Loading core/java/android/provider/Settings.java +13 −0 Original line number Original line Diff line number Diff line Loading @@ -12869,6 +12869,19 @@ public final class Settings { */ */ public static final String DISABLE_SECURE_WINDOWS = "disable_secure_windows"; public static final String DISABLE_SECURE_WINDOWS = "disable_secure_windows"; /** * Controls if the adaptive authentication feature should be disabled, which * will attempt to lock the device after a number of consecutive authentication * attempts fail. * * This can only be disabled on debuggable builds. Set to 1 to disable or 0 for the * normal behavior. * * @hide */ public static final String DISABLE_ADAPTIVE_AUTH_LIMIT_LOCK = "disable_adaptive_auth_limit_lock"; /** @hide */ /** @hide */ public static final int PRIVATE_SPACE_AUTO_LOCK_ON_DEVICE_LOCK = 0; public static final int PRIVATE_SPACE_AUTO_LOCK_ON_DEVICE_LOCK = 0; /** @hide */ /** @hide */ Loading core/java/android/security/flags.aconfig +8 −1 Original line number Original line Diff line number Diff line Loading @@ -156,3 +156,10 @@ flag { bug: "380120712" bug: "380120712" is_fixed_read_only: true is_fixed_read_only: true } } flag { name: "disable_adaptive_auth_counter_lock" namespace: "biometrics" description: "Flag to allow an adb secure setting to disable the adaptive auth lock" bug: "371057865" } packages/SettingsProvider/src/android/provider/settings/validators/SecureSettingsValidators.java +1 −0 Original line number Original line Diff line number Diff line Loading @@ -454,5 +454,6 @@ public class SecureSettingsValidators { VALIDATORS.put(Secure.MANDATORY_BIOMETRICS_REQUIREMENTS_SATISFIED, VALIDATORS.put(Secure.MANDATORY_BIOMETRICS_REQUIREMENTS_SATISFIED, new InclusiveIntegerRangeValidator(0, 1)); new InclusiveIntegerRangeValidator(0, 1)); VALIDATORS.put(Secure.ADVANCED_PROTECTION_MODE, BOOLEAN_VALIDATOR); VALIDATORS.put(Secure.ADVANCED_PROTECTION_MODE, BOOLEAN_VALIDATOR); VALIDATORS.put(Secure.DISABLE_ADAPTIVE_AUTH_LIMIT_LOCK, BOOLEAN_VALIDATOR); } } } } packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java +1 −0 Original line number Original line Diff line number Diff line Loading @@ -689,6 +689,7 @@ public class SettingsBackupTest { Settings.Secure.DEFAULT_DEVICE_INPUT_METHOD, Settings.Secure.DEFAULT_DEVICE_INPUT_METHOD, Settings.Secure.DEVICE_PAIRED, Settings.Secure.DEVICE_PAIRED, Settings.Secure.DIALER_DEFAULT_APPLICATION, Settings.Secure.DIALER_DEFAULT_APPLICATION, Settings.Secure.DISABLE_ADAPTIVE_AUTH_LIMIT_LOCK, Settings.Secure.DISABLED_PRINT_SERVICES, Settings.Secure.DISABLED_PRINT_SERVICES, Settings.Secure.DISABLE_SECURE_WINDOWS, Settings.Secure.DISABLE_SECURE_WINDOWS, Settings.Secure.DISABLED_SYSTEM_INPUT_METHODS, Settings.Secure.DISABLED_SYSTEM_INPUT_METHODS, Loading services/core/java/com/android/server/security/authenticationpolicy/AuthenticationPolicyService.java +13 −0 Original line number Original line Diff line number Diff line Loading @@ -17,6 +17,7 @@ package com.android.server.security.authenticationpolicy; package com.android.server.security.authenticationpolicy; import static android.Manifest.permission.MANAGE_SECURE_LOCK_DEVICE; import static android.Manifest.permission.MANAGE_SECURE_LOCK_DEVICE; import static android.security.Flags.disableAdaptiveAuthCounterLock; import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_ADAPTIVE_AUTH_REQUEST; import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_ADAPTIVE_AUTH_REQUEST; Loading @@ -39,6 +40,7 @@ import android.os.IBinder; import android.os.Looper; import android.os.Looper; import android.os.Message; import android.os.Message; import android.os.SystemClock; import android.os.SystemClock; import android.provider.Settings; import android.security.authenticationpolicy.AuthenticationPolicyManager; import android.security.authenticationpolicy.AuthenticationPolicyManager; import android.security.authenticationpolicy.DisableSecureLockDeviceParams; import android.security.authenticationpolicy.DisableSecureLockDeviceParams; import android.security.authenticationpolicy.EnableSecureLockDeviceParams; import android.security.authenticationpolicy.EnableSecureLockDeviceParams; Loading Loading @@ -251,6 +253,17 @@ public class AuthenticationPolicyService extends SystemService { return; return; } } if (disableAdaptiveAuthCounterLock() && Build.IS_DEBUGGABLE) { final boolean disabled = Settings.Secure.getIntForUser( getContext().getContentResolver(), Settings.Secure.DISABLE_ADAPTIVE_AUTH_LIMIT_LOCK, 0 /* default */, userId) != 0; if (disabled) { Slog.d(TAG, "not locking (disabled by user)"); return; } } //TODO: additionally consider the trust signal before locking device //TODO: additionally consider the trust signal before locking device lockDevice(userId); lockDevice(userId); } } Loading Loading
core/java/android/provider/Settings.java +13 −0 Original line number Original line Diff line number Diff line Loading @@ -12869,6 +12869,19 @@ public final class Settings { */ */ public static final String DISABLE_SECURE_WINDOWS = "disable_secure_windows"; public static final String DISABLE_SECURE_WINDOWS = "disable_secure_windows"; /** * Controls if the adaptive authentication feature should be disabled, which * will attempt to lock the device after a number of consecutive authentication * attempts fail. * * This can only be disabled on debuggable builds. Set to 1 to disable or 0 for the * normal behavior. * * @hide */ public static final String DISABLE_ADAPTIVE_AUTH_LIMIT_LOCK = "disable_adaptive_auth_limit_lock"; /** @hide */ /** @hide */ public static final int PRIVATE_SPACE_AUTO_LOCK_ON_DEVICE_LOCK = 0; public static final int PRIVATE_SPACE_AUTO_LOCK_ON_DEVICE_LOCK = 0; /** @hide */ /** @hide */ Loading
core/java/android/security/flags.aconfig +8 −1 Original line number Original line Diff line number Diff line Loading @@ -156,3 +156,10 @@ flag { bug: "380120712" bug: "380120712" is_fixed_read_only: true is_fixed_read_only: true } } flag { name: "disable_adaptive_auth_counter_lock" namespace: "biometrics" description: "Flag to allow an adb secure setting to disable the adaptive auth lock" bug: "371057865" }
packages/SettingsProvider/src/android/provider/settings/validators/SecureSettingsValidators.java +1 −0 Original line number Original line Diff line number Diff line Loading @@ -454,5 +454,6 @@ public class SecureSettingsValidators { VALIDATORS.put(Secure.MANDATORY_BIOMETRICS_REQUIREMENTS_SATISFIED, VALIDATORS.put(Secure.MANDATORY_BIOMETRICS_REQUIREMENTS_SATISFIED, new InclusiveIntegerRangeValidator(0, 1)); new InclusiveIntegerRangeValidator(0, 1)); VALIDATORS.put(Secure.ADVANCED_PROTECTION_MODE, BOOLEAN_VALIDATOR); VALIDATORS.put(Secure.ADVANCED_PROTECTION_MODE, BOOLEAN_VALIDATOR); VALIDATORS.put(Secure.DISABLE_ADAPTIVE_AUTH_LIMIT_LOCK, BOOLEAN_VALIDATOR); } } } }
packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java +1 −0 Original line number Original line Diff line number Diff line Loading @@ -689,6 +689,7 @@ public class SettingsBackupTest { Settings.Secure.DEFAULT_DEVICE_INPUT_METHOD, Settings.Secure.DEFAULT_DEVICE_INPUT_METHOD, Settings.Secure.DEVICE_PAIRED, Settings.Secure.DEVICE_PAIRED, Settings.Secure.DIALER_DEFAULT_APPLICATION, Settings.Secure.DIALER_DEFAULT_APPLICATION, Settings.Secure.DISABLE_ADAPTIVE_AUTH_LIMIT_LOCK, Settings.Secure.DISABLED_PRINT_SERVICES, Settings.Secure.DISABLED_PRINT_SERVICES, Settings.Secure.DISABLE_SECURE_WINDOWS, Settings.Secure.DISABLE_SECURE_WINDOWS, Settings.Secure.DISABLED_SYSTEM_INPUT_METHODS, Settings.Secure.DISABLED_SYSTEM_INPUT_METHODS, Loading
services/core/java/com/android/server/security/authenticationpolicy/AuthenticationPolicyService.java +13 −0 Original line number Original line Diff line number Diff line Loading @@ -17,6 +17,7 @@ package com.android.server.security.authenticationpolicy; package com.android.server.security.authenticationpolicy; import static android.Manifest.permission.MANAGE_SECURE_LOCK_DEVICE; import static android.Manifest.permission.MANAGE_SECURE_LOCK_DEVICE; import static android.security.Flags.disableAdaptiveAuthCounterLock; import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_ADAPTIVE_AUTH_REQUEST; import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_ADAPTIVE_AUTH_REQUEST; Loading @@ -39,6 +40,7 @@ import android.os.IBinder; import android.os.Looper; import android.os.Looper; import android.os.Message; import android.os.Message; import android.os.SystemClock; import android.os.SystemClock; import android.provider.Settings; import android.security.authenticationpolicy.AuthenticationPolicyManager; import android.security.authenticationpolicy.AuthenticationPolicyManager; import android.security.authenticationpolicy.DisableSecureLockDeviceParams; import android.security.authenticationpolicy.DisableSecureLockDeviceParams; import android.security.authenticationpolicy.EnableSecureLockDeviceParams; import android.security.authenticationpolicy.EnableSecureLockDeviceParams; Loading Loading @@ -251,6 +253,17 @@ public class AuthenticationPolicyService extends SystemService { return; return; } } if (disableAdaptiveAuthCounterLock() && Build.IS_DEBUGGABLE) { final boolean disabled = Settings.Secure.getIntForUser( getContext().getContentResolver(), Settings.Secure.DISABLE_ADAPTIVE_AUTH_LIMIT_LOCK, 0 /* default */, userId) != 0; if (disabled) { Slog.d(TAG, "not locking (disabled by user)"); return; } } //TODO: additionally consider the trust signal before locking device //TODO: additionally consider the trust signal before locking device lockDevice(userId); lockDevice(userId); } } Loading
