package com.android.server.companion.utils;

import android.annotation.NonNull;
import android.annotation.Nullable;
import android.companion.AssociationRequest;
import android.content.Context;
import android.os.Binder;
import android.os.RemoteException;
import android.os.ServiceManager;
import android.os.UserHandle;
import android.util.ArrayMap;
import com.android.internal.app.IAppOpsService;
import com.android.server.slice.SliceClientPermissions;
import java.util.Collections;
import java.util.Map;

/* loaded from: input_file:com/android/server/companion/utils/PermissionsUtils.class */
public final class PermissionsUtils {
    private static final Map<String, String> DEVICE_PROFILE_TO_PERMISSION;
    private static IAppOpsService sAppOpsService;

    public static void enforcePermissionForCreatingAssociation(@NonNull Context context, @NonNull AssociationRequest associationRequest, int i) {
        enforcePermissionForRequestingProfile(context, associationRequest.getDeviceProfile(), i);
        if (associationRequest.isSelfManaged() || associationRequest.getDeviceIcon() != null) {
            enforcePermissionForRequestingSelfManaged(context, i);
        }
    }

    public static void enforcePermissionForRequestingProfile(@NonNull Context context, @Nullable String str, int i) {
        if (str == null) {
            return;
        }
        if (!DEVICE_PROFILE_TO_PERMISSION.containsKey(str)) {
            throw new IllegalArgumentException("Unsupported device profile: " + str);
        }
        String str2 = DEVICE_PROFILE_TO_PERMISSION.get(str);
        if (context.checkPermission(str2, Binder.getCallingPid(), i) != 0) {
            throw new SecurityException("Application must hold " + str2 + " to associate with a device with " + str + " profile.");
        }
    }

    public static void enforcePermissionForRequestingSelfManaged(@NonNull Context context, int i) {
        if (context.checkPermission("android.permission.REQUEST_COMPANION_SELF_MANAGED", Binder.getCallingPid(), i) != 0) {
            throw new SecurityException("Application does not hold android.permission.REQUEST_COMPANION_SELF_MANAGED");
        }
    }

    public static boolean checkCallerCanInteractWithUserId(@NonNull Context context, int i) {
        return UserHandle.getCallingUserId() == i || context.checkCallingPermission("android.permission.INTERACT_ACROSS_USERS") == 0;
    }

    public static void enforceCallerCanInteractWithUserId(@NonNull Context context, int i) {
        if (UserHandle.getCallingUserId() == i) {
            return;
        }
        context.enforceCallingPermission("android.permission.INTERACT_ACROSS_USERS", null);
    }

    public static void enforceCallerIsSystemOrCanInteractWithUserId(@NonNull Context context, int i) {
        if (Binder.getCallingUid() == 1000) {
            return;
        }
        enforceCallerCanInteractWithUserId(context, i);
    }

    public static void enforceCallerIsSystemOr(int i, @NonNull String str) {
        int callingUid = Binder.getCallingUid();
        if (callingUid == 1000) {
            return;
        }
        int callingUserId = UserHandle.getCallingUserId();
        if (UserHandle.getCallingUserId() != i) {
            throw new SecurityException("Calling UserId (" + callingUserId + ") does not match the expected UserId (" + i + ")");
        }
        if (!checkPackage(callingUid, str)) {
            throw new SecurityException(str + " doesn't belong to calling uid (" + callingUid + ")");
        }
    }

    public static void enforceCallerCanManageAssociationsForPackage(@NonNull Context context, int i, @NonNull String str, @Nullable String str2) {
        int callingUid = Binder.getCallingUid();
        if (callingUid == 1000) {
            return;
        }
        boolean z = context.checkCallingPermission("android.permission.INTERACT_ACROSS_USERS") == 0;
        boolean z2 = context.checkCallingPermission("android.permission.MANAGE_COMPANION_DEVICES") == 0;
        if (UserHandle.getCallingUserId() == i) {
            if (checkPackage(callingUid, str) || z2) {
                return;
            }
        } else if (z && z2) {
            return;
        }
        throw new SecurityException("Caller (uid=" + Binder.getCallingUid() + ") does not have permissions to " + (str2 != null ? str2 : "manage associations") + " for u" + i + SliceClientPermissions.SliceAuthority.DELIMITER + str);
    }

    public static void enforceCallerCanObserveDevicePresenceByUuid(@NonNull Context context, String str, int i) {
        if (!hasRequirePermissions(context, str, i)) {
            throw new SecurityException("Caller (uid=" + Binder.getCallingUid() + ") does not have permissions to request observing device presence base on the UUID");
        }
    }

    private static boolean checkPackage(int i, @NonNull String str) {
        try {
            return getAppOpsService().checkPackage(i, str) == 0;
        } catch (RemoteException e) {
            return true;
        }
    }

    private static IAppOpsService getAppOpsService() {
        if (sAppOpsService == null) {
            synchronized (PermissionsUtils.class) {
                if (sAppOpsService == null) {
                    sAppOpsService = IAppOpsService.Stub.asInterface(ServiceManager.getService("appops"));
                }
            }
        }
        return sAppOpsService;
    }

    private static boolean hasRequirePermissions(@NonNull Context context, String str, int i) {
        return context.checkCallingPermission("android.permission.REQUEST_OBSERVE_DEVICE_UUID_PRESENCE") == 0 && context.checkCallingPermission("android.permission.BLUETOOTH_SCAN") == 0 && context.checkCallingPermission("android.permission.BLUETOOTH_CONNECT") == 0 && Boolean.TRUE.equals(Binder.withCleanCallingIdentity(() -> {
            return Boolean.valueOf(RolesUtils.isRoleHolder(context, i, str, "android.app.role.SYSTEM_AUTOMOTIVE_PROJECTION"));
        }));
    }

    private PermissionsUtils() {
    }

    static {
        ArrayMap arrayMap = new ArrayMap();
        arrayMap.put("android.app.role.COMPANION_DEVICE_WATCH", "android.permission.REQUEST_COMPANION_PROFILE_WATCH");
        arrayMap.put("android.app.role.COMPANION_DEVICE_APP_STREAMING", "android.permission.REQUEST_COMPANION_PROFILE_APP_STREAMING");
        arrayMap.put("android.app.role.SYSTEM_AUTOMOTIVE_PROJECTION", "android.permission.REQUEST_COMPANION_PROFILE_AUTOMOTIVE_PROJECTION");
        arrayMap.put("android.app.role.COMPANION_DEVICE_COMPUTER", "android.permission.REQUEST_COMPANION_PROFILE_COMPUTER");
        arrayMap.put("android.app.role.COMPANION_DEVICE_GLASSES", "android.permission.REQUEST_COMPANION_PROFILE_GLASSES");
        arrayMap.put("android.app.role.COMPANION_DEVICE_NEARBY_DEVICE_STREAMING", "android.permission.REQUEST_COMPANION_PROFILE_NEARBY_DEVICE_STREAMING");
        DEVICE_PROFILE_TO_PERMISSION = Collections.unmodifiableMap(arrayMap);
        sAppOpsService = null;
    }
}
