cros: Added policies for screen unlock.

chrome/browser/chromeos/login/quick_unlock/pin_storage.cc

Index: chrome/browser/chromeos/login/quick_unlock/pin_storage.cc
diff --git a/chrome/browser/chromeos/login/quick_unlock/pin_storage.cc b/chrome/browser/chromeos/login/quick_unlock/pin_storage.cc
index 25abdaf2417994b33e3be641a5eedb34f7f25441..0c37199f00d15b5e80b5b02d843367e5b4731eff 100644
--- a/chrome/browser/chromeos/login/quick_unlock/pin_storage.cc
+++ b/chrome/browser/chromeos/login/quick_unlock/pin_storage.cc
@@ -37,11 +37,25 @@ std::string ComputeSecret(const std::string& pin, const std::string& salt) {
   return key.GetSecret();
 }
 
-}  // namespace
+base::TimeDelta PasswordConfirmationFrequencyFrequencyToTimeDelta(
+    PasswordConfirmationFrequency frequency) {
+  switch (frequency) {
+    case PasswordConfirmationFrequency::SIX_HOURS:
+      return base::TimeDelta::FromHours(6);
+    case PasswordConfirmationFrequency::TWELVE_HOURS:
+      return base::TimeDelta::FromHours(12);
+    case PasswordConfirmationFrequency::DAY:
+      return base::TimeDelta::FromDays(1);
+    case PasswordConfirmationFrequency::WEEK:
+      return base::TimeDelta::FromDays(7);
+    default:

[jdufault, 2016/10/25 17:39:50]

Remove default case. If you leave it there, I believe the compiler will not give
a warning about a missing entry.

[sammiequon, 2016/10/25 19:18:41]

Done.

+      NOTREACHED();
+      return base::TimeDelta();
+  }
+  return base::TimeDelta();

[jdufault, 2016/10/25 17:39:50]

Add NOTREACHED() above this line.

[sammiequon, 2016/10/25 19:18:41]

Done.

+}
 
-// static
-const base::TimeDelta PinStorage::kStrongAuthTimeout =
-    base::TimeDelta::FromHours(24);
+}  // namespace
 
 // static
 void PinStorage::RegisterProfilePrefs(
@@ -63,7 +77,16 @@ void PinStorage::MarkStrongAuth() {
 }
 
 bool PinStorage::HasStrongAuth() const {
-  return !last_strong_auth_.is_null();
+  if (last_strong_auth_.is_null())
+    return false;
+
+  PasswordConfirmationFrequency strong_auth_interval =
+      static_cast<PasswordConfirmationFrequency>(
+          pref_service_->GetInteger(prefs::kQuickUnlockTimeout));
+  base::TimeDelta strong_auth_timeout =
+      PasswordConfirmationFrequencyFrequencyToTimeDelta(strong_auth_interval);
+
+  return TimeSinceLastStrongAuth() < strong_auth_timeout;
 }
 
 base::TimeDelta PinStorage::TimeSinceLastStrongAuth() const {
@@ -107,10 +130,9 @@ std::string PinStorage::PinSecret() const {
 bool PinStorage::IsPinAuthenticationAvailable() const {
   const bool exceeded_unlock_attempts =
       unlock_attempt_count() >= kMaximumUnlockAttempts;
-  const bool has_strong_auth =
-      HasStrongAuth() && TimeSinceLastStrongAuth() < kStrongAuthTimeout;
+  const bool has_strong_auth = HasStrongAuth();

[jdufault, 2016/10/25 17:39:50]

Remove the has_strong_auth variable.

[sammiequon, 2016/10/25 19:18:41]

Done.

 
-  return IsQuickUnlockEnabled() && IsPinSet() && has_strong_auth &&
+  return IsQuickUnlockEnabled(pref_service_) && IsPinSet() && has_strong_auth &&
          !exceeded_unlock_attempts;
 }