diff options
| -rw-r--r-- | src/com/android/email/SecurityPolicy.java | 13 | ||||
| -rw-r--r-- | tests/src/com/android/email/SecurityPolicyTests.java | 44 |
2 files changed, 53 insertions, 4 deletions
diff --git a/src/com/android/email/SecurityPolicy.java b/src/com/android/email/SecurityPolicy.java index 46156dd88..749d0ab20 100644 --- a/src/com/android/email/SecurityPolicy.java +++ b/src/com/android/email/SecurityPolicy.java @@ -51,7 +51,7 @@ public class SecurityPolicy { private boolean mNotificationActive; private boolean mAdminEnabled; - private static final PolicySet NO_POLICY_SET = + /* package */ static final PolicySet NO_POLICY_SET = new PolicySet(0, PolicySet.PASSWORD_MODE_NONE, 0, 0, false); /** @@ -626,11 +626,18 @@ public class SecurityPolicy { * Internal handler for enabled/disabled transitions. Handles DeviceAdmin.onEnabled and * and DeviceAdmin.onDisabled. */ - private void onAdminEnabled(boolean isEnabled) { + /* package */ void onAdminEnabled(boolean isEnabled) { if (isEnabled && !mAdminEnabled) { // TODO: transition to enabled state } else if (!isEnabled && mAdminEnabled) { - // TODO: transition to disabled state + // transition to disabled state + // Response: clear *all* security state information from the accounts, forcing + // them back to the initial configurations requiring policy administration + ContentValues cv = new ContentValues(); + cv.put(AccountColumns.SECURITY_FLAGS, 0); + cv.putNull(AccountColumns.SECURITY_SYNC_KEY); + mContext.getContentResolver().update(Account.CONTENT_URI, cv, null, null); + updatePolicies(-1); } mAdminEnabled = isEnabled; } diff --git a/tests/src/com/android/email/SecurityPolicyTests.java b/tests/src/com/android/email/SecurityPolicyTests.java index 670136551..d8de0a0f8 100644 --- a/tests/src/com/android/email/SecurityPolicyTests.java +++ b/tests/src/com/android/email/SecurityPolicyTests.java @@ -294,5 +294,47 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> { Account a2a = Account.restoreAccountWithId(mMockContext, a2.mId); assertEquals(Account.FLAGS_VIBRATE, a2a.mFlags); } - + + /** + * Test the response to disabling DeviceAdmin status + */ + public void testDisableAdmin() { + Account a1 = ProviderTestUtils.setupAccount("disable-1", false, mMockContext); + PolicySet p1 = new PolicySet(10, PolicySet.PASSWORD_MODE_SIMPLE, 0, 0, false); + p1.writeAccount(a1, "sync-key-1", true, mMockContext); + + Account a2 = ProviderTestUtils.setupAccount("disable-2", false, mMockContext); + PolicySet p2 = new PolicySet(20, PolicySet.PASSWORD_MODE_STRONG, 25, 26, false); + p2.writeAccount(a2, "sync-key-2", true, mMockContext); + + Account a3 = ProviderTestUtils.setupAccount("disable-3", false, mMockContext); + a3.mSecurityFlags = 0; + a3.mSecuritySyncKey = null; + a3.save(mMockContext); + + SecurityPolicy sp = getSecurityPolicy(); + + // Confirm that "enabling" device admin does not change security status (flags & sync key) + PolicySet before = sp.getAggregatePolicy(); + sp.onAdminEnabled(true); // "enabled" should not change anything + PolicySet after1 = sp.getAggregatePolicy(); + assertEquals(before, after1); + Account a1a = Account.restoreAccountWithId(mMockContext, a1.mId); + assertNotNull(a1a.mSecuritySyncKey); + Account a2a = Account.restoreAccountWithId(mMockContext, a2.mId); + assertNotNull(a2a.mSecuritySyncKey); + Account a3a = Account.restoreAccountWithId(mMockContext, a3.mId); + assertNull(a3a.mSecuritySyncKey); + + // Revoke device admin status. In the accounts we set up, security values should be reset + sp.onAdminEnabled(false); // "disabled" should clear policies + PolicySet after2 = sp.getAggregatePolicy(); + assertEquals(SecurityPolicy.NO_POLICY_SET, after2); + Account a1b = Account.restoreAccountWithId(mMockContext, a1.mId); + assertNull(a1b.mSecuritySyncKey); + Account a2b = Account.restoreAccountWithId(mMockContext, a2.mId); + assertNull(a2b.mSecuritySyncKey); + Account a3b = Account.restoreAccountWithId(mMockContext, a3.mId); + assertNull(a3b.mSecuritySyncKey); + } } |