Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a33667c4 authored by Joe Bolinger's avatar Joe Bolinger Committed by Android (Google) Code Review
Browse files

Add adb (Settings.Secure) CLI for disabling the adaptive auth auto lock. 

To disable the lock (only on debuggable builds):
adb shell settings put secure disable_adaptive_auth_limit_lock 1

To re-enable the lock:
adb shell settings put secure disable_adaptive_auth_limit_lock 0

Bug: 371057865
Flag: android.security.disable_adaptive_auth_counter_lock
Test: atest AuthenticationPolicyServiceTest
Ignore-AOSP-First: Depends on other changes not in AOSP yet.

This reverts commit fffcf619.

Reason for revert: Restoring the original commit after the flag namespace issue in an unrelated test is resolved.

Change-Id: Id984761186d0daa1cddd2e97da4d55881896faf5
parent fffcf619

core/java/android/provider/Settings.java

+13 −0
Original line number Diff line number Diff line
@@ -12876,6 +12876,19 @@ public final class Settings { 
         */

        public static final String DISABLE_SECURE_WINDOWS = "disable_secure_windows";













        /**













         * Controls if the adaptive authentication feature should be disabled, which













         * will attempt to lock the device after a number of consecutive authentication













         * attempts fail.













         *













         * This can only be disabled on debuggable builds. Set to 1 to disable or 0 for the













         * normal behavior.













         *













         * @hide













         */













        public static final String DISABLE_ADAPTIVE_AUTH_LIMIT_LOCK =













                "disable_adaptive_auth_limit_lock";



























        /** @hide */















        public static final int PRIVATE_SPACE_AUTO_LOCK_ON_DEVICE_LOCK = 0;















        /** @hide */

































core/java/android/security/flags.aconfig



+8
−1




























Original line number
Diff line number
Diff line








@@ -146,3 +146,10 @@ flag {













    bug: "380120712"















    is_fixed_read_only: true















}



























flag {













    name: "disable_adaptive_auth_counter_lock"













    namespace: "biometrics"













    description: "Flag to allow an adb secure setting to disable the adaptive auth lock"













    bug: "371057865"













}
























packages/SettingsProvider/src/android/provider/settings/validators/SecureSettingsValidators.java



+1
−0




























Original line number
Diff line number
Diff line








@@ -454,5 +454,6 @@ public class SecureSettingsValidators {













        VALIDATORS.put(Secure.MANDATORY_BIOMETRICS_REQUIREMENTS_SATISFIED,















                new InclusiveIntegerRangeValidator(0, 1));















        VALIDATORS.put(Secure.ADVANCED_PROTECTION_MODE, BOOLEAN_VALIDATOR);













        VALIDATORS.put(Secure.DISABLE_ADAPTIVE_AUTH_LIMIT_LOCK, BOOLEAN_VALIDATOR);















    }















}
























packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java



+1
−0




























Original line number
Diff line number
Diff line








@@ -690,6 +690,7 @@ public class SettingsBackupTest {













                 Settings.Secure.DEFAULT_DEVICE_INPUT_METHOD,















                 Settings.Secure.DEVICE_PAIRED,















                 Settings.Secure.DIALER_DEFAULT_APPLICATION,













                 Settings.Secure.DISABLE_ADAPTIVE_AUTH_LIMIT_LOCK,















                 Settings.Secure.DISABLED_PRINT_SERVICES,















                 Settings.Secure.DISABLE_SECURE_WINDOWS,















                 Settings.Secure.DISABLED_SYSTEM_INPUT_METHODS,

































services/core/java/com/android/server/security/authenticationpolicy/AuthenticationPolicyService.java



+13
−0




























Original line number
Diff line number
Diff line








@@ -17,6 +17,7 @@













package com.android.server.security.authenticationpolicy;































import static android.Manifest.permission.MANAGE_SECURE_LOCK_DEVICE;













import static android.security.Flags.disableAdaptiveAuthCounterLock;































import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_ADAPTIVE_AUTH_REQUEST;

























@@ -39,6 +40,7 @@ import android.os.IBinder;













import android.os.Looper;















import android.os.Message;















import android.os.SystemClock;













import android.provider.Settings;















import android.security.authenticationpolicy.AuthenticationPolicyManager;















import android.security.authenticationpolicy.DisableSecureLockDeviceParams;















import android.security.authenticationpolicy.EnableSecureLockDeviceParams;










@@ -251,6 +253,17 @@ public class AuthenticationPolicyService extends SystemService {













            return;















        }





























        if (disableAdaptiveAuthCounterLock() && Build.IS_DEBUGGABLE) {













            final boolean disabled = Settings.Secure.getIntForUser(













                    getContext().getContentResolver(),













                    Settings.Secure.DISABLE_ADAPTIVE_AUTH_LIMIT_LOCK,













                    0 /* default */, userId) != 0;













            if (disabled) {













                Slog.d(TAG, "not locking (disabled by user)");













                return;













            }













        }





























        //TODO: additionally consider the trust signal before locking device















        lockDevice(userId);















    }