Merge pull request #13533 from nextcloud/fix-secure-flag

Flag FLAG_SECURE should only be active when in passcode screen

app/src/main/java/com/owncloud/android/authentication/PassCodeManager.kt

@@ -37,6 +37,18 @@ class PassCodeManager(private val preferences: AppPreferences, private val clock
          * the pass code being requested on screen rotations.
          */
         private const val PASS_CODE_TIMEOUT = 5000
+
+        fun setSecureFlag(activity: Activity, isSet: Boolean) {
+            activity.window?.let { window ->
+                if (isSet) {
+                    println("flag added")
+                    window.addFlags(WindowManager.LayoutParams.FLAG_SECURE)
+                } else {
+                    println("flag cleared")
+                    window.clearFlags(WindowManager.LayoutParams.FLAG_SECURE)
+                }
+            }
+        }
     }
 
     var canAskPin = true
@@ -49,7 +61,6 @@ class PassCodeManager(private val preferences: AppPreferences, private val clock
     fun onActivityResumed(activity: Activity): Boolean {
         var askedForPin = false
         val timestamp = preferences.lockTimestamp
-        setSecureFlag(activity)
 
         if (!isExemptActivity(activity)) {
             val passcodeRequested = passCodeShouldBeRequested(timestamp)
@@ -76,16 +87,6 @@ class PassCodeManager(private val preferences: AppPreferences, private val clock
         return askedForPin
     }
 
-    private fun setSecureFlag(activity: Activity) {
-        activity.window?.let { window ->
-            if (isPassCodeEnabled() || deviceCredentialsAreEnabled(activity)) {
-                window.addFlags(WindowManager.LayoutParams.FLAG_SECURE)
-            } else {
-                window.clearFlags(WindowManager.LayoutParams.FLAG_SECURE)
-            }
-        }
-    }
-
     private fun requestPasscode(activity: Activity) {
         val i = Intent(MainApp.getAppContext(), PassCodeActivity::class.java).apply {
             action = PassCodeActivity.ACTION_CHECK

app/src/main/java/com/owncloud/android/ui/activity/PassCodeActivity.kt

@@ -79,6 +79,7 @@ class PassCodeActivity : AppCompatActivity(), Injectable {
         binding = PasscodelockBinding.inflate(layoutInflater)
         setContentView(binding.root)
 
+        PassCodeManager.setSecureFlag(this, true)
         applyTint()
         setupPasscodeEditTexts()
         setSoftInputMode()
@@ -374,6 +375,11 @@ class PassCodeActivity : AppCompatActivity(), Injectable {
         }
     }
 
+    override fun onDestroy() {
+        PassCodeManager.setSecureFlag(this, false)
+        super.onDestroy()
+    }
+
     private inner class PassCodeDigitTextWatcher(index: Int, lastOne: Boolean) : TextWatcher {
         private var mIndex = -1
         private val mLastOne: Boolean

app/src/main/java/com/owncloud/android/ui/activity/RequestCredentialsActivity.java

@@ -14,15 +14,19 @@ import android.app.Activity;
 import android.app.KeyguardManager;
 import android.content.Context;
 import android.content.Intent;
+import android.os.Bundle;
 import android.os.SystemClock;
 import android.widget.Toast;
 
 import com.nextcloud.client.preferences.AppPreferencesImpl;
 import com.owncloud.android.R;
+import com.owncloud.android.authentication.PassCodeManager;
 import com.owncloud.android.lib.common.utils.Log_OC;
 import com.owncloud.android.utils.DeviceCredentialUtils;
 import com.owncloud.android.utils.DisplayUtils;
 
+import androidx.annotation.Nullable;
+
 /**
  * Dummy activity that is used to handle the device's default authentication workflow.
  */
@@ -36,6 +40,12 @@ public class RequestCredentialsActivity extends Activity {
     public final static int KEY_CHECK_RESULT_CANCEL = -1;
     private static final int REQUEST_CODE_CONFIRM_DEVICE_CREDENTIALS = 1;
 
+    @Override
+    protected void onCreate(@Nullable Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        PassCodeManager.Companion.setSecureFlag(this,true);
+    }
+
     @Override
     protected void onActivityResult(int requestCode, int resultCode, Intent data) {
         if (requestCode == REQUEST_CODE_CONFIRM_DEVICE_CREDENTIALS) {
@@ -82,4 +92,10 @@ public class RequestCredentialsActivity extends Activity {
         setResult(Activity.RESULT_OK, resultIntent);
         finish();
     }
+
+    @Override
+    protected void onDestroy() {
+        PassCodeManager.Companion.setSecureFlag(this,false);
+        super.onDestroy();
+    }
 }