1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package com.android.cts.deviceadmin; 17 18 import android.app.admin.DevicePolicyManager; 19 import android.test.MoreAsserts; 20 21 /** 22 * Tests that: 23 * - need to be run as device admin (as opposed to device owner) and 24 * - require resetting the password at the end. 25 * 26 * Note: when adding a new method, make sure to add a corresponding method in 27 * BaseDeviceAdminHostSideTest. 28 */ 29 public class DeviceAdminPasswordTest extends BaseDeviceAdminTest { 30 31 @Override setUp()32 protected void setUp() throws Exception { 33 super.setUp(); 34 35 assertNotDeviceOwner(); 36 } 37 checkSetPassword_nycRestrictions_success()38 private void checkSetPassword_nycRestrictions_success() { 39 assertTrue(dpm.resetPassword("1234", /* flags= */ 0)); 40 } 41 checkSetPassword_nycRestrictions_failure()42 private void checkSetPassword_nycRestrictions_failure() { 43 try { 44 assertFalse(dpm.resetPassword("1234", /* flags= */ 0)); 45 if (shouldResetPasswordThrow()) { 46 fail("Didn't throw"); 47 } 48 } catch (SecurityException e) { 49 if (!shouldResetPasswordThrow()) { 50 fail("Shouldn't throw"); 51 } 52 MoreAsserts.assertContainsRegex("Cannot change current password", e.getMessage()); 53 } 54 } 55 checkClearPassword_nycRestrictions_failure()56 private void checkClearPassword_nycRestrictions_failure() { 57 try { 58 assertFalse(dpm.resetPassword("", /* flags= */ 0)); 59 if (shouldResetPasswordThrow()) { 60 fail("Didn't throw"); 61 } 62 } catch (SecurityException e) { 63 if (!shouldResetPasswordThrow()) { 64 fail("Shouldn't throw"); 65 } 66 MoreAsserts.assertContainsRegex("Cannot call with null password", e.getMessage()); 67 } 68 } 69 waitUntilPasswordState(boolean expected)70 private boolean waitUntilPasswordState(boolean expected) throws InterruptedException { 71 final int currentQuality = dpm.getPasswordQuality(mAdminComponent); 72 dpm.setPasswordQuality(mAdminComponent, DevicePolicyManager.PASSWORD_QUALITY_SOMETHING); 73 74 int numTries = 5; 75 boolean result = dpm.isActivePasswordSufficient(); 76 while ((numTries > 0) && (result != expected)) { 77 numTries = numTries - 1; 78 Thread.sleep(100); 79 result = dpm.isActivePasswordSufficient(); 80 } 81 82 dpm.setPasswordQuality(mAdminComponent, currentQuality); 83 return expected == result; 84 } 85 assertHasPassword()86 private void assertHasPassword() throws InterruptedException { 87 assertTrue("No password set", waitUntilPasswordState(true)); 88 } 89 assertNoPassword()90 private void assertNoPassword() throws InterruptedException { 91 assertTrue("Password is set", waitUntilPasswordState(false)); 92 } 93 94 /** 95 * Tests for the new restrictions on {@link DevicePolicyManager#resetPassword} introduced 96 * on NYC. 97 */ testResetPassword_nycRestrictions()98 public void testResetPassword_nycRestrictions() throws Exception { 99 100 assertNoPassword(); 101 102 // Can't clear the password, even if there's no password set currently. 103 checkClearPassword_nycRestrictions_failure(); 104 105 assertNoPassword(); 106 107 // No password -> setting one is okay. 108 checkSetPassword_nycRestrictions_success(); 109 110 assertHasPassword(); 111 112 // But once set, DA can't change the password. 113 checkSetPassword_nycRestrictions_failure(); 114 115 assertHasPassword(); 116 117 // Still can't clear the password. 118 checkClearPassword_nycRestrictions_failure(); 119 120 assertHasPassword(); 121 } 122 } 123