package com.android.server.selinux;

import android.app.job.JobInfo;
import android.app.job.JobParameters;
import android.app.job.JobScheduler;
import android.app.job.JobService;
import android.content.ComponentName;
import android.content.Context;
import android.provider.DeviceConfig;
import android.util.EventLog;
import android.util.Slog;
import com.android.sdksandbox.flags.Flags;
import com.android.server.pm.PackageManagerService;
import java.time.Duration;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;

/* loaded from: input_file:com/android/server/selinux/SelinuxAuditLogsService.class */
public class SelinuxAuditLogsService extends JobService {
    private static final String TAG = "SelinuxAuditLogs";
    private static final String SELINUX_AUDIT_NAMESPACE = "SelinuxAuditLogsNamespace";
    private static final String CONFIG_SELINUX_AUDIT_JOB_FREQUENCY_HOURS = "selinux_audit_job_frequency_hours";
    private static final String CONFIG_SELINUX_ENABLE_AUDIT_JOB = "selinux_enable_audit_job";
    private static final int SELINUX_AUDIT_JOB_ID = 25327386;
    static final int AUDITD_TAG_CODE = EventLog.getTagCode("auditd");
    private static final ComponentName SELINUX_AUDIT_JOB_COMPONENT = new ComponentName(PackageManagerService.PLATFORM_PACKAGE_NAME, SelinuxAuditLogsService.class.getName());
    private static final ExecutorService EXECUTOR_SERVICE = Executors.newSingleThreadExecutor();
    private static final Duration RATE_LIMITER_WINDOW = Duration.ofMillis(10);
    private static final String CONFIG_SELINUX_AUDIT_CAP = "selinux_audit_cap";
    private static final int MAX_PERMITS_CAP_DEFAULT = 50000;
    private static final QuotaLimiter QUOTA_LIMITER = new QuotaLimiter(DeviceConfig.getInt("adservices", CONFIG_SELINUX_AUDIT_CAP, MAX_PERMITS_CAP_DEFAULT));
    private static final SelinuxAuditLogsJob LOGS_COLLECTOR_JOB = new SelinuxAuditLogsJob(new SelinuxAuditLogsCollector(new RateLimiter(RATE_LIMITER_WINDOW), QUOTA_LIMITER));

    /* loaded from: input_file:com/android/server/selinux/SelinuxAuditLogsService$LogsCollectorJobScheduler.class */
    private static final class LogsCollectorJobScheduler implements DeviceConfig.OnPropertiesChangedListener {
        private final JobScheduler mJobScheduler;

        private LogsCollectorJobScheduler(JobScheduler jobScheduler) {
            this.mJobScheduler = jobScheduler;
        }

        public void onPropertiesChanged(DeviceConfig.Properties properties) {
            Set keyset = properties.getKeyset();
            if (keyset.contains(SelinuxAuditLogsService.CONFIG_SELINUX_AUDIT_CAP)) {
                SelinuxAuditLogsService.QUOTA_LIMITER.setMaxPermits(properties.getInt(SelinuxAuditLogsService.CONFIG_SELINUX_AUDIT_CAP, SelinuxAuditLogsService.MAX_PERMITS_CAP_DEFAULT));
            }
            if (!keyset.contains(SelinuxAuditLogsService.CONFIG_SELINUX_ENABLE_AUDIT_JOB)) {
                if (keyset.contains(SelinuxAuditLogsService.CONFIG_SELINUX_AUDIT_JOB_FREQUENCY_HOURS)) {
                    schedule();
                }
            } else if (properties.getBoolean(SelinuxAuditLogsService.CONFIG_SELINUX_ENABLE_AUDIT_JOB, false)) {
                schedule();
            } else {
                this.mJobScheduler.cancel(SelinuxAuditLogsService.SELINUX_AUDIT_JOB_ID);
            }
        }

        private void schedule() {
            if (this.mJobScheduler.schedule(new JobInfo.Builder(SelinuxAuditLogsService.SELINUX_AUDIT_JOB_ID, SelinuxAuditLogsService.SELINUX_AUDIT_JOB_COMPONENT).setPeriodic(TimeUnit.HOURS.toMillis(DeviceConfig.getInt("adservices", SelinuxAuditLogsService.CONFIG_SELINUX_AUDIT_JOB_FREQUENCY_HOURS, 24))).setRequiresDeviceIdle(true).setRequiresBatteryNotLow(true).build()) == 0) {
                Slog.e(SelinuxAuditLogsService.TAG, "SelinuxAuditLogsService could not be scheduled.");
            } else {
                Slog.d(SelinuxAuditLogsService.TAG, "SelinuxAuditLogsService scheduled successfully.");
            }
        }
    }

    public static void schedule(Context context) {
        if (!Flags.selinuxSdkSandboxAudit()) {
            Slog.d(TAG, "SelinuxAuditLogsService not enabled");
        } else {
            if (AUDITD_TAG_CODE == -1) {
                Slog.e(TAG, "auditd is not a registered tag on this system");
                return;
            }
            LogsCollectorJobScheduler logsCollectorJobScheduler = new LogsCollectorJobScheduler(((JobScheduler) context.getSystemService(JobScheduler.class)).forNamespace(SELINUX_AUDIT_NAMESPACE));
            logsCollectorJobScheduler.schedule();
            DeviceConfig.addOnPropertiesChangedListener("adservices", context.getMainExecutor(), logsCollectorJobScheduler);
        }
    }

    @Override // android.app.job.JobService
    public boolean onStartJob(JobParameters jobParameters) {
        if (jobParameters.getJobId() != SELINUX_AUDIT_JOB_ID) {
            Slog.e(TAG, "The job id does not match the expected selinux job id.");
            return false;
        }
        if (Flags.selinuxSdkSandboxAudit()) {
            EXECUTOR_SERVICE.execute(() -> {
                LOGS_COLLECTOR_JOB.start(this, jobParameters);
            });
            return true;
        }
        Slog.i(TAG, "Selinux audit job disabled.");
        return false;
    }

    @Override // android.app.job.JobService
    public boolean onStopJob(JobParameters jobParameters) {
        if (jobParameters.getJobId() != SELINUX_AUDIT_JOB_ID || !LOGS_COLLECTOR_JOB.isRunning()) {
            return false;
        }
        LOGS_COLLECTOR_JOB.requestStop();
        return true;
    }
}
