DPMS: password blacklist
Allows admins to blacklist passwords so they cannot be enrolled by the
user or the admin.
Test: bit FrameworksServicesTests:com.android.server.devicepolicy.PasswordBlacklistTest
Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest
Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testPasswordBlacklist
Test: cts-tradefed run cts -m CtsAdminTestCases -t android.admin.cts.DevicePolicyManagerTest
Bug: 63578054
Change-Id: I8949ac929c760b66dc719cb058a9f88dc9cad727
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index ca918c6..4779474 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -3765,6 +3765,36 @@
assertTrue(dpm.clearResetPasswordToken(admin1));
}
+ public void testSetPasswordBlacklistCannotBeCalledByNonAdmin() throws Exception {
+ assertExpectException(SecurityException.class, /* messageRegex= */ null,
+ () -> dpm.setPasswordBlacklist(admin1, null, null));
+ verifyZeroInteractions(getServices().passwordBlacklist);
+ }
+
+ public void testClearingPasswordBlacklistDoesNotCreateNewBlacklist() throws Exception {
+ setupProfileOwner();
+ dpm.setPasswordBlacklist(admin1, null, null);
+ verifyZeroInteractions(getServices().passwordBlacklist);
+ }
+
+ public void testSetPasswordBlacklistCreatesNewBlacklist() throws Exception {
+ final String name = "myblacklist";
+ final List<String> explicit = Arrays.asList("password", "letmein");
+ setupProfileOwner();
+ dpm.setPasswordBlacklist(admin1, name, explicit);
+ verify(getServices().passwordBlacklist).savePasswordBlacklist(name, explicit);
+ }
+
+ public void testSetPasswordBlacklistOnlyConvertsExplicitToLowerCase() throws Exception {
+ final List<String> mixedCase = Arrays.asList("password", "LETMEIN", "FooTBAll");
+ final List<String> lowerCase = Arrays.asList("password", "letmein", "football");
+ mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
+ setupDeviceOwner();
+ final String name = "Name of the Blacklist";
+ dpm.setPasswordBlacklist(admin1, name, mixedCase);
+ verify(getServices().passwordBlacklist).savePasswordBlacklist(name, lowerCase);
+ }
+
public void testIsActivePasswordSufficient() throws Exception {
mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
mContext.packageName = admin1.getPackageName();