1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package com.android.cts.deviceadmin; 17 18 import android.app.admin.DevicePolicyManager; 19 import android.test.MoreAsserts; 20 21 /** 22 * Tests that: 23 * - need to be run as device admin (as opposed to device owner) and 24 * - require resetting the password at the end. 25 * 26 * Note: when adding a new method, make sure to add a corresponding method in 27 * BaseDeviceAdminHostSideTest. 28 */ 29 public class DeviceAdminPasswordTest extends BaseDeviceAdminTest { 30 31 @Override setUp()32 protected void setUp() throws Exception { 33 super.setUp(); 34 35 assertNotDeviceOwner(); 36 } 37 checkSetPassword_nycRestrictions_success()38 private void checkSetPassword_nycRestrictions_success() { 39 assertTrue(dpm.resetPassword("1234", /* flags= */ 0)); 40 } 41 checkSetPassword_nycRestrictions_failure()42 private void checkSetPassword_nycRestrictions_failure() { 43 try { 44 assertFalse(dpm.resetPassword("1234", /* flags= */ 0)); 45 if (shouldResetPasswordThrow()) { 46 fail("Didn't throw"); 47 } 48 } catch (SecurityException e) { 49 if (!shouldResetPasswordThrow()) { 50 fail("Shouldn't throw"); 51 } 52 MoreAsserts.assertContainsRegex("Admin cannot change current password", e.getMessage()); 53 } 54 } 55 checkClearPassword_nycRestrictions_failure()56 private void checkClearPassword_nycRestrictions_failure() { 57 try { 58 assertFalse(dpm.resetPassword("", /* flags= */ 0)); 59 if (shouldResetPasswordThrow()) { 60 fail("Didn't throw"); 61 } 62 } catch (SecurityException e) { 63 if (!shouldResetPasswordThrow()) { 64 fail("Shouldn't throw"); 65 } 66 MoreAsserts.assertContainsRegex("Cannot call with null password", e.getMessage()); 67 } 68 } 69 assertHasPassword()70 private void assertHasPassword() { 71 final int currentQuality = dpm.getPasswordQuality(mAdminComponent); 72 dpm.setPasswordQuality(mAdminComponent, DevicePolicyManager.PASSWORD_QUALITY_SOMETHING); 73 try { 74 assertTrue("No password set", dpm.isActivePasswordSufficient()); 75 } finally { 76 dpm.setPasswordQuality(mAdminComponent, currentQuality); 77 } 78 } 79 assertNoPassword()80 private void assertNoPassword() { 81 final int currentQuality = dpm.getPasswordQuality(mAdminComponent); 82 dpm.setPasswordQuality(mAdminComponent, DevicePolicyManager.PASSWORD_QUALITY_SOMETHING); 83 try { 84 assertFalse("Password is set", dpm.isActivePasswordSufficient()); 85 } finally { 86 dpm.setPasswordQuality(mAdminComponent, currentQuality); 87 } 88 } 89 90 /** 91 * Tests for the new restrictions on {@link DevicePolicyManager#resetPassword} introduced 92 * on NYC. 93 */ testResetPassword_nycRestrictions()94 public void testResetPassword_nycRestrictions() throws Exception { 95 96 assertNoPassword(); 97 98 // Can't clear the password, even if there's no password set currently. 99 checkClearPassword_nycRestrictions_failure(); 100 101 assertNoPassword(); 102 103 // No password -> setting one is okay. 104 checkSetPassword_nycRestrictions_success(); 105 106 assertHasPassword(); 107 108 // But once set, DA can't change the password. 109 checkSetPassword_nycRestrictions_failure(); 110 111 assertHasPassword(); 112 113 // Still can't clear the password. 114 checkClearPassword_nycRestrictions_failure(); 115 116 assertHasPassword(); 117 } 118 } 119