/**
* Default and maximum timeout in milliseconds after which unlocking with weak auth times out,
* i.e. the user has to use a strong authentication method like password, PIN or pattern.
*
* @hide
*/
public static final long DEFAULT_STRONG_AUTH_TIMEOUT_MS = 72 * 60 * 60 * 1000; // 72h
从上面的说明来看,当弱认证方式如指纹解锁使用超时,就会要求使用强认证解锁如password, PIN 或者 pattern.而这个超时的临界值时72h(连续3天)。
接着前面的抛砖引玉,我们继续向下分析,以弄秦楚这个逻辑过程。
/frameworks/base/core/java/android/app/admin/DevicePolicyManager.java
/**
* Determine for how long the user will be able to use secondary, non strong auth for
* authentication, since last strong method authentication (password, pin or pattern) was used.
* After the returned timeout the user is required to use strong authentication method.
*
* <p>This method can be called on the {@link DevicePolicyManager} instance
* returned by {@link #getParentProfileInstance(ComponentName)} in order to retrieve
* restrictions on the parent profile.
*
* @param admin The name of the admin component to check, or {@code null} to aggregate
* accross all participating admins.
* @return The timeout in milliseconds or 0 if not configured for the provided admin.
*/
public long getRequiredStrongAuthTimeout(@Nullable ComponentName admin) {
return getRequiredStrongAuthTimeout(admin, myUserId());
}
/** @hide per-user version */
public long getRequiredStrongAuthTimeout(@Nullable ComponentName admin, @UserIdInt int userId) {
if (mService != null) {
try {
return mService.getRequiredStrongAuthTimeout(admin, userId, mParentInstance);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
return DEFAULT_STRONG_AUTH_TIMEOUT_MS;
}
通过getRequiredStrongAuthTimeout方法可以获得具体情况下的强认证超时时间,private final IDevicePolicyManager mService,找到继承
"IDevicePolicyManager.Stub"这个类的子类定义的地方:
/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
/**
* Implementation of the device policy APIs.
*/
public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
......
/**
* Return a single admin's strong auth unlock timeout or minimum value (strictest) of all
* admins if who is null.
* Returns 0 if not configured for the provided admin.
*/
@Override
public long getRequiredStrongAuthTimeout(ComponentName who, int userId, boolean parent) {
if (!mHasFeature) {
return DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS;
}
enforceFullCrossUsersPermission(userId);
synchronized (this) {
if (who != null) {
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userId, parent);
return admin != null ? admin.strongAuthUnlockTimeout : 0;
}
// Return the strictest policy across all participating admins.
List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userId, parent);
long strongAuthUnlockTimeout = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS;
for (int i = 0; i < admins.size(); i++) {
final long timeout = admins.get(i).strongAuthUnlockTimeout;
if (timeout != 0) { // take only participating admins into account
strongAuthUnlockTimeout = Math.min(timeout, strongAuthUnlockTimeout);
}
}
return Math.max(strongAuthUnlockTimeout, getMinimumStrongAuthTimeoutMs());
}
}
......
从上面的源码可以看出,getRequiredStrongAuthTimeout()返回的超时临界时间是不确定的,但是该临界时间最大值是72小时。
通过getRequiredStrongAuthTimeout顺藤摸瓜:
/frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsStrongAuth.java
private void handleScheduleStrongAuthTimeout(int userId) {
final DevicePolicyManager dpm =
(DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE);
long when = SystemClock.elapsedRealtime() + dpm.getRequiredStrongAuthTimeout(null, userId);
// cancel current alarm listener for the user (if there was one)
StrongAuthTimeoutAlarmListener alarm = mStrongAuthTimeoutAlarmListenerForUser.get(userId);
if (alarm != null) {
mAlarmManager.cancel(alarm);
} else {
alarm = new StrongAuthTimeoutAlarmListener(userId);
mStrongAuthTimeoutAlarmListenerForUser.put(userId, alarm);
}
// schedule a new alarm listener for the user
mAlarmManager.set(AlarmManager.ELAPSED_REALTIME, when, STRONG_AUTH_TIMEOUT_ALARM_TAG,
alarm, mHandler);
}
看到 long when = Sys