Merge pull request #3569 from element-hq/feature/valere/only_signed_decryption_mode

crypto: Use OnlySigned isolation flag to setup decryption trust req.

libraries/featureflag/api/src/main/kotlin/io/element/android/libraries/featureflag/api/FeatureFlags.kt

@@ -125,7 +125,7 @@ enum class FeatureFlags(
     ),
     OnlySignedDeviceIsolationMode(
         key = "feature.onlySignedDeviceIsolationMode",
-        title = "Exclude not secure devices when sending/receiving messages",
+        title = "Exclude insecure devices when sending/receiving messages",
         description = "This setting controls how end-to-end encryption (E2E) keys are shared." +
             " Enabling it will prevent the inclusion of devices that have not been explicitly verified by their owners." +
             " You'll have to stop and re-open the app manually for that setting to take effect.",

libraries/matrix/impl/src/main/kotlin/io/element/android/libraries/matrix/impl/RustMatrixClientFactory.kt

@@ -32,6 +32,7 @@ import org.matrix.rustcomponents.sdk.SlidingSyncVersionBuilder
 import org.matrix.rustcomponents.sdk.use
 import timber.log.Timber
 import uniffi.matrix_sdk_crypto.CollectStrategy
+import uniffi.matrix_sdk_crypto.TrustRequirement
 import java.io.File
 import javax.inject.Inject
 
@@ -108,6 +109,13 @@ class RustMatrixClientFactory @Inject constructor(
                     CollectStrategy.DeviceBasedStrategy(onlyAllowTrustedDevices = false, errorOnVerifiedUserProblem = true)
                 }
             )
+            .roomDecryptionTrustRequirement(
+                trustRequirement = if (featureFlagService.isFeatureEnabled(FeatureFlags.OnlySignedDeviceIsolationMode)) {
+                    TrustRequirement.CROSS_SIGNED_OR_LEGACY
+                } else {
+                    TrustRequirement.UNTRUSTED
+                }
+            )
             .run {
                 // Apply sliding sync version settings
                 when (slidingSyncType) {