cros: Added policies for screen unlock.

chrome/browser/chromeos/login/quick_unlock/pin_storage.cc

Index: chrome/browser/chromeos/login/quick_unlock/pin_storage.cc
diff --git a/chrome/browser/chromeos/login/quick_unlock/pin_storage.cc b/chrome/browser/chromeos/login/quick_unlock/pin_storage.cc
index 25abdaf2417994b33e3be641a5eedb34f7f25441..bafc2f97ad1f7f85c80d17fa80110d17b90b38b1 100644
--- a/chrome/browser/chromeos/login/quick_unlock/pin_storage.cc
+++ b/chrome/browser/chromeos/login/quick_unlock/pin_storage.cc
@@ -37,11 +37,29 @@ std::string ComputeSecret(const std::string& pin, const std::string& salt) {
   return key.GetSecret();
 }
 
-}  // namespace
+base::TimeDelta PasswordConfirmationFrequencyFrequencyToTimeDelta(
+    PasswordConfirmationFrequency frequency) {
+  base::TimeDelta time_delta;
+  switch (frequency) {
+    case PasswordConfirmationFrequency::SIX_HOURS:
+      time_delta = base::TimeDelta::FromHours(6);

[jdufault, 2016/10/21 19:03:45]

Return the value directly and remove the |time_delta| temporary.

[sammiequon, 2016/10/21 23:49:25]

Done.

+      break;
+    case PasswordConfirmationFrequency::TWELVE_HOURS:
+      time_delta = base::TimeDelta::FromHours(12);
+      break;
+    case PasswordConfirmationFrequency::DAY:
+      time_delta = base::TimeDelta::FromDays(1);
+      break;
+    case PasswordConfirmationFrequency::WEEK:
+      time_delta = base::TimeDelta::FromDays(7);
+      break;
+    default:
+      NOTREACHED();
+  }
+  return time_delta;
+}
 
-// static
-const base::TimeDelta PinStorage::kStrongAuthTimeout =
-    base::TimeDelta::FromHours(24);
+}  // namespace
 
 // static
 void PinStorage::RegisterProfilePrefs(
@@ -66,6 +84,17 @@ bool PinStorage::HasStrongAuth() const {
   return !last_strong_auth_.is_null();
 }
 
+bool PinStorage::NeedsStrongAuth() const {
+  PasswordConfirmationFrequency strong_auth_interval =
+      static_cast<PasswordConfirmationFrequency>(
+          pref_service_->GetInteger(prefs::kQuickUnlockTimeout));
+  base::TimeDelta strong_auth_timeout =
+      PasswordConfirmationFrequencyFrequencyToTimeDelta(strong_auth_interval);
+  ;

[jdufault, 2016/10/21 19:03:44]

Remove extra ;

[sammiequon, 2016/10/21 23:49:25]

Done.

+
+  return TimeSinceLastStrongAuth() > strong_auth_timeout;
+}
+
 base::TimeDelta PinStorage::TimeSinceLastStrongAuth() const {
   DCHECK(!last_strong_auth_.is_null());
   return base::Time::Now() - last_strong_auth_;
@@ -96,6 +125,16 @@ void PinStorage::RemovePin() {
   pref_service_->SetString(prefs::kQuickUnlockPinSecret, "");
 }
 
+bool PinStorage::IsPinUnlockEnabled() const {
+  const base::ListValue* screen_lock_whitelist =
+      pref_service_->GetList(prefs::kQuickUnlockModeWhitelist);
+  auto all_value = base::StringValue("all");

[jdufault, 2016/10/21 19:03:45]

base::StringValue all_value("all")?

[sammiequon, 2016/10/21 23:49:25]

Done.

+  auto pin_value = base::StringValue("pin");
+  return screen_lock_whitelist->Find(all_value) !=
+             screen_lock_whitelist->end() ||
+         screen_lock_whitelist->Find(pin_value) != screen_lock_whitelist->end();
+}
+
 std::string PinStorage::PinSalt() const {
   return pref_service_->GetString(prefs::kQuickUnlockPinSalt);
 }
@@ -107,11 +146,10 @@ std::string PinStorage::PinSecret() const {
 bool PinStorage::IsPinAuthenticationAvailable() const {
   const bool exceeded_unlock_attempts =
       unlock_attempt_count() >= kMaximumUnlockAttempts;
-  const bool has_strong_auth =
-      HasStrongAuth() && TimeSinceLastStrongAuth() < kStrongAuthTimeout;
+  const bool has_strong_auth = HasStrongAuth() && !NeedsStrongAuth();
 
-  return IsQuickUnlockEnabled() && IsPinSet() && has_strong_auth &&
-         !exceeded_unlock_attempts;
+  return IsPinUnlockEnabled() && IsQuickUnlockEnabled() && IsPinSet() &&
+         has_strong_auth && !exceeded_unlock_attempts;
 }
 
 bool PinStorage::TryAuthenticatePin(const std::string& pin) {