1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package com.android.cts.deviceadmin; 17 18 import android.app.admin.DevicePolicyManager; 19 import android.test.MoreAsserts; 20 21 /** 22 * Tests that: 23 * - need to be run as device admin (as opposed to device owner) and 24 * - require resetting the password at the end. 25 * 26 * Note: when adding a new method, make sure to add a corresponding method in 27 * BaseDeviceAdminHostSideTest. 28 */ 29 public class DeviceAdminPasswordTest extends BaseDeviceAdminTest { 30 31 @Override setUp()32 protected void setUp() throws Exception { 33 super.setUp(); 34 35 assertNotDeviceOwner(); 36 } 37 checkSetPassword_nycRestrictions_success()38 private void checkSetPassword_nycRestrictions_success() { 39 assertTrue(dpm.resetPassword("1234", /* flags= */ 0)); 40 } 41 checkSetPassword_nycRestrictions_failure()42 private void checkSetPassword_nycRestrictions_failure() { 43 try { 44 assertFalse(dpm.resetPassword("1234", /* flags= */ 0)); 45 if (shouldResetPasswordThrow()) { 46 fail("Didn't throw"); 47 } 48 } catch (SecurityException e) { 49 if (!shouldResetPasswordThrow()) { 50 fail("Shouldn't throw"); 51 } 52 MoreAsserts.assertContainsRegex("Admin cannot change current password", e.getMessage()); 53 } 54 } 55 checkClearPassword_nycRestrictions_failure()56 private void checkClearPassword_nycRestrictions_failure() { 57 try { 58 assertFalse(dpm.resetPassword("", /* flags= */ 0)); 59 if (shouldResetPasswordThrow()) { 60 fail("Didn't throw"); 61 } 62 } catch (SecurityException e) { 63 if (!shouldResetPasswordThrow()) { 64 fail("Shouldn't throw"); 65 } 66 MoreAsserts.assertContainsRegex("Cannot call with null password", e.getMessage()); 67 } 68 } 69 assertHasPassword()70 private void assertHasPassword() { 71 dpm.setPasswordMinimumLength(mAdminComponent, 1); 72 try { 73 assertTrue("No password set", dpm.isActivePasswordSufficient()); 74 } finally { 75 dpm.setPasswordMinimumLength(mAdminComponent, 0); 76 } 77 } 78 assertNoPassword()79 private void assertNoPassword() { 80 dpm.setPasswordMinimumLength(mAdminComponent, 1); 81 try { 82 assertFalse("Password is set", dpm.isActivePasswordSufficient()); 83 } finally { 84 dpm.setPasswordMinimumLength(mAdminComponent, 0); 85 } 86 } 87 88 /** 89 * Tests for the new restrictions on {@link DevicePolicyManager#resetPassword} introduced 90 * on NYC. 91 */ testResetPassword_nycRestrictions()92 public void testResetPassword_nycRestrictions() throws Exception { 93 94 assertNoPassword(); 95 96 // Can't clear the password, even if there's no password set currently. 97 checkClearPassword_nycRestrictions_failure(); 98 99 assertNoPassword(); 100 101 // No password -> setting one is okay. 102 checkSetPassword_nycRestrictions_success(); 103 104 assertHasPassword(); 105 106 // But once set, DA can't change the password. 107 checkSetPassword_nycRestrictions_failure(); 108 109 assertHasPassword(); 110 111 // Still can't clear the password. 112 checkClearPassword_nycRestrictions_failure(); 113 114 assertHasPassword(); 115 } 116 } 117