Enforce password complexity in lockscreen setting

Enforce a lock screen that adheres with the required complexity set by
the admin.

This is done by querying the DevicePolicyManager for the complexity set
for the given user, and merging it with the complexity from the "change
lock screen" intent (if any).

If the admin sets a higher complexity requirement than the app
triggering the lock screen change request, then the admin-set complexity
is enforced and the user is not shown information about the requesting
app.

Bug: 165573442
Test: Manually, set complexity using TestDPC and see it applies.
Test: m RunSettingsRoboTests ROBOTEST_FILTER=com.android.settings.password.ChooseLockGenericTest
Test: m RunSettingsRoboTests ROBOTEST_FILTER=com.android.settings.password.ChooseLockPasswordTest
Change-Id: If3f24f7430bdcbcd34265339f7d2a1ff82a44fc1

src/com/android/settings/password/ChooseLockGeneric.java

@@ -221,9 +221,19 @@ public class ChooseLockGeneric extends SettingsActivity {
             mForBiometrics = intent.getBooleanExtra(
                     ChooseLockSettingsHelper.EXTRA_KEY_FOR_BIOMETRICS, false);
 
-            mRequestedMinComplexity = intent
+            final int complexityFromIntent = intent
                     .getIntExtra(EXTRA_KEY_REQUESTED_MIN_COMPLEXITY, PASSWORD_COMPLEXITY_NONE);
-            mCallerAppName =
+            final int complexityFromAdmin = mLockPatternUtils.getRequestedPasswordComplexity(
+                    mUserId);
+            mRequestedMinComplexity = Math.max(complexityFromIntent, complexityFromAdmin);
+            final boolean isComplexityProvidedByAdmin = (complexityFromAdmin > complexityFromIntent)
+                    && mRequestedMinComplexity > PASSWORD_COMPLEXITY_NONE;
+
+            // If the complexity is provided by the admin, do not get the caller app's name.
+            // If the app requires, for example, low complexity, and the admin requires high
+            // complexity, it does not make sense to show a footer telling the user it's the app
+            // requesting a particular complexity because the admin-set complexity will override it.
+            mCallerAppName = isComplexityProvidedByAdmin ? null :
                     intent.getStringExtra(EXTRA_KEY_CALLER_APP_NAME);
             mIsCallingAppAdmin = intent
                     .getBooleanExtra(EXTRA_KEY_IS_CALLING_APP_ADMIN, /* defValue= */ false);
@@ -669,8 +679,9 @@ public class ChooseLockGeneric extends SettingsActivity {
             final PreferenceScreen entries = getPreferenceScreen();
 
             int adminEnforcedQuality = mDpm.getPasswordQuality(null, mUserId);
-            EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal.checkIfPasswordQualityIsSet(
-                    getActivity(), mUserId);
+            EnforcedAdmin enforcedAdmin =
+                    RestrictedLockUtilsInternal.checkIfPasswordQualityIsSet(getActivity(),
+                            mUserId);
             // If we are to unify a work challenge at the end of the credential enrollment, manually
             // merge any password policy from that profile here, so we are enrolling a compliant
             // password. This is because once unified, the profile's password policy will

src/com/android/settings/password/ChooseLockPassword.java

@@ -421,6 +421,8 @@ public class ChooseLockPassword extends SettingsActivity {
             if (mUnificationProfileId != UserHandle.USER_NULL) {
                 mMinMetrics.maxWith(
                         mLockPatternUtils.getRequestedPasswordMetrics(mUnificationProfileId));
+                mMinComplexity = Math.max(mMinComplexity,
+                        mLockPatternUtils.getRequestedPasswordComplexity(mUnificationProfileId));
             }
 
             if (intent.getBooleanExtra(