Add option for stricter overlay permission checking

2025-10-03 01:39:22 +02:00 · 2022-03-21 01:00:00 +01:00 · 2022-03-21 01:00:00 +01:00 · b86a4937ea
commit b86a4937ea
parent fadb22b90c
10 changed files with 23 additions and 12 deletions
--- a/app/src/main/java/io/timelimit/android/data/model/ConfigurationItem.kt
+++ b/app/src/main/java/io/timelimit/android/data/model/ConfigurationItem.kt
@ -250,4 +250,5 @@ object ExperimentalFlags {
    const val SYNC_RELATED_NOTIFICATIONS = 32768L
    const val INSTANCE_ID_FG_APP_DETECTION = 65536L
    // private const val OBSOLETE_DISABLE_FG_APP_DETECTION_FALLBACK = 131072L
+    const val STRICT_OVERLAY_CHECKING = 0x40000L
 }
--- a/app/src/main/java/io/timelimit/android/integration/platform/PlatformIntegration.kt
+++ b/app/src/main/java/io/timelimit/android/integration/platform/PlatformIntegration.kt
@ -36,7 +36,7 @@ abstract class PlatformIntegration(
    abstract fun getLauncherAppPackageName(): String?
    abstract fun getCurrentProtectionLevel(): ProtectionLevel
    abstract fun getForegroundAppPermissionStatus(): RuntimePermissionStatus
-    abstract fun getDrawOverOtherAppsPermissionStatus(): RuntimePermissionStatus
+    abstract fun getDrawOverOtherAppsPermissionStatus(strictChecking: Boolean): RuntimePermissionStatus
    abstract fun getNotificationAccessPermissionStatus(): NewPermissionStatus
    abstract fun isAccessibilityServiceEnabled(): Boolean
    abstract fun disableDeviceAdmin()
--- a/app/src/main/java/io/timelimit/android/integration/platform/android/AndroidIntegration.kt
+++ b/app/src/main/java/io/timelimit/android/integration/platform/android/AndroidIntegration.kt
@ -173,7 +173,7 @@ class AndroidIntegration(context: Context): PlatformIntegration(maximumProtectio
        Toast.makeText(context, text, Toast.LENGTH_SHORT).show()
    }

-    override fun getDrawOverOtherAppsPermissionStatus(): RuntimePermissionStatus = overlay.getOverlayPermissionStatus()
+    override fun getDrawOverOtherAppsPermissionStatus(strictChecking: Boolean): RuntimePermissionStatus = overlay.getOverlayPermissionStatus(strictChecking)

    override fun getNotificationAccessPermissionStatus(): NewPermissionStatus {
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
@ -761,7 +761,7 @@ class AndroidIntegration(context: Context): PlatformIntegration(maximumProtectio
        }
        SystemPermission.Overlay -> if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
            if (
-                overlay.getOverlayPermissionStatus() == RuntimePermissionStatus.NotGranted &&
+                overlay.getOverlayPermissionStatus(true) == RuntimePermissionStatus.NotGranted &&
                confirmationLevel == SystemPermissionConfirmationLevel.None
            ) {
                PermissionInfoConfirmDialog.newInstance(SystemPermission.Overlay)
--- a/app/src/main/java/io/timelimit/android/integration/platform/android/OverlayUtil.kt
+++ b/app/src/main/java/io/timelimit/android/integration/platform/android/OverlayUtil.kt
@ -43,7 +43,7 @@ class OverlayUtil(private var application: Application) {
            return
        }

-        if (getOverlayPermissionStatus() == RuntimePermissionStatus.NotGranted) {
+        if (getOverlayPermissionStatus(false) == RuntimePermissionStatus.NotGranted) {
            return
        }

@ -89,15 +89,15 @@ class OverlayUtil(private var application: Application) {

    fun isOverlayShown() = currentView?.root?.isShown ?: false

-    fun getOverlayPermissionStatus() = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M)
-        if (checkAppOp() || Settings.canDrawOverlays(application))
+    fun getOverlayPermissionStatus(strictChecking: Boolean) = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M)
+        if (checkAppOp(strictChecking) || Settings.canDrawOverlays(application))
            RuntimePermissionStatus.Granted
        else
            RuntimePermissionStatus.NotGranted
    else
        RuntimePermissionStatus.NotRequired

-    private fun checkAppOp(): Boolean {
+    private fun checkAppOp(strictChecking: Boolean): Boolean {
        if (systemOverlayOp == null) return false

        val mode1 = AppOps.getOpMode(systemOverlayOp, appsOpsManager, application)
@ -108,6 +108,7 @@ class OverlayUtil(private var application: Application) {

        val mode2 = appsOpsManager.checkOpNoThrow(systemOverlayOp, Process.myUid(), application.packageName)

-        return mode2 == AppOpsManager.MODE_ALLOWED || mode2 == AppOpsManager.MODE_IGNORED
+        return if (strictChecking) mode2 == AppOpsManager.MODE_ALLOWED
+        else mode2 == AppOpsManager.MODE_ALLOWED || mode2 == AppOpsManager.MODE_IGNORED
    }
 }
--- a/app/src/main/java/io/timelimit/android/integration/platform/dummy/DummyIntegration.kt
+++ b/app/src/main/java/io/timelimit/android/integration/platform/dummy/DummyIntegration.kt
@ -68,7 +68,7 @@ class DummyIntegration(
        return foregroundAppPermission
    }

-    override fun getDrawOverOtherAppsPermissionStatus(): RuntimePermissionStatus {
+    override fun getDrawOverOtherAppsPermissionStatus(strictChecking: Boolean): RuntimePermissionStatus {
        return drawOverOtherApps
    }

--- a/app/src/main/java/io/timelimit/android/logic/BackgroundTaskLogic.kt
+++ b/app/src/main/java/io/timelimit/android/logic/BackgroundTaskLogic.kt
@ -874,6 +874,7 @@ class BackgroundTaskLogic(val appLogic: AppLogic) {

    private suspend fun getUpdateDeviceStatusAction(): UpdateDeviceStatusAction {
        val deviceEntry = appLogic.deviceEntry.waitForNullableValue()
+        val useStrictChecking = appLogic.database.config().isExperimentalFlagsSetAsync(ExperimentalFlags.STRICT_OVERLAY_CHECKING).waitForNonNullValue()

        var changes = UpdateDeviceStatusAction.empty

@ -881,7 +882,7 @@ class BackgroundTaskLogic(val appLogic: AppLogic) {
            val protectionLevel = appLogic.platformIntegration.getCurrentProtectionLevel()
            val usageStatsPermission = appLogic.platformIntegration.getForegroundAppPermissionStatus()
            val notificationAccess = appLogic.platformIntegration.getNotificationAccessPermissionStatus()
-            val overlayPermission = appLogic.platformIntegration.getDrawOverOtherAppsPermissionStatus()
+            val overlayPermission = appLogic.platformIntegration.getDrawOverOtherAppsPermissionStatus(useStrictChecking)
            val accessibilityService = appLogic.platformIntegration.isAccessibilityServiceEnabled()
            val qOrLater = AndroidVersion.qOrLater

--- a/app/src/main/java/io/timelimit/android/ui/diagnose/DiagnoseExperimentalFlagFragment.kt
+++ b/app/src/main/java/io/timelimit/android/ui/diagnose/DiagnoseExperimentalFlagFragment.kt
@ -201,6 +201,12 @@ data class DiagnoseExperimentalFlagItem(
                enableFlags = ExperimentalFlags.INSTANCE_ID_FG_APP_DETECTION,
                disableFlags = ExperimentalFlags.INSTANCE_ID_FG_APP_DETECTION,
                enable = { true }
+            ),
+            DiagnoseExperimentalFlagItem(
+                label = R.string.diagnose_exf_soc,
+                enableFlags = ExperimentalFlags.STRICT_OVERLAY_CHECKING,
+                disableFlags = ExperimentalFlags.STRICT_OVERLAY_CHECKING,
+                enable = { true }
            )
        )
    }
--- a/app/src/main/java/io/timelimit/android/ui/setup/SetupDevicePermissionsFragment.kt
+++ b/app/src/main/java/io/timelimit/android/ui/setup/SetupDevicePermissionsFragment.kt
@ -1,5 +1,5 @@
 /*
- * TimeLimit Copyright <C> 2019 - 2021 Jonas Lochmann
+ * TimeLimit Copyright <C> 2019 - 2022 Jonas Lochmann
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -106,7 +106,7 @@ class SetupDevicePermissionsFragment : Fragment() {
        binding.notificationAccessPermission = platform.getNotificationAccessPermissionStatus()
        binding.protectionLevel = platform.getCurrentProtectionLevel()
        binding.usageStatsAccess = platform.getForegroundAppPermissionStatus()
-        binding.overlayPermission = platform.getDrawOverOtherAppsPermissionStatus()
+        binding.overlayPermission = platform.getDrawOverOtherAppsPermissionStatus(true)
        binding.accessibilityServiceEnabled = platform.isAccessibilityServiceEnabled()
    }

--- a/app/src/main/res/values-de/strings.xml
+++ b/app/src/main/res/values-de/strings.xml
@ -530,6 +530,7 @@
    <string name="diagnose_exf_esb">Overlay und Home-Button nicht zum Sperren verwenden</string>
    <string name="diagnose_exf_srn">Toasts zur Synchronisation anzeigen</string>
    <string name="diagnose_exf_ifd">neue App-Erkennungs-Methode verwenden</string>
+    <string name="diagnose_exf_soc">strengere Prüfung der Überlagerungs-Berechtigung aktivieren</string>

    <string name="diagnose_bg_task_loop_ex">Hintergrundaufgabenschleifenfehler</string>

--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@ -583,6 +583,7 @@
    <string name="diagnose_exf_esb">Do not use a overlay or the home button for blocking</string>
    <string name="diagnose_exf_srn">Show sync related toasts</string>
    <string name="diagnose_exf_ifd">Use new App detection method</string>
+    <string name="diagnose_exf_soc">Enable strict overlay permission check</string>

    <string name="diagnose_bg_task_loop_ex">Background task loop exception</string>