SecurityPolicyTests.java revision 1d6dab29562eca7978f179be5f5c75f22f44d734
1345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler/* 2345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * Copyright (C) 2010 The Android Open Source Project 3345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * 4345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * Licensed under the Apache License, Version 2.0 (the "License"); 5345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * you may not use this file except in compliance with the License. 6345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * You may obtain a copy of the License at 7345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * 8345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * http://www.apache.org/licenses/LICENSE-2.0 9345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * 10345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * Unless required by applicable law or agreed to in writing, software 11345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * distributed under the License is distributed on an "AS IS" BASIS, 12345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * See the License for the specific language governing permissions and 14345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * limitations under the License. 15345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler */ 16345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 17345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadlerpackage com.android.email; 18345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 19345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadlerimport com.android.email.SecurityPolicy.PolicySet; 20345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadlerimport com.android.email.provider.EmailProvider; 21345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadlerimport com.android.email.provider.ProviderTestUtils; 22345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadlerimport com.android.email.provider.EmailContent.Account; 23345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadlerimport com.android.email.provider.EmailContent.AccountColumns; 24345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 25345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadlerimport android.content.ContentUris; 26345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadlerimport android.content.ContentValues; 27345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadlerimport android.content.Context; 28d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadlerimport android.content.ContextWrapper; 29345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadlerimport android.net.Uri; 30345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadlerimport android.test.ProviderTestCase2; 31345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadlerimport android.test.suitebuilder.annotation.MediumTest; 32345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadlerimport android.test.suitebuilder.annotation.SmallTest; 33345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 34345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler/** 35345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * This is a series of unit tests for backup/restore of the SecurityPolicy class. 36345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler */ 37345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler@MediumTest 38345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadlerpublic class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> { 39345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 40345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler private Context mMockContext; 41345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 42d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler private static final PolicySet EMPTY_POLICY_SET = 43d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler new PolicySet(0, PolicySet.PASSWORD_MODE_NONE, 0, 0, false); 44d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler 45345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler public SecurityPolicyTests() { 46345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler super(EmailProvider.class, EmailProvider.EMAIL_AUTHORITY); 47345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler } 48345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 49345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler @Override 50345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler protected void setUp() throws Exception { 51345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler super.setUp(); 52345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 53d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler mMockContext = new MockContext2(getMockContext(), this.mContext); 54345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler } 55345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 56345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler /** 57345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * Delete any dummy accounts we set up for this test 58345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler */ 59345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler @Override 60345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler protected void tearDown() throws Exception { 61345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler super.tearDown(); 62345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler } 63345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 64345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler /** 650fb092b38912c7cff776a51872840bb2089ebe08Makoto Onuki * Private context wrapper used to add back getPackageName() for these tests. 660fb092b38912c7cff776a51872840bb2089ebe08Makoto Onuki * 670fb092b38912c7cff776a51872840bb2089ebe08Makoto Onuki * This class also implements {@link Context} method(s) that is called during tests. 68d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler */ 69d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler private static class MockContext2 extends ContextWrapper { 70d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler 71d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler private final Context mRealContext; 72d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler 73d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler public MockContext2(Context mockContext, Context realContext) { 74d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler super(mockContext); 75d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler mRealContext = realContext; 76d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler } 77d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler 78d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler @Override 790fb092b38912c7cff776a51872840bb2089ebe08Makoto Onuki public Context getApplicationContext() { 800fb092b38912c7cff776a51872840bb2089ebe08Makoto Onuki return this; 810fb092b38912c7cff776a51872840bb2089ebe08Makoto Onuki } 820fb092b38912c7cff776a51872840bb2089ebe08Makoto Onuki 830fb092b38912c7cff776a51872840bb2089ebe08Makoto Onuki @Override 84d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler public String getPackageName() { 85d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler return mRealContext.getPackageName(); 86d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler } 87d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler } 88d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler 89d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler /** 90345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * Retrieve the security policy object, and inject the mock context so it works as expected 91345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler */ 92345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler private SecurityPolicy getSecurityPolicy() { 93345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler SecurityPolicy sp = SecurityPolicy.getInstance(mMockContext); 94345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler sp.setContext(mMockContext); 95345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler return sp; 96345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler } 97345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 981d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank public void testPolicySetConstructor() { 991d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank // We know that EMPTY_POLICY_SET doesn't generate an Exception or we wouldn't be here 1001d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank // Try some illegal parameters 1011d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank try { 1021d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank new PolicySet(100, PolicySet.PASSWORD_MODE_NONE, 0, 0, false); 1031d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank fail("Too-long password allowed"); 1041d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank } catch (IllegalArgumentException e) { 1051d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank } 1061d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank try { 1071d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank new PolicySet(0, PolicySet.PASSWORD_MODE_STRONG + 1, 0, 0, false); 1081d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank fail("Illegal password mode allowed"); 1091d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank } catch (IllegalArgumentException e) { 1101d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank } 1111d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank try { 1121d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank new PolicySet(0, PolicySet.PASSWORD_MODE_NONE, 0, 1131d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank PolicySet.SCREEN_LOCK_TIME_MAX + 1, false); 1141d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank fail("Too-long screen lock time allowed"); 1151d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank } catch (IllegalArgumentException e) { 1161d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank } 1171d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank } 1181d6dab29562eca7978f179be5f5c75f22f44d734Marc Blank 119345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler /** 120345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * Test business logic of aggregating accounts with policies 121345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler */ 122345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler public void testAggregator() { 123345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler SecurityPolicy sp = getSecurityPolicy(); 124345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 125d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler // with no accounts, should return empty set 126d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler assertTrue(EMPTY_POLICY_SET.equals(sp.computeAggregatePolicy())); 127345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 128d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler // with accounts having no security, empty set 129345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler Account a1 = ProviderTestUtils.setupAccount("no-sec-1", false, mMockContext); 130345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler a1.mSecurityFlags = 0; 131345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler a1.save(mMockContext); 132345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler Account a2 = ProviderTestUtils.setupAccount("no-sec-2", false, mMockContext); 133345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler a2.mSecurityFlags = 0; 134345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler a2.save(mMockContext); 135d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler assertTrue(EMPTY_POLICY_SET.equals(sp.computeAggregatePolicy())); 136345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 137345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // with a single account in security mode, should return same security as in account 1383d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler // first test with partially-populated policies 139345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler Account a3 = ProviderTestUtils.setupAccount("sec-3", false, mMockContext); 1403d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler PolicySet p3ain = new PolicySet(10, PolicySet.PASSWORD_MODE_SIMPLE, 0, 0, false); 1413d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler p3ain.writeAccount(a3, null, true, mMockContext); 1423d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler PolicySet p3aout = sp.computeAggregatePolicy(); 1433d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler assertNotNull(p3aout); 1443d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler assertEquals(p3ain, p3aout); 1453d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler 1463d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler // Repeat that test with fully-populated policies 1473d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler PolicySet p3bin = new PolicySet(10, PolicySet.PASSWORD_MODE_SIMPLE, 15, 16, false); 1483d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler p3bin.writeAccount(a3, null, true, mMockContext); 1493d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler PolicySet p3bout = sp.computeAggregatePolicy(); 1503d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler assertNotNull(p3bout); 1513d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler assertEquals(p3bin, p3bout); 152345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 153345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // add another account which mixes it up (some fields will change, others will not) 154345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // pw length and pw mode - max logic - will change because larger #s here 155345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // fail count and lock timer - min logic - will *not* change because larger #s here 156345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // wipe required - OR logic - will *not* change here because false 157345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler PolicySet p4in = new PolicySet(20, PolicySet.PASSWORD_MODE_STRONG, 25, 26, false); 158345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler Account a4 = ProviderTestUtils.setupAccount("sec-4", false, mMockContext); 1593d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler p4in.writeAccount(a4, null, true, mMockContext); 160345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler PolicySet p4out = sp.computeAggregatePolicy(); 161345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertNotNull(p4out); 162345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(20, p4out.mMinPasswordLength); 163345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(PolicySet.PASSWORD_MODE_STRONG, p4out.mPasswordMode); 164345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(15, p4out.mMaxPasswordFails); 165345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(16, p4out.mMaxScreenLockTime); 166345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertFalse(p4out.mRequireRemoteWipe); 167345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 168345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // add another account which mixes it up (the remaining fields will change) 169345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // pw length and pw mode - max logic - will *not* change because smaller #s here 170345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // fail count and lock timer - min logic - will change because smaller #s here 171345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler // wipe required - OR logic - will change here because true 172345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler PolicySet p5in = new PolicySet(4, PolicySet.PASSWORD_MODE_NONE, 5, 6, true); 173345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler Account a5 = ProviderTestUtils.setupAccount("sec-5", false, mMockContext); 1743d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler p5in.writeAccount(a5, null, true, mMockContext); 175345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler PolicySet p5out = sp.computeAggregatePolicy(); 176345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertNotNull(p5out); 177345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(20, p5out.mMinPasswordLength); 178345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(PolicySet.PASSWORD_MODE_STRONG, p5out.mPasswordMode); 179345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(5, p5out.mMaxPasswordFails); 180345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(6, p5out.mMaxScreenLockTime); 181345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertTrue(p5out.mRequireRemoteWipe); 182345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler } 183345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 184345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler /** 185345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * Make sure aggregator (and any other direct DB accessors) handle the case of upgraded 186345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * accounts properly (where the security flags will be NULL instead of zero). 187345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler */ 188345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler public void testNullFlags() { 189345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler SecurityPolicy sp = getSecurityPolicy(); 190345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 191345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler Account a1 = ProviderTestUtils.setupAccount("null-sec-1", true, mMockContext); 192345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler ContentValues cv = new ContentValues(); 193345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler cv.putNull(AccountColumns.SECURITY_FLAGS); 194345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler Uri uri = ContentUris.withAppendedId(Account.CONTENT_URI, a1.mId); 195345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler mMockContext.getContentResolver().update(uri, cv, null, null); 196345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 197345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler Account a2 = ProviderTestUtils.setupAccount("no-sec-2", false, mMockContext); 198345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler a2.mSecurityFlags = 0; 199345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler a2.save(mMockContext); 200d62860821c2dbc14ab493b888cb129bd5addd53dAndrew Stadler assertTrue(EMPTY_POLICY_SET.equals(sp.computeAggregatePolicy())); 201345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler } 202345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 203345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler /** 204345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * Make sure the fields are encoded properly for their max ranges. This is looking 205345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * for any encoding mask/shift errors, which would cause bits to overflow into other fields. 206345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler */ 207345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler @SmallTest 208a843d40ba1d3eb77e76b4a28aa911588f0fd81a1Andrew Stadler public void testFieldIsolation() { 209345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler PolicySet p = new PolicySet(PolicySet.PASSWORD_LENGTH_MAX, 0, 0, 0, false); 210345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(PolicySet.PASSWORD_LENGTH_MAX, p.mMinPasswordLength); 211345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(0, p.mPasswordMode); 212345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(0, p.mMaxPasswordFails); 213345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(0, p.mMaxScreenLockTime); 214345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertFalse(p.mRequireRemoteWipe); 215345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 216345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler p = new PolicySet(0, PolicySet.PASSWORD_MODE_STRONG, 0, 0, false); 217345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(0, p.mMinPasswordLength); 218345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(PolicySet.PASSWORD_MODE_STRONG, p.mPasswordMode); 219345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(0, p.mMaxPasswordFails); 220345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(0, p.mMaxScreenLockTime); 221345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertFalse(p.mRequireRemoteWipe); 222345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 223345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler p = new PolicySet(0, 0, PolicySet.PASSWORD_MAX_FAILS_MAX, 0, false); 224345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(0, p.mMinPasswordLength); 225345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(0, p.mPasswordMode); 226345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(PolicySet.PASSWORD_MAX_FAILS_MAX, p.mMaxPasswordFails); 227345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(0, p.mMaxScreenLockTime); 228345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertFalse(p.mRequireRemoteWipe); 229345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 230345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler p = new PolicySet(0, 0, 0, PolicySet.SCREEN_LOCK_TIME_MAX, false); 231345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(0, p.mMinPasswordLength); 232345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(0, p.mPasswordMode); 233345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(0, p.mMaxPasswordFails); 234345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(PolicySet.SCREEN_LOCK_TIME_MAX, p.mMaxScreenLockTime); 235345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertFalse(p.mRequireRemoteWipe); 236345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 237345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler p = new PolicySet(0, 0, 0, 0, true); 238345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(0, p.mMinPasswordLength); 239345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(0, p.mPasswordMode); 240345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(0, p.mMaxPasswordFails); 241345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(0, p.mMaxScreenLockTime); 242345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertTrue(p.mRequireRemoteWipe); 243345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler } 244345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 245345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler /** 246345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * Test encoding into an Account and out again 247345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler */ 248345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler @SmallTest 249345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler public void testAccountEncoding() { 250345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler PolicySet p1 = new PolicySet(1, PolicySet.PASSWORD_MODE_STRONG, 3, 4, true); 251345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler Account a = new Account(); 252345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler final String SYNC_KEY = "test_sync_key"; 2533d2b3b3b3554be2ac23d9a49fee00faa9693e857Andrew Stadler p1.writeAccount(a, SYNC_KEY, false, null); 254345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler PolicySet p2 = new PolicySet(a); 255345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertEquals(p1, p2); 256345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler } 257345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 258345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler /** 259345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * Test equality & hash. Note, the tests for inequality are poor, as each field should 260345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler * be tested individually. 261345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler */ 262345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler @SmallTest 263345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler public void testEqualsAndHash() { 264345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler PolicySet p1 = new PolicySet(1, PolicySet.PASSWORD_MODE_STRONG, 3, 4, true); 265345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler PolicySet p2 = new PolicySet(1, PolicySet.PASSWORD_MODE_STRONG, 3, 4, true); 266345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler PolicySet p3 = new PolicySet(2, PolicySet.PASSWORD_MODE_SIMPLE, 5, 6, true); 267345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertTrue(p1.equals(p2)); 268345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertFalse(p2.equals(p3)); 269345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertTrue(p1.hashCode() == p2.hashCode()); 270345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler assertFalse(p2.hashCode() == p3.hashCode()); 271345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler } 272345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler 2732a5eeea9213005060256054ec773e72406415ce4Andrew Stadler /** 2742a5eeea9213005060256054ec773e72406415ce4Andrew Stadler * Test the API to set/clear policy hold flags in an account 2752a5eeea9213005060256054ec773e72406415ce4Andrew Stadler */ 2762a5eeea9213005060256054ec773e72406415ce4Andrew Stadler public void testSetClearHoldFlag() { 2772a5eeea9213005060256054ec773e72406415ce4Andrew Stadler SecurityPolicy sp = getSecurityPolicy(); 2782a5eeea9213005060256054ec773e72406415ce4Andrew Stadler 2792a5eeea9213005060256054ec773e72406415ce4Andrew Stadler Account a1 = ProviderTestUtils.setupAccount("holdflag-1", false, mMockContext); 2802a5eeea9213005060256054ec773e72406415ce4Andrew Stadler a1.mFlags = Account.FLAGS_NOTIFY_NEW_MAIL; 2812a5eeea9213005060256054ec773e72406415ce4Andrew Stadler a1.save(mMockContext); 2822a5eeea9213005060256054ec773e72406415ce4Andrew Stadler Account a2 = ProviderTestUtils.setupAccount("holdflag-2", false, mMockContext); 2839e2ddca59d048fc9ac55278b193ee36b330a7981Jim Shuma a2.mFlags = Account.FLAGS_VIBRATE_ALWAYS | Account.FLAGS_SECURITY_HOLD; 2842a5eeea9213005060256054ec773e72406415ce4Andrew Stadler a2.save(mMockContext); 2852a5eeea9213005060256054ec773e72406415ce4Andrew Stadler 2862a5eeea9213005060256054ec773e72406415ce4Andrew Stadler // confirm clear until set 2872a5eeea9213005060256054ec773e72406415ce4Andrew Stadler Account a1a = Account.restoreAccountWithId(mMockContext, a1.mId); 2882a5eeea9213005060256054ec773e72406415ce4Andrew Stadler assertEquals(Account.FLAGS_NOTIFY_NEW_MAIL, a1a.mFlags); 2892a5eeea9213005060256054ec773e72406415ce4Andrew Stadler sp.setAccountHoldFlag(a1, true); 2902a5eeea9213005060256054ec773e72406415ce4Andrew Stadler assertEquals(Account.FLAGS_NOTIFY_NEW_MAIL | Account.FLAGS_SECURITY_HOLD, a1.mFlags); 2912a5eeea9213005060256054ec773e72406415ce4Andrew Stadler Account a1b = Account.restoreAccountWithId(mMockContext, a1.mId); 2922a5eeea9213005060256054ec773e72406415ce4Andrew Stadler assertEquals(Account.FLAGS_NOTIFY_NEW_MAIL | Account.FLAGS_SECURITY_HOLD, a1b.mFlags); 2932a5eeea9213005060256054ec773e72406415ce4Andrew Stadler 2942a5eeea9213005060256054ec773e72406415ce4Andrew Stadler // confirm set until cleared 2952a5eeea9213005060256054ec773e72406415ce4Andrew Stadler Account a2a = Account.restoreAccountWithId(mMockContext, a2.mId); 2969e2ddca59d048fc9ac55278b193ee36b330a7981Jim Shuma assertEquals(Account.FLAGS_VIBRATE_ALWAYS | Account.FLAGS_SECURITY_HOLD, a2a.mFlags); 2972a5eeea9213005060256054ec773e72406415ce4Andrew Stadler sp.setAccountHoldFlag(a2, false); 2989e2ddca59d048fc9ac55278b193ee36b330a7981Jim Shuma assertEquals(Account.FLAGS_VIBRATE_ALWAYS, a2.mFlags); 2992a5eeea9213005060256054ec773e72406415ce4Andrew Stadler Account a2b = Account.restoreAccountWithId(mMockContext, a2.mId); 3009e2ddca59d048fc9ac55278b193ee36b330a7981Jim Shuma assertEquals(Account.FLAGS_VIBRATE_ALWAYS, a2b.mFlags); 3012a5eeea9213005060256054ec773e72406415ce4Andrew Stadler } 3022a5eeea9213005060256054ec773e72406415ce4Andrew Stadler 3032a5eeea9213005060256054ec773e72406415ce4Andrew Stadler /** 3042a5eeea9213005060256054ec773e72406415ce4Andrew Stadler * Test the API to clear all policy hold flags in all accounts) 3052a5eeea9213005060256054ec773e72406415ce4Andrew Stadler */ 3062a5eeea9213005060256054ec773e72406415ce4Andrew Stadler public void testClearHoldFlags() { 3072a5eeea9213005060256054ec773e72406415ce4Andrew Stadler SecurityPolicy sp = getSecurityPolicy(); 3082a5eeea9213005060256054ec773e72406415ce4Andrew Stadler 3092a5eeea9213005060256054ec773e72406415ce4Andrew Stadler Account a1 = ProviderTestUtils.setupAccount("holdflag-1", false, mMockContext); 3102a5eeea9213005060256054ec773e72406415ce4Andrew Stadler a1.mFlags = Account.FLAGS_NOTIFY_NEW_MAIL; 3112a5eeea9213005060256054ec773e72406415ce4Andrew Stadler a1.save(mMockContext); 3122a5eeea9213005060256054ec773e72406415ce4Andrew Stadler Account a2 = ProviderTestUtils.setupAccount("holdflag-2", false, mMockContext); 3139e2ddca59d048fc9ac55278b193ee36b330a7981Jim Shuma a2.mFlags = Account.FLAGS_VIBRATE_ALWAYS | Account.FLAGS_SECURITY_HOLD; 3142a5eeea9213005060256054ec773e72406415ce4Andrew Stadler a2.save(mMockContext); 3152a5eeea9213005060256054ec773e72406415ce4Andrew Stadler 3162a5eeea9213005060256054ec773e72406415ce4Andrew Stadler // bulk clear 3172a5eeea9213005060256054ec773e72406415ce4Andrew Stadler sp.clearAccountHoldFlags(); 3182a5eeea9213005060256054ec773e72406415ce4Andrew Stadler 3192a5eeea9213005060256054ec773e72406415ce4Andrew Stadler // confirm new values as expected - no hold flags; other flags unmolested 3202a5eeea9213005060256054ec773e72406415ce4Andrew Stadler Account a1a = Account.restoreAccountWithId(mMockContext, a1.mId); 3212a5eeea9213005060256054ec773e72406415ce4Andrew Stadler assertEquals(Account.FLAGS_NOTIFY_NEW_MAIL, a1a.mFlags); 3222a5eeea9213005060256054ec773e72406415ce4Andrew Stadler Account a2a = Account.restoreAccountWithId(mMockContext, a2.mId); 3239e2ddca59d048fc9ac55278b193ee36b330a7981Jim Shuma assertEquals(Account.FLAGS_VIBRATE_ALWAYS, a2a.mFlags); 3242a5eeea9213005060256054ec773e72406415ce4Andrew Stadler } 325af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler 326af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler /** 327af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler * Test the response to disabling DeviceAdmin status 328af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler */ 329af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler public void testDisableAdmin() { 330af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler Account a1 = ProviderTestUtils.setupAccount("disable-1", false, mMockContext); 331af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler PolicySet p1 = new PolicySet(10, PolicySet.PASSWORD_MODE_SIMPLE, 0, 0, false); 332af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler p1.writeAccount(a1, "sync-key-1", true, mMockContext); 333af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler 334af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler Account a2 = ProviderTestUtils.setupAccount("disable-2", false, mMockContext); 335af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler PolicySet p2 = new PolicySet(20, PolicySet.PASSWORD_MODE_STRONG, 25, 26, false); 336af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler p2.writeAccount(a2, "sync-key-2", true, mMockContext); 337af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler 338af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler Account a3 = ProviderTestUtils.setupAccount("disable-3", false, mMockContext); 339af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler a3.mSecurityFlags = 0; 340af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler a3.mSecuritySyncKey = null; 341af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler a3.save(mMockContext); 342af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler 343af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler SecurityPolicy sp = getSecurityPolicy(); 344af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler 345af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler // Confirm that "enabling" device admin does not change security status (flags & sync key) 346af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler PolicySet before = sp.getAggregatePolicy(); 347af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler sp.onAdminEnabled(true); // "enabled" should not change anything 348af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler PolicySet after1 = sp.getAggregatePolicy(); 349af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler assertEquals(before, after1); 350af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler Account a1a = Account.restoreAccountWithId(mMockContext, a1.mId); 351af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler assertNotNull(a1a.mSecuritySyncKey); 352af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler Account a2a = Account.restoreAccountWithId(mMockContext, a2.mId); 353af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler assertNotNull(a2a.mSecuritySyncKey); 354af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler Account a3a = Account.restoreAccountWithId(mMockContext, a3.mId); 355af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler assertNull(a3a.mSecuritySyncKey); 356af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler 357af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler // Revoke device admin status. In the accounts we set up, security values should be reset 358af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler sp.onAdminEnabled(false); // "disabled" should clear policies 359af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler PolicySet after2 = sp.getAggregatePolicy(); 360af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler assertEquals(SecurityPolicy.NO_POLICY_SET, after2); 361af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler Account a1b = Account.restoreAccountWithId(mMockContext, a1.mId); 362af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler assertNull(a1b.mSecuritySyncKey); 363af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler Account a2b = Account.restoreAccountWithId(mMockContext, a2.mId); 364af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler assertNull(a2b.mSecuritySyncKey); 365af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler Account a3b = Account.restoreAccountWithId(mMockContext, a3.mId); 366af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler assertNull(a3b.mSecuritySyncKey); 367af55e3e436991fde91cdc80efe2786eb8f509d15Andrew Stadler } 368345fb8b737c1632fb2a7e69ac44b8612be6237edAndrew Stadler} 369