package com.android.server.security.advancedprotection;

import android.annotation.EnforcePermission;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.content.Context;
import android.os.Binder;
import android.os.Handler;
import android.os.IBinder;
import android.os.Looper;
import android.os.Message;
import android.os.PermissionEnforcer;
import android.os.RemoteException;
import android.os.ResultReceiver;
import android.os.ShellCallback;
import android.provider.Settings;
import android.security.advancedprotection.AdvancedProtectionFeature;
import android.security.advancedprotection.IAdvancedProtectionCallback;
import android.security.advancedprotection.IAdvancedProtectionService;
import android.util.ArrayMap;
import android.util.Slog;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.hidden_from_bootclasspath.android.security.Flags;
import com.android.server.FgThread;
import com.android.server.LocalServices;
import com.android.server.SystemService;
import com.android.server.pm.UserManagerInternal;
import com.android.server.security.advancedprotection.features.AdvancedProtectionHook;
import com.android.server.security.advancedprotection.features.AdvancedProtectionProvider;
import com.android.server.security.advancedprotection.features.DisallowCellular2GAdvancedProtectionHook;
import com.android.server.security.advancedprotection.features.DisallowInstallUnknownSourcesAdvancedProtectionHook;
import com.android.server.security.advancedprotection.features.MemoryTaggingExtensionHook;
import com.android.server.timezonedetector.ServiceConfigAccessor;
import java.io.FileDescriptor;
import java.util.ArrayList;
import java.util.List;

/* loaded from: input_file:com/android/server/security/advancedprotection/AdvancedProtectionService.class */
public class AdvancedProtectionService extends IAdvancedProtectionService.Stub {
    private static final String TAG = "AdvancedProtectionService";
    private static final int MODE_CHANGED = 0;
    private static final int CALLBACK_ADDED = 1;
    private final Context mContext;
    private final Handler mHandler;
    private final AdvancedProtectionStore mStore;
    private final ArrayList<AdvancedProtectionHook> mHooks;
    private final ArrayMap<IBinder, IAdvancedProtectionCallback> mCallbacks;
    private final ArrayList<AdvancedProtectionProvider> mProviders;

    /* loaded from: input_file:com/android/server/security/advancedprotection/AdvancedProtectionService$AdvancedProtectionHandler.class */
    private class AdvancedProtectionHandler extends Handler {
        private AdvancedProtectionHandler(@NonNull Looper looper) {
            super(looper);
        }

        @Override // android.os.Handler
        public void handleMessage(@NonNull Message message) {
            switch (message.what) {
                case 0:
                    handleAllCallbacks(message.arg1 == 1);
                    return;
                case 1:
                    handleSingleCallback(message.arg1 == 1, (IAdvancedProtectionCallback) message.obj);
                    return;
                default:
                    return;
            }
        }

        private void handleAllCallbacks(boolean z) {
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i < AdvancedProtectionService.this.mHooks.size(); i++) {
                AdvancedProtectionHook advancedProtectionHook = AdvancedProtectionService.this.mHooks.get(i);
                try {
                    if (advancedProtectionHook.isAvailable()) {
                        advancedProtectionHook.onAdvancedProtectionChanged(z);
                    }
                } catch (Exception e) {
                    Slog.e(AdvancedProtectionService.TAG, "Failed to call hook for feature " + advancedProtectionHook.getFeature().getId(), e);
                }
            }
            synchronized (AdvancedProtectionService.this.mCallbacks) {
                for (int i2 = 0; i2 < AdvancedProtectionService.this.mCallbacks.size(); i2++) {
                    IAdvancedProtectionCallback valueAt = AdvancedProtectionService.this.mCallbacks.valueAt(i2);
                    try {
                        valueAt.onAdvancedProtectionChanged(z);
                    } catch (RemoteException e2) {
                        arrayList.add(valueAt);
                    }
                }
                for (int i3 = 0; i3 < arrayList.size(); i3++) {
                    AdvancedProtectionService.this.mCallbacks.remove(((IAdvancedProtectionCallback) arrayList.get(i3)).asBinder());
                }
            }
        }

        private void handleSingleCallback(boolean z, IAdvancedProtectionCallback iAdvancedProtectionCallback) {
            try {
                iAdvancedProtectionCallback.onAdvancedProtectionChanged(z);
            } catch (RemoteException e) {
                AdvancedProtectionService.this.mCallbacks.remove(iAdvancedProtectionCallback.asBinder());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/android/server/security/advancedprotection/AdvancedProtectionService$AdvancedProtectionStore.class */
    public static class AdvancedProtectionStore {
        private final Context mContext;
        private static final int APM_ON = 1;
        private static final int APM_OFF = 0;
        private final UserManagerInternal mUserManager = (UserManagerInternal) LocalServices.getService(UserManagerInternal.class);

        AdvancedProtectionStore(@NonNull Context context) {
            this.mContext = context;
        }

        void store(boolean z) {
            Settings.Secure.putIntForUser(this.mContext.getContentResolver(), "advanced_protection_mode", z ? 1 : 0, this.mUserManager.getMainUserId());
        }

        boolean retrieve() {
            return Settings.Secure.getIntForUser(this.mContext.getContentResolver(), "advanced_protection_mode", 0, this.mUserManager.getMainUserId()) == 1;
        }
    }

    /* loaded from: input_file:com/android/server/security/advancedprotection/AdvancedProtectionService$DeathRecipient.class */
    private final class DeathRecipient implements IBinder.DeathRecipient {
        private final IBinder mBinder;

        DeathRecipient(IBinder iBinder) {
            this.mBinder = iBinder;
        }

        @Override // android.os.IBinder.DeathRecipient
        public void binderDied() {
            synchronized (AdvancedProtectionService.this.mCallbacks) {
                AdvancedProtectionService.this.mCallbacks.remove(this.mBinder);
            }
        }
    }

    /* loaded from: input_file:com/android/server/security/advancedprotection/AdvancedProtectionService$Lifecycle.class */
    public static final class Lifecycle extends SystemService {
        private final AdvancedProtectionService mService;

        public Lifecycle(@NonNull Context context) {
            super(context);
            this.mService = new AdvancedProtectionService(context);
        }

        @Override // com.android.server.SystemService
        public void onStart() {
            publishBinderService("advanced_protection", this.mService);
        }

        @Override // com.android.server.SystemService
        public void onBootPhase(int i) {
            if (i == 500) {
                boolean isAdvancedProtectionEnabledInternal = this.mService.isAdvancedProtectionEnabledInternal();
                if (isAdvancedProtectionEnabledInternal) {
                    Slog.i(AdvancedProtectionService.TAG, "Advanced protection is enabled");
                }
                this.mService.initFeatures(isAdvancedProtectionEnabledInternal);
            }
        }
    }

    private AdvancedProtectionService(@NonNull Context context) {
        super(PermissionEnforcer.fromContext(context));
        this.mHooks = new ArrayList<>();
        this.mCallbacks = new ArrayMap<>();
        this.mProviders = new ArrayList<>();
        this.mContext = context;
        this.mHandler = new AdvancedProtectionHandler(FgThread.get().getLooper());
        this.mStore = new AdvancedProtectionStore(context);
    }

    private void initFeatures(boolean z) {
        if (Flags.aapmFeatureDisableInstallUnknownSources()) {
            try {
                this.mHooks.add(new DisallowInstallUnknownSourcesAdvancedProtectionHook(this.mContext, z));
            } catch (Exception e) {
                Slog.e(TAG, "Failed to initialize DisallowInstallUnknownSources", e);
            }
        }
        if (Flags.aapmFeatureMemoryTaggingExtension()) {
            try {
                this.mHooks.add(new MemoryTaggingExtensionHook(this.mContext, z));
            } catch (Exception e2) {
                Slog.e(TAG, "Failed to initialize MemoryTaggingExtension", e2);
            }
        }
        if (Flags.aapmFeatureDisableCellular2g()) {
            try {
                this.mHooks.add(new DisallowCellular2GAdvancedProtectionHook(this.mContext, z));
            } catch (Exception e3) {
                Slog.e(TAG, "Failed to initialize DisallowCellular2g", e3);
            }
        }
    }

    @VisibleForTesting
    AdvancedProtectionService(@NonNull Context context, @NonNull AdvancedProtectionStore advancedProtectionStore, @NonNull Looper looper, @NonNull PermissionEnforcer permissionEnforcer, @Nullable AdvancedProtectionHook advancedProtectionHook, @Nullable AdvancedProtectionProvider advancedProtectionProvider) {
        super(permissionEnforcer);
        this.mHooks = new ArrayList<>();
        this.mCallbacks = new ArrayMap<>();
        this.mProviders = new ArrayList<>();
        this.mContext = context;
        this.mStore = advancedProtectionStore;
        this.mHandler = new AdvancedProtectionHandler(looper);
        if (advancedProtectionHook != null) {
            this.mHooks.add(advancedProtectionHook);
        }
        if (advancedProtectionProvider != null) {
            this.mProviders.add(advancedProtectionProvider);
        }
    }

    @EnforcePermission("android.permission.QUERY_ADVANCED_PROTECTION_MODE")
    public boolean isAdvancedProtectionEnabled() {
        isAdvancedProtectionEnabled_enforcePermission();
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            boolean isAdvancedProtectionEnabledInternal = isAdvancedProtectionEnabledInternal();
            Binder.restoreCallingIdentity(clearCallingIdentity);
            return isAdvancedProtectionEnabledInternal;
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    private boolean isAdvancedProtectionEnabledInternal() {
        return this.mStore.retrieve();
    }

    @EnforcePermission("android.permission.QUERY_ADVANCED_PROTECTION_MODE")
    public void registerAdvancedProtectionCallback(@NonNull IAdvancedProtectionCallback iAdvancedProtectionCallback) throws RemoteException {
        registerAdvancedProtectionCallback_enforcePermission();
        IBinder asBinder = iAdvancedProtectionCallback.asBinder();
        asBinder.linkToDeath(new DeathRecipient(asBinder), 0);
        synchronized (this.mCallbacks) {
            this.mCallbacks.put(asBinder, iAdvancedProtectionCallback);
            sendCallbackAdded(isAdvancedProtectionEnabledInternal(), iAdvancedProtectionCallback);
        }
    }

    @EnforcePermission("android.permission.QUERY_ADVANCED_PROTECTION_MODE")
    public void unregisterAdvancedProtectionCallback(@NonNull IAdvancedProtectionCallback iAdvancedProtectionCallback) {
        unregisterAdvancedProtectionCallback_enforcePermission();
        synchronized (this.mCallbacks) {
            this.mCallbacks.remove(iAdvancedProtectionCallback.asBinder());
        }
    }

    @EnforcePermission("android.permission.MANAGE_ADVANCED_PROTECTION_MODE")
    public void setAdvancedProtectionEnabled(boolean z) {
        setAdvancedProtectionEnabled_enforcePermission();
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            synchronized (this.mCallbacks) {
                if (z != isAdvancedProtectionEnabledInternal()) {
                    this.mStore.store(z);
                    sendModeChanged(z);
                    Slog.i(TAG, "Advanced protection is " + (z ? ServiceConfigAccessor.PROVIDER_MODE_ENABLED : ServiceConfigAccessor.PROVIDER_MODE_DISABLED));
                }
            }
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }

    @EnforcePermission("android.permission.MANAGE_ADVANCED_PROTECTION_MODE")
    public List<AdvancedProtectionFeature> getAdvancedProtectionFeatures() {
        getAdvancedProtectionFeatures_enforcePermission();
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < this.mProviders.size(); i++) {
            arrayList.addAll(this.mProviders.get(i).getFeatures());
        }
        for (int i2 = 0; i2 < this.mHooks.size(); i2++) {
            AdvancedProtectionHook advancedProtectionHook = this.mHooks.get(i2);
            if (advancedProtectionHook.isAvailable()) {
                arrayList.add(advancedProtectionHook.getFeature());
            }
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void onShellCommand(FileDescriptor fileDescriptor, FileDescriptor fileDescriptor2, FileDescriptor fileDescriptor3, @NonNull String[] strArr, ShellCallback shellCallback, @NonNull ResultReceiver resultReceiver) {
        new AdvancedProtectionShellCommand(this).exec(this, fileDescriptor, fileDescriptor2, fileDescriptor3, strArr, shellCallback, resultReceiver);
    }

    void sendModeChanged(boolean z) {
        Message.obtain(this.mHandler, 0, z ? 1 : 0, -1).sendToTarget();
    }

    void sendCallbackAdded(boolean z, IAdvancedProtectionCallback iAdvancedProtectionCallback) {
        Message.obtain(this.mHandler, 1, z ? 1 : 0, -1, iAdvancedProtectionCallback).sendToTarget();
    }
}
