Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2df5919f authored by Michal Karpinski's avatar Michal Karpinski
Browse files

[DPM] Allow lower strong auth timeout on debuggable builds 

Timeout can be set to lower than 1h on debuggable builds (eng, user-debug)
using persist.sys.min_str_auth_timeo system property. This allows manual
testers to more easily carry out testing scenarios.

Bug: 29825955
Test: manual without setting the property: if timeout is set to less than 1h, it's clamped to 1h
Test: manual with setting the property: on user-debug build with "adb root && adb shell setprop persist.sys.min_str_auth_timeo 30000"
Change-Id: I8cd871e3d04b2c6c7164f684b9a6a24e7292bfab
parent 17ca0e43

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+15 −3
Original line number Diff line number Diff line
@@ -4360,8 +4360,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        Preconditions.checkArgument(timeoutMs >= 0, "Timeout must not be a negative number.");

        // timeoutMs with value 0 means that the admin doesn't participate

        // timeoutMs is clamped to the interval in case the internal constants change in the future

        if (timeoutMs != 0 && timeoutMs < MINIMUM_STRONG_AUTH_TIMEOUT_MS) {

            timeoutMs = MINIMUM_STRONG_AUTH_TIMEOUT_MS;

        final long minimumStrongAuthTimeout = getMinimumStrongAuthTimeoutMs();

        if (timeoutMs != 0 && timeoutMs < minimumStrongAuthTimeout) {

            timeoutMs = minimumStrongAuthTimeout;

        }

        if (timeoutMs > DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS) {

            timeoutMs = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS;
@@ -4405,10 +4406,21 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                    strongAuthUnlockTimeout = Math.min(timeout, strongAuthUnlockTimeout);

                }

            }

            return Math.max(strongAuthUnlockTimeout, MINIMUM_STRONG_AUTH_TIMEOUT_MS);

            return Math.max(strongAuthUnlockTimeout, getMinimumStrongAuthTimeoutMs());

        }

    }



    private long getMinimumStrongAuthTimeoutMs() {

        if (!mInjector.isBuildDebuggable()) {

            return MINIMUM_STRONG_AUTH_TIMEOUT_MS;

        }

        // ideally the property was named persist.sys.min_strong_auth_timeout, but system property

        // name cannot be longer than 31 characters

        return Math.min(mInjector.systemPropertiesGetLong("persist.sys.min_str_auth_timeo",

                MINIMUM_STRONG_AUTH_TIMEOUT_MS),

                MINIMUM_STRONG_AUTH_TIMEOUT_MS);

    }



    @Override

    public void lockNow(int flags, boolean parent) {

        if (!mHasFeature) {