New API for getting the screen lock complexity
Return parent profile screen lock complexity if unified challenge is used
Bug: 111173457
Test: atest FrameworksCoreTests:PasswordMetricsTest
atest FrameworksServicesTests:DevicePolicyManagerTest
atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.PasswordComplexityTest
manual test with sample app
Change-Id: I99f8bd644c5119590f49add98f216c4a527d6f2d
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index 5dc6d83..2a1c3db 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -21,6 +21,9 @@
import static android.app.admin.DevicePolicyManager.ID_TYPE_IMEI;
import static android.app.admin.DevicePolicyManager.ID_TYPE_MEID;
import static android.app.admin.DevicePolicyManager.ID_TYPE_SERIAL;
+import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_HIGH;
+import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_MEDIUM;
+import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_NONE;
import static android.app.admin.DevicePolicyManager.WIPE_EUICC;
import static android.os.UserManagerInternal.CAMERA_DISABLED_GLOBALLY;
import static android.os.UserManagerInternal.CAMERA_DISABLED_LOCALLY;
@@ -48,6 +51,7 @@
import static org.mockito.Mockito.verifyZeroInteractions;
import static org.mockito.Mockito.when;
import static org.mockito.hamcrest.MockitoHamcrest.argThat;
+import static org.testng.Assert.assertThrows;
import android.Manifest.permission;
import android.annotation.RawRes;
@@ -5133,6 +5137,71 @@
});
}
+ public void testGetPasswordComplexity_securityExceptionIfParentInstance() {
+ assertThrows(SecurityException.class,
+ () -> new DevicePolicyManagerTestable(
+ mServiceContext,
+ dpms,
+ /* parentInstance= */ true)
+ .getPasswordComplexity());
+ }
+
+ public void testGetPasswordComplexity_illegalStateExceptionIfLocked() {
+ when(getServices().userManager.isUserUnlocked(DpmMockContext.CALLER_USER_HANDLE))
+ .thenReturn(false);
+ assertThrows(IllegalStateException.class, () -> dpm.getPasswordComplexity());
+ }
+
+ public void testGetPasswordComplexity_securityExceptionWithoutPermissions() {
+ when(getServices().userManager.isUserUnlocked(DpmMockContext.CALLER_USER_HANDLE))
+ .thenReturn(true);
+ assertThrows(SecurityException.class, () -> dpm.getPasswordComplexity());
+ }
+
+
+ public void testGetPasswordComplexity_currentUserNoPassword() {
+ when(getServices().userManager.isUserUnlocked(DpmMockContext.CALLER_USER_HANDLE))
+ .thenReturn(true);
+ mServiceContext.permissions.add(permission.GET_AND_REQUEST_SCREEN_LOCK_COMPLEXITY);
+ when(getServices().userManager.getCredentialOwnerProfile(DpmMockContext.CALLER_USER_HANDLE))
+ .thenReturn(DpmMockContext.CALLER_USER_HANDLE);
+
+ assertEquals(PASSWORD_COMPLEXITY_NONE, dpm.getPasswordComplexity());
+ }
+
+ public void testGetPasswordComplexity_currentUserHasPassword() {
+ when(getServices().userManager.isUserUnlocked(DpmMockContext.CALLER_USER_HANDLE))
+ .thenReturn(true);
+ mServiceContext.permissions.add(permission.GET_AND_REQUEST_SCREEN_LOCK_COMPLEXITY);
+ when(getServices().userManager.getCredentialOwnerProfile(DpmMockContext.CALLER_USER_HANDLE))
+ .thenReturn(DpmMockContext.CALLER_USER_HANDLE);
+ dpms.mUserPasswordMetrics.put(
+ DpmMockContext.CALLER_USER_HANDLE,
+ PasswordMetrics.computeForPassword("asdf"));
+
+ assertEquals(PASSWORD_COMPLEXITY_MEDIUM, dpm.getPasswordComplexity());
+ }
+
+ public void testGetPasswordComplexity_unifiedChallengeReturnsParentUserPassword() {
+ when(getServices().userManager.isUserUnlocked(DpmMockContext.CALLER_USER_HANDLE))
+ .thenReturn(true);
+ mServiceContext.permissions.add(permission.GET_AND_REQUEST_SCREEN_LOCK_COMPLEXITY);
+
+ UserInfo parentUser = new UserInfo();
+ parentUser.id = DpmMockContext.CALLER_USER_HANDLE + 10;
+ when(getServices().userManager.getCredentialOwnerProfile(DpmMockContext.CALLER_USER_HANDLE))
+ .thenReturn(parentUser.id);
+
+ dpms.mUserPasswordMetrics.put(
+ DpmMockContext.CALLER_USER_HANDLE,
+ PasswordMetrics.computeForPassword("asdf"));
+ dpms.mUserPasswordMetrics.put(
+ parentUser.id,
+ PasswordMetrics.computeForPassword("parentUser"));
+
+ assertEquals(PASSWORD_COMPLEXITY_HIGH, dpm.getPasswordComplexity());
+ }
+
private void configureProfileOwnerForDeviceIdAccess(ComponentName who, int userId) {
final long ident = mServiceContext.binder.clearCallingIdentity();
mServiceContext.binder.callingUid =
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTestable.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTestable.java
index 3da61d6..4982d6e 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTestable.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTestable.java
@@ -26,7 +26,12 @@
public DevicePolicyManagerTestable(DpmMockContext context,
DevicePolicyManagerServiceTestable dpms) {
- super(context, dpms, /* parentInstance = */ false);
+ this(context, dpms, /* parentInstance= */ false);
+ }
+
+ public DevicePolicyManagerTestable(DpmMockContext context,
+ DevicePolicyManagerServiceTestable dpms, boolean parentInstance) {
+ super(context, dpms, parentInstance);
this.dpms = dpms;
}