Adding support for minimum number of non letter characters.
Change-Id: If54cb7209d65eef826d474d7e0dbbef63d2f2b47
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index ef63175..3066f5c 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -215,9 +215,13 @@
/**
* Constant for {@link #setPasswordQuality}: the user must have entered a
- * password containing numeric <em>and</em> alphabetic characters,
- * <em>and</em> special symbols. Note that quality constants are ordered so
- * that higher values are more restrictive.
+ * password containing at least a letter, a numerical digit and a special
+ * symbol, by default. With this password quality, passwords can be
+ * restricted to contain various sets of characters, like at least an
+ * uppercase letter, etc. These are specified using various methods,
+ * like {@link #setPasswordMinimumLowerCase(ComponentName, int)}. Note
+ * that quality constants are ordered so that higher values are more
+ * restrictive.
*/
public static final int PASSWORD_QUALITY_COMPLEX = 0x60000;
@@ -329,7 +333,8 @@
* not take place immediately. To prompt the user for a new password, use
* {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
* constraint is only imposed if the administrator has also requested
- * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}.
+ * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The
+ * default value is 0.
* <p>
* The calling device admin must have requested
* {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
@@ -353,7 +358,10 @@
/**
* Retrieve the current number of upper case letters required in the
- * password for all admins or a particular one.
+ * password for all admins or a particular one. This is the same value as
+ * set by {#link {@link #setPasswordMinimumUpperCase(ComponentName, int)}
+ * and only applies when the password quality is
+ * {@link #PASSWORD_QUALITY_COMPLEX}.
*
* @param admin The name of the admin component to check, or null to
* aggregate all admins.
@@ -380,7 +388,8 @@
* not take place immediately. To prompt the user for a new password, use
* {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
* constraint is only imposed if the administrator has also requested
- * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}.
+ * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The
+ * default value is 0.
* <p>
* The calling device admin must have requested
* {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
@@ -404,7 +413,10 @@
/**
* Retrieve the current number of lower case letters required in the
- * password for all admins or a particular one.
+ * password for all admins or a particular one. This is the same value as
+ * set by {#link {@link #setPasswordMinimumLowerCase(ComponentName, int)}
+ * and only applies when the password quality is
+ * {@link #PASSWORD_QUALITY_COMPLEX}.
*
* @param admin The name of the admin component to check, or null to
* aggregate all admins.
@@ -431,7 +443,8 @@
* place immediately. To prompt the user for a new password, use
* {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
* constraint is only imposed if the administrator has also requested
- * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}.
+ * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The
+ * default value is 1.
* <p>
* The calling device admin must have requested
* {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
@@ -454,7 +467,10 @@
/**
* Retrieve the current number of letters required in the password for all
- * admins or a particular one.
+ * admins or a particular one. This is the same value as
+ * set by {#link {@link #setPasswordMinimumLetters(ComponentName, int)}
+ * and only applies when the password quality is
+ * {@link #PASSWORD_QUALITY_COMPLEX}.
*
* @param admin The name of the admin component to check, or null to
* aggregate all admins.
@@ -480,7 +496,8 @@
* not take place immediately. To prompt the user for a new password, use
* {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
* constraint is only imposed if the administrator has also requested
- * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}.
+ * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The
+ * default value is 1.
* <p>
* The calling device admin must have requested
* {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
@@ -503,7 +520,10 @@
/**
* Retrieve the current number of numerical digits required in the password
- * for all admins or a particular one.
+ * for all admins or a particular one. This is the same value as
+ * set by {#link {@link #setPasswordMinimumNumeric(ComponentName, int)}
+ * and only applies when the password quality is
+ * {@link #PASSWORD_QUALITY_COMPLEX}.
*
* @param admin The name of the admin component to check, or null to
* aggregate all admins.
@@ -529,7 +549,8 @@
* place immediately. To prompt the user for a new password, use
* {@link #ACTION_SET_NEW_PASSWORD} after setting this value. This
* constraint is only imposed if the administrator has also requested
- * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}.
+ * {@link #PASSWORD_QUALITY_COMPLEX} with {@link #setPasswordQuality}. The
+ * default value is 1.
* <p>
* The calling device admin must have requested
* {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
@@ -552,7 +573,10 @@
/**
* Retrieve the current number of symbols required in the password for all
- * admins or a particular one.
+ * admins or a particular one. This is the same value as
+ * set by {#link {@link #setPasswordMinimumSymbols(ComponentName, int)}
+ * and only applies when the password quality is
+ * {@link #PASSWORD_QUALITY_COMPLEX}.
*
* @param admin The name of the admin component to check, or null to
* aggregate all admins.
@@ -569,6 +593,59 @@
return 0;
}
+ /**
+ * Called by an application that is administering the device to set the
+ * minimum number of non-letter characters (numerical digits or symbols)
+ * required in the password. After setting this, the user will not be able
+ * to enter a new password that is not at least as restrictive as what has
+ * been set. Note that the current password will remain until the user has
+ * set a new one, so the change does not take place immediately. To prompt
+ * the user for a new password, use {@link #ACTION_SET_NEW_PASSWORD} after
+ * setting this value. This constraint is only imposed if the administrator
+ * has also requested {@link #PASSWORD_QUALITY_COMPLEX} with
+ * {@link #setPasswordQuality}. The default value is 0.
+ * <p>
+ * The calling device admin must have requested
+ * {@link DeviceAdminInfo#USES_POLICY_LIMIT_PASSWORD} to be able to call
+ * this method; if it has not, a security exception will be thrown.
+ *
+ * @param admin Which {@link DeviceAdminReceiver} this request is associated
+ * with.
+ * @param length The new desired minimum number of letters required in the
+ * password. A value of 0 means there is no restriction.
+ */
+ public void setPasswordMinimumNonLetter(ComponentName admin, int length) {
+ if (mService != null) {
+ try {
+ mService.setPasswordMinimumNonLetter(admin, length);
+ } catch (RemoteException e) {
+ Log.w(TAG, "Failed talking with device policy service", e);
+ }
+ }
+ }
+
+ /**
+ * Retrieve the current number of non-letter characters required in the
+ * password for all admins or a particular one. This is the same value as
+ * set by {#link {@link #setPasswordMinimumNonLetter(ComponentName, int)}
+ * and only applies when the password quality is
+ * {@link #PASSWORD_QUALITY_COMPLEX}.
+ *
+ * @param admin The name of the admin component to check, or null to
+ * aggregate all admins.
+ * @return The minimum number of letters required in the password.
+ */
+ public int getPasswordMinimumNonLetter(ComponentName admin) {
+ if (mService != null) {
+ try {
+ return mService.getPasswordMinimumNonLetter(admin);
+ } catch (RemoteException e) {
+ Log.w(TAG, "Failed talking with device policy service", e);
+ }
+ }
+ return 0;
+ }
+
/**
* Called by an application that is administering the device to set the length
* of the password history. After setting this, the user will not be able to
@@ -894,11 +971,11 @@
* @hide
*/
public void setActivePasswordState(int quality, int length, int letters, int uppercase,
- int lowercase, int numbers, int symbols) {
+ int lowercase, int numbers, int symbols, int nonletter) {
if (mService != null) {
try {
mService.setActivePasswordState(quality, length, letters, uppercase, lowercase,
- numbers, symbols);
+ numbers, symbols, nonletter);
} catch (RemoteException e) {
Log.w(TAG, "Failed talking with device policy service", e);
}
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index fa31a37..3ada95c 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -45,6 +45,9 @@
void setPasswordMinimumSymbols(in ComponentName who, int length);
int getPasswordMinimumSymbols(in ComponentName who);
+
+ void setPasswordMinimumNonLetter(in ComponentName who, int length);
+ int getPasswordMinimumNonLetter(in ComponentName who);
void setPasswordHistoryLength(in ComponentName who, int length);
int getPasswordHistoryLength(in ComponentName who);
@@ -71,7 +74,8 @@
void getRemoveWarning(in ComponentName policyReceiver, in RemoteCallback result);
void removeActiveAdmin(in ComponentName policyReceiver);
- void setActivePasswordState(int quality, int length, int letters, int uppercase, int lowercase, int numbers, int symbols);
+ void setActivePasswordState(int quality, int length, int letters, int uppercase, int lowercase,
+ int numbers, int symbols, int nonletter);
void reportFailedPasswordAttempt();
void reportSuccessfulPasswordAttempt();
}
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 9983c02..0b62a67 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -164,6 +164,9 @@
return getDevicePolicyManager().getPasswordMinimumSymbols(null);
}
+ public int getRequestedPasswordMinimumNonLetter() {
+ return getDevicePolicyManager().getPasswordMinimumNonLetter(null);
+ }
/**
* Returns the actual password mode, as set by keyguard after updating the password.
*
@@ -369,10 +372,10 @@
setBoolean(PATTERN_EVER_CHOSEN_KEY, true);
setLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_SOMETHING);
dpm.setActivePasswordState(DevicePolicyManager.PASSWORD_QUALITY_SOMETHING, pattern
- .size(), 0, 0, 0, 0, 0);
+ .size(), 0, 0, 0, 0, 0, 0);
} else {
dpm.setActivePasswordState(DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, 0, 0,
- 0, 0, 0, 0);
+ 0, 0, 0, 0, 0);
}
} catch (FileNotFoundException fnfe) {
// Cant do much, unless we want to fail over to using the settings
@@ -441,6 +444,7 @@
int lowercase = 0;
int numbers = 0;
int symbols = 0;
+ int nonletter = 0;
for (int i = 0; i < password.length(); i++) {
char c = password.charAt(i);
if (c >= 'A' && c <= 'Z') {
@@ -451,16 +455,18 @@
lowercase++;
} else if (c >= '0' && c <= '9') {
numbers++;
+ nonletter++;
} else {
symbols++;
+ nonletter++;
}
}
dpm.setActivePasswordState(Math.max(quality, computedQuality), password
- .length(), letters, uppercase, lowercase, numbers, symbols);
+ .length(), letters, uppercase, lowercase, numbers, symbols, nonletter);
} else {
// The password is not anything.
dpm.setActivePasswordState(
- DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, 0, 0, 0, 0, 0, 0);
+ DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, 0, 0, 0, 0, 0, 0, 0);
}
// Add the password to the password history. We assume all
// password
@@ -483,7 +489,7 @@
setString(PASSWORD_HISTORY_KEY, passwordHistory);
} else {
dpm.setActivePasswordState(
- DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, 0, 0, 0, 0, 0, 0);
+ DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, 0, 0, 0, 0, 0, 0, 0);
}
} catch (FileNotFoundException fnfe) {
// Cant do much, unless we want to fail over to using the settings provider