Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 943aabd11cce3ab453762d3912395363720e1f5d^! / . / core / java / android / app / admin / DevicePolicyManager.java
commit943aabd11cce3ab453762d3912395363720e1f5d[log] [tgz]
authorMichal Karpinski <mkarpinski@google.com>Thu Oct 06 11:09:25 2016 +0100
committerMichal Karpinski <mkarpinski@google.com>Tue Oct 11 10:12:30 2016 +0100
tree695caefcd1d1b48d7ee5d897d9a88c7fb756c7fb
parent77e552d6c60522a87159ea803ab2a2da9d564e40 [diff] [blame]
Don't expose default strong auth timeout as constant

The admin can instead use the value of 0 to reset to default.

Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java

Bug: 31430135
Change-Id: I0d6b29ca4eca65d7ca72a8975a0c28c9050a946c

diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index a207a52..4ddcfe5 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java

@@ -2352,18 +2352,23 @@
      * <p>The calling device admin must be a device or profile owner. If it is not,
      * a {@link SecurityException} will be thrown.
      *
+     * <p>The calling device admin can verify the value it has set by calling
+     * {@link #getRequiredStrongAuthTimeout(ComponentName)} and passing in its instance.
+     *
      * <p>This method can be called on the {@link DevicePolicyManager} instance returned by
      * {@link #getParentProfileInstance(ComponentName)} in order to set restrictions on the parent
      * profile.
      *
      * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
      * @param timeoutMs The new timeout, after which the user will have to unlock with strong
-     *         authentication method. If the timeout is lower than 1 hour (minimum) or higher than
-     *         72 hours (default and maximum) an {@link IllegalArgumentException} is thrown.
+     *         authentication method. A value of 0 means the admin is not participating in
+     *         controlling the timeout.
+     *         The minimum and maximum timeouts are platform-defined and are typically 1 hour and
+     *         72 hours, respectively. Though discouraged, the admin may choose to require strong
+     *         auth at all times using {@link #KEYGUARD_DISABLE_FINGERPRINT} and/or
+     *         {@link #KEYGUARD_DISABLE_TRUST_AGENTS}.
      *
      * @throws SecurityException if {@code admin} is not a device or profile owner.
-     * @throws IllegalArgumentException if the timeout is lower than 1 hour (minimum) or higher than
-     *         72 hours (default and maximum)
      *
      * @hide
      */
@@ -2389,7 +2394,7 @@
      *
      * @param admin The name of the admin component to check, or {@code null} to aggregate
      *         accross all participating admins.
-     * @return The timeout or default timeout if not configured
+     * @return The timeout or 0 if not configured for the provided admin.
      *
      * @hide
      */