package com.android.server.security.authenticationpolicy;

import android.annotation.EnforcePermission;
import android.app.KeyguardManager;
import android.content.Context;
import android.hardware.biometrics.AuthenticationStateListener;
import android.hardware.biometrics.BiometricManager;
import android.hardware.biometrics.events.AuthenticationAcquiredInfo;
import android.hardware.biometrics.events.AuthenticationErrorInfo;
import android.hardware.biometrics.events.AuthenticationFailedInfo;
import android.hardware.biometrics.events.AuthenticationHelpInfo;
import android.hardware.biometrics.events.AuthenticationStartedInfo;
import android.hardware.biometrics.events.AuthenticationStoppedInfo;
import android.hardware.biometrics.events.AuthenticationSucceededInfo;
import android.os.Build;
import android.os.Handler;
import android.os.IBinder;
import android.os.Looper;
import android.os.Message;
import android.os.SystemClock;
import android.security.authenticationpolicy.DisableSecureLockDeviceParams;
import android.security.authenticationpolicy.EnableSecureLockDeviceParams;
import android.security.authenticationpolicy.IAuthenticationPolicyService;
import android.util.Log;
import android.util.Slog;
import android.util.SparseIntArray;
import android.util.SparseLongArray;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.hidden_from_bootclasspath.android.security.Flags;
import com.android.internal.util.FrameworkStatsLog;
import com.android.internal.widget.LockPatternUtils;
import com.android.internal.widget.LockSettingsInternal;
import com.android.internal.widget.LockSettingsStateListener;
import com.android.server.LocalServices;
import com.android.server.SystemService;
import com.android.server.pm.UserManagerInternal;
import com.android.server.wm.WindowManagerInternal;
import java.util.Objects;

/* loaded from: input_file:com/android/server/security/authenticationpolicy/AuthenticationPolicyService.class */
public class AuthenticationPolicyService extends SystemService {
    private static final String TAG = "AuthenticationPolicyService";
    private static final boolean DEBUG;

    @VisibleForTesting
    static final int MAX_ALLOWED_FAILED_AUTH_ATTEMPTS = 5;
    private static final int MSG_REPORT_PRIMARY_AUTH_ATTEMPT = 1;
    private static final int MSG_REPORT_BIOMETRIC_AUTH_ATTEMPT = 2;
    private static final int AUTH_SUCCESS = 1;
    private static final int AUTH_FAILURE = 0;
    private static final int TYPE_PRIMARY_AUTH = 0;
    private static final int TYPE_BIOMETRIC_AUTH = 1;
    private final LockPatternUtils mLockPatternUtils;
    private final LockSettingsInternal mLockSettings;
    private final BiometricManager mBiometricManager;
    private final KeyguardManager mKeyguardManager;
    private final WindowManagerInternal mWindowManager;
    private final UserManagerInternal mUserManager;
    private SecureLockDeviceServiceInternal mSecureLockDeviceService;

    @VisibleForTesting
    final SparseIntArray mFailedAttemptsForUser;
    private final SparseLongArray mLastLockedTimestamp;
    private final LockSettingsStateListener mLockSettingsStateListener;
    private final AuthenticationStateListener mAuthenticationStateListener;
    private final Handler mHandler;
    private final IBinder mService;

    public AuthenticationPolicyService(Context context) {
        this(context, new LockPatternUtils(context));
    }

    @VisibleForTesting
    public AuthenticationPolicyService(Context context, LockPatternUtils lockPatternUtils) {
        super(context);
        this.mFailedAttemptsForUser = new SparseIntArray();
        this.mLastLockedTimestamp = new SparseLongArray();
        this.mLockSettingsStateListener = new LockSettingsStateListener() { // from class: com.android.server.security.authenticationpolicy.AuthenticationPolicyService.1
            public void onAuthenticationSucceeded(int i) {
                if (AuthenticationPolicyService.DEBUG) {
                    Slog.d(AuthenticationPolicyService.TAG, "LockSettingsStateListener#onAuthenticationSucceeded");
                }
                AuthenticationPolicyService.this.mHandler.obtainMessage(1, 1, i).sendToTarget();
            }

            public void onAuthenticationFailed(int i) {
                Slog.i(AuthenticationPolicyService.TAG, "LockSettingsStateListener#onAuthenticationFailed");
                AuthenticationPolicyService.this.mHandler.obtainMessage(1, 0, i).sendToTarget();
            }
        };
        this.mAuthenticationStateListener = new AuthenticationStateListener.Stub() { // from class: com.android.server.security.authenticationpolicy.AuthenticationPolicyService.2
            public void onAuthenticationAcquired(AuthenticationAcquiredInfo authenticationAcquiredInfo) {
            }

            public void onAuthenticationError(AuthenticationErrorInfo authenticationErrorInfo) {
            }

            public void onAuthenticationFailed(AuthenticationFailedInfo authenticationFailedInfo) {
                Slog.i(AuthenticationPolicyService.TAG, "AuthenticationStateListener#onAuthenticationFailed");
                AuthenticationPolicyService.this.mHandler.obtainMessage(2, 0, authenticationFailedInfo.getUserId()).sendToTarget();
            }

            public void onAuthenticationHelp(AuthenticationHelpInfo authenticationHelpInfo) {
            }

            public void onAuthenticationStarted(AuthenticationStartedInfo authenticationStartedInfo) {
            }

            public void onAuthenticationStopped(AuthenticationStoppedInfo authenticationStoppedInfo) {
            }

            public void onAuthenticationSucceeded(AuthenticationSucceededInfo authenticationSucceededInfo) {
                if (AuthenticationPolicyService.DEBUG) {
                    Slog.d(AuthenticationPolicyService.TAG, "AuthenticationStateListener#onAuthenticationSucceeded");
                }
                AuthenticationPolicyService.this.mHandler.obtainMessage(2, 1, authenticationSucceededInfo.getUserId()).sendToTarget();
            }
        };
        this.mHandler = new Handler(Looper.getMainLooper()) { // from class: com.android.server.security.authenticationpolicy.AuthenticationPolicyService.3
            @Override // android.os.Handler
            public void handleMessage(Message message) {
                switch (message.what) {
                    case 1:
                        AuthenticationPolicyService.this.handleReportPrimaryAuthAttempt(message.arg1 != 0, message.arg2);
                        return;
                    case 2:
                        AuthenticationPolicyService.this.handleReportBiometricAuthAttempt(message.arg1 != 0, message.arg2);
                        return;
                    default:
                        return;
                }
            }
        };
        this.mService = new IAuthenticationPolicyService.Stub() { // from class: com.android.server.security.authenticationpolicy.AuthenticationPolicyService.4
            @EnforcePermission("android.permission.MANAGE_SECURE_LOCK_DEVICE")
            public int enableSecureLockDevice(EnableSecureLockDeviceParams enableSecureLockDeviceParams) {
                enableSecureLockDevice_enforcePermission();
                return AuthenticationPolicyService.this.mSecureLockDeviceService.enableSecureLockDevice(enableSecureLockDeviceParams);
            }

            @EnforcePermission("android.permission.MANAGE_SECURE_LOCK_DEVICE")
            public int disableSecureLockDevice(DisableSecureLockDeviceParams disableSecureLockDeviceParams) {
                disableSecureLockDevice_enforcePermission();
                return AuthenticationPolicyService.this.mSecureLockDeviceService.disableSecureLockDevice(disableSecureLockDeviceParams);
            }
        };
        this.mLockPatternUtils = lockPatternUtils;
        this.mLockSettings = (LockSettingsInternal) Objects.requireNonNull((LockSettingsInternal) LocalServices.getService(LockSettingsInternal.class));
        this.mBiometricManager = (BiometricManager) Objects.requireNonNull((BiometricManager) context.getSystemService(BiometricManager.class));
        this.mKeyguardManager = (KeyguardManager) Objects.requireNonNull((KeyguardManager) context.getSystemService(KeyguardManager.class));
        this.mWindowManager = (WindowManagerInternal) Objects.requireNonNull((WindowManagerInternal) LocalServices.getService(WindowManagerInternal.class));
        this.mUserManager = (UserManagerInternal) Objects.requireNonNull((UserManagerInternal) LocalServices.getService(UserManagerInternal.class));
        if (Flags.secureLockdown()) {
            this.mSecureLockDeviceService = (SecureLockDeviceServiceInternal) Objects.requireNonNull((SecureLockDeviceServiceInternal) LocalServices.getService(SecureLockDeviceServiceInternal.class));
        }
    }

    @Override // com.android.server.SystemService
    public void onStart() {
        publishBinderService("authentication_policy", this.mService);
    }

    @Override // com.android.server.SystemService
    public void onBootPhase(int i) {
        if (i == 500) {
            init();
        }
    }

    @VisibleForTesting
    void init() {
        this.mLockSettings.registerLockSettingsStateListener(this.mLockSettingsStateListener);
        this.mBiometricManager.registerAuthenticationStateListener(this.mAuthenticationStateListener);
    }

    private void handleReportPrimaryAuthAttempt(boolean z, int i) {
        if (DEBUG) {
            Slog.d(TAG, "handleReportPrimaryAuthAttempt: success=" + z + ", userId=" + i);
        }
        reportAuthAttempt(0, z, i);
    }

    private void handleReportBiometricAuthAttempt(boolean z, int i) {
        if (DEBUG) {
            Slog.d(TAG, "handleReportBiometricAuthAttempt: success=" + z + ", userId=" + i);
        }
        reportAuthAttempt(1, z, i);
    }

    private void reportAuthAttempt(int i, boolean z, int i2) {
        if (getContext().getPackageManager().hasSystemFeature("android.hardware.type.automotive")) {
            return;
        }
        if (z) {
            this.mFailedAttemptsForUser.delete(i2);
            if (this.mLastLockedTimestamp.indexOfKey(i2) >= 0) {
                collectTimeElapsedSinceLastLocked(this.mLastLockedTimestamp.get(i2), SystemClock.elapsedRealtime(), i);
                this.mLastLockedTimestamp.delete(i2);
                return;
            }
            return;
        }
        int i3 = this.mFailedAttemptsForUser.get(i2, 0) + 1;
        Slog.i(TAG, "reportAuthAttempt: numFailedAttempts=" + i3 + ", userId=" + i2);
        this.mFailedAttemptsForUser.put(i2, i3);
        if (this.mKeyguardManager.isDeviceLocked(i2) && this.mKeyguardManager.isKeyguardLocked()) {
            Slog.d(TAG, "Not locking the device because the device is already locked.");
        } else if (i3 < 5) {
            Slog.d(TAG, "Not locking the device because the number of failed attempts is below the threshold.");
        } else {
            lockDevice(i2);
        }
    }

    private static void collectTimeElapsedSinceLastLocked(long j, long j2, int i) {
        int i2;
        switch (i) {
            case 0:
                i2 = 1;
                break;
            case 1:
                i2 = 2;
                break;
            default:
                i2 = 0;
                break;
        }
        int i3 = i2;
        if (DEBUG) {
            Slog.d(TAG, "collectTimeElapsedSinceLastLockedForUser: lastLockedTime=" + j + ", authTime=" + j2 + ", unlockType=" + i3);
        }
        if (j > j2) {
            return;
        }
        FrameworkStatsLog.write(FrameworkStatsLog.ADAPTIVE_AUTH_UNLOCK_AFTER_LOCK_REPORTED, j, j2, i3);
    }

    private void lockDevice(int i) {
        this.mLockPatternUtils.requireStrongAuth(512, i);
        int profileParentId = this.mUserManager.getProfileParentId(i);
        Slog.i(TAG, "lockDevice: userId=" + i + ", parentUserId=" + profileParentId);
        if (profileParentId != i) {
            this.mLockPatternUtils.requireStrongAuth(512, profileParentId);
        }
        this.mWindowManager.lockNow();
        this.mLastLockedTimestamp.put(i, SystemClock.elapsedRealtime());
    }

    static {
        DEBUG = Build.IS_DEBUGGABLE && Log.isLoggable(TAG, 3);
    }
}
