Merge "DPM: Fix isActivePasswordSufficient for non-FBE devices" into pi-dev

        @NonNull PasswordMetrics mActivePasswordMetrics = new PasswordMetrics();

        int mFailedPasswordAttempts = 0;

        boolean mPasswordStateHasBeenSetSinceBoot = false;

        boolean mPasswordValidAtLastCheckpoint = false;

        boolean mPasswordValidAtLastCheckpoint = true;

        int mUserHandle;

        int mPasswordOwner = -1;

            final PasswordMetrics metrics = ap.minimumPasswordMetrics;

            if (metrics.quality != quality) {

                metrics.quality = quality;

                updatePasswordValidityCheckpointLocked(userId);

                saveSettingsLocked(userId);

                updatePasswordValidityCheckpointLocked(userId, parent);

            }

            maybeLogPasswordComplexitySet(who, userId, parent, metrics);

        }

    }

    /**

     * Updates flag in memory that tells us whether the user's password currently satisfies the

     * requirements set by all of the user's active admins.  This should be called before

     * {@link #saveSettingsLocked} whenever the password or the admin policies have changed.

     * Updates a flag that tells us whether the user's password currently satisfies the

     * requirements set by all of the user's active admins. The flag is updated both in memory

     * and persisted to disk by calling {@link #saveSettingsLocked}, for the value of the flag

     * be the correct one upon boot.

     * This should be called whenever the password or the admin policies have changed.

     */

    @GuardedBy("DevicePolicyManagerService.this")

    private void updatePasswordValidityCheckpointLocked(int userHandle) {

        DevicePolicyData policy = getUserData(userHandle);

        policy.mPasswordValidAtLastCheckpoint = isActivePasswordSufficientForUserLocked(

                policy, policy.mUserHandle, false);

    private void updatePasswordValidityCheckpointLocked(int userHandle, boolean parent) {

        final int credentialOwner = getCredentialOwner(userHandle, parent);

        DevicePolicyData policy = getUserData(credentialOwner);

        policy.mPasswordValidAtLastCheckpoint =

                isPasswordSufficientForUserWithoutCheckpointLocked(

                        policy.mActivePasswordMetrics, userHandle, parent);

        saveSettingsLocked(credentialOwner);

    }

    @Override

            final PasswordMetrics metrics = ap.minimumPasswordMetrics;

            if (metrics.length != length) {

                metrics.length = length;

                updatePasswordValidityCheckpointLocked(userId);

                saveSettingsLocked(userId);

                updatePasswordValidityCheckpointLocked(userId, parent);

            }

            maybeLogPasswordComplexitySet(who, userId, parent, metrics);

        }

                    who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);

            if (ap.passwordHistoryLength != length) {

                ap.passwordHistoryLength = length;

                updatePasswordValidityCheckpointLocked(userId);

                saveSettingsLocked(userId);

                updatePasswordValidityCheckpointLocked(userId, parent);

            }

        }

        if (SecurityLog.isLoggingEnabled()) {

            final PasswordMetrics metrics = ap.minimumPasswordMetrics;

            if (metrics.upperCase != length) {

                metrics.upperCase = length;

                updatePasswordValidityCheckpointLocked(userId);

                saveSettingsLocked(userId);

                updatePasswordValidityCheckpointLocked(userId, parent);

            }

            maybeLogPasswordComplexitySet(who, userId, parent, metrics);

        }

            final PasswordMetrics metrics = ap.minimumPasswordMetrics;

            if (metrics.lowerCase != length) {

                metrics.lowerCase = length;

                updatePasswordValidityCheckpointLocked(userId);

                saveSettingsLocked(userId);

                updatePasswordValidityCheckpointLocked(userId, parent);

            }

            maybeLogPasswordComplexitySet(who, userId, parent, metrics);

        }

            final PasswordMetrics metrics = ap.minimumPasswordMetrics;

            if (metrics.letters != length) {

                metrics.letters = length;

                updatePasswordValidityCheckpointLocked(userId);

                saveSettingsLocked(userId);

                updatePasswordValidityCheckpointLocked(userId, parent);

            }

            maybeLogPasswordComplexitySet(who, userId, parent, metrics);

        }

            final PasswordMetrics metrics = ap.minimumPasswordMetrics;

            if (metrics.numeric != length) {

                metrics.numeric = length;

                updatePasswordValidityCheckpointLocked(userId);

                saveSettingsLocked(userId);

                updatePasswordValidityCheckpointLocked(userId, parent);

            }

            maybeLogPasswordComplexitySet(who, userId, parent, metrics);

        }

            final PasswordMetrics metrics = ap.minimumPasswordMetrics;

            if (metrics.symbols != length) {

                ap.minimumPasswordMetrics.symbols = length;

                updatePasswordValidityCheckpointLocked(userId);

                saveSettingsLocked(userId);

                updatePasswordValidityCheckpointLocked(userId, parent);

            }

            maybeLogPasswordComplexitySet(who, userId, parent, metrics);

        }

            final PasswordMetrics metrics = ap.minimumPasswordMetrics;

            if (metrics.nonLetter != length) {

                ap.minimumPasswordMetrics.nonLetter = length;

                updatePasswordValidityCheckpointLocked(userId);

                saveSettingsLocked(userId);

                updatePasswordValidityCheckpointLocked(userId, parent);

            }

            maybeLogPasswordComplexitySet(who, userId, parent, metrics);

        }

    private boolean isActivePasswordSufficientForUserLocked(

            DevicePolicyData policy, int userHandle, boolean parent) {

        final int requiredPasswordQuality = getPasswordQuality(null, userHandle, parent);

        if (requiredPasswordQuality == PASSWORD_QUALITY_UNSPECIFIED) {

            // A special case is when there is no required password quality, then we just return

            // true since any password would be sufficient. This is for the scenario when a work

            // profile is first created so there is no information about the current password but

            // it should be considered sufficient as there is no password requirement either.

            // This is useful since it short-circuits the password checkpoint for FDE device below.

            return true;

        }

        if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()

                && !policy.mPasswordStateHasBeenSetSinceBoot) {

            // Before user enters their password for the first time after a reboot, return the

            return policy.mPasswordValidAtLastCheckpoint;

        }

        if (policy.mActivePasswordMetrics.quality < requiredPasswordQuality) {

        return isPasswordSufficientForUserWithoutCheckpointLocked(

                policy.mActivePasswordMetrics, userHandle, parent);

    }

    /**

     * Returns {@code true} if the password represented by the {@code passwordMetrics} argument

     * sufficiently fulfills the password requirements for the user corresponding to

     * {@code userHandle} (or its parent, if {@code parent} is set to {@code true}).

     */

    private boolean isPasswordSufficientForUserWithoutCheckpointLocked(

            PasswordMetrics passwordMetrics, int userHandle, boolean parent) {

        final int requiredPasswordQuality = getPasswordQuality(null, userHandle, parent);

        if (passwordMetrics.quality < requiredPasswordQuality) {

            return false;

        }

        if (requiredPasswordQuality >= DevicePolicyManager.PASSWORD_QUALITY_NUMERIC

                && policy.mActivePasswordMetrics.length < getPasswordMinimumLength(

                && passwordMetrics.length < getPasswordMinimumLength(

                        null, userHandle, parent)) {

            return false;

        }

        if (requiredPasswordQuality != DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) {

            return true;

        }

        return policy.mActivePasswordMetrics.upperCase >= getPasswordMinimumUpperCase(

        return passwordMetrics.upperCase >= getPasswordMinimumUpperCase(

                    null, userHandle, parent)

                && policy.mActivePasswordMetrics.lowerCase >= getPasswordMinimumLowerCase(

                && passwordMetrics.lowerCase >= getPasswordMinimumLowerCase(

                        null, userHandle, parent)

                && policy.mActivePasswordMetrics.letters >= getPasswordMinimumLetters(

                && passwordMetrics.letters >= getPasswordMinimumLetters(

                        null, userHandle, parent)

                && policy.mActivePasswordMetrics.numeric >= getPasswordMinimumNumeric(

                && passwordMetrics.numeric >= getPasswordMinimumNumeric(

                        null, userHandle, parent)

                && policy.mActivePasswordMetrics.symbols >= getPasswordMinimumSymbols(

                && passwordMetrics.symbols >= getPasswordMinimumSymbols(

                        null, userHandle, parent)

                && policy.mActivePasswordMetrics.nonLetter >= getPasswordMinimumNonLetter(

                && passwordMetrics.nonLetter >= getPasswordMinimumNonLetter(

                        null, userHandle, parent);

    }

        try {

            synchronized (this) {

                policy.mFailedPasswordAttempts = 0;

                updatePasswordValidityCheckpointLocked(userId);

                saveSettingsLocked(userId);

                updatePasswordValidityCheckpointLocked(userId, /* parent */ false);

                updatePasswordExpirationsLocked(userId);

                setExpirationAlarmCheckLocked(mContext, userId, /* parent */ false);