1 /* 2 * Copyright (C) 2021 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.devicepolicy.cts; 18 19 import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_MEDIUM; 20 import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_NONE; 21 import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC; 22 import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC; 23 import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; 24 import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_NUMERIC; 25 import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_SOMETHING; 26 import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; 27 import static android.content.pm.PackageManager.FEATURE_AUTOMOTIVE; 28 import static android.content.pm.PackageManager.FEATURE_SECURE_LOCK_SCREEN; 29 30 import static com.android.bedstead.metricsrecorder.truth.MetricQueryBuilderSubject.assertThat; 31 import static com.android.bedstead.nene.users.UserType.MANAGED_PROFILE_TYPE_NAME; 32 33 import static com.google.common.truth.Truth.assertThat; 34 import static com.google.common.truth.Truth.assertWithMessage; 35 36 import static org.junit.Assume.assumeTrue; 37 import static org.testng.Assert.assertThrows; 38 39 import android.app.KeyguardManager; 40 import android.app.admin.RemoteDevicePolicyManager; 41 import android.content.Context; 42 import android.stats.devicepolicy.EventId; 43 44 import com.android.bedstead.harrier.BedsteadJUnit4; 45 import com.android.bedstead.harrier.DeviceState; 46 import com.android.bedstead.harrier.annotations.Postsubmit; 47 import com.android.bedstead.harrier.annotations.RequireDoesNotHaveFeature; 48 import com.android.bedstead.harrier.annotations.RequireFeature; 49 import com.android.bedstead.enterprise.annotations.CanSetPolicyTest; 50 import com.android.bedstead.enterprise.annotations.CannotSetPolicyTest; 51 import com.android.bedstead.enterprise.annotations.PolicyAppliesTest; 52 import com.android.bedstead.harrier.policies.PasswordQuality; 53 import com.android.bedstead.harrier.policies.ResetPasswordWithToken; 54 import com.android.bedstead.metricsrecorder.EnterpriseMetricsRecorder; 55 import com.android.bedstead.nene.TestApis; 56 57 import org.junit.ClassRule; 58 import org.junit.Rule; 59 import org.junit.runner.RunWith; 60 61 // TODO(b/191640667): Parameterize the length limit tests with multiple limits 62 @RunWith(BedsteadJUnit4.class) 63 @RequireFeature(FEATURE_SECURE_LOCK_SCREEN) 64 public final class ResetPasswordWithTokenTest { 65 66 private static final String NOT_COMPLEX_PIN = "1234"; 67 private static final String VALID_PIN = NOT_COMPLEX_PIN; 68 private static final String NUMERIC_PIN_LENGTH_3 = "123"; 69 private static final String NUMERIC_PIN_REPEATING_LENGTH_4 = "4444"; 70 private static final String NUMERIC_PIN_RANDOM_LENGTH_4 = "3829"; 71 private static final String NUMERIC_PIN_LENGTH_4 = NOT_COMPLEX_PIN; 72 private static final String NUMERIC_PIN_LENGTH_6 = "264828"; 73 private static final String ALPHABETIC_PASSWORD_LENGTH_4 = "abcd"; 74 private static final String ALPHABETIC_PASSWORD_ALL_UPPERCASE_LENGTH_4 = "ABCD"; 75 private static final String ALPHANUMERIC_PASSWORD_LENGTH_4 = "12ab"; 76 private static final String ALPHANUMERIC_PASSWORD_WITH_UPPERCASE_LENGTH_4 = "abC1"; 77 private static final String ALPHANUMERIC_PASSWORD_LENGTH_8 = "1a2b3c4e"; 78 private static final String COMPLEX_PASSWORD_WITH_SYMBOL_LENGTH_4 = "12a_"; 79 private static final String COMPLEX_PASSWORD_WITH_SYMBOL_LENGTH_7 = "abc123."; 80 81 private static final byte[] TOKEN = "abcdefghijklmnopqrstuvwxyz0123456789".getBytes(); 82 private static final byte[] BAD_TOKEN = "abcdefghijklmnopqrstuvwxyz012345678*".getBytes(); 83 84 private static final String RESET_PASSWORD_TOKEN_DISABLED = 85 "Cannot reset password token as it is disabled for the primary user"; 86 87 private static final Context sContext = TestApis.context().instrumentedContext(); 88 private final KeyguardManager sLocalKeyguardManager = 89 sContext.getSystemService(KeyguardManager.class); 90 91 @ClassRule 92 @Rule 93 public static final DeviceState sDeviceState = new DeviceState(); 94 95 @Postsubmit(reason = "new test") 96 @PolicyAppliesTest(policy = ResetPasswordWithToken.class) setResetPasswordToken_validToken_passwordTokenSet()97 public void setResetPasswordToken_validToken_passwordTokenSet() { 98 try { 99 boolean possible = canSetResetPasswordToken(TOKEN); 100 101 assertThat(sDeviceState.dpc().devicePolicyManager().isResetPasswordTokenActive( 102 sDeviceState.dpc().componentName()) || !possible).isTrue(); 103 } finally { 104 // Remove password token 105 sDeviceState.dpc().devicePolicyManager().clearResetPasswordToken(sDeviceState.dpc().componentName()); 106 } 107 } 108 109 @Postsubmit(reason = "new test") 110 @CanSetPolicyTest(policy = ResetPasswordWithToken.class) resetPasswordWithToken_validPasswordAndToken_success()111 public void resetPasswordWithToken_validPasswordAndToken_success() { 112 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 113 try { 114 assertThat(sDeviceState.dpc().devicePolicyManager().resetPasswordWithToken( 115 sDeviceState.dpc().componentName(), VALID_PIN, TOKEN, /* flags = */ 0)).isTrue(); 116 } finally { 117 removePasswordAndToken(TOKEN); 118 } 119 } 120 121 @Postsubmit(reason = "new test") 122 @CanSetPolicyTest(policy = ResetPasswordWithToken.class) resetPasswordWithToken_badToken_failure()123 public void resetPasswordWithToken_badToken_failure() { 124 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 125 assertThat(sDeviceState.dpc().devicePolicyManager().resetPasswordWithToken( 126 sDeviceState.dpc().componentName(), VALID_PIN, BAD_TOKEN, /* flags = */ 0)).isFalse(); 127 } 128 129 @Postsubmit(reason = "new test") 130 @PolicyAppliesTest(policy = ResetPasswordWithToken.class) resetPasswordWithToken_noPassword_deviceIsNotSecure()131 public void resetPasswordWithToken_noPassword_deviceIsNotSecure() { 132 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 133 sDeviceState.dpc().devicePolicyManager().resetPasswordWithToken( 134 sDeviceState.dpc().componentName(), /* password = */ null, TOKEN, /* flags = */ 0); 135 136 // Device is not secure when no password is set 137 assertThat(sLocalKeyguardManager.isDeviceSecure()).isFalse(); 138 } 139 140 @Postsubmit(reason = "new test") 141 @PolicyAppliesTest(policy = ResetPasswordWithToken.class) resetPasswordWithToken_password_deviceIsSecure()142 public void resetPasswordWithToken_password_deviceIsSecure() { 143 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 144 try { 145 sDeviceState.dpc().devicePolicyManager().resetPasswordWithToken( 146 sDeviceState.dpc().componentName(), VALID_PIN, TOKEN, /* flags = */ 0); 147 148 // Device is secure when a password is set 149 assertThat(sLocalKeyguardManager.isDeviceSecure()).isTrue(); 150 } finally { 151 removePasswordAndToken(TOKEN); 152 } 153 } 154 155 @Postsubmit(reason = "new test") 156 @PolicyAppliesTest(policy = PasswordQuality.class) 157 // setPasswordQuality is unsupported on automotive 158 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) resetPasswordWithToken_passwordDoesNotSatisfyRestriction_failure()159 public void resetPasswordWithToken_passwordDoesNotSatisfyRestriction_failure() { 160 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 161 try { 162 // Add complex password restriction 163 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 164 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 165 setComplexPasswordRestrictions(/* minLength */ 6, 166 /* minSymbols */ 0, 167 /* minNonLetter */ 0, 168 /* minNumeric */ 0, 169 /* minLetters */ 0, 170 /* minLowerCase */ 0, 171 /* minUpperCase */ 0); 172 173 // Password cannot be set as it does not satisfy the password restriction 174 assertThat(sDeviceState.dpc().devicePolicyManager().resetPasswordWithToken( 175 sDeviceState.dpc().componentName(), NOT_COMPLEX_PIN, TOKEN, /* flags = */ 0)).isFalse(); 176 } finally { 177 removeAllPasswordRestrictions(); 178 removePasswordAndToken(TOKEN); 179 } 180 } 181 182 @Postsubmit(reason = "new test") 183 @PolicyAppliesTest(policy = PasswordQuality.class) 184 // setPasswordQuality is unsupported on automotive 185 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) resetPasswordWithToken_passwordSatisfiesRestriction_success()186 public void resetPasswordWithToken_passwordSatisfiesRestriction_success() { 187 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 188 try { 189 // Add complex password restriction 190 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 191 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 192 setComplexPasswordRestrictions(/* minLength */ 6, 193 /* minSymbols */ 0, 194 /* minNonLetter */ 0, 195 /* minNumeric */ 0, 196 /* minLetters */ 0, 197 /* minLowerCase */ 0, 198 /* minUpperCase */ 0); 199 200 // Password can be set as it satisfies the password restriction 201 assertThat(sDeviceState.dpc().devicePolicyManager().resetPasswordWithToken( 202 sDeviceState.dpc().componentName(), COMPLEX_PASSWORD_WITH_SYMBOL_LENGTH_7, TOKEN, 203 /* flags = */ 0)).isTrue(); 204 } finally { 205 removeAllPasswordRestrictions(); 206 removePasswordAndToken(TOKEN); 207 } 208 } 209 210 @Postsubmit(reason = "new test") 211 @CanSetPolicyTest(policy = ResetPasswordWithToken.class) resetPasswordWithToken_validPasswordAndToken_logged()212 public void resetPasswordWithToken_validPasswordAndToken_logged() { 213 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 214 try (EnterpriseMetricsRecorder metrics = EnterpriseMetricsRecorder.create()) { 215 sDeviceState.dpc().devicePolicyManager().resetPasswordWithToken( 216 sDeviceState.dpc().componentName(), VALID_PIN, TOKEN, /* flags = */ 0); 217 218 assertThat(metrics.query() 219 .whereType().isEqualTo(EventId.RESET_PASSWORD_WITH_TOKEN_VALUE) 220 .whereAdminPackageName().isEqualTo( 221 sDeviceState.dpc().packageName())).wasLogged(); 222 } finally { 223 removePasswordAndToken(TOKEN); 224 } 225 } 226 227 @Postsubmit(reason = "new test") 228 @PolicyAppliesTest(policy = PasswordQuality.class) 229 // setPasswordQuality is unsupported on automotive 230 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) isActivePasswordSufficient_passwordDoesNotSatisfyRestriction_false()231 public void isActivePasswordSufficient_passwordDoesNotSatisfyRestriction_false() { 232 try { 233 TestApis.users().instrumented().setPin(NOT_COMPLEX_PIN); 234 235 // Add complex password restriction 236 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 237 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 238 setComplexPasswordRestrictions(/* minLength */ 6, 239 /* minSymbols */ 0, 240 /* minNonLetter */ 0, 241 /* minNumeric */ 0, 242 /* minLetters */ 0, 243 /* minLowerCase */ 0, 244 /* minUpperCase */ 0); 245 246 // Password is insufficient because it does not satisfy the password restriction 247 assertThat(sDeviceState.dpc().devicePolicyManager() 248 .isActivePasswordSufficient()).isFalse(); 249 } finally { 250 removeAllPasswordRestrictions(); 251 TestApis.users().instrumented().clearPin(); 252 } 253 } 254 255 @Postsubmit(reason = "new test") 256 @PolicyAppliesTest(policy = PasswordQuality.class) 257 // setPasswordQuality is unsupported on automotive 258 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) isActivePasswordSufficient_passwordSatisfiesRestriction_true()259 public void isActivePasswordSufficient_passwordSatisfiesRestriction_true() { 260 try { 261 TestApis.users().instrumented().setPassword(COMPLEX_PASSWORD_WITH_SYMBOL_LENGTH_7); 262 // Add complex password restriction 263 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 264 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 265 setComplexPasswordRestrictions(/* minLength */ 6, 266 /* minSymbols */ 0, 267 /* minNonLetter */ 0, 268 /* minNumeric */ 0, 269 /* minLetters */ 0, 270 /* minLowerCase */ 0, 271 /* minUpperCase */ 0); 272 273 // Password is sufficient because it satisfies the password restriction 274 assertThat(sDeviceState.dpc().devicePolicyManager() 275 .isActivePasswordSufficient()).isTrue(); 276 } finally { 277 removeAllPasswordRestrictions(); 278 TestApis.users().instrumented().clearPassword(); 279 } 280 } 281 // TODO(281954641): Remove RESET_PASSWORD_TOKEN stuff where it's not needed (probably move 282 // these tests to a new class) 283 284 @Postsubmit(reason = "new test") 285 @PolicyAppliesTest(policy = PasswordQuality.class) 286 // setPasswordQuality is unsupported on automotive 287 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) isActivePasswordSufficient_passwordNoLongerSatisfiesRestriction_false()288 public void isActivePasswordSufficient_passwordNoLongerSatisfiesRestriction_false() { 289 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 290 try { 291 sDeviceState.dpc().devicePolicyManager().setPasswordQuality(sDeviceState.dpc().componentName(), 292 PASSWORD_QUALITY_COMPLEX); 293 setComplexPasswordRestrictions(/* minLength */ 0, 294 /* minSymbols */ 1, 295 /* minNonLetter */ 0, 296 /* minNumeric */ 0, 297 /* minLetters */ 0, 298 /* minLowerCase */ 0, 299 /* minUpperCase */ 0); 300 sDeviceState.dpc().devicePolicyManager().resetPasswordWithToken(sDeviceState.dpc().componentName(), 301 COMPLEX_PASSWORD_WITH_SYMBOL_LENGTH_7, TOKEN, /* flags = */ 0); 302 // Set a slightly stronger password restriction 303 sDeviceState.dpc().devicePolicyManager().setPasswordMinimumSymbols( 304 sDeviceState.dpc().componentName(), 2); 305 306 // Password is no longer sufficient because it does not satisfy the new restriction 307 assertThat(sDeviceState.dpc().devicePolicyManager() 308 .isActivePasswordSufficient()).isFalse(); 309 } finally { 310 removeAllPasswordRestrictions(); 311 removePasswordAndToken(TOKEN); 312 } 313 } 314 315 @Postsubmit(reason = "new test") 316 @CanSetPolicyTest(policy = PasswordQuality.class) 317 // setPasswordQuality is unsupported on automotive 318 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) setPasswordQuality_success()319 public void setPasswordQuality_success() { 320 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 321 try { 322 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 323 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_SOMETHING); 324 325 assertThat(sDeviceState.dpc().devicePolicyManager().getPasswordQuality( 326 sDeviceState.dpc().componentName())).isEqualTo(PASSWORD_QUALITY_SOMETHING); 327 } finally { 328 removeAllPasswordRestrictions(); 329 } 330 } 331 332 @Postsubmit(reason = "new test") 333 @PolicyAppliesTest(policy = PasswordQuality.class) 334 // setPasswordQuality is unsupported on automotive 335 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) setPasswordQuality_something_passwordWithAMinLengthOfFourRequired()336 public void setPasswordQuality_something_passwordWithAMinLengthOfFourRequired() { 337 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 338 try { 339 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 340 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_SOMETHING); 341 342 assertPasswordSucceeds(NUMERIC_PIN_LENGTH_4); 343 assertPasswordSucceeds(ALPHABETIC_PASSWORD_LENGTH_4); 344 assertPasswordSucceeds(ALPHANUMERIC_PASSWORD_LENGTH_4); 345 assertPasswordFails(NUMERIC_PIN_LENGTH_3); // Password too short 346 assertPasswordFails(/* password = */ null); 347 } finally { 348 removeAllPasswordRestrictions(); 349 removePasswordAndToken(TOKEN); 350 } 351 } 352 353 @Postsubmit(reason = "new test") 354 @PolicyAppliesTest(policy = PasswordQuality.class) 355 // setPasswordQuality is unsupported on automotive 356 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) setPasswordQuality_numeric_passwordWithAtLeastOneNumberOrLetterRequired()357 public void setPasswordQuality_numeric_passwordWithAtLeastOneNumberOrLetterRequired() { 358 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 359 try { 360 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 361 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_NUMERIC); 362 363 assertPasswordSucceeds(NUMERIC_PIN_LENGTH_4); 364 assertPasswordSucceeds(ALPHANUMERIC_PASSWORD_LENGTH_4); 365 assertPasswordSucceeds(ALPHABETIC_PASSWORD_LENGTH_4); 366 assertPasswordFails(NUMERIC_PIN_LENGTH_3); // Password too short 367 } finally { 368 removeAllPasswordRestrictions(); 369 removePasswordAndToken(TOKEN); 370 } 371 } 372 373 @Postsubmit(reason = "new test") 374 @PolicyAppliesTest(policy = PasswordQuality.class) 375 // setPasswordQuality is unsupported on automotive 376 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) setPasswordQuality_alphabetic_passwordWithAtLeastOneLetterRequired()377 public void setPasswordQuality_alphabetic_passwordWithAtLeastOneLetterRequired() { 378 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 379 try { 380 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 381 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_ALPHABETIC); 382 383 assertPasswordSucceeds(ALPHABETIC_PASSWORD_LENGTH_4); 384 assertPasswordSucceeds(ALPHANUMERIC_PASSWORD_LENGTH_4); 385 assertPasswordFails(NUMERIC_PIN_LENGTH_4); 386 } finally { 387 removeAllPasswordRestrictions(); 388 removePasswordAndToken(TOKEN); 389 } 390 } 391 392 @Postsubmit(reason = "new test") 393 @PolicyAppliesTest(policy = PasswordQuality.class) 394 // setPasswordQuality is unsupported on automotive 395 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) setPasswordQuality_alphanumeric_passwordWithBothALetterAndANumberRequired()396 public void setPasswordQuality_alphanumeric_passwordWithBothALetterAndANumberRequired() { 397 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 398 try { 399 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 400 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_ALPHANUMERIC); 401 402 assertPasswordSucceeds(ALPHANUMERIC_PASSWORD_LENGTH_4); 403 assertPasswordFails(NUMERIC_PIN_LENGTH_4); 404 assertPasswordFails(ALPHABETIC_PASSWORD_LENGTH_4); 405 } finally { 406 removeAllPasswordRestrictions(); 407 removePasswordAndToken(TOKEN); 408 } 409 } 410 411 @Postsubmit(reason = "new test") 412 @PolicyAppliesTest(policy = PasswordQuality.class) 413 // setPasswordQuality is unsupported on automotive 414 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) setPasswordQuality_complex_passwordWithAMinLengthOfFourRequired()415 public void setPasswordQuality_complex_passwordWithAMinLengthOfFourRequired() { 416 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 417 try { 418 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 419 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 420 setComplexPasswordRestrictions(/* minLength */ 0, 421 /* minSymbols */ 0, 422 /* minNonLetter */ 0, 423 /* minNumeric */ 0, 424 /* minLetters */ 0, 425 /* minLowerCase */ 0, 426 /* minUpperCase */ 0); 427 428 assertPasswordSucceeds(ALPHANUMERIC_PASSWORD_LENGTH_4); 429 assertPasswordSucceeds(ALPHABETIC_PASSWORD_LENGTH_4); 430 assertPasswordFails(NUMERIC_PIN_LENGTH_3); // Password too short 431 } finally { 432 removeAllPasswordRestrictions(); 433 removePasswordAndToken(TOKEN); 434 } 435 } 436 437 @Postsubmit(reason = "new test") 438 @CanSetPolicyTest(policy = PasswordQuality.class) 439 // setPasswordMinimumLength is unsupported on automotive 440 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) setPasswordMinimumLength_success()441 public void setPasswordMinimumLength_success() { 442 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 443 try { 444 // The restriction is only imposed if PASSWORD_QUALITY_NUMERIC is set 445 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 446 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_NUMERIC); 447 sDeviceState.dpc().devicePolicyManager() 448 .setPasswordMinimumLength(sDeviceState.dpc().componentName(), 4); 449 450 assertThat(sDeviceState.dpc().devicePolicyManager() 451 .getPasswordMinimumLength(sDeviceState.dpc().componentName())).isEqualTo(4); 452 } finally { 453 removeAllPasswordRestrictions(); 454 removePasswordAndToken(TOKEN); 455 } 456 } 457 458 @Postsubmit(reason = "new test") 459 @PolicyAppliesTest(policy = PasswordQuality.class) 460 // setPasswordQuality is unsupported on automotive 461 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) setPasswordMinimumLength_six_passwordWithAMinLengthOfSixRequired()462 public void setPasswordMinimumLength_six_passwordWithAMinLengthOfSixRequired() { 463 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 464 try { 465 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 466 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 467 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 468 setComplexPasswordRestrictions(/* minLength */ 6, 469 /* minSymbols */ 0, 470 /* minNonLetter */ 0, 471 /* minNumeric */ 0, 472 /* minLetters */ 0, 473 /* minLowerCase */ 0, 474 /* minUpperCase */ 0); 475 476 assertPasswordSucceeds(COMPLEX_PASSWORD_WITH_SYMBOL_LENGTH_7); 477 assertPasswordFails(COMPLEX_PASSWORD_WITH_SYMBOL_LENGTH_4); 478 } finally { 479 removeAllPasswordRestrictions(); 480 removePasswordAndToken(TOKEN); 481 } 482 } 483 484 @Postsubmit(reason = "new test") 485 // setPasswordMinimumUpperCase is unsupported on automotive 486 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) 487 @CanSetPolicyTest(policy = PasswordQuality.class) setPasswordMinimumUpperCase_success()488 public void setPasswordMinimumUpperCase_success() { 489 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 490 try { 491 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 492 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 493 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 494 sDeviceState.dpc().devicePolicyManager() 495 .setPasswordMinimumUpperCase(sDeviceState.dpc().componentName(), 1); 496 497 assertThat(sDeviceState.dpc().devicePolicyManager() 498 .getPasswordMinimumUpperCase(sDeviceState.dpc().componentName())).isEqualTo(1); 499 } finally { 500 removeAllPasswordRestrictions(); 501 removePasswordAndToken(TOKEN); 502 } 503 } 504 505 @Postsubmit(reason = "new test") 506 @PolicyAppliesTest(policy = PasswordQuality.class) 507 // setPasswordQuality is unsupported on automotive 508 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) setPasswordMinimumUpperCase_one_passwordWithAtLeastOneUpperCaseLetterRequired()509 public void setPasswordMinimumUpperCase_one_passwordWithAtLeastOneUpperCaseLetterRequired() { 510 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 511 try { 512 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 513 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 514 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 515 setComplexPasswordRestrictions(/* minLength */ 0, 516 /* minSymbols */ 0, 517 /* minNonLetter */ 0, 518 /* minNumeric */ 0, 519 /* minLetters */ 0, 520 /* minLowerCase */ 0, 521 /* minUpperCase */ 1); 522 523 assertPasswordSucceeds(ALPHANUMERIC_PASSWORD_WITH_UPPERCASE_LENGTH_4); 524 assertPasswordFails(ALPHANUMERIC_PASSWORD_LENGTH_4); 525 } finally { 526 removeAllPasswordRestrictions(); 527 removePasswordAndToken(TOKEN); 528 } 529 } 530 531 @Postsubmit(reason = "new test") 532 // setPasswordMinimumLowerCase is unsupported on automotive 533 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) 534 @CanSetPolicyTest(policy = PasswordQuality.class) setPasswordMinimumLowerCase_success()535 public void setPasswordMinimumLowerCase_success() { 536 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 537 try { 538 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 539 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 540 sDeviceState.dpc().devicePolicyManager() 541 .setPasswordMinimumLowerCase(sDeviceState.dpc().componentName(), 1); 542 543 assertThat(sDeviceState.dpc().devicePolicyManager() 544 .getPasswordMinimumLowerCase(sDeviceState.dpc().componentName())).isEqualTo(1); 545 } finally { 546 removeAllPasswordRestrictions(); 547 removePasswordAndToken(TOKEN); 548 } 549 } 550 551 @Postsubmit(reason = "new test") 552 @PolicyAppliesTest(policy = PasswordQuality.class) 553 // setPasswordQuality is unsupported on automotive 554 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) setPasswordMinimumLowerCase_one_passwordWithAtLeaseOneLowerCaseLetterRequired()555 public void setPasswordMinimumLowerCase_one_passwordWithAtLeaseOneLowerCaseLetterRequired() { 556 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 557 try { 558 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 559 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 560 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 561 setComplexPasswordRestrictions(/* minLength */ 0, 562 /* minSymbols */ 0, 563 /* minNonLetter */ 0, 564 /* minNumeric */ 0, 565 /* minLetters */ 0, 566 /* minLowerCase */ 1, 567 /* minUpperCase */ 0); 568 569 assertPasswordSucceeds(ALPHANUMERIC_PASSWORD_LENGTH_4); 570 assertPasswordFails(ALPHABETIC_PASSWORD_ALL_UPPERCASE_LENGTH_4); 571 } finally { 572 removeAllPasswordRestrictions(); 573 removePasswordAndToken(TOKEN); 574 } 575 } 576 577 @Postsubmit(reason = "new test") 578 @CanSetPolicyTest(policy = PasswordQuality.class) setPasswordMinimumLetters_success()579 public void setPasswordMinimumLetters_success() { 580 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 581 try { 582 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 583 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 584 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 585 sDeviceState.dpc().devicePolicyManager() 586 .setPasswordMinimumLetters(sDeviceState.dpc().componentName(), 1); 587 588 assertThat(sDeviceState.dpc().devicePolicyManager() 589 .getPasswordMinimumLetters(sDeviceState.dpc().componentName())).isEqualTo(1); 590 } finally { 591 removeAllPasswordRestrictions(); 592 removePasswordAndToken(TOKEN); 593 } 594 } 595 596 @Postsubmit(reason = "new test") 597 @PolicyAppliesTest(policy = PasswordQuality.class) 598 // setPasswordQuality is unsupported on automotive 599 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) setPasswordMinimumLetters_one_passwordWithAtLeastOneLetterRequired()600 public void setPasswordMinimumLetters_one_passwordWithAtLeastOneLetterRequired() { 601 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 602 try { 603 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 604 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 605 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 606 setComplexPasswordRestrictions(/* minLength */ 0, 607 /* minSymbols */ 0, 608 /* minNonLetter */ 0, 609 /* minNumeric */ 0, 610 /* minLetters */ 1, 611 /* minLowerCase */ 0, 612 /* minUpperCase */ 0); 613 614 assertPasswordSucceeds(ALPHANUMERIC_PASSWORD_LENGTH_4); 615 assertPasswordFails(NUMERIC_PIN_LENGTH_4); 616 } finally { 617 removeAllPasswordRestrictions(); 618 removePasswordAndToken(TOKEN); 619 } 620 } 621 622 @Postsubmit(reason = "new test") 623 @CanSetPolicyTest(policy = PasswordQuality.class) setPasswordMinimumNumeric_success()624 public void setPasswordMinimumNumeric_success() { 625 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 626 try { 627 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 628 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 629 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 630 sDeviceState.dpc().devicePolicyManager() 631 .setPasswordMinimumNumeric(sDeviceState.dpc().componentName(), 1); 632 633 assertThat(sDeviceState.dpc().devicePolicyManager() 634 .getPasswordMinimumNumeric(sDeviceState.dpc().componentName())).isEqualTo(1); 635 } finally { 636 removeAllPasswordRestrictions(); 637 removePasswordAndToken(TOKEN); 638 } 639 } 640 641 @Postsubmit(reason = "new test") 642 @PolicyAppliesTest(policy = PasswordQuality.class) 643 // setPasswordQuality is unsupported on automotive 644 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) setPasswordMinimumNumeric_one_passwordWithAtLeastOneNumberRequired()645 public void setPasswordMinimumNumeric_one_passwordWithAtLeastOneNumberRequired() { 646 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 647 try { 648 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 649 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 650 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 651 setComplexPasswordRestrictions(/* minLength */ 0, 652 /* minSymbols */ 0, 653 /* minNonLetter */ 0, 654 /* minNumeric */ 1, 655 /* minLetters */ 0, 656 /* minLowerCase */ 0, 657 /* minUpperCase */ 0); 658 659 assertPasswordSucceeds(ALPHANUMERIC_PASSWORD_LENGTH_4); 660 assertPasswordFails(ALPHABETIC_PASSWORD_LENGTH_4); 661 } finally { 662 removeAllPasswordRestrictions(); 663 removePasswordAndToken(TOKEN); 664 } 665 } 666 667 @Postsubmit(reason = "new test") 668 @CanSetPolicyTest(policy = PasswordQuality.class) setPasswordMinimumSymbols_success()669 public void setPasswordMinimumSymbols_success() { 670 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 671 try { 672 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 673 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 674 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 675 sDeviceState.dpc().devicePolicyManager() 676 .setPasswordMinimumSymbols(sDeviceState.dpc().componentName(), 1); 677 678 assertThat(sDeviceState.dpc().devicePolicyManager() 679 .getPasswordMinimumSymbols(sDeviceState.dpc().componentName())).isEqualTo(1); 680 } finally { 681 removeAllPasswordRestrictions(); 682 removePasswordAndToken(TOKEN); 683 } 684 } 685 686 @Postsubmit(reason = "new test") 687 @PolicyAppliesTest(policy = PasswordQuality.class) 688 // setPasswordQuality is unsupported on automotive 689 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) setPasswordMinimumSymbols_one_passwordWithAtLeastOneSymbolRequired()690 public void setPasswordMinimumSymbols_one_passwordWithAtLeastOneSymbolRequired() { 691 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 692 try { 693 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 694 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 695 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 696 setComplexPasswordRestrictions(/* minLength */ 0, 697 /* minSymbols */ 1, 698 /* minNonLetter */ 0, 699 /* minNumeric */ 0, 700 /* minLetters */ 0, 701 /* minLowerCase */ 0, 702 /* minUpperCase */ 0); 703 704 assertPasswordSucceeds(COMPLEX_PASSWORD_WITH_SYMBOL_LENGTH_4); 705 assertPasswordFails(ALPHANUMERIC_PASSWORD_LENGTH_4); 706 assertPasswordFails(ALPHABETIC_PASSWORD_LENGTH_4); 707 } finally { 708 removeAllPasswordRestrictions(); 709 removePasswordAndToken(TOKEN); 710 } 711 } 712 713 @Postsubmit(reason = "new test") 714 // setPasswordMinimumNonLetter is unsupported on automotive 715 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) 716 @CanSetPolicyTest(policy = PasswordQuality.class) setPasswordMinimumNonLetter_success()717 public void setPasswordMinimumNonLetter_success() { 718 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 719 try { 720 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 721 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 722 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 723 sDeviceState.dpc().devicePolicyManager() 724 .setPasswordMinimumNonLetter(sDeviceState.dpc().componentName(), 1); 725 726 assertThat(sDeviceState.dpc().devicePolicyManager() 727 .getPasswordMinimumNonLetter(sDeviceState.dpc().componentName())).isEqualTo(1); 728 } finally { 729 removeAllPasswordRestrictions(); 730 removePasswordAndToken(TOKEN); 731 } 732 } 733 734 @Postsubmit(reason = "new test") 735 @PolicyAppliesTest(policy = PasswordQuality.class) 736 // setPasswordQuality is unsupported on automotive 737 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) setPasswordMinimumNonLetter_one_passwordWithAtLeastOneNonLetterRequired()738 public void setPasswordMinimumNonLetter_one_passwordWithAtLeastOneNonLetterRequired() { 739 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 740 try { 741 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 742 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 743 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 744 setComplexPasswordRestrictions(/* minLength */ 0, 745 /* minSymbols */ 0, 746 /* minNonLetter */ 1, 747 /* minNumeric */ 0, 748 /* minLetters */ 0, 749 /* minLowerCase */ 0, 750 /* minUpperCase */ 0); 751 752 assertPasswordSucceeds(COMPLEX_PASSWORD_WITH_SYMBOL_LENGTH_4); 753 assertPasswordSucceeds(ALPHANUMERIC_PASSWORD_LENGTH_4); 754 assertPasswordFails(ALPHABETIC_PASSWORD_LENGTH_4); 755 } finally { 756 removeAllPasswordRestrictions(); 757 removePasswordAndToken(TOKEN); 758 } 759 } 760 761 @Postsubmit(reason = "new test") 762 @PolicyAppliesTest(policy = PasswordQuality.class) 763 // setPasswordQuality is unsupported on automotive 764 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) setRequiredPasswordComplexity_passwordQualityAlreadySet_clearsPasswordQuality()765 public void setRequiredPasswordComplexity_passwordQualityAlreadySet_clearsPasswordQuality() { 766 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 767 try { 768 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 769 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 770 sDeviceState.dpc().devicePolicyManager().setRequiredPasswordComplexity( 771 PASSWORD_COMPLEXITY_MEDIUM); 772 773 assertThat(sDeviceState.dpc().devicePolicyManager().getPasswordQuality( 774 sDeviceState.dpc().componentName())).isEqualTo(PASSWORD_QUALITY_UNSPECIFIED); 775 assertThat(sDeviceState.dpc().devicePolicyManager().getRequiredPasswordComplexity()) 776 .isEqualTo(PASSWORD_COMPLEXITY_MEDIUM); 777 } finally { 778 removeAllPasswordRestrictions(); 779 } 780 } 781 782 @Postsubmit(reason = "new test") 783 @PolicyAppliesTest(policy = PasswordQuality.class) 784 // setPasswordQuality is unsupported on automotive 785 @RequireDoesNotHaveFeature(FEATURE_AUTOMOTIVE) setPasswordQuality_passwordComplexityAlreadySet_clearsPasswordComplexity()786 public void setPasswordQuality_passwordComplexityAlreadySet_clearsPasswordComplexity() { 787 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 788 try { 789 sDeviceState.dpc().devicePolicyManager().setRequiredPasswordComplexity( 790 PASSWORD_COMPLEXITY_MEDIUM); 791 sDeviceState.dpc().devicePolicyManager().setPasswordQuality(sDeviceState.dpc().componentName(), 792 PASSWORD_QUALITY_COMPLEX); 793 794 assertThat(sDeviceState.dpc().devicePolicyManager().getPasswordQuality( 795 sDeviceState.dpc().componentName())).isEqualTo(PASSWORD_QUALITY_COMPLEX); 796 assertThat(sDeviceState.dpc().devicePolicyManager().getRequiredPasswordComplexity()) 797 .isEqualTo(PASSWORD_COMPLEXITY_NONE); 798 } finally { 799 removeAllPasswordRestrictions(); 800 } 801 } 802 803 @Postsubmit(reason = "new test") 804 @PolicyAppliesTest(policy = ResetPasswordWithToken.class) clearResetPasswordToken_passwordTokenIsResetAndUnableToSetNewPassword()805 public void clearResetPasswordToken_passwordTokenIsResetAndUnableToSetNewPassword() { 806 assumeTrue(RESET_PASSWORD_TOKEN_DISABLED, canSetResetPasswordToken(TOKEN)); 807 try { 808 sDeviceState.dpc().devicePolicyManager().clearResetPasswordToken(sDeviceState.dpc().componentName()); 809 810 assertThat(sDeviceState.dpc().devicePolicyManager().isResetPasswordTokenActive( 811 sDeviceState.dpc().componentName())).isFalse(); 812 assertThat(sDeviceState.dpc().devicePolicyManager().resetPasswordWithToken( 813 sDeviceState.dpc().componentName(), VALID_PIN, TOKEN, /* flags = */ 0)).isFalse(); 814 } finally { 815 removePasswordAndToken(TOKEN); 816 } 817 } 818 819 @RequireFeature(FEATURE_AUTOMOTIVE) 820 @PolicyAppliesTest(policy = PasswordQuality.class) 821 @Postsubmit(reason = "new test") passwordMinimumLength_featureUnsupported_ignored()822 public void passwordMinimumLength_featureUnsupported_ignored() { 823 int valueBefore = sDeviceState.dpc().devicePolicyManager().getPasswordMinimumLength( 824 sDeviceState.dpc().componentName()); 825 826 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 827 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 828 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_NUMERIC); 829 sDeviceState.dpc().devicePolicyManager().setPasswordMinimumLength(sDeviceState.dpc().componentName(), 42); 830 831 assertWithMessage("getPasswordMinimumLength()") 832 .that(sDeviceState.dpc().devicePolicyManager() 833 .getPasswordMinimumLength(sDeviceState.dpc().componentName())) 834 .isEqualTo(valueBefore); 835 } 836 837 @RequireFeature(FEATURE_AUTOMOTIVE) 838 @PolicyAppliesTest(policy = PasswordQuality.class) 839 @Postsubmit(reason = "new test") passwordMinimumNumeric_ignored()840 public void passwordMinimumNumeric_ignored() { 841 int valueBefore = sDeviceState.dpc().devicePolicyManager().getPasswordMinimumNumeric( 842 sDeviceState.dpc().componentName()); 843 844 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 845 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 846 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 847 sDeviceState.dpc().devicePolicyManager().setPasswordMinimumNumeric(sDeviceState.dpc().componentName(), 42); 848 849 assertWithMessage("getPasswordMinimumNumeric()") 850 .that(sDeviceState.dpc().devicePolicyManager().getPasswordMinimumNumeric( 851 sDeviceState.dpc().componentName())) 852 .isEqualTo(valueBefore); 853 } 854 855 @RequireFeature(FEATURE_AUTOMOTIVE) 856 @PolicyAppliesTest(policy = PasswordQuality.class) 857 @Postsubmit(reason = "new test") passwordMinimumLowerCase_ignored()858 public void passwordMinimumLowerCase_ignored() { 859 int valueBefore = sDeviceState.dpc().devicePolicyManager().getPasswordMinimumLowerCase( 860 sDeviceState.dpc().componentName()); 861 862 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 863 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 864 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 865 sDeviceState.dpc().devicePolicyManager().setPasswordMinimumLowerCase(sDeviceState.dpc().componentName(), 866 42); 867 868 assertWithMessage("getPasswordMinimumLowerCase()") 869 .that(sDeviceState.dpc().devicePolicyManager().getPasswordMinimumLowerCase( 870 sDeviceState.dpc().componentName())) 871 .isEqualTo(valueBefore); 872 } 873 874 @RequireFeature(FEATURE_AUTOMOTIVE) 875 @PolicyAppliesTest(policy = PasswordQuality.class) 876 @Postsubmit(reason = "new test") passwordMinimumUpperCase_ignored()877 public void passwordMinimumUpperCase_ignored() { 878 int valueBefore = sDeviceState.dpc().devicePolicyManager().getPasswordMinimumUpperCase( 879 sDeviceState.dpc().componentName()); 880 881 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 882 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 883 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 884 sDeviceState.dpc().devicePolicyManager().setPasswordMinimumUpperCase(sDeviceState.dpc().componentName(), 885 42); 886 887 assertWithMessage("getPasswordMinimumUpperCase()") 888 .that(sDeviceState.dpc().devicePolicyManager().getPasswordMinimumUpperCase( 889 sDeviceState.dpc().componentName())) 890 .isEqualTo(valueBefore); 891 } 892 893 @RequireFeature(FEATURE_AUTOMOTIVE) 894 @PolicyAppliesTest(policy = PasswordQuality.class) 895 @Postsubmit(reason = "new test") passwordMinimumLetters_ignored()896 public void passwordMinimumLetters_ignored() { 897 int valueBefore = sDeviceState.dpc().devicePolicyManager().getPasswordMinimumLetters( 898 sDeviceState.dpc().componentName()); 899 900 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 901 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 902 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 903 sDeviceState.dpc().devicePolicyManager().setPasswordMinimumLetters(sDeviceState.dpc().componentName(), 42); 904 905 assertWithMessage("getPasswordMinimumLetters()") 906 .that(sDeviceState.dpc().devicePolicyManager().getPasswordMinimumLetters( 907 sDeviceState.dpc().componentName())) 908 .isEqualTo(valueBefore); 909 } 910 911 @RequireFeature(FEATURE_AUTOMOTIVE) 912 @PolicyAppliesTest(policy = PasswordQuality.class) 913 @Postsubmit(reason = "new test") passwordMinimumSymbols_ignored()914 public void passwordMinimumSymbols_ignored() { 915 int valueBefore = sDeviceState.dpc().devicePolicyManager().getPasswordMinimumSymbols( 916 sDeviceState.dpc().componentName()); 917 918 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 919 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 920 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 921 sDeviceState.dpc().devicePolicyManager().setPasswordMinimumSymbols(sDeviceState.dpc().componentName(), 42); 922 923 assertWithMessage("getPasswordMinimumSymbols()") 924 .that(sDeviceState.dpc().devicePolicyManager().getPasswordMinimumSymbols( 925 sDeviceState.dpc().componentName())) 926 .isEqualTo(valueBefore); 927 } 928 929 @RequireFeature(FEATURE_AUTOMOTIVE) 930 @PolicyAppliesTest(policy = PasswordQuality.class) 931 @Postsubmit(reason = "new test") passwordMinimumNonLetter_ignored()932 public void passwordMinimumNonLetter_ignored() { 933 int valueBefore = sDeviceState.dpc().devicePolicyManager().getPasswordMinimumNonLetter( 934 sDeviceState.dpc().componentName()); 935 936 // The restriction is only imposed if PASSWORD_QUALITY_COMPLEX is set 937 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 938 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_COMPLEX); 939 sDeviceState.dpc().devicePolicyManager().setPasswordMinimumNonLetter(sDeviceState.dpc().componentName(), 940 42); 941 942 assertWithMessage("getPasswordMinimumNonLetter()") 943 .that(sDeviceState.dpc().devicePolicyManager().getPasswordMinimumNonLetter( 944 sDeviceState.dpc().componentName())) 945 .isEqualTo(valueBefore); 946 } 947 948 @CannotSetPolicyTest(policy = ResetPasswordWithToken.class, includeNonDeviceAdminStates = false) 949 @Postsubmit(reason = "new test") setResetPasswordToken_notPermitted_throwsSecurityException()950 public void setResetPasswordToken_notPermitted_throwsSecurityException() { 951 assertThrows(SecurityException.class, 952 () -> sDeviceState.dpc().devicePolicyManager().setResetPasswordToken( 953 sDeviceState.dpc().componentName(), TOKEN)); 954 } 955 956 @CannotSetPolicyTest(policy = ResetPasswordWithToken.class, includeNonDeviceAdminStates = false) 957 @Postsubmit(reason = "new test") resetPasswordWithToken_notPermitted_throwsSecurityException()958 public void resetPasswordWithToken_notPermitted_throwsSecurityException() { 959 assertThrows(SecurityException.class, 960 () -> sDeviceState.dpc().devicePolicyManager().resetPasswordWithToken( 961 sDeviceState.dpc().componentName(), NOT_COMPLEX_PIN, TOKEN, 0)); 962 } 963 964 @CannotSetPolicyTest(policy = ResetPasswordWithToken.class, includeNonDeviceAdminStates = false) 965 @Postsubmit(reason = "new test") clearResetPasswordToken_notPermitted_throwsSecurityException()966 public void clearResetPasswordToken_notPermitted_throwsSecurityException() { 967 assertThrows(SecurityException.class, 968 () -> sDeviceState.dpc().devicePolicyManager().clearResetPasswordToken( 969 sDeviceState.dpc().componentName())); 970 } 971 972 @CannotSetPolicyTest(policy = ResetPasswordWithToken.class, includeNonDeviceAdminStates = false) 973 @Postsubmit(reason = "new test") isResetPasswordTokenActive_notPermitted_throwsSecurityException()974 public void isResetPasswordTokenActive_notPermitted_throwsSecurityException() { 975 assertThrows(SecurityException.class, 976 () -> sDeviceState.dpc().devicePolicyManager().isResetPasswordTokenActive( 977 sDeviceState.dpc().componentName())); 978 } 979 assertPasswordSucceeds(String password)980 private void assertPasswordSucceeds(String password) { 981 assertThat(sDeviceState.dpc().devicePolicyManager().resetPasswordWithToken( 982 sDeviceState.dpc().componentName(), password, TOKEN, /* flags = */ 0)).isTrue(); 983 assertThat(sDeviceState.dpc().devicePolicyManager().isActivePasswordSufficient()).isTrue(); 984 } 985 assertPasswordFails(String password)986 private void assertPasswordFails(String password) { 987 assertThat(sDeviceState.dpc().devicePolicyManager().resetPasswordWithToken( 988 sDeviceState.dpc().componentName(), password, TOKEN, /* flags = */ 0)).isFalse(); 989 } 990 removeAllPasswordRestrictions()991 private void removeAllPasswordRestrictions() { 992 try { 993 sDeviceState.dpc().devicePolicyManager().setPasswordQuality( 994 sDeviceState.dpc().componentName(), PASSWORD_QUALITY_UNSPECIFIED); 995 } catch (SecurityException e) { 996 if ( 997 e.getMessage().contains( 998 "may not apply password quality requirements device-wide")) { 999 // Fine as this is expected for profile owners acting on parent 1000 } else { 1001 throw e; 1002 } 1003 } finally { 1004 sDeviceState.dpc().devicePolicyManager().setRequiredPasswordComplexity( 1005 PASSWORD_COMPLEXITY_NONE); 1006 } 1007 } 1008 setComplexPasswordRestrictions(int minLength, int minSymbols, int minNonLetter, int minNumeric, int minLetters, int minLowerCase, int minUpperCase)1009 private void setComplexPasswordRestrictions(int minLength, int minSymbols, int minNonLetter, 1010 int minNumeric, int minLetters, int minLowerCase, int minUpperCase) { 1011 RemoteDevicePolicyManager dpm = sDeviceState.dpc().devicePolicyManager(); 1012 dpm.setPasswordMinimumLength(sDeviceState.dpc().componentName(), minLength); 1013 dpm.setPasswordMinimumSymbols(sDeviceState.dpc().componentName(), minSymbols); 1014 dpm.setPasswordMinimumNonLetter(sDeviceState.dpc().componentName(), minNonLetter); 1015 dpm.setPasswordMinimumNumeric(sDeviceState.dpc().componentName(), minNumeric); 1016 dpm.setPasswordMinimumLetters(sDeviceState.dpc().componentName(), minLetters); 1017 dpm.setPasswordMinimumLowerCase(sDeviceState.dpc().componentName(), minLowerCase); 1018 dpm.setPasswordMinimumUpperCase(sDeviceState.dpc().componentName(), minUpperCase); 1019 } 1020 removePasswordAndToken(byte[] token)1021 private void removePasswordAndToken(byte[] token) { 1022 sDeviceState.dpc().devicePolicyManager().resetPasswordWithToken( 1023 sDeviceState.dpc().componentName(), /* password = */ null, token, /* flags = */ 0); 1024 sDeviceState.dpc().devicePolicyManager().clearResetPasswordToken(sDeviceState.dpc().componentName()); 1025 } 1026 1027 1028 // If ResetPasswordWithTokenTest for managed profile is executed before device owner and 1029 // primary user profile owner tests, password reset token would have been disabled for the 1030 // primary user, so executing ResetPasswordWithTokenTest on user 0 would fail. We allow this 1031 // and do not fail the test in this case. canSetResetPasswordToken(byte[] token)1032 private boolean canSetResetPasswordToken(byte[] token) { 1033 try { 1034 sDeviceState.dpc().devicePolicyManager().setResetPasswordToken( 1035 sDeviceState.dpc().componentName(), token); 1036 return true; 1037 } catch (SecurityException e) { 1038 if (allowFailure(e)) { 1039 return false; 1040 } else { 1041 throw e; 1042 } 1043 } 1044 } 1045 1046 // Password token is disabled for the primary user, allow failure. allowFailure(SecurityException e)1047 private static boolean allowFailure(SecurityException e) { 1048 return !sDeviceState.dpc().user().type().name().equals(MANAGED_PROFILE_TYPE_NAME) 1049 && e.getMessage().contains("Escrow token is disabled on the current user"); 1050 } 1051 } 1052