Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8e30a29e authored by Eran Messeri's avatar Eran Messeri Committed by Android (Google) Code Review
Browse files

Merge "Enforce complexity for adb set-password etc"

parents 69534c6a 6ff8f45a

services/core/java/com/android/server/locksettings/LockSettingsShellCommand.java

+4 −4
Original line number Diff line number Diff line
@@ -16,8 +16,6 @@ 


package com.android.server.locksettings;



import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_NONE;



import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE;

import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PATTERN;
@@ -271,15 +269,17 @@ class LockSettingsShellCommand extends ShellCommand { 
    private boolean isNewCredentialSufficient(LockscreenCredential credential) {

        final PasswordMetrics requiredMetrics =

                mLockPatternUtils.getRequestedPasswordMetrics(mCurrentUserId);

        final int requiredComplexity =

                mLockPatternUtils.getRequestedPasswordComplexity(mCurrentUserId);

        final List<PasswordValidationError> errors;

        if (credential.isPassword() || credential.isPin()) {

            errors = PasswordMetrics.validatePassword(requiredMetrics, PASSWORD_COMPLEXITY_NONE,

            errors = PasswordMetrics.validatePassword(requiredMetrics, requiredComplexity,

                    credential.isPin(), credential.getCredential());

        } else {

            PasswordMetrics metrics = new PasswordMetrics(

                    credential.isPattern() ? CREDENTIAL_TYPE_PATTERN : CREDENTIAL_TYPE_NONE);

            errors = PasswordMetrics.validatePasswordMetrics(

                    requiredMetrics, PASSWORD_COMPLEXITY_NONE, false /* isPin */, metrics);

                    requiredMetrics, requiredComplexity, false /* isPin */, metrics);

        }

        if (!errors.isEmpty()) {

            getOutPrintWriter().println(

services/tests/servicestests/src/com/android/server/locksettings/LockSettingsShellCommandTest.java

+91 −0
Original line number Diff line number Diff line
@@ -16,6 +16,9 @@ 


package com.android.server.locksettings;



import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_HIGH;

import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_LOW;

import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_MEDIUM;

import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC;

import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_COMPLEX;

import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_NUMERIC;
@@ -277,6 +280,94 @@ public class LockSettingsShellCommandTest { 
        verify(mLockPatternUtils, never()).setLockCredential(any(), any(), anyInt());

    }



    @Test

    public void testSetPin_nonCompliantWithComplexity() throws Exception {

        when(mLockPatternUtils.isSecure(mUserId)).thenReturn(true);

        when(mLockPatternUtils.isLockPatternEnabled(mUserId)).thenReturn(false);

        when(mLockPatternUtils.isLockPasswordEnabled(mUserId)).thenReturn(true);

        when(mLockPatternUtils.getKeyguardStoredPasswordQuality(mUserId)).thenReturn(

                PASSWORD_QUALITY_NUMERIC);

        when(mLockPatternUtils.checkCredential(

                LockscreenCredential.createPin("1234"), mUserId, null)).thenReturn(true);

        when(mLockPatternUtils.getRequestedPasswordMetrics(mUserId))

                .thenReturn(metricsForAdminQuality(PASSWORD_QUALITY_UNSPECIFIED));

        when(mLockPatternUtils.getRequestedPasswordComplexity(mUserId))

                .thenReturn(PASSWORD_COMPLEXITY_MEDIUM);



        assertEquals(-1, mCommand.exec(new Binder(), in, out, err,

                new String[] { "set-pin", "--old", "1234", "4321" },

                mShellCallback, mResultReceiver));



        verify(mLockPatternUtils, never()).setLockCredential(any(), any(), anyInt());

    }



    @Test

    public void testSetPin_compliantWithComplexity() throws Exception {

        when(mLockPatternUtils.isSecure(mUserId)).thenReturn(true);

        when(mLockPatternUtils.isLockPatternEnabled(mUserId)).thenReturn(false);

        when(mLockPatternUtils.isLockPasswordEnabled(mUserId)).thenReturn(true);

        when(mLockPatternUtils.getKeyguardStoredPasswordQuality(mUserId)).thenReturn(

                PASSWORD_QUALITY_NUMERIC);

        when(mLockPatternUtils.checkCredential(

                LockscreenCredential.createPin("1234"), mUserId, null)).thenReturn(true);

        when(mLockPatternUtils.getRequestedPasswordMetrics(mUserId))

                .thenReturn(metricsForAdminQuality(PASSWORD_QUALITY_UNSPECIFIED));

        when(mLockPatternUtils.getRequestedPasswordComplexity(mUserId))

                .thenReturn(PASSWORD_COMPLEXITY_MEDIUM);



        assertEquals(0, mCommand.exec(new Binder(), in, out, err,

                new String[] { "set-pin", "--old", "1234", "4231" },

                mShellCallback, mResultReceiver));



        verify(mLockPatternUtils).setLockCredential(

                LockscreenCredential.createPin("4231"),

                LockscreenCredential.createPin("1234"),

                mUserId);

    }



    @Test

    public void testSetPattern_nonCompliantWithComplexity() throws Exception {

        when(mLockPatternUtils.isSecure(mUserId)).thenReturn(true);

        when(mLockPatternUtils.isLockPatternEnabled(mUserId)).thenReturn(true);

        when(mLockPatternUtils.isLockPasswordEnabled(mUserId)).thenReturn(false);

        when(mLockPatternUtils.checkCredential(

                LockscreenCredential.createPattern(stringToPattern("1234")),

                mUserId, null)).thenReturn(true);

        when(mLockPatternUtils.getRequestedPasswordMetrics(mUserId))

                .thenReturn(metricsForAdminQuality(PASSWORD_QUALITY_UNSPECIFIED));

        when(mLockPatternUtils.getRequestedPasswordComplexity(mUserId))

                .thenReturn(PASSWORD_COMPLEXITY_HIGH);



        assertEquals(-1, mCommand.exec(new Binder(), in, out, err,

                new String[] { "set-pattern", "--old", "1234", "4321" },

                mShellCallback, mResultReceiver));



        verify(mLockPatternUtils, never()).setLockCredential(any(), any(), anyInt());

    }



    @Test

    public void testSetPattern_compliantWithComplexity() throws Exception {

        when(mLockPatternUtils.isSecure(mUserId)).thenReturn(true);

        when(mLockPatternUtils.isLockPatternEnabled(mUserId)).thenReturn(true);

        when(mLockPatternUtils.isLockPasswordEnabled(mUserId)).thenReturn(false);

        when(mLockPatternUtils.checkCredential(

                LockscreenCredential.createPattern(stringToPattern("1234")),

                mUserId, null)).thenReturn(true);

        when(mLockPatternUtils.getRequestedPasswordMetrics(mUserId))

                .thenReturn(metricsForAdminQuality(PASSWORD_QUALITY_UNSPECIFIED));

        when(mLockPatternUtils.getRequestedPasswordComplexity(mUserId))

                .thenReturn(PASSWORD_COMPLEXITY_LOW);



        assertEquals(0, mCommand.exec(new Binder(), in, out, err,

                new String[] { "set-pattern", "--old", "1234", "4321" },

                mShellCallback, mResultReceiver));



        verify(mLockPatternUtils).setLockCredential(

                LockscreenCredential.createPattern(stringToPattern("4321")),

                LockscreenCredential.createPattern(stringToPattern("1234")),

                mUserId);

    }



    private List<LockPatternView.Cell> stringToPattern(String str) {

        return LockPatternUtils.byteArrayToPattern(str.getBytes());

    }