/* * Copyright (C) 2016 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.cts.deviceadmin; import android.app.admin.DevicePolicyManager; import android.test.MoreAsserts; /** * Tests that: * - need to be run as device admin (as opposed to device owner) and * - require resetting the password at the end. * * Note: when adding a new method, make sure to add a corresponding method in * BaseDeviceAdminHostSideTest. */ public class DeviceAdminPasswordTest extends BaseDeviceAdminTest { @Override protected void setUp() throws Exception { super.setUp(); assertNotDeviceOwner(); } private void checkSetPassword_nycRestrictions_success() { assertTrue(dpm.resetPassword("1234", /* flags= */ 0)); } private void checkSetPassword_nycRestrictions_failure() { try { assertFalse(dpm.resetPassword("1234", /* flags= */ 0)); if (shouldResetPasswordThrow()) { fail("Didn't throw"); } } catch (SecurityException e) { if (!shouldResetPasswordThrow()) { fail("Shouldn't throw"); } MoreAsserts.assertContainsRegex("Admin cannot change current password", e.getMessage()); } } private void checkClearPassword_nycRestrictions_failure() { try { assertFalse(dpm.resetPassword("", /* flags= */ 0)); if (shouldResetPasswordThrow()) { fail("Didn't throw"); } } catch (SecurityException e) { if (!shouldResetPasswordThrow()) { fail("Shouldn't throw"); } MoreAsserts.assertContainsRegex("Cannot call with null password", e.getMessage()); } } private void assertHasPassword() { final int currentQuality = dpm.getPasswordQuality(mAdminComponent); dpm.setPasswordQuality(mAdminComponent, DevicePolicyManager.PASSWORD_QUALITY_SOMETHING); try { assertTrue("No password set", dpm.isActivePasswordSufficient()); } finally { dpm.setPasswordQuality(mAdminComponent, currentQuality); } } private void assertNoPassword() { final int currentQuality = dpm.getPasswordQuality(mAdminComponent); dpm.setPasswordQuality(mAdminComponent, DevicePolicyManager.PASSWORD_QUALITY_SOMETHING); try { assertFalse("Password is set", dpm.isActivePasswordSufficient()); } finally { dpm.setPasswordQuality(mAdminComponent, currentQuality); } } /** * Tests for the new restrictions on {@link DevicePolicyManager#resetPassword} introduced * on NYC. */ public void testResetPassword_nycRestrictions() throws Exception { assertNoPassword(); // Can't clear the password, even if there's no password set currently. checkClearPassword_nycRestrictions_failure(); assertNoPassword(); // No password -> setting one is okay. checkSetPassword_nycRestrictions_success(); assertHasPassword(); // But once set, DA can't change the password. checkSetPassword_nycRestrictions_failure(); assertHasPassword(); // Still can't clear the password. checkClearPassword_nycRestrictions_failure(); assertHasPassword(); } }