoreAccountWithId(mMockContext, account2Id); 4431ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(0, account.mFlags & Account.FLAGS_SECURITY_HOLD); 4441ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler account = Account.restoreAccountWithId(mMockContext, account3Id); 4451ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler assertEquals(Account.FLAGS_SECURITY_HOLD, account.mFlags & Account.FLAGS_SECURITY_HOLD); 4461ca111c19c83d54ad23bd8615d9c648e09ec3366Andy Stadler } 447a0d080558ff06f88f000cf424803c8241dd8d2ebAndy Stadler 448a0d080558ff06f88f000cf424803c8241dd8d2ebAndy Stadler /** 44922759bacd95385d95d3d9321f490763df1aba89dAndy Stadler * Test the code that converts from exchange-style quality to DPM/Lockscreen style quality. 45022759bacd95385d95d3d9321f490763df1aba89dAndy Stadler */ 45122759bacd95385d95d3d9321f490763df1aba89dAndy Stadler public void testGetDPManagerPasswordQuality() { 452aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank // Policy.PASSWORD_MODE_NONE -> DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED 453aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p1 = setupPolicy(0, Policy.PASSWORD_MODE_NONE, 454e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo 0, 0, false, 0, 0, 0, false, false); 45522759bacd95385d95d3d9321f490763df1aba89dAndy Stadler assertEquals(DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, 45622759bacd95385d95d3d9321f490763df1aba89dAndy Stadler p1.getDPManagerPasswordQuality()); 45722759bacd95385d95d3d9321f490763df1aba89dAndy Stadler 45822759bacd95385d95d3d9321f490763df1aba89dAndy Stadler // PASSWORD_MODE_SIMPLE -> PASSWORD_QUALITY_NUMERIC 459aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p2 = setupPolicy(4, Policy.PASSWORD_MODE_SIMPLE, 460e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo 0, 0, false, 0, 0, 0, false, false); 46122759bacd95385d95d3d9321f490763df1aba89dAndy Stadler assertEquals(DevicePolicyManager.PASSWORD_QUALITY_NUMERIC, 46222759bacd95385d95d3d9321f490763df1aba89dAndy Stadler p2.getDPManagerPasswordQuality()); 46322759bacd95385d95d3d9321f490763df1aba89dAndy Stadler 46422759bacd95385d95d3d9321f490763df1aba89dAndy Stadler // PASSWORD_MODE_STRONG -> PASSWORD_QUALITY_ALPHANUMERIC 465aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p3 = setupPolicy(4, Policy.PASSWORD_MODE_STRONG, 466e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo 0, 0, false, 0, 0, 0, false, false); 46722759bacd95385d95d3d9321f490763df1aba89dAndy Stadler assertEquals(DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC, 46822759bacd95385d95d3d9321f490763df1aba89dAndy Stadler p3.getDPManagerPasswordQuality()); 46922759bacd95385d95d3d9321f490763df1aba89dAndy Stadler 47022759bacd95385d95d3d9321f490763df1aba89dAndy Stadler // PASSWORD_MODE_STRONG + complex chars -> PASSWORD_QUALITY_COMPLEX 471aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy p4 = setupPolicy(4, Policy.PASSWORD_MODE_STRONG, 472e76962b1b9c66ecc3fd49cd4c956f234365bfe5cBen Komalo 0, 0, false, 0, 0 , 2, false, false); 47322759bacd95385d95d3d9321f490763df1aba89dAndy Stadler assertEquals(DevicePolicyManager.PASSWORD_QUALITY_COMPLEX, 47422759bacd95385d95d3d9321f490763df1aba89dAndy Stadler p4.getDPManagerPasswordQuality()); 47522759bacd95385d95d3d9321f490763df1aba89dAndy Stadler } 476aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank 477aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank private boolean policySetEqualsPolicy(PolicySet ps, Policy policy) { 478aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank if ((ps.mPasswordMode >> LegacyPolicySet.PASSWORD_MODE_SHIFT) != policy.mPasswordMode) { 479aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank return false; 480aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank } 481aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank if (ps.mMinPasswordLength != policy.mPasswordMinLength) return false; 482aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank if (ps.mPasswordComplexChars != policy.mPasswordComplexChars) return false; 483aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank if (ps.mPasswordHistory != policy.mPasswordHistory) return false; 484aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank if (ps.mPasswordExpirationDays != policy.mPasswordExpirationDays) return false; 485aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank if (ps.mMaxPasswordFails != policy.mPasswordMaxFails) return false; 486aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank if (ps.mMaxScreenLockTime != policy.mMaxScreenLockTime) return false; 487aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank if (ps.mRequireRemoteWipe != policy.mRequireRemoteWipe) return false; 488aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank if (ps.mRequireEncryption != policy.mRequireEncryption) return false; 489aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank if (ps.mRequireEncryptionExternal != policy.mRequireEncryptionExternal) return false; 490aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank return true; 491aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank } 492aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank 493aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank public void testPolicyFlagsToPolicy() { 494aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank // Policy flags; the three sets included here correspond to policies for three test 495aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank // accounts that, between them, use all of the possible policies 496aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank long flags = 67096612L; 497aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank PolicySet ps = new PolicySet(flags); 498aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank Policy policy = LegacyPolicySet.flagsToPolicy(flags); 499aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank assertTrue(policySetEqualsPolicy(ps, policy)); 500aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank flags = 52776591691846L; 501aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank ps = new PolicySet(flags); 502aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank policy = LegacyPolicySet.flagsToPolicy(flags); 503aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank assertTrue(policySetEqualsPolicy(ps, policy)); 504aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank flags = 1689605957029924L; 505aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank ps = new PolicySet(flags); 506aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank policy = LegacyPolicySet.flagsToPolicy(flags); 507aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank assertTrue(policySetEqualsPolicy(ps, policy)); 508aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank } 509aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank 510aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank /** 511aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank * The old PolicySet class fields and constructor; we use this to test conversion to the 512aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank * new Policy table scheme 513aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank */ 514aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank private static class PolicySet { 515aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank private final int mMinPasswordLength; 516aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank private final int mPasswordMode; 517aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank private final int mMaxPasswordFails; 518aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank private final int mMaxScreenLockTime; 519aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank private final boolean mRequireRemoteWipe; 520aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank private final int mPasswordExpirationDays; 521aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank private final int mPasswordHistory; 522aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank private final int mPasswordComplexChars; 523aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank private final boolean mRequireEncryption; 524aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank private final boolean mRequireEncryptionExternal; 525aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank 526aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank /** 527aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank * Create from values encoded in an account flags int 528aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank */ 529aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank private PolicySet(long flags) { 530aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank mMinPasswordLength = (int) ((flags & LegacyPolicySet.PASSWORD_LENGTH_MASK) 531aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank >> LegacyPolicySet.PASSWORD_LENGTH_SHIFT); 532aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank mPasswordMode = 533aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank (int) (flags & LegacyPolicySet.PASSWORD_MODE_MASK); 534aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank mMaxPasswordFails = (int) ((flags & LegacyPolicySet.PASSWORD_MAX_FAILS_MASK) 535aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank >> LegacyPolicySet.PASSWORD_MAX_FAILS_SHIFT); 536aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank mMaxScreenLockTime = (int) ((flags & LegacyPolicySet.SCREEN_LOCK_TIME_MASK) 537aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank >> LegacyPolicySet.SCREEN_LOCK_TIME_SHIFT); 538aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank mRequireRemoteWipe = 0 != (flags & LegacyPolicySet.REQUIRE_REMOTE_WIPE); 539aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank mPasswordExpirationDays = (int) ((flags & LegacyPolicySet.PASSWORD_EXPIRATION_MASK) 540aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank >> LegacyPolicySet.PASSWORD_EXPIRATION_SHIFT); 541aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank mPasswordHistory = (int) ((flags & LegacyPolicySet.PASSWORD_HISTORY_MASK) 542aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank >> LegacyPolicySet.PASSWORD_HISTORY_SHIFT); 543aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank mPasswordComplexChars = (int) ((flags & LegacyPolicySet.PASSWORD_COMPLEX_CHARS_MASK) 544aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank >> LegacyPolicySet.PASSWORD_COMPLEX_CHARS_SHIFT); 545aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank mRequireEncryption = 0 != (flags & LegacyPolicySet.REQUIRE_ENCRYPTION); 546aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank mRequireEncryptionExternal = 0 != (flags & LegacyPolicySet.REQUIRE_ENCRYPTION_EXTERNAL); 547aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank } 548aeee10e57ef4d931e7708fde218d590453a82aeaMarc Blank } 549345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler} 550