Create policy manager (#899)

2026-06-05 22:15:09 -05:00 · 2024-01-31 19:14:27 -07:00
parent 794b68d364
commit d538e37606
21 changed files with 488 additions and 173 deletions
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepository.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepository.kt
@@ -86,11 +86,6 @@ interface AuthRepository : AuthenticatorProvider {
     */
    val passwordPolicies: List<PolicyInformation.MasterPassword>

-    /**
-     * Return whether there are any export vault policies enabled for the current user.
-     */
-    val hasExportVaultPoliciesEnabled: Boolean
-
    /**
     * The reason for resetting the password.
     */
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt
@@ -56,7 +56,6 @@ import com.x8bit.bitwarden.data.auth.repository.model.ValidatePasswordResult
 import com.x8bit.bitwarden.data.auth.repository.model.VaultUnlockType
 import com.x8bit.bitwarden.data.auth.repository.util.CaptchaCallbackTokenResult
 import com.x8bit.bitwarden.data.auth.repository.util.SsoCallbackResult
-import com.x8bit.bitwarden.data.auth.repository.util.currentUserPoliciesListFlow
 import com.x8bit.bitwarden.data.auth.repository.util.policyInformation
 import com.x8bit.bitwarden.data.auth.repository.util.toSdkParams
 import com.x8bit.bitwarden.data.auth.repository.util.toUserState
@@ -65,8 +64,10 @@ import com.x8bit.bitwarden.data.auth.repository.util.userOrganizationsList
 import com.x8bit.bitwarden.data.auth.repository.util.userOrganizationsListFlow
 import com.x8bit.bitwarden.data.auth.util.KdfParamsConstants.DEFAULT_PBKDF2_ITERATIONS
 import com.x8bit.bitwarden.data.auth.util.toSdkParams
+import com.x8bit.bitwarden.data.platform.manager.PolicyManager
 import com.x8bit.bitwarden.data.platform.manager.PushManager
 import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
+import com.x8bit.bitwarden.data.platform.manager.util.getActivePolicies
 import com.x8bit.bitwarden.data.platform.repository.EnvironmentRepository
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
 import com.x8bit.bitwarden.data.platform.repository.util.bufferedMutableSharedFlow
@@ -123,6 +124,7 @@ class AuthRepositoryImpl(
    private val vaultRepository: VaultRepository,
    private val userLogoutManager: UserLogoutManager,
    private val pushManager: PushManager,
+    private val policyManager: PolicyManager,
    dispatcherManager: DispatcherManager,
    private val elapsedRealtimeMillisProvider: () -> Long = { SystemClock.elapsedRealtime() },
 ) : AuthRepository {
@@ -235,21 +237,7 @@ class AuthRepositoryImpl(
        by mutableHasPendingAccountAdditionStateFlow::value

    override val passwordPolicies: List<PolicyInformation.MasterPassword>
-        get() = activeUserId?.let { userId ->
-            authDiskSource
-                .getPolicies(userId)
-                ?.filter { it.type == PolicyTypeJson.MASTER_PASSWORD && it.isEnabled }
-                ?.mapNotNull { it.policyInformation as? PolicyInformation.MasterPassword }
-                .orEmpty()
-        } ?: emptyList()
-
-    override val hasExportVaultPoliciesEnabled: Boolean
-        get() = activeUserId?.let { userId ->
-            authDiskSource
-                .getPolicies(userId)
-                ?.any { it.type == PolicyTypeJson.DISABLE_PERSONAL_VAULT_EXPORT && it.isEnabled }
-                ?: false
-        } ?: false
+        get() = policyManager.getActivePolicies()

    override val passwordResetReason: ForcePasswordResetReason?
        get() = authDiskSource
@@ -274,7 +262,8 @@ class AuthRepositoryImpl(
            .launchIn(unconfinedScope)

        // When the policies for the user have been set, complete the login process.
-        authDiskSource.currentUserPoliciesListFlow
+        policyManager
+            .getActivePoliciesFlow(type = PolicyTypeJson.MASTER_PASSWORD)
            .onEach { policies ->
                val userId = activeUserId ?: return@onEach

@@ -1148,7 +1137,6 @@ class AuthRepositoryImpl(
        // If there are no master password policies that are enabled and should be
        // enforced on login, the check should complete.
        val passwordPolicies = policyList
-            .filter { it.type == PolicyTypeJson.MASTER_PASSWORD && it.isEnabled }
            .mapNotNull { it.policyInformation as? PolicyInformation.MasterPassword }
            .filter { it.enforceOnLogin == true }

--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/di/AuthRepositoryModule.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/di/AuthRepositoryModule.kt
@@ -12,6 +12,7 @@ import com.x8bit.bitwarden.data.auth.datasource.sdk.AuthSdkSource
 import com.x8bit.bitwarden.data.auth.manager.UserLogoutManager
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.auth.repository.AuthRepositoryImpl
+import com.x8bit.bitwarden.data.platform.manager.PolicyManager
 import com.x8bit.bitwarden.data.platform.manager.PushManager
 import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import com.x8bit.bitwarden.data.platform.repository.EnvironmentRepository
@@ -53,6 +54,7 @@ object AuthRepositoryModule {
        vaultRepository: VaultRepository,
        userLogoutManager: UserLogoutManager,
        pushManager: PushManager,
+        policyManager: PolicyManager,
    ): AuthRepository = AuthRepositoryImpl(
        clock = clock,
        accountsService = accountsService,
@@ -71,5 +73,6 @@ object AuthRepositoryModule {
        vaultRepository = vaultRepository,
        userLogoutManager = userLogoutManager,
        pushManager = pushManager,
+        policyManager = policyManager,
    )
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/util/AuthDiskSourceExtensions.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/util/AuthDiskSourceExtensions.kt
@@ -2,12 +2,10 @@ package com.x8bit.bitwarden.data.auth.repository.util

 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.auth.repository.model.UserOrganizations
-import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
 import kotlinx.coroutines.ExperimentalCoroutinesApi
 import kotlinx.coroutines.flow.Flow
 import kotlinx.coroutines.flow.combine
 import kotlinx.coroutines.flow.distinctUntilChanged
-import kotlinx.coroutines.flow.emptyFlow
 import kotlinx.coroutines.flow.flatMapLatest
 import kotlinx.coroutines.flow.map

@@ -55,22 +53,3 @@ val AuthDiskSource.userOrganizationsListFlow: Flow<List<UserOrganizations>>
                ) { values -> values.toList() }
            }
            .distinctUntilChanged()
-
-/**
- * Returns a [Flow] that emits distinct updates to the
- * current user's [SyncResponseJson.Policy] list.
- */
-@OptIn(ExperimentalCoroutinesApi::class)
-val AuthDiskSource.currentUserPoliciesListFlow: Flow<List<SyncResponseJson.Policy>?>
-    get() =
-        this
-            .userStateFlow
-            .flatMapLatest { userStateJson ->
-                userStateJson
-                    ?.activeUserId
-                    ?.let { activeUserId ->
-                        this.getPoliciesFlow(activeUserId)
-                    }
-                    ?: emptyFlow()
-            }
-            .distinctUntilChanged()
--- a/app/src/main/java/com/x8bit/bitwarden/data/platform/manager/PolicyManager.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/manager/PolicyManager.kt
@@ -0,0 +1,20 @@
+package com.x8bit.bitwarden.data.platform.manager
+
+import com.x8bit.bitwarden.data.vault.datasource.network.model.PolicyTypeJson
+import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
+import kotlinx.coroutines.flow.Flow
+
+/**
+ * A manager for pulling policies from the local data store and filtering them as needed.
+ */
+interface PolicyManager {
+    /**
+     * Returns a flow of all the active policies of the given type.
+     */
+    fun getActivePoliciesFlow(type: PolicyTypeJson): Flow<List<SyncResponseJson.Policy>>
+
+    /**
+     * Get all the policies of the given [type] that are enabled and applicable to the user.
+     */
+    fun getActivePolicies(type: PolicyTypeJson): List<SyncResponseJson.Policy>
+}
--- a/app/src/main/java/com/x8bit/bitwarden/data/platform/manager/PolicyManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/manager/PolicyManagerImpl.kt
@@ -0,0 +1,101 @@
+package com.x8bit.bitwarden.data.platform.manager
+
+import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
+import com.x8bit.bitwarden.data.vault.datasource.network.model.OrganizationStatusType
+import com.x8bit.bitwarden.data.vault.datasource.network.model.OrganizationType
+import com.x8bit.bitwarden.data.vault.datasource.network.model.PolicyTypeJson
+import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
+import kotlinx.coroutines.ExperimentalCoroutinesApi
+import kotlinx.coroutines.flow.Flow
+import kotlinx.coroutines.flow.distinctUntilChanged
+import kotlinx.coroutines.flow.emptyFlow
+import kotlinx.coroutines.flow.flatMapLatest
+import kotlinx.coroutines.flow.map
+
+/**
+ * The default [PolicyManager] implementation. This class is responsible for
+ * loading policies for the current user and filtering them as needed.
+ */
+class PolicyManagerImpl(
+    private val authDiskSource: AuthDiskSource,
+) : PolicyManager {
+    @OptIn(ExperimentalCoroutinesApi::class)
+    override fun getActivePoliciesFlow(type: PolicyTypeJson): Flow<List<SyncResponseJson.Policy>> =
+        authDiskSource
+            .userStateFlow
+            .flatMapLatest { userStateJson ->
+                userStateJson
+                    ?.activeUserId
+                    ?.let { activeUserId ->
+                        authDiskSource.getPoliciesFlow(activeUserId)
+                            .map {
+                                filterPolicies(
+                                    userId = activeUserId,
+                                    type = type,
+                                    policies = it,
+                                )
+                            }
+                    }
+                    ?: emptyFlow()
+            }
+            .distinctUntilChanged()
+
+    override fun getActivePolicies(type: PolicyTypeJson): List<SyncResponseJson.Policy> =
+        authDiskSource
+            .userState
+            ?.activeUserId
+            ?.let { userId ->
+                filterPolicies(
+                    userId = userId,
+                    type = type,
+                    policies = authDiskSource.getPolicies(userId = userId),
+                )
+            }
+            ?: emptyList()
+
+    /**
+     * A helper method to filter policies.
+     */
+    private fun filterPolicies(
+        userId: String,
+        type: PolicyTypeJson,
+        policies: List<SyncResponseJson.Policy>?,
+    ): List<SyncResponseJson.Policy> {
+        if (policies.isNullOrEmpty()) return emptyList()
+
+        // Get a list of the user's organizations that enforce policies.
+        val organizationIdsWithActivePolicies = authDiskSource
+            .getOrganizations(userId)
+            ?.filter {
+                it.shouldUsePolicies &&
+                    it.isEnabled &&
+                    it.status >= OrganizationStatusType.ACCEPTED &&
+                    !isOrganizationExemptFromPolicies(it, type)
+            }
+            ?.map { it.id }
+            .orEmpty()
+
+        // Filter the policies based on the type, whether the policy is active,
+        // and whether the organization rules except the user from the policy.
+        return policies.filter {
+            it.type == type &&
+                it.isEnabled &&
+                organizationIdsWithActivePolicies.contains(it.organizationId)
+        }
+    }
+
+    /**
+     * A helper method to determine if the organization is exempt from policies.
+     */
+    private fun isOrganizationExemptFromPolicies(
+        organization: SyncResponseJson.Profile.Organization,
+        policyType: PolicyTypeJson,
+    ): Boolean =
+        if (policyType == PolicyTypeJson.MAXIMUM_VAULT_TIMEOUT) {
+            organization.type == OrganizationType.OWNER
+        } else {
+            (organization.type == OrganizationType.OWNER ||
+                organization.type == OrganizationType.ADMIN) ||
+                organization.permissions.shouldManagePolicies
+        }
+}
--- a/app/src/main/java/com/x8bit/bitwarden/data/platform/manager/di/PlatformManagerModule.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/manager/di/PlatformManagerModule.kt
@@ -20,6 +20,8 @@ import com.x8bit.bitwarden.data.platform.manager.NetworkConfigManager
 import com.x8bit.bitwarden.data.platform.manager.NetworkConfigManagerImpl
 import com.x8bit.bitwarden.data.platform.manager.NetworkConnectionManager
 import com.x8bit.bitwarden.data.platform.manager.NetworkConnectionManagerImpl
+import com.x8bit.bitwarden.data.platform.manager.PolicyManager
+import com.x8bit.bitwarden.data.platform.manager.PolicyManagerImpl
 import com.x8bit.bitwarden.data.platform.manager.PushManager
 import com.x8bit.bitwarden.data.platform.manager.PushManagerImpl
 import com.x8bit.bitwarden.data.platform.manager.SdkClientManager
@@ -124,6 +126,14 @@ object PlatformManagerModule {
        context = application.applicationContext,
    )

+    @Provides
+    @Singleton
+    fun providePolicyManager(
+        authDiskSource: AuthDiskSource,
+    ): PolicyManager = PolicyManagerImpl(
+        authDiskSource = authDiskSource,
+    )
+
    @Provides
    @Singleton
    fun providePushManager(
--- a/app/src/main/java/com/x8bit/bitwarden/data/platform/manager/util/PolicyManagerExtensions.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/manager/util/PolicyManagerExtensions.kt
@@ -0,0 +1,26 @@
+package com.x8bit.bitwarden.data.platform.manager.util
+
+import com.x8bit.bitwarden.data.auth.repository.model.PolicyInformation
+import com.x8bit.bitwarden.data.auth.repository.util.policyInformation
+import com.x8bit.bitwarden.data.platform.manager.PolicyManager
+import com.x8bit.bitwarden.data.vault.datasource.network.model.PolicyTypeJson
+
+/**
+ * Get a list of active policies with the data decoded to the specified type.
+ */
+inline fun <reified T : PolicyInformation> PolicyManager.getActivePolicies(): List<T> {
+    val type = when (T::class.java) {
+        PolicyInformation.MasterPassword::class.java -> PolicyTypeJson.MASTER_PASSWORD
+        PolicyInformation.PasswordGenerator::class.java -> PolicyTypeJson.PASSWORD_GENERATOR
+
+        else -> {
+            throw IllegalStateException(
+                "Looks like you are missing a branch in your when statement. Update " +
+                    "getActivePolicies() to handle all PolicyInformation implementations.",
+            )
+        }
+    }
+    return this
+        .getActivePolicies(type = type)
+        .mapNotNull { it.policyInformation as? T }
+}
--- a/app/src/main/java/com/x8bit/bitwarden/data/tools/generator/repository/GeneratorRepositoryImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/tools/generator/repository/GeneratorRepositoryImpl.kt
@@ -8,8 +8,9 @@ import com.bitwarden.generators.PasswordGeneratorRequest
 import com.bitwarden.generators.UsernameGeneratorRequest
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.auth.repository.model.PolicyInformation
-import com.x8bit.bitwarden.data.auth.repository.util.policyInformation
+import com.x8bit.bitwarden.data.platform.manager.PolicyManager
 import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
+import com.x8bit.bitwarden.data.platform.manager.util.getActivePolicies
 import com.x8bit.bitwarden.data.platform.repository.model.LocalDataState
 import com.x8bit.bitwarden.data.platform.repository.util.observeWhenSubscribedAndLoggedIn
 import com.x8bit.bitwarden.data.tools.generator.datasource.disk.GeneratorDiskSource
@@ -26,7 +27,6 @@ import com.x8bit.bitwarden.data.tools.generator.repository.model.GeneratedRandom
 import com.x8bit.bitwarden.data.tools.generator.repository.model.GeneratorResult
 import com.x8bit.bitwarden.data.tools.generator.repository.model.PasscodeGenerationOptions
 import com.x8bit.bitwarden.data.tools.generator.repository.model.UsernameGenerationOptions
-import com.x8bit.bitwarden.data.vault.datasource.network.model.PolicyTypeJson
 import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.channels.Channel
@@ -48,12 +48,14 @@ import kotlin.math.max
 * Default implementation of [GeneratorRepository].
 */
@Singleton
+@Suppress("LongParameterList")
 class GeneratorRepositoryImpl(
    private val generatorSdkSource: GeneratorSdkSource,
    private val generatorDiskSource: GeneratorDiskSource,
    private val authDiskSource: AuthDiskSource,
    private val vaultSdkSource: VaultSdkSource,
    private val passwordHistoryDiskSource: PasswordHistoryDiskSource,
+    private val policyManager: PolicyManager,
    dispatcherManager: DispatcherManager,
 ) : GeneratorRepository {

@@ -201,10 +203,9 @@ class GeneratorRepositoryImpl(
                },
            )

-    @Suppress("LongMethod", "ReturnCount", "CyclomaticComplexMethod")
+    @Suppress("LongMethod", "CyclomaticComplexMethod")
    override fun getPasswordGeneratorPolicy(): PolicyInformation.PasswordGenerator? {
-        val userId = authDiskSource.userState?.activeUserId ?: return null
-        val policies = authDiskSource.getPolicies(userId) ?: return null
+        val policies: List<PolicyInformation.PasswordGenerator> = policyManager.getActivePolicies()

        var minLength: Int? = null
        var useUpper = false
@@ -218,8 +219,7 @@ class GeneratorRepositoryImpl(
        var includeNumber = false

        var isPassphrasePresent = false
-        policies.filter { it.type == PolicyTypeJson.PASSWORD_GENERATOR && it.isEnabled }
-            .mapNotNull { it.policyInformation as? PolicyInformation.PasswordGenerator }
+        policies
            .forEach { policy ->
                if (policy.defaultType == PolicyInformation.PasswordGenerator.TYPE_PASSPHRASE) {
                    isPassphrasePresent = true
--- a/app/src/main/java/com/x8bit/bitwarden/data/tools/generator/repository/di/GeneratorRepositoryModule.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/tools/generator/repository/di/GeneratorRepositoryModule.kt
@@ -1,6 +1,7 @@
 package com.x8bit.bitwarden.data.tools.generator.repository.di

 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
+import com.x8bit.bitwarden.data.platform.manager.PolicyManager
 import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import com.x8bit.bitwarden.data.tools.generator.datasource.disk.GeneratorDiskSource
 import com.x8bit.bitwarden.data.tools.generator.datasource.disk.PasswordHistoryDiskSource
@@ -30,6 +31,7 @@ object GeneratorRepositoryModule {
        vaultSdkSource: VaultSdkSource,
        passwordHistoryDiskSource: PasswordHistoryDiskSource,
        dispatcherManager: DispatcherManager,
+        policyManager: PolicyManager,
    ): GeneratorRepository = GeneratorRepositoryImpl(
        generatorSdkSource = generatorSdkSource,
        generatorDiskSource = generatorDiskSource,
@@ -37,5 +39,6 @@ object GeneratorRepositoryModule {
        vaultSdkSource = vaultSdkSource,
        passwordHistoryDiskSource = passwordHistoryDiskSource,
        dispatcherManager = dispatcherManager,
+        policyManager = policyManager,
    )
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/network/model/OrganizationStatusType.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/network/model/OrganizationStatusType.kt
@@ -0,0 +1,36 @@
+package com.x8bit.bitwarden.data.vault.datasource.network.model
+
+import androidx.annotation.Keep
+import com.x8bit.bitwarden.data.platform.datasource.network.serializer.BaseEnumeratedIntSerializer
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+/**
+ * Represents a user's status in an organization.
+ */
+@Serializable(OrganizationStatusTypeSerializer::class)
+enum class OrganizationStatusType {
+    /**
+     * The user has been invited to the organization.
+     */
+    @SerialName("0")
+    INVITED,
+
+    /**
+     * The user has accepted the invite to the organization.
+     */
+    @SerialName("1")
+    ACCEPTED,
+
+    /**
+     * The user has been confirmed in the organization.
+     */
+    @SerialName("2")
+    CONFIRMED,
+}
+
+@Keep
+private class OrganizationStatusTypeSerializer :
+    BaseEnumeratedIntSerializer<OrganizationStatusType>(
+        OrganizationStatusType.entries.toTypedArray(),
+    )
--- a/app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/network/model/OrganizationType.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/network/model/OrganizationType.kt
@@ -0,0 +1,47 @@
+package com.x8bit.bitwarden.data.vault.datasource.network.model
+
+import androidx.annotation.Keep
+import com.x8bit.bitwarden.data.platform.datasource.network.serializer.BaseEnumeratedIntSerializer
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+/**
+ * Represents a user's role in an organization.
+ */
+@Serializable(OrganizationTypeSerializer::class)
+enum class OrganizationType {
+    /**
+     * The user is an owner of the organization.
+     */
+    @SerialName("0")
+    OWNER,
+
+    /**
+     * The user is an admin in the organization.
+     */
+    @SerialName("1")
+    ADMIN,
+
+    /**
+     * The user is an ordinary user in the organization.
+     */
+    @SerialName("2")
+    USER,
+
+    /**
+     * The user is a manager in the organization.
+     */
+    @SerialName("3")
+    MANAGER,
+
+    /**
+     * The user has a custom role in the organization.
+     */
+    @SerialName("4")
+    CUSTOM,
+}
+
+@Keep
+private class OrganizationTypeSerializer : BaseEnumeratedIntSerializer<OrganizationType>(
+    OrganizationType.entries.toTypedArray(),
+)
--- a/app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/network/model/SyncResponseJson.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/network/model/SyncResponseJson.kt
@@ -246,7 +246,7 @@ data class SyncResponseJson(
            val keyConnectorUrl: String?,

            @SerialName("type")
-            val type: Int,
+            val type: OrganizationType,

            @SerialName("seats")
            val seats: Int?,
@@ -326,7 +326,7 @@ data class SyncResponseJson(
            val familySponsorshipValidUntil: ZonedDateTime?,

            @SerialName("status")
-            val status: Int,
+            val status: OrganizationStatusType,
        )

        /**
--- a/app/src/main/java/com/x8bit/bitwarden/ui/platform/feature/settings/exportvault/ExportVaultViewModel.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/ui/platform/feature/settings/exportvault/ExportVaultViewModel.kt
@@ -6,6 +6,8 @@ import androidx.lifecycle.viewModelScope
 import com.x8bit.bitwarden.R
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.auth.repository.model.ValidatePasswordResult
+import com.x8bit.bitwarden.data.platform.manager.PolicyManager
+import com.x8bit.bitwarden.data.vault.datasource.network.model.PolicyTypeJson
 import com.x8bit.bitwarden.ui.platform.base.BaseViewModel
 import com.x8bit.bitwarden.ui.platform.base.util.Text
 import com.x8bit.bitwarden.ui.platform.base.util.asText
@@ -26,6 +28,7 @@ private const val KEY_STATE = "state"
@HiltViewModel
 class ExportVaultViewModel @Inject constructor(
    private val authRepository: AuthRepository,
+    private val policyManager: PolicyManager,
    savedStateHandle: SavedStateHandle,
 ) : BaseViewModel<ExportVaultState, ExportVaultEvent, ExportVaultAction>(
    initialState = savedStateHandle[KEY_STATE]
@@ -33,7 +36,9 @@ class ExportVaultViewModel @Inject constructor(
            dialogState = null,
            exportFormat = ExportVaultFormat.JSON,
            passwordInput = "",
-            policyPreventsExport = authRepository.hasExportVaultPoliciesEnabled,
+            policyPreventsExport = policyManager
+                .getActivePolicies(type = PolicyTypeJson.DISABLE_PERSONAL_VAULT_EXPORT)
+                .any(),
        ),
 ) {
    init {