package com.android.server.appfunctions;

import android.annotation.NonNull;
import android.annotation.RequiresPermission;
import android.app.admin.DevicePolicyManager;
import android.app.appfunctions.AppFunctionStaticMetadataHelper;
import android.app.appsearch.AppSearchBatchResult;
import android.app.appsearch.AppSearchManager;
import android.app.appsearch.AppSearchResult;
import android.app.appsearch.GenericDocument;
import android.app.appsearch.GetByDocumentIdRequest;
import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Binder;
import android.os.UserHandle;
import com.android.internal.infra.AndroidFuture;
import java.util.Objects;

/* loaded from: input_file:com/android/server/appfunctions/CallerValidatorImpl.class */
class CallerValidatorImpl implements CallerValidator {
    private final Context mContext;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CallerValidatorImpl(@NonNull Context context) {
        this.mContext = (Context) Objects.requireNonNull(context);
    }

    @Override // com.android.server.appfunctions.CallerValidator
    @NonNull
    public String validateCallingPackage(@NonNull String str) {
        int callingUid = Binder.getCallingUid();
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            validateCallingPackageInternal(callingUid, str);
            Binder.restoreCallingIdentity(clearCallingIdentity);
            return str;
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    @Override // com.android.server.appfunctions.CallerValidator
    @NonNull
    public UserHandle verifyTargetUserHandle(@NonNull UserHandle userHandle, @NonNull String str) {
        int callingPid = Binder.getCallingPid();
        int callingUid = Binder.getCallingUid();
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            UserHandle handleIncomingUser = handleIncomingUser(str, userHandle, callingPid, callingUid);
            Binder.restoreCallingIdentity(clearCallingIdentity);
            return handleIncomingUser;
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    @Override // com.android.server.appfunctions.CallerValidator
    @RequiresPermission(anyOf = {"android.permission.EXECUTE_APP_FUNCTIONS_TRUSTED", "android.permission.EXECUTE_APP_FUNCTIONS"}, conditional = true)
    public AndroidFuture<Boolean> verifyCallerCanExecuteAppFunction(int i, int i2, @NonNull UserHandle userHandle, @NonNull String str, @NonNull String str2, @NonNull String str3) {
        if (str.equals(str2)) {
            return AndroidFuture.completedFuture(true);
        }
        if (this.mContext.checkPermission("android.permission.EXECUTE_APP_FUNCTIONS_TRUSTED", i2, i) == 0) {
            return AndroidFuture.completedFuture(true);
        }
        if (!(this.mContext.checkPermission("android.permission.EXECUTE_APP_FUNCTIONS", i2, i) == 0)) {
            return AndroidFuture.completedFuture(false);
        }
        FutureAppSearchSessionImpl futureAppSearchSessionImpl = new FutureAppSearchSessionImpl((AppSearchManager) Objects.requireNonNull((AppSearchManager) this.mContext.createContextAsUser(userHandle, 0).getSystemService(AppSearchManager.class)), AppFunctionExecutors.THREAD_POOL_EXECUTOR, new AppSearchManager.SearchContext.Builder("apps-db").build());
        String documentIdForAppFunction = AppFunctionStaticMetadataHelper.getDocumentIdForAppFunction(str2, str3);
        return futureAppSearchSessionImpl.getByDocumentId(new GetByDocumentIdRequest.Builder("app_functions").addIds(documentIdForAppFunction).build()).thenApply(appSearchBatchResult -> {
            return getGenericDocumentFromBatchResult(appSearchBatchResult, documentIdForAppFunction);
        }).thenApply(genericDocument -> {
            return Boolean.valueOf(!getRestrictCallersWithExecuteAppFunctionsProperty(genericDocument));
        }).whenComplete((bool, th) -> {
            futureAppSearchSessionImpl.close();
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static GenericDocument getGenericDocumentFromBatchResult(AppSearchBatchResult<String, GenericDocument> appSearchBatchResult, String str) {
        if (appSearchBatchResult.isSuccess()) {
            return appSearchBatchResult.getSuccesses().get(str);
        }
        AppSearchResult<GenericDocument> appSearchResult = appSearchBatchResult.getFailures().get(str);
        throw new AppSearchException(appSearchResult.getResultCode(), "Unable to retrieve document with id: " + str + " due to " + appSearchResult.getErrorMessage());
    }

    private static boolean getRestrictCallersWithExecuteAppFunctionsProperty(GenericDocument genericDocument) {
        return genericDocument.getPropertyBoolean("restrictCallersWithExecuteAppFunctions");
    }

    @Override // com.android.server.appfunctions.CallerValidator
    public boolean verifyEnterprisePolicyIsAllowed(@NonNull UserHandle userHandle, @NonNull UserHandle userHandle2) {
        int appFunctionsPolicy = getDevicePolicyManagerAsUser(userHandle).getAppFunctionsPolicy();
        int appFunctionsPolicy2 = getDevicePolicyManagerAsUser(userHandle2).getAppFunctionsPolicy();
        boolean equals = userHandle.equals(userHandle2);
        return isAppFunctionPolicyAllowed(appFunctionsPolicy2, equals) && isAppFunctionPolicyAllowed(appFunctionsPolicy, equals);
    }

    @NonNull
    private UserHandle handleIncomingUser(@NonNull String str, @NonNull UserHandle userHandle, int i, int i2) {
        if (UserHandle.getUserHandleForUid(i2).equals(userHandle)) {
            return userHandle;
        }
        if (userHandle.getIdentifier() < 0) {
            throw new IllegalArgumentException("Call does not support special user " + userHandle);
        }
        if (this.mContext.checkPermission("android.permission.INTERACT_ACROSS_USERS_FULL", i, i2) != 0) {
            throw new SecurityException("Permission denied while calling from uid " + i2 + " with " + userHandle + "; Requires permission: android.permission.INTERACT_ACROSS_USERS_FULL");
        }
        try {
            this.mContext.createPackageContextAsUser(str, 0, userHandle);
            return userHandle;
        } catch (PackageManager.NameNotFoundException e) {
            throw new SecurityException("Package: " + str + " haven't installed for user " + userHandle.getIdentifier());
        }
    }

    private void validateCallingPackageInternal(int i, @NonNull String str) {
        if (getPackageUid(this.mContext.createContextAsUser(UserHandle.getUserHandleForUid(i), 0), str) != i) {
            throw new SecurityException("Specified calling package [" + str + "] does not match the calling uid " + i);
        }
    }

    private int getPackageUid(@NonNull Context context, @NonNull String str) {
        try {
            return context.getPackageManager().getPackageUid(str, 0);
        } catch (PackageManager.NameNotFoundException e) {
            return -1;
        }
    }

    private boolean isAppFunctionPolicyAllowed(int i, boolean z) {
        switch (i) {
            case 0:
                return true;
            case 2:
                return z;
            default:
                return false;
        }
    }

    private DevicePolicyManager getDevicePolicyManagerAsUser(@NonNull UserHandle userHandle) {
        return (DevicePolicyManager) this.mContext.createContextAsUser(userHandle, 0).getSystemService(DevicePolicyManager.class);
    }
}
