From a3f1c1627e1597d3f9734d2a8920e04a4337e90a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20Hu=CC=88hne?= <github@hosy.de>
Date: Mon, 19 Feb 2024 21:26:58 +0100
Subject: [PATCH] Prevent the user from changing the device time to bypass the
 lock prevention of the app.

---
 ownCloud.xcodeproj/project.pbxproj            |  4 +++
 ownCloud/PrivacyInfo.xcprivacy                | 36 +++++++++++++++++++
 .../AppLock/AppLockManager.swift              | 26 +++++++++++++-
 3 files changed, 65 insertions(+), 1 deletion(-)
 create mode 100644 ownCloud/PrivacyInfo.xcprivacy

diff --git a/ownCloud.xcodeproj/project.pbxproj b/ownCloud.xcodeproj/project.pbxproj
index 8bacbe3de..5de5df7b8 100644
--- a/ownCloud.xcodeproj/project.pbxproj
+++ b/ownCloud.xcodeproj/project.pbxproj
@@ -67,6 +67,7 @@
 		3968C883239C54AD00AC28AC /* ReleaseNotes.plist in Resources */ = {isa = PBXBuildFile; fileRef = 3968C87B239C54AC00AC28AC /* ReleaseNotes.plist */; };
 		396C82FB2319AFDD00938262 /* CollaborateAction.swift in Sources */ = {isa = PBXBuildFile; fileRef = 396C82FA2319AFDD00938262 /* CollaborateAction.swift */; };
 		396D7C6523224A53002380C1 /* DiscardSceneAction.swift in Sources */ = {isa = PBXBuildFile; fileRef = 396D7C5F23224A53002380C1 /* DiscardSceneAction.swift */; };
+		396DAD882B83F00900957C58 /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = 396DAD872B83F00900957C58 /* PrivacyInfo.xcprivacy */; };
 		397754F82327A33500119FCB /* OpenSceneAction.swift in Sources */ = {isa = PBXBuildFile; fileRef = 397754F22327A33500119FCB /* OpenSceneAction.swift */; };
 		39878B7421FB1DE800DBF693 /* UINavigationController+Extension.swift in Sources */ = {isa = PBXBuildFile; fileRef = 39878B7321FB1DE800DBF693 /* UINavigationController+Extension.swift */; };
 		399697F5260255B100E5AEBA /* PDFGotoPageAction.swift in Sources */ = {isa = PBXBuildFile; fileRef = 399697F1260255B100E5AEBA /* PDFGotoPageAction.swift */; };
@@ -1069,6 +1070,7 @@
 		396BE4C92289500E00B254A9 /* RoundedLabel.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RoundedLabel.swift; sourceTree = "<group>"; };
 		396C82FA2319AFDD00938262 /* CollaborateAction.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CollaborateAction.swift; sourceTree = "<group>"; };
 		396D7C5F23224A53002380C1 /* DiscardSceneAction.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DiscardSceneAction.swift; sourceTree = "<group>"; };
+		396DAD872B83F00900957C58 /* PrivacyInfo.xcprivacy */ = {isa = PBXFileReference; lastKnownFileType = text.xml; path = PrivacyInfo.xcprivacy; sourceTree = "<group>"; };
 		397754E123279EED00119FCB /* OCItem+Extension.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "OCItem+Extension.swift"; sourceTree = "<group>"; };
 		397754F22327A33500119FCB /* OpenSceneAction.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = OpenSceneAction.swift; sourceTree = "<group>"; };
 		397E276B23D05A5400117B07 /* ServerListToolCell.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ServerListToolCell.swift; sourceTree = "<group>"; };
@@ -1893,6 +1895,7 @@
 				DC27A19B20CAB5D7008ACB6C /* FileProvider Integration */,
 				DC85573120513C7500189B9A /* Resources */,
 				DC0B37952051541C00189B9A /* ownCloud.entitlements */,
+				396DAD872B83F00900957C58 /* PrivacyInfo.xcprivacy */,
 			);
 			path = ownCloud;
 			sourceTree = "<group>";
@@ -4249,6 +4252,7 @@
 				39DF77D524EA854C0066E8F0 /* LaunchScreen.storyboard in Resources */,
 				3968C883239C54AD00AC28AC /* ReleaseNotes.plist in Resources */,
 				59D4895220C83F2E00369C2E /* InfoPlist.strings in Resources */,
+				396DAD882B83F00900957C58 /* PrivacyInfo.xcprivacy in Resources */,
 				593A821120C7D4C5000E2A90 /* Localizable.strings in Resources */,
 				DCE684F6241BD4E800799C30 /* Branding.plist in Resources */,
 				DC9BFBB320A19AF4007064B5 /* doc in Resources */,
diff --git a/ownCloud/PrivacyInfo.xcprivacy b/ownCloud/PrivacyInfo.xcprivacy
new file mode 100644
index 000000000..5735273a2
--- /dev/null
+++ b/ownCloud/PrivacyInfo.xcprivacy
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>NSPrivacyCollectedDataTypes</key>
+	<array>
+		<dict>
+			<key>NSPrivacyCollectedDataType</key>
+			<string></string>
+			<key>NSPrivacyCollectedDataTypeLinked</key>
+			<false/>
+			<key>NSPrivacyCollectedDataTypeTracking</key>
+			<false/>
+			<key>NSPrivacyCollectedDataTypePurposes</key>
+			<array>
+				<string></string>
+			</array>
+		</dict>
+	</array>
+	<key>NSPrivacyAccessedAPITypes</key>
+	<array>
+		<dict>
+			<key>NSPrivacyAccessedAPITypeReasons</key>
+			<array>
+				<string>To prevent the user from changing the device time to bypass the lock prevention of the app.</string>
+			</array>
+			<key>NSPrivacyAccessedAPIType</key>
+			<string>NSPrivacyAccessedAPICategorySystemBootTime</string>
+		</dict>
+	</array>
+	<key>NSPrivacyTrackingDomains</key>
+	<array/>
+	<key>NSPrivacyTracking</key>
+	<false/>
+</dict>
+</plist>
diff --git a/ownCloudAppShared/AppLock/AppLockManager.swift b/ownCloudAppShared/AppLock/AppLockManager.swift
index 3031e6d28..7e10dfec9 100644
--- a/ownCloudAppShared/AppLock/AppLockManager.swift
+++ b/ownCloudAppShared/AppLock/AppLockManager.swift
@@ -96,6 +96,14 @@ public class AppLockManager: NSObject {
 			self.userDefaults.set(newValue, forKey: "applock-locked-until-date")
 		}
 	}
+	private var lockSetTime: TimeInterval? {
+		get {
+			return userDefaults.object(forKey: "applock-lock-set-time") as? TimeInterval
+		}
+		set(newValue) {
+			self.userDefaults.set(newValue, forKey: "applock-lock-set-time")
+		}
+	}
 	private var biometricalAuthenticationSucceeded: Bool {
 		get {
 			return userDefaults.bool(forKey: "applock-biometrical-authentication-succeeded")
@@ -373,6 +381,7 @@ public class AppLockManager: NSObject {
 				let delayUntilNextAttempt = pow(powBaseDelay, Double(failedPasscodeAttempts))
 
 				lockedUntilDate = Date().addingTimeInterval(delayUntilNextAttempt)
+				lockSetTime = ProcessInfo.processInfo.systemUptime
 				startLockCountdown()
 			}
 
@@ -381,6 +390,21 @@ public class AppLockManager: NSObject {
 	}
 
 	// MARK: - Status
+	
+	private var isLockBypassed: Bool {
+	 if let lockedUntilDate = lockedUntilDate, let lockSetTime = lockSetTime {
+		 let currentTime = ProcessInfo.processInfo.systemUptime
+		 let lockDuration = currentTime - lockSetTime
+		 let timeRemaining = lockedUntilDate.timeIntervalSinceNow
+
+		 if lockDuration < timeRemaining {
+			 // User has attempted to bypass the lock
+			 return true
+		 }
+	 }
+	 return false
+ }
+	
 	private var shouldDisplayLockscreen: Bool {
 		if !AppLockSettings.shared.lockEnabled {
 			return false
@@ -417,7 +441,7 @@ public class AppLockManager: NSObject {
 	}
 
 	private var shouldDisplayCountdown : Bool {
-		if let startLockBeforeDate = self.lockedUntilDate {
+		if let startLockBeforeDate = self.lockedUntilDate, isLockBypassed {
 			return startLockBeforeDate > Date()
 		}