Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5b130b65 authored by Joe Bolinger's avatar Joe Bolinger
Browse files

Add adb (Settings.Secure) CLI for disabling the adaptive auth auto lock. 

To disable the lock (only on debuggable builds):
adb shell settings put secure disable_adaptive_auth_limit_lock 1

To re-enable the lock:
adb shell settings put secure disable_adaptive_auth_limit_lock 0

Bug: 371057865
Flag: android.security.disable_adaptive_auth_counter_lock
Test: atest AuthenticationPolicyServiceTest
Ignore-AOSP-First: Depends on other changes not in AOSP yet.
Change-Id: I270c53dd781f506e0b7fdf5d926534cc94e15711
parent 8117ad1d

core/java/android/provider/Settings.java

+13 −0
Original line number Diff line number Diff line
@@ -12876,6 +12876,19 @@ public final class Settings { 
         */

        public static final String DISABLE_SECURE_WINDOWS = "disable_secure_windows";













        /**













         * Controls if the adaptive authentication feature should be disabled, which













         * will attempt to lock the device after a number of consecutive authentication













         * attempts fail.













         *













         * This can only be disabled on debuggable builds. Set to 1 to disable or 0 for the













         * normal behavior.













         *













         * @hide













         */













        public static final String DISABLE_ADAPTIVE_AUTH_LIMIT_LOCK =













                "disable_adaptive_auth_limit_lock";



























        /** @hide */















        public static final int PRIVATE_SPACE_AUTO_LOCK_ON_DEVICE_LOCK = 0;















        /** @hide */

































core/java/android/security/flags.aconfig



+8
−1




























Original line number
Diff line number
Diff line








@@ -146,3 +146,10 @@ flag {













    bug: "380120712"















    is_fixed_read_only: true















}



























flag {













    name: "disable_adaptive_auth_counter_lock"













    namespace: "biometrics"













    description: "Flag to allow an adb secure setting to disable the adaptive auth lock"













    bug: "371057865"













}
























packages/SettingsProvider/src/android/provider/settings/validators/SecureSettingsValidators.java



+1
−0




























Original line number
Diff line number
Diff line








@@ -454,5 +454,6 @@ public class SecureSettingsValidators {













        VALIDATORS.put(Secure.MANDATORY_BIOMETRICS_REQUIREMENTS_SATISFIED,















                new InclusiveIntegerRangeValidator(0, 1));















        VALIDATORS.put(Secure.ADVANCED_PROTECTION_MODE, BOOLEAN_VALIDATOR);













        VALIDATORS.put(Secure.DISABLE_ADAPTIVE_AUTH_LIMIT_LOCK, BOOLEAN_VALIDATOR);















    }















}
























packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java



+1
−0




























Original line number
Diff line number
Diff line








@@ -690,6 +690,7 @@ public class SettingsBackupTest {













                 Settings.Secure.DEFAULT_DEVICE_INPUT_METHOD,















                 Settings.Secure.DEVICE_PAIRED,















                 Settings.Secure.DIALER_DEFAULT_APPLICATION,













                 Settings.Secure.DISABLE_ADAPTIVE_AUTH_LIMIT_LOCK,















                 Settings.Secure.DISABLED_PRINT_SERVICES,















                 Settings.Secure.DISABLE_SECURE_WINDOWS,















                 Settings.Secure.DISABLED_SYSTEM_INPUT_METHODS,

































services/core/java/com/android/server/security/authenticationpolicy/AuthenticationPolicyService.java



+13
−0




























Original line number
Diff line number
Diff line








@@ -17,6 +17,7 @@













package com.android.server.security.authenticationpolicy;































import static android.Manifest.permission.MANAGE_SECURE_LOCK_DEVICE;













import static android.security.Flags.disableAdaptiveAuthCounterLock;































import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_ADAPTIVE_AUTH_REQUEST;

























@@ -39,6 +40,7 @@ import android.os.IBinder;













import android.os.Looper;















import android.os.Message;















import android.os.SystemClock;













import android.provider.Settings;















import android.security.authenticationpolicy.AuthenticationPolicyManager;















import android.security.authenticationpolicy.DisableSecureLockDeviceParams;















import android.security.authenticationpolicy.EnableSecureLockDeviceParams;










@@ -251,6 +253,17 @@ public class AuthenticationPolicyService extends SystemService {













            return;















        }





























        if (disableAdaptiveAuthCounterLock() && Build.IS_DEBUGGABLE) {













            final boolean disabled = Settings.Secure.getIntForUser(













                    getContext().getContentResolver(),













                    Settings.Secure.DISABLE_ADAPTIVE_AUTH_LIMIT_LOCK,













                    0 /* default */, userId) != 0;













            if (disabled) {













                Slog.d(TAG, "not locking (disabled by user)");













                return;













            }













        }





























        //TODO: additionally consider the trust signal before locking device















        lockDevice(userId);















    }