Checking if device is secure.

Adding device to security checks.
Modifying and adding tests for new security checks.

owncloudApp/src/main/java/com/owncloud/android/extensions/ActivityExt.kt

@@ -21,6 +21,7 @@ package com.owncloud.android.extensions
 
 import android.app.Activity
 import android.app.AlertDialog
+import android.app.KeyguardManager
 import android.content.ActivityNotFoundException
 import android.content.ContentResolver
 import android.content.Context
@@ -285,7 +286,8 @@ fun Activity.hideSoftKeyboard() {
 fun Activity.checkPasscodeEnforced(securityEnforced: SecurityEnforced) {
     val sharedPreferencesProvider = OCSharedPreferencesProvider(this)
 
-    val deviceProtection: Boolean = this.resources.getBoolean(R.bool.device_protection)
+    val deviceProtection: Boolean =
+        this.resources.getBoolean(R.bool.device_protection) && !(this.getSystemService(Context.KEYGUARD_SERVICE) as KeyguardManager).isDeviceSecure
     val lockEnforced: Int = this.resources.getInteger(R.integer.lock_enforced)
     val passcodeConfigured = sharedPreferencesProvider.getBoolean(PassCodeActivity.PREFERENCE_SET_PASSCODE, false)
     val patternConfigured = sharedPreferencesProvider.getBoolean(PatternActivity.PREFERENCE_SET_PATTERN, false)

owncloudApp/src/main/java/com/owncloud/android/presentation/security/SecurityUtils.kt

@@ -20,6 +20,8 @@
 
 package com.owncloud.android.presentation.security
 
+import android.app.KeyguardManager
+import android.content.Context
 import android.os.SystemClock
 import com.owncloud.android.MainApp
 import com.owncloud.android.data.preferences.datasources.implementation.OCSharedPreferencesProvider
@@ -68,3 +70,5 @@ fun bayPassUnlockOnce() {
         preferencesProvider.putLong(PREFERENCE_LAST_UNLOCK_TIMESTAMP, newLastUnlockTimestamp)
     }
 }
+
+fun isDeviceSecure() = (MainApp.appContext.getSystemService(Context.KEYGUARD_SERVICE) as KeyguardManager).isDeviceSecure

owncloudApp/src/main/java/com/owncloud/android/presentation/settings/security/SettingsSecurityViewModel.kt

@@ -27,9 +27,11 @@ import com.owncloud.android.presentation.security.LockEnforcedType
 import com.owncloud.android.presentation.security.LockEnforcedType.Companion.parseFromInteger
 import com.owncloud.android.presentation.security.LockTimeout
 import com.owncloud.android.presentation.security.biometric.BiometricActivity
+import com.owncloud.android.presentation.security.isDeviceSecure
 import com.owncloud.android.presentation.security.passcode.PassCodeActivity
 import com.owncloud.android.presentation.security.pattern.PatternActivity
 import com.owncloud.android.providers.MdmProvider
+import com.owncloud.android.utils.CONFIGURATION_DEVICE_PROTECTION
 import com.owncloud.android.utils.CONFIGURATION_LOCK_DELAY_TIME
 import com.owncloud.android.utils.NO_MDM_RESTRICTION_YET
 
@@ -51,7 +53,7 @@ class SettingsSecurityViewModel(
     fun getBiometricsState(): Boolean = preferencesProvider.getBoolean(BiometricActivity.PREFERENCE_SET_BIOMETRIC, false)
 
     fun isSecurityEnforcedEnabled() =
-        mdmProvider.getBrandingBoolean(NO_MDM_RESTRICTION_YET, R.bool.device_protection)
+        mdmProvider.getBrandingBoolean(CONFIGURATION_DEVICE_PROTECTION, R.bool.device_protection) && isDeviceSecure()
                 && parseFromInteger(mdmProvider.getBrandingInteger(NO_MDM_RESTRICTION_YET, R.integer.lock_enforced)) != LockEnforcedType.DISABLED
 
     fun isLockDelayEnforcedEnabled() = LockTimeout.parseFromInteger(

owncloudApp/src/main/java/com/owncloud/android/utils/MdmConfigurations.kt

@@ -31,6 +31,7 @@ const val CONFIGURATION_SERVER_URL_INPUT_VISIBILITY = "server_url_input_visibili
 const val CONFIGURATION_ALLOW_SCREENSHOTS = "allow_screenshots_configuration"
 const val CONFIGURATION_OAUTH2_OPEN_ID_SCOPE = "oauth2_open_id_scope"
 const val CONFIGURATION_OAUTH2_OPEN_ID_PROMPT = "oauth2_open_id_prompt"
+const val CONFIGURATION_DEVICE_PROTECTION = "device_protection"
 
 @StringDef(
     NO_MDM_RESTRICTION_YET,
@@ -40,6 +41,7 @@ const val CONFIGURATION_OAUTH2_OPEN_ID_PROMPT = "oauth2_open_id_prompt"
     CONFIGURATION_ALLOW_SCREENSHOTS,
     CONFIGURATION_OAUTH2_OPEN_ID_SCOPE,
     CONFIGURATION_OAUTH2_OPEN_ID_PROMPT,
+    CONFIGURATION_DEVICE_PROTECTION,
 )
 @Retention(AnnotationRetention.SOURCE)
 @Target(AnnotationTarget.VALUE_PARAMETER)

owncloudApp/src/test/java/com/owncloud/android/presentation/viewmodels/settings/SettingsSecurityViewModelTest.kt

@@ -23,6 +23,7 @@ package com.owncloud.android.presentation.viewmodels.settings
 import com.owncloud.android.R
 import com.owncloud.android.data.preferences.datasources.SharedPreferencesProvider
 import com.owncloud.android.presentation.security.LockEnforcedType
+import com.owncloud.android.presentation.security.isDeviceSecure
 import com.owncloud.android.presentation.security.passcode.PassCodeActivity
 import com.owncloud.android.presentation.security.pattern.PatternActivity
 import com.owncloud.android.presentation.settings.security.SettingsSecurityViewModel
@@ -31,6 +32,7 @@ import com.owncloud.android.presentation.viewmodels.ViewModelTest
 import com.owncloud.android.providers.MdmProvider
 import io.mockk.every
 import io.mockk.mockk
+import io.mockk.mockkStatic
 import io.mockk.verify
 import kotlinx.coroutines.ExperimentalCoroutinesApi
 import org.junit.Assert.assertFalse
@@ -49,6 +51,7 @@ class SettingsSecurityViewModelTest : ViewModelTest() {
         preferencesProvider = mockk(relaxUnitFun = true)
         mdmProvider = mockk(relaxUnitFun = true)
         securityViewModel = SettingsSecurityViewModel(preferencesProvider, mdmProvider)
+        mockkStatic(::isDeviceSecure)
     }
 
     @Test
@@ -140,7 +143,9 @@ class SettingsSecurityViewModelTest : ViewModelTest() {
     }
 
     @Test
-    fun `is security enforced enabled - ok - true`() {
+    fun `is security enforced enabled device protection device secure - ok - true`() {
+        every { isDeviceSecure() } returns true
+        every { mdmProvider.getBrandingBoolean(any(), R.bool.device_protection) } returns true
         every { mdmProvider.getBrandingInteger(any(), R.integer.lock_enforced) } returns LockEnforcedType.EITHER_ENFORCED.ordinal
 
         val result = securityViewModel.isSecurityEnforcedEnabled()
@@ -149,13 +154,76 @@ class SettingsSecurityViewModelTest : ViewModelTest() {
     }
 
     @Test
-    fun `is security enforced enabled - ok - false`() {
+    fun `is security enforced disabled device protection device no secure - ok - false`() {
+        every { isDeviceSecure() } returns false
+        every { mdmProvider.getBrandingBoolean(any(), R.bool.device_protection) } returns true
         every { mdmProvider.getBrandingInteger(any(), R.integer.lock_enforced) } returns LockEnforcedType.DISABLED.ordinal
 
         val result = securityViewModel.isSecurityEnforcedEnabled()
         assertFalse(result)
     }
 
+    @Test
+    fun `is security enforced enabled device protection device secure - ok - false`() {
+        every { isDeviceSecure() } returns true
+        every { mdmProvider.getBrandingBoolean(any(), R.bool.device_protection) } returns true
+        every { mdmProvider.getBrandingInteger(any(), R.integer.lock_enforced) } returns LockEnforcedType.EITHER_ENFORCED.ordinal
+
+        val result = securityViewModel.isSecurityEnforcedEnabled()
+        assertFalse(result)
+    }
+
+    @Test
+    fun `is security enforced enabled no device protection device no secure - ok - false`() {
+        every { isDeviceSecure() } returns false
+        every { mdmProvider.getBrandingBoolean(any(), R.bool.device_protection) } returns false
+        every { mdmProvider.getBrandingInteger(any(), R.integer.lock_enforced) } returns LockEnforcedType.EITHER_ENFORCED.ordinal
+
+        val result = securityViewModel.isSecurityEnforcedEnabled()
+        assertFalse(result)
+    }
+
+    @Test
+    fun `is security enforced enabled no devices secure device secure - ok - false`() {
+        every { isDeviceSecure() } returns true
+        every { mdmProvider.getBrandingBoolean(any(), R.bool.device_protection) } returns false
+        every { mdmProvider.getBrandingInteger(any(), R.integer.lock_enforced) } returns LockEnforcedType.EITHER_ENFORCED.ordinal
+
+        val result = securityViewModel.isSecurityEnforcedEnabled()
+        assertFalse(result)
+    }
+
+    @Test
+    fun `is security enforced disabled no device protection device no secure - ok - false`() {
+        every { isDeviceSecure() } returns false
+        every { mdmProvider.getBrandingBoolean(any(), R.bool.device_protection) } returns false
+        every { mdmProvider.getBrandingInteger(any(), R.integer.lock_enforced) } returns LockEnforcedType.DISABLED.ordinal
+
+        val result = securityViewModel.isSecurityEnforcedEnabled()
+        assertFalse(result)
+    }
+
+    @Test
+    fun `is security enforced disabled no device protection device secure - ok - false`() {
+        every { isDeviceSecure() } returns true
+        every { mdmProvider.getBrandingBoolean(any(), R.bool.device_protection) } returns false
+        every { mdmProvider.getBrandingInteger(any(), R.integer.lock_enforced) } returns LockEnforcedType.DISABLED.ordinal
+
+        val result = securityViewModel.isSecurityEnforcedEnabled()
+        assertFalse(result)
+    }
+
+    @Test
+    fun `is security enforced disabled device protection device secure - ok - false`() {
+        every { isDeviceSecure() } returns true
+        every { mdmProvider.getBrandingBoolean(any(), R.bool.device_protection) } returns true
+        every { mdmProvider.getBrandingInteger(any(), R.integer.lock_enforced) } returns LockEnforcedType.DISABLED.ordinal
+
+        val result = securityViewModel.isSecurityEnforcedEnabled()
+        assertFalse(result)
+    }
+
+
     @Test
     fun `is lock delay enforced enabled - ok - true`() {
         every { mdmProvider.getBrandingInteger(any(), R.integer.lock_delay_enforced) } returns 1