From 2df5919faadc172d71fbb1a20d1f13667a1981af Mon Sep 17 00:00:00 2001 From: Michal Karpinski Date: Wed, 14 Dec 2016 13:47:37 +0000 Subject: [DPM] Allow lower strong auth timeout on debuggable builds Timeout can be set to lower than 1h on debuggable builds (eng, user-debug) using persist.sys.min_str_auth_timeo system property. This allows manual testers to more easily carry out testing scenarios. Bug: 29825955 Test: manual without setting the property: if timeout is set to less than 1h, it's clamped to 1h Test: manual with setting the property: on user-debug build with "adb root && adb shell setprop persist.sys.min_str_auth_timeo 30000" Change-Id: I8cd871e3d04b2c6c7164f684b9a6a24e7292bfab --- .../devicepolicy/DevicePolicyManagerService.java | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 2e5b6876719e..bd777303eb10 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -4360,8 +4360,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Preconditions.checkArgument(timeoutMs >= 0, "Timeout must not be a negative number."); // timeoutMs with value 0 means that the admin doesn't participate // timeoutMs is clamped to the interval in case the internal constants change in the future - if (timeoutMs != 0 && timeoutMs < MINIMUM_STRONG_AUTH_TIMEOUT_MS) { - timeoutMs = MINIMUM_STRONG_AUTH_TIMEOUT_MS; + final long minimumStrongAuthTimeout = getMinimumStrongAuthTimeoutMs(); + if (timeoutMs != 0 && timeoutMs < minimumStrongAuthTimeout) { + timeoutMs = minimumStrongAuthTimeout; } if (timeoutMs > DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS) { timeoutMs = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS; @@ -4405,10 +4406,21 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { strongAuthUnlockTimeout = Math.min(timeout, strongAuthUnlockTimeout); } } - return Math.max(strongAuthUnlockTimeout, MINIMUM_STRONG_AUTH_TIMEOUT_MS); + return Math.max(strongAuthUnlockTimeout, getMinimumStrongAuthTimeoutMs()); } } + private long getMinimumStrongAuthTimeoutMs() { + if (!mInjector.isBuildDebuggable()) { + return MINIMUM_STRONG_AUTH_TIMEOUT_MS; + } + // ideally the property was named persist.sys.min_strong_auth_timeout, but system property + // name cannot be longer than 31 characters + return Math.min(mInjector.systemPropertiesGetLong("persist.sys.min_str_auth_timeo", + MINIMUM_STRONG_AUTH_TIMEOUT_MS), + MINIMUM_STRONG_AUTH_TIMEOUT_MS); + } + @Override public void lockNow(int flags, boolean parent) { if (!mHasFeature) { -- cgit v1.2.3-59-g8ed1b