Handle inactivity timeout > maximum allowed properly
* In a recent change, we mistakenly removed the logic for handling
too-long inactivity timeouts; we should just fall back to the maximum
since this is stricter than what we're being asked to enforce
* Restore this logic and update the unit test
* The regression was caused by change Ida5663a9, to wit:
Backport: Handle "Allow non-provisionable devices" properly
Bug: 2886746
Change-Id: I99cf9a37441b80477cc1c2c7ec2a78f8a14a83da
diff --git a/src/com/android/email/SecurityPolicy.java b/src/com/android/email/SecurityPolicy.java
index 076949b..bacb39b 100644
--- a/src/com/android/email/SecurityPolicy.java
+++ b/src/com/android/email/SecurityPolicy.java
@@ -461,9 +461,6 @@
if (passwordMode < PASSWORD_MODE_NONE || passwordMode > PASSWORD_MODE_STRONG) {
throw new IllegalArgumentException("password mode");
}
- if (maxScreenLockTime > SCREEN_LOCK_TIME_MAX) {
- throw new IllegalArgumentException("screen lock time");
- }
// This value can be reduced (which actually increases security) if necessary
if (maxPasswordFails > PASSWORD_MAX_FAILS_MAX) {
maxPasswordFails = PASSWORD_MAX_FAILS_MAX;
diff --git a/tests/src/com/android/email/SecurityPolicyTests.java b/tests/src/com/android/email/SecurityPolicyTests.java
index 7d6a8ee..1e25050 100644
--- a/tests/src/com/android/email/SecurityPolicyTests.java
+++ b/tests/src/com/android/email/SecurityPolicyTests.java
@@ -33,7 +33,10 @@
/**
* This is a series of unit tests for backup/restore of the SecurityPolicy class.
- */
+ *
+ * You can run this entire test case with:
+ * runtest -c com.android.email.SecurityPolicyTests email
+*/
@MediumTest
public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
@@ -101,12 +104,12 @@
fail("Illegal password mode allowed");
} catch (IllegalArgumentException e) {
}
- try {
- new PolicySet(0, PolicySet.PASSWORD_MODE_NONE, 0,
- PolicySet.SCREEN_LOCK_TIME_MAX + 1, false);
- fail("Too-long screen lock time allowed");
- } catch (IllegalArgumentException e) {
- }
+ PolicySet ps = new PolicySet(0, PolicySet.PASSWORD_MODE_NONE, 0,
+ PolicySet.SCREEN_LOCK_TIME_MAX + 1, false);
+ assertEquals(PolicySet.SCREEN_LOCK_TIME_MAX, ps.getMaxScreenLockTime());
+ ps = new PolicySet(0, PolicySet.PASSWORD_MODE_NONE,
+ PolicySet.PASSWORD_MAX_FAILS_MAX + 1, 0, false);
+ assertEquals(PolicySet.PASSWORD_MAX_FAILS_MAX, ps.getMaxPasswordFails());
}
/**