Implement Policies

[Flole998]

In the fingerprint PR we had a little discussion about security. I mentioned safetynet and even though it was meant as a joke, now when i think about it it's actually not that stupid. In order to give admins more control about what users are allowed and have to do, I request to introduce policies that can be set by the admin. Those policies can be things like:

• require passcode or fingerprint authentication
• disable passcode fallback if fingerprint is is configured
• require safetynet to pass in order to use the app
• disable webdav (so safetynet actually makes sense)
• require device to have a pincode/unlock pattern etc. set
• disable access for old app versions

I think that would be a great benefit, especially when looking at how nextcloud is used in enterprises. Also when the password manager will finally be introduced, even in smaller setups such policies would be useful to force users to comply to company policies or just to make the own system safer.
However this would require a lot of changes and so I am asking for comments here if that feature is wanted and if there are any other options that should be added.

[mario]

That would require server support, wouldn't it?

[Flole998]

Yes, and also library and maybe even mac/windows client support depending on what policies will be implemented. On the server there is no real need for a fancy UI, as this is an advanced function it would be fine to have it controllable using the config file I think. That would also add additional security.

[mario]

I definitely like the idea, but this would take forever to discuss and coordinate right now :)

[Flole998]

On the serverside we could just add it to the capabilities, similar to how the theming was added. I could have a PR up for that in one or two weeks. That would be a good base for that feature, and if we leave it undocumented for now it shouldn't cause any issues as nobody will add the options to the config file and expect it to work as they are undocumented. As soon as the app and library are ready for that it could be documented in the sample config file and in the manual so users actual know it exists. It is a big change and a big project but it can be done and i would be totally up for that and start working on it as soon as we have a few people wanting this feature (because if nobody will be using it I could use my time to fix other issues). We could have the server and the library ready for that in one or two weeks, however we need to figure out what policies are actually wanted first to start implementing them.

[tobiasKaminsky]

First this should be discussed in a proper way with the server guys.

[Flole998]

@tobiasKaminsky I will open a feature request over there and reference this one. As this is mainly something that has to be done in the App, it should be discussed here. I however agree that it is necessary to talk to the server guys if they want that stuff in their code ;)

[tobiasKaminsky]

And do not forget the other clients (windows, iOS, ...) ;-)

[Flole998]

I think we should focus on one client first, to get the basic principle up and running and define how policies are delivered to the device. As soon as that is set, other clients could implement it aswell (although some features will be on one system only, for example allow the software to run only if a password has been set would be a Windows/Mac specific feature.)

[jasonbayton]

I commented in the referenced ticket, but probably better here (since there's activity in this repo)

nextcloud/server#3456

Related, as MDM plays well into this and can likely be implemented in such a way either the MDM admin or the NC admin can force the client to conform.

Have a look there to see what's been suggested on the server team.

for example allow the software to run only if a password has been set would be a Windows/Mac specific feature

Not at all, depends how deep you want to go, with device admin privileges on Android NC could check and enforce a passcode before it functions. I imagine that is far above the requirements of a sync client but the options exist.

I've said it elsewhere already (#408), but before diving in to this I'd ask you look into #408 and see if you can align it with Android Enterprise - as you mentioned yourself the suggestions you've made play well into the Enterprise market and with the prevalence of EMM (MDM) platforms in that area it offers the opportunity to kill 2 birds with one stone.

Have an MDM? Great, enable Android Enterprise and these configs will become available. Don't have one? No worries - enforce them through the NC console. If precedence is available, the MDM platform should take it (mobile security/policy admins > collaborative software admins) to avoid it being pushed from both sides and causing conflicts.

I look forward to the day I'll be able to not only push NC out through a secure, private device container, but also enforce policies through app configs as well. It'll be fantastic.

I still have an MDM platform with Android Enterprise enabled should you want to test, or me to test. Until the server guys take an interest you could build out the functionality for AE and enable it on the server later. No need to wait 👍

Would it be worth a dedicated NC Enterprise branch for testing separate from the current beta? Won't get in the way and can be merged in later that way.