[DPM] Allow lower strong auth timeout on debuggable builds

Timeout can be set to lower than 1h on debuggable builds (eng, user-debug) using persist.sys.min_str_auth_timeo system property. This allows manual testers to more easily carry out testing scenarios. Bug: 29825955 Test: manual without setting the property: if timeout is set to less than 1h, it's clamped to 1h Test: manual with setting the property: on user-debug build with "adb root && adb shell setprop persist.sys.min_str_auth_timeo 30000" Change-Id: I8cd871e3d04b2c6c7164f684b9a6a24e7292bfab
2016-12-14 13:47:37 +00:00
parent 17ca0e43a1
commit 2df5919faa
1 changed files with 15 additions and 3 deletions
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -4360,8 +4360,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
        Preconditions.checkArgument(timeoutMs >= 0, "Timeout must not be a negative number.");
        // timeoutMs with value 0 means that the admin doesn't participate
        // timeoutMs is clamped to the interval in case the internal constants change in the future
-        if (timeoutMs != 0 && timeoutMs < MINIMUM_STRONG_AUTH_TIMEOUT_MS) {
-            timeoutMs = MINIMUM_STRONG_AUTH_TIMEOUT_MS;
+        final long minimumStrongAuthTimeout = getMinimumStrongAuthTimeoutMs();
+        if (timeoutMs != 0 && timeoutMs < minimumStrongAuthTimeout) {
+            timeoutMs = minimumStrongAuthTimeout;
        }
        if (timeoutMs > DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS) {
            timeoutMs = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS;
@@ -4405,10 +4406,21 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                    strongAuthUnlockTimeout = Math.min(timeout, strongAuthUnlockTimeout);
                }
            }
-            return Math.max(strongAuthUnlockTimeout, MINIMUM_STRONG_AUTH_TIMEOUT_MS);
+            return Math.max(strongAuthUnlockTimeout, getMinimumStrongAuthTimeoutMs());
        }
    }

+    private long getMinimumStrongAuthTimeoutMs() {
+        if (!mInjector.isBuildDebuggable()) {
+            return MINIMUM_STRONG_AUTH_TIMEOUT_MS;
+        }
+        // ideally the property was named persist.sys.min_strong_auth_timeout, but system property
+        // name cannot be longer than 31 characters
+        return Math.min(mInjector.systemPropertiesGetLong("persist.sys.min_str_auth_timeo",
+                MINIMUM_STRONG_AUTH_TIMEOUT_MS),
+                MINIMUM_STRONG_AUTH_TIMEOUT_MS);
+    }
+
    @Override
    public void lockNow(int flags, boolean parent) {
        if (!mHasFeature) {