package com.android.server.appsearch.visibilitystore;

import android.app.appsearch.InternalVisibilityConfig;
import android.app.appsearch.PackageIdentifier;
import android.app.appsearch.SchemaVisibilityConfig;
import android.app.appsearch.aidl.AppSearchAttributionSource;
import android.content.AttributionSource;
import android.content.Context;
import android.os.UserHandle;
import android.permission.PermissionManager;
import com.android.server.appsearch.external.localstorage.visibilitystore.CallerAccess;
import com.android.server.appsearch.external.localstorage.visibilitystore.VisibilityChecker;
import com.android.server.appsearch.external.localstorage.visibilitystore.VisibilityStore;
import com.android.server.appsearch.util.PackageManagerUtil;
import com.android.server.appsearch.util.PackageUtil;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;

/* loaded from: classes.dex */
public class VisibilityCheckerImpl implements VisibilityChecker {
    private final PermissionManager mPermissionManager;
    private final PolicyChecker mPolicyChecker;
    private final Context mUserContext;

    public VisibilityCheckerImpl(Context context) {
        this(context, new PolicyCheckerImpl(context));
    }

    VisibilityCheckerImpl(Context context, PolicyChecker policyChecker) {
        Objects.requireNonNull(context);
        this.mUserContext = context;
        this.mPermissionManager = (PermissionManager) context.getSystemService(PermissionManager.class);
        this.mPolicyChecker = policyChecker;
    }

    private boolean checkMatchAllVisibilityConfig(FrameworkCallerAccess frameworkCallerAccess, SchemaVisibilityConfig schemaVisibilityConfig) {
        boolean z = false;
        if (!schemaVisibilityConfig.getAllowedPackages().isEmpty()) {
            if (!isSchemaVisibleToPackages(schemaVisibilityConfig, frameworkCallerAccess.getCallingAttributionSource().getUid())) {
                return false;
            }
            z = true;
        }
        if (!schemaVisibilityConfig.getRequiredPermissions().isEmpty()) {
            if (!isSchemaVisibleToPermission(schemaVisibilityConfig, frameworkCallerAccess.getCallingAttributionSource(), false)) {
                return false;
            }
            z = true;
        }
        return schemaVisibilityConfig.getPubliclyVisibleTargetPackage() != null ? isSchemaPubliclyVisibleFromPackage(schemaVisibilityConfig, frameworkCallerAccess) : z;
    }

    private boolean checkMatchAnyVisibilityConfig(FrameworkCallerAccess frameworkCallerAccess, SchemaVisibilityConfig schemaVisibilityConfig) {
        if (isSchemaVisibleToPackages(schemaVisibilityConfig, frameworkCallerAccess.getCallingAttributionSource().getUid()) || isSchemaVisibleToPermission(schemaVisibilityConfig, frameworkCallerAccess.getCallingAttributionSource(), false)) {
            return true;
        }
        return isSchemaPubliclyVisibleFromPackage(schemaVisibilityConfig, frameworkCallerAccess);
    }

    private boolean doesCallerHavePermissionForDataDelivery(int i, AppSearchAttributionSource appSearchAttributionSource) {
        String str;
        switch (i) {
            case 1:
                str = "android.permission.READ_SMS";
                break;
            case 2:
                str = "android.permission.READ_CALENDAR";
                break;
            case 3:
                str = "android.permission.READ_CONTACTS";
                break;
            case 4:
                str = "android.permission.READ_EXTERNAL_STORAGE";
                break;
            case 5:
                str = "android.permission.READ_HOME_APP_SEARCH_DATA";
                break;
            case 6:
                str = "android.permission.READ_ASSISTANT_APP_SEARCH_DATA";
                break;
            case 7:
            case 8:
            default:
                return false;
            case 9:
                str = "android.permission.EXECUTE_APP_FUNCTIONS";
                break;
            case 10:
                str = "android.permission.EXECUTE_APP_FUNCTIONS_TRUSTED";
                break;
            case 11:
                str = "android.permission.PACKAGE_USAGE_STATS";
                break;
        }
        return checkPermissionForDataDeliveryGranted(str, appSearchAttributionSource.getAttributionSource(), "appsearch");
    }

    private boolean doesCallerHoldsAllRequiredPermissions(Set set, AppSearchAttributionSource appSearchAttributionSource, boolean z) {
        String packageName;
        if (z != set.contains(7)) {
            return false;
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            int intValue = ((Integer) it.next()).intValue();
            switch (intValue) {
                case 1:
                case 2:
                case 3:
                case 4:
                case 5:
                case 6:
                case 9:
                case 10:
                case 11:
                    if (!doesCallerHavePermissionForDataDelivery(intValue, appSearchAttributionSource)) {
                        return false;
                    }
                    break;
                case 7:
                    break;
                case 8:
                    if (!z || (packageName = appSearchAttributionSource.getPackageName()) == null || !this.mPolicyChecker.doesCallerHaveManagedProfileContactsAccess(packageName)) {
                        return false;
                    }
                    break;
                default:
                    throw new UnsupportedOperationException("The required permission is unsupported in AppSearch : " + intValue);
            }
        }
        return true;
    }

    private boolean isSchemaPubliclyVisibleFromPackage(SchemaVisibilityConfig schemaVisibilityConfig, FrameworkCallerAccess frameworkCallerAccess) {
        PackageIdentifier publiclyVisibleTargetPackage = schemaVisibilityConfig.getPubliclyVisibleTargetPackage();
        if (publiclyVisibleTargetPackage != null && PackageManagerUtil.hasSigningCertificate(this.mUserContext, publiclyVisibleTargetPackage.getPackageName(), publiclyVisibleTargetPackage.getSha256Certificate())) {
            return this.mUserContext.getPackageManager().canPackageQuery(frameworkCallerAccess.getCallingPackageName(), publiclyVisibleTargetPackage.getPackageName());
        }
        return false;
    }

    private boolean isSchemaVisibleToPackages(SchemaVisibilityConfig schemaVisibilityConfig, int i) {
        List allowedPackages = schemaVisibilityConfig.getAllowedPackages();
        for (int i2 = 0; i2 < allowedPackages.size(); i2++) {
            PackageIdentifier packageIdentifier = (PackageIdentifier) allowedPackages.get(i2);
            if (UserHandle.getAppId(i) == UserHandle.getAppId(PackageUtil.getPackageUid(this.mUserContext, packageIdentifier.getPackageName())) && PackageManagerUtil.hasSigningCertificate(this.mUserContext, packageIdentifier.getPackageName(), packageIdentifier.getSha256Certificate())) {
                return true;
            }
        }
        return false;
    }

    private boolean isSchemaVisibleToPermission(SchemaVisibilityConfig schemaVisibilityConfig, AppSearchAttributionSource appSearchAttributionSource, boolean z) {
        Set requiredPermissions = schemaVisibilityConfig.getRequiredPermissions();
        if (requiredPermissions.isEmpty() || appSearchAttributionSource == null) {
            return false;
        }
        Iterator it = requiredPermissions.iterator();
        while (it.hasNext()) {
            if (doesCallerHoldsAllRequiredPermissions((Set) it.next(), appSearchAttributionSource, z)) {
                return true;
            }
        }
        return false;
    }

    public boolean checkPermissionForDataDeliveryGranted(String str, AttributionSource attributionSource, String str2) {
        return this.mPermissionManager.checkPermissionForDataDelivery(str, attributionSource, str2) == 0;
    }

    @Override // com.android.server.appsearch.external.localstorage.visibilitystore.VisibilityChecker
    public boolean doesCallerHaveSystemAccess(String str) {
        Objects.requireNonNull(str);
        return this.mUserContext.getPackageManager().checkPermission("android.permission.READ_GLOBAL_APP_SEARCH_DATA", str) == 0;
    }

    @Override // com.android.server.appsearch.external.localstorage.visibilitystore.VisibilityChecker
    public boolean isSchemaSearchableByCaller(CallerAccess callerAccess, String str, String str2, VisibilityStore visibilityStore) {
        Objects.requireNonNull(callerAccess);
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        if (str.equals("VS#Pkg")) {
            return false;
        }
        FrameworkCallerAccess frameworkCallerAccess = (FrameworkCallerAccess) callerAccess;
        InternalVisibilityConfig visibility = visibilityStore.getVisibility(str2);
        if (frameworkCallerAccess.isForEnterprise()) {
            return visibility != null && isSchemaVisibleToPermission(visibility.getVisibilityConfig(), frameworkCallerAccess.getCallingAttributionSource(), true);
        }
        if (visibility == null) {
            return frameworkCallerAccess.doesCallerHaveSystemAccess();
        }
        if ((frameworkCallerAccess.doesCallerHaveSystemAccess() && !visibility.isNotDisplayedBySystem()) || checkMatchAnyVisibilityConfig(frameworkCallerAccess, visibility.getVisibilityConfig())) {
            return true;
        }
        Iterator it = visibility.getVisibleToConfigs().iterator();
        while (it.hasNext()) {
            if (checkMatchAllVisibilityConfig(frameworkCallerAccess, (SchemaVisibilityConfig) it.next())) {
                return true;
            }
        }
        return false;
    }
}
