package com.android.server.connectivity;

import android.R;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.app.AppOpsManager;
import android.app.Notification;
import android.app.NotificationManager;
import android.app.PendingIntent;
import android.content.ComponentName;
import android.content.ContentResolver;
import android.content.Context;
import android.content.Intent;
import android.content.ServiceConnection;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
import android.content.pm.UserInfo;
import android.net.ConnectivityDiagnosticsManager;
import android.net.ConnectivityManager;
import android.net.INetd;
import android.net.INetworkManagementEventObserver;
import android.net.Ikev2VpnProfile;
import android.net.InetAddresses;
import android.net.IpPrefix;
import android.net.IpSecManager;
import android.net.IpSecTransform;
import android.net.LinkAddress;
import android.net.LinkProperties;
import android.net.Network;
import android.net.NetworkAgent;
import android.net.NetworkAgentConfig;
import android.net.NetworkCapabilities;
import android.net.NetworkInfo;
import android.net.NetworkProvider;
import android.net.NetworkRequest;
import android.net.NetworkScore;
import android.net.NetworkSpecifier;
import android.net.RouteInfo;
import android.net.TelephonyNetworkSpecifier;
import android.net.UidRangeParcel;
import android.net.UnderlyingNetworkInfo;
import android.net.Uri;
import android.net.VpnProfileState;
import android.net.VpnTransportInfo;
import android.net.ipsec.ike.ChildSessionCallback;
import android.net.ipsec.ike.ChildSessionConfiguration;
import android.net.ipsec.ike.ChildSessionParams;
import android.net.ipsec.ike.IkeSession;
import android.net.ipsec.ike.IkeSessionCallback;
import android.net.ipsec.ike.IkeSessionConfiguration;
import android.net.ipsec.ike.IkeSessionConnectionInfo;
import android.net.ipsec.ike.IkeSessionParams;
import android.net.ipsec.ike.IkeTunnelConnectionParams;
import android.net.ipsec.ike.exceptions.IkeIOException;
import android.net.ipsec.ike.exceptions.IkeNetworkLostException;
import android.net.ipsec.ike.exceptions.IkeNonProtocolException;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
import android.net.ipsec.ike.exceptions.IkeTimeoutException;
import android.net.vcn.VcnTransportInfo;
import android.net.vcn.util.MtuUtils;
import android.net.vcn.util.PersistableBundleUtils;
import android.os.Binder;
import android.os.Bundle;
import android.os.Handler;
import android.os.IBinder;
import android.os.INetworkManagementService;
import android.os.Looper;
import android.os.Parcel;
import android.os.ParcelFileDescriptor;
import android.os.PersistableBundle;
import android.os.Process;
import android.os.RemoteException;
import android.os.SystemClock;
import android.os.UserHandle;
import android.os.UserManager;
import android.provider.Settings;
import android.security.Credentials;
import android.telephony.CarrierConfigManager;
import android.telephony.SubscriptionManager;
import android.telephony.TelephonyManager;
import android.text.TextUtils;
import android.util.ArraySet;
import android.util.IndentingPrintWriter;
import android.util.LocalLog;
import android.util.Log;
import android.util.Range;
import android.util.SparseArray;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.LegacyVpnInfo;
import com.android.internal.net.VpnConfig;
import com.android.internal.net.VpnProfile;
import com.android.net.module.util.BinderUtils;
import com.android.net.module.util.LinkPropertiesUtils;
import com.android.net.module.util.NetdUtils;
import com.android.net.module.util.NetworkStackConstants;
import com.android.server.DeviceIdleInternal;
import com.android.server.LocalServices;
import com.android.server.backup.BackupAgentTimeoutParameters;
import com.android.server.connectivity.Vpn;
import com.android.server.connectivity.VpnIkev2Utils;
import com.android.server.net.BaseNetworkObserver;
import java.io.FileDescriptor;
import java.io.IOException;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.net.SocketException;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.UUID;
import java.util.concurrent.Executor;
import java.util.concurrent.RejectedExecutionException;
import java.util.concurrent.RejectedExecutionHandler;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.ScheduledThreadPoolExecutor;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import libcore.io.IoUtils;

/* loaded from: classes.dex */
public class Vpn {

    @VisibleForTesting
    public static final int AUTOMATIC_KEEPALIVE_DELAY_SECONDS = 30;

    @VisibleForTesting
    static final int DEFAULT_LONG_LIVED_TCP_CONNS_EXPENSIVE_TIMEOUT_SEC = 60;

    @VisibleForTesting
    static final int DEFAULT_UDP_PORT_4500_NAT_TIMEOUT_SEC_INT = 300;

    @VisibleForTesting
    static final int MAX_VPN_PROFILE_SIZE_BYTES = 131072;

    @VisibleForTesting
    public static final int PREFERRED_IKE_PROTOCOL_AUTO = 0;

    @VisibleForTesting
    public static final int PREFERRED_IKE_PROTOCOL_IPV4_UDP = 40;

    @VisibleForTesting
    public static final int PREFERRED_IKE_PROTOCOL_IPV6_ESP = 61;

    @VisibleForTesting
    public static final int PREFERRED_IKE_PROTOCOL_IPV6_UDP = 60;

    @VisibleForTesting
    static final String VPN_APP_EXCLUDED = "VPNAPPEXCLUDED_";

    @GuardedBy({"this"})
    @VisibleForTesting
    protected boolean mAlwaysOn;
    public final AppOpsManager mAppOpsManager;
    public final Set mBlockedUidsAsToldToConnectivity;
    public final SparseArray mCachedCarrierConfigInfoPerSubId;
    public final CarrierConfigManager mCarrierConfigManager;

    @GuardedBy({"this"})
    @VisibleForTesting
    protected VpnConfig mConfig;
    public Connection mConnection;
    public final ConnectivityDiagnosticsManager mConnectivityDiagnosticsManager;
    public final ConnectivityManager mConnectivityManager;
    public final Context mContext;

    @VisibleForTesting
    final Dependencies mDeps;
    public volatile boolean mEnableTeardown;
    public final LocalLog mEventChanges;
    public final Ikev2SessionCreator mIkev2SessionCreator;

    @VisibleForTesting
    protected String mInterface;
    public boolean mIsPackageTargetingAtLeastQ;
    public int mLegacyState;

    @GuardedBy({"this"})
    @VisibleForTesting
    protected boolean mLockdown;
    public List mLockdownAllowlist;
    public final Looper mLooper;
    public final INetd mNetd;

    @VisibleForTesting
    protected NetworkAgent mNetworkAgent;

    @VisibleForTesting
    protected NetworkCapabilities mNetworkCapabilities;
    public final NetworkInfo mNetworkInfo;
    public final NetworkProvider mNetworkProvider;
    public INetworkManagementEventObserver mObserver;
    public int mOwnerUID;

    @GuardedBy({"this"})
    @VisibleForTesting
    protected String mPackage;
    public PendingIntent mStatusIntent;
    public final SubscriptionManager mSubscriptionManager;
    public final SystemServices mSystemServices;
    public final TelephonyManager mTelephonyManager;
    public final int mUserId;
    public final Context mUserIdContext;
    public final UserManager mUserManager;
    public final VpnProfileStore mVpnProfileStore;

    @VisibleForTesting
    protected VpnRunner mVpnRunner;
    public static final long[] IKEV2_VPN_RETRY_DELAYS_MS = {1000, 2000, 5000, 30000, 60000, BackupAgentTimeoutParameters.DEFAULT_FULL_BACKUP_AGENT_TIMEOUT_MILLIS, 900000};
    public static final long[] DATA_STALL_RECOVERY_DELAYS_MS = {1000, 5000, 30000, 60000, 120000, 240000, 480000, 960000};

    /* renamed from: com.android.server.connectivity.Vpn$2, reason: invalid class name */
    /* loaded from: classes.dex */
    public abstract /* synthetic */ class AnonymousClass2 {
        public static final /* synthetic */ int[] $SwitchMap$android$net$NetworkInfo$DetailedState = new int[NetworkInfo.DetailedState.values().length];

        static {
            try {
                $SwitchMap$android$net$NetworkInfo$DetailedState[NetworkInfo.DetailedState.CONNECTED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$android$net$NetworkInfo$DetailedState[NetworkInfo.DetailedState.DISCONNECTED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$android$net$NetworkInfo$DetailedState[NetworkInfo.DetailedState.FAILED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$android$net$NetworkInfo$DetailedState[NetworkInfo.DetailedState.CONNECTING.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    /* loaded from: classes.dex */
    public class CarrierConfigInfo {
        public final int encapType;
        public final int ipVersion;
        public final int keepaliveDelaySec;
        public final String mccMnc;

        public CarrierConfigInfo(String str, int i, int i2, int i3) {
            this.mccMnc = str;
            this.keepaliveDelaySec = i;
            this.encapType = i2;
            this.ipVersion = i3;
        }

        public String toString() {
            return "CarrierConfigInfo(" + this.mccMnc + ") [keepaliveDelaySec=" + this.keepaliveDelaySec + ", encapType=" + this.encapType + ", ipVersion=" + this.ipVersion + "]";
        }
    }

    /* loaded from: classes.dex */
    public class Connection implements ServiceConnection {
        public IBinder mService;

        public Connection() {
        }

        @Override // android.content.ServiceConnection
        public void onServiceConnected(ComponentName componentName, IBinder iBinder) {
            this.mService = iBinder;
        }

        @Override // android.content.ServiceConnection
        public void onServiceDisconnected(ComponentName componentName) {
            this.mService = null;
        }
    }

    @VisibleForTesting
    /* loaded from: classes.dex */
    public class Dependencies {
        public ParcelFileDescriptor adoptFd(Vpn vpn, int i) {
            return ParcelFileDescriptor.adoptFd(jniCreate(vpn, i));
        }

        public int calculateVpnMtu(List list, int i, int i2, boolean z) {
            return MtuUtils.getMtu(list, i, i2, z);
        }

        public DeviceIdleInternal getDeviceIdleInternal() {
            return (DeviceIdleInternal) LocalServices.getService(DeviceIdleInternal.class);
        }

        public PendingIntent getIntentForStatusPanel(Context context) {
            return VpnConfig.getIntentForStatusPanel(context);
        }

        public int getJavaNetworkInterfaceMtu(String str, int i) {
            NetworkInterface byName;
            if (str != null && (byName = NetworkInterface.getByName(str)) != null) {
                return byName.getMTU();
            }
            return i;
        }

        public long getNextRetryDelayMs(int i) {
            return i >= Vpn.IKEV2_VPN_RETRY_DELAYS_MS.length ? Vpn.IKEV2_VPN_RETRY_DELAYS_MS[Vpn.IKEV2_VPN_RETRY_DELAYS_MS.length - 1] : Vpn.IKEV2_VPN_RETRY_DELAYS_MS[i];
        }

        public long getValidationFailRecoveryMs(int i) {
            return i >= Vpn.DATA_STALL_RECOVERY_DELAYS_MS.length ? Vpn.DATA_STALL_RECOVERY_DELAYS_MS[Vpn.DATA_STALL_RECOVERY_DELAYS_MS.length - 1] : Vpn.DATA_STALL_RECOVERY_DELAYS_MS[i];
        }

        public boolean isCallerSystem() {
            return Binder.getCallingUid() == 1000;
        }

        public int jniCreate(Vpn vpn, int i) {
            return vpn.jniCreate(i);
        }

        public String jniGetName(Vpn vpn, int i) {
            return vpn.jniGetName(i);
        }

        public int jniSetAddresses(Vpn vpn, String str, String str2) {
            return vpn.jniSetAddresses(str, str2);
        }

        public NetworkAgent newNetworkAgent(Context context, Looper looper, String str, NetworkCapabilities networkCapabilities, LinkProperties linkProperties, NetworkScore networkScore, NetworkAgentConfig networkAgentConfig, NetworkProvider networkProvider, ValidationStatusCallback validationStatusCallback) {
            return new VpnNetworkAgentWrapper(context, looper, str, networkCapabilities, linkProperties, networkScore, networkAgentConfig, networkProvider, validationStatusCallback);
        }

        public ScheduledThreadPoolExecutor newScheduledThreadPoolExecutor() {
            return new ScheduledThreadPoolExecutor(1);
        }

        public void setBlocking(FileDescriptor fileDescriptor, boolean z) {
            try {
                IoUtils.setBlocking(fileDescriptor, z);
            } catch (IOException e) {
                throw new IllegalStateException("Cannot set tunnel's fd as blocking=" + z, e);
            }
        }

        public void verifyCallingUidAndPackage(Context context, String str, int i) {
            int callingUid = Binder.getCallingUid();
            if (Vpn.getAppUid(context, str, i) == callingUid) {
                return;
            }
            throw new SecurityException(str + " does not belong to uid " + callingUid);
        }
    }

    @VisibleForTesting
    /* loaded from: classes.dex */
    public class IkeSessionWrapper {
        public final IkeSession mImpl;

        public IkeSessionWrapper(IkeSession ikeSession) {
            this.mImpl = ikeSession;
        }

        public void kill() {
            this.mImpl.kill();
        }

        public void setNetwork(Network network, int i, int i2, int i3) {
            this.mImpl.setNetwork(network, i, i2, i3);
        }

        public void setUnderpinnedNetwork(Network network) {
            this.mImpl.setUnderpinnedNetwork(network);
        }
    }

    /* loaded from: classes.dex */
    public class IkeV2VpnRunner extends VpnRunner implements IkeV2VpnRunnerCallback {
        public Network mActiveNetwork;
        public CarrierConfigManager.CarrierConfigChangeListener mCarrierConfigChangeListener;
        public int mCurrentToken;
        public final ScheduledThreadPoolExecutor mExecutor;
        public IkeSessionConnectionInfo mIkeConnectionInfo;
        public final IpSecManager mIpSecManager;
        public boolean mIsRunning;
        public boolean mMobikeEnabled;
        public final ConnectivityManager.NetworkCallback mNetworkCallback;
        public final Ikev2VpnProfile mProfile;
        public int mRetryCount;
        public ScheduledFuture mScheduledHandleDataStallFuture;
        public ScheduledFuture mScheduledHandleNetworkLostFuture;
        public ScheduledFuture mScheduledHandleRetryIkeSessionFuture;
        public IkeSessionWrapper mSession;
        public final String mSessionKey;
        public IpSecManager.IpSecTunnelInterface mTunnelIface;
        public LinkProperties mUnderlyingLinkProperties;
        public NetworkCapabilities mUnderlyingNetworkCapabilities;

        @VisibleForTesting(visibility = VisibleForTesting.Visibility.PRIVATE)
        int mValidationFailRetryCount;

        public IkeV2VpnRunner(Ikev2VpnProfile ikev2VpnProfile, ScheduledThreadPoolExecutor scheduledThreadPoolExecutor) {
            super("IkeV2VpnRunner");
            this.mIsRunning = true;
            this.mCurrentToken = -1;
            this.mMobikeEnabled = false;
            this.mValidationFailRetryCount = 0;
            this.mRetryCount = 0;
            this.mCarrierConfigChangeListener = new CarrierConfigManager.CarrierConfigChangeListener() { // from class: com.android.server.connectivity.Vpn.IkeV2VpnRunner.1
                @Override // android.telephony.CarrierConfigManager.CarrierConfigChangeListener
                public void onCarrierConfigChanged(int i, int i2, int i3, int i4) {
                    Vpn.this.mEventChanges.log("[CarrierConfig] Changed on slot " + i + " subId=" + i2 + " carrerId=" + i3 + " specificCarrierId=" + i4);
                    synchronized (Vpn.this) {
                        try {
                            Vpn.this.mCachedCarrierConfigInfoPerSubId.remove(i2);
                            if (Vpn.this.mVpnRunner != IkeV2VpnRunner.this) {
                                return;
                            }
                            IkeV2VpnRunner.this.maybeMigrateIkeSessionAndUpdateVpnTransportInfo(IkeV2VpnRunner.this.mActiveNetwork);
                        } catch (Throwable th) {
                            throw th;
                        }
                    }
                }
            };
            this.mProfile = ikev2VpnProfile;
            this.mExecutor = scheduledThreadPoolExecutor;
            this.mIpSecManager = (IpSecManager) Vpn.this.mContext.getSystemService(INetd.IPSEC_INTERFACE_PREFIX);
            this.mNetworkCallback = new VpnIkev2Utils.Ikev2VpnNetworkCallback("IkeV2VpnRunner", this, this.mExecutor);
            this.mSessionKey = UUID.randomUUID().toString();
            Log.d("IkeV2VpnRunner", "Generate session key = " + this.mSessionKey);
            this.mExecutor.setRemoveOnCancelPolicy(true);
            this.mExecutor.setExecuteExistingDelayedTasksAfterShutdownPolicy(false);
            this.mExecutor.setRejectedExecutionHandler(new RejectedExecutionHandler() { // from class: com.android.server.connectivity.Vpn$IkeV2VpnRunner$$ExternalSyntheticLambda0
                @Override // java.util.concurrent.RejectedExecutionHandler
                public final void rejectedExecution(Runnable runnable, ThreadPoolExecutor threadPoolExecutor) {
                    Vpn.IkeV2VpnRunner.lambda$new$0(runnable, threadPoolExecutor);
                }
            });
            Vpn.this.setVpnNetworkPreference(this.mSessionKey, Vpn.this.createUserAndRestrictedProfilesRanges(Vpn.this.mUserId, Vpn.this.mConfig.allowedApplications, Vpn.this.mConfig.disallowedApplications));
            if (Vpn.this.mCarrierConfigManager != null) {
                Vpn.this.mCarrierConfigManager.registerCarrierConfigChangeListener(this.mExecutor, this.mCarrierConfigChangeListener);
            }
        }

        public static /* synthetic */ void lambda$new$0(Runnable runnable, ThreadPoolExecutor threadPoolExecutor) {
            Log.d("IkeV2VpnRunner", "Runnable " + runnable + " rejected by the mExecutor");
        }

        public final CarrierConfigInfo buildCarrierConfigInfo(String str, int i, int i2) {
            int i3;
            int i4;
            switch (i2) {
                case 0:
                    i3 = 0;
                    i4 = 0;
                    break;
                case 40:
                    i3 = 4;
                    i4 = 17;
                    break;
                case 60:
                    i3 = 6;
                    i4 = 17;
                    break;
                case 61:
                    i3 = 6;
                    i4 = -1;
                    break;
                default:
                    i3 = 4;
                    i4 = 17;
                    break;
            }
            return new CarrierConfigInfo(str, i, i4, i3);
        }

        public final int calculateVpnMtu() {
            Network network = this.mIkeConnectionInfo.getNetwork();
            LinkProperties linkProperties = Vpn.this.mConnectivityManager.getLinkProperties(network);
            if (network == null || linkProperties == null) {
                return this.mProfile.getMaxMtu();
            }
            int mtu = linkProperties.getMtu();
            if (mtu == 0) {
                try {
                    mtu = Vpn.this.mDeps.getJavaNetworkInterfaceMtu(linkProperties.getInterfaceName(), this.mProfile.getMaxMtu());
                } catch (SocketException e) {
                    Log.d("IkeV2VpnRunner", "Got a SocketException when getting MTU from kernel: " + e);
                    return this.mProfile.getMaxMtu();
                }
            }
            return Vpn.this.mDeps.calculateVpnMtu(getChildSessionParams().getSaProposals(), this.mProfile.getMaxMtu(), mtu, this.mIkeConnectionInfo.getLocalAddress() instanceof Inet4Address);
        }

        public final void cancelHandleNetworkLostTimeout() {
            if (this.mScheduledHandleNetworkLostFuture != null) {
                Log.d("IkeV2VpnRunner", "Cancel the task for handling network lost timeout");
                this.mScheduledHandleNetworkLostFuture.cancel(false);
                this.mScheduledHandleNetworkLostFuture = null;
            }
        }

        public final void cancelRetryNewIkeSessionFuture() {
            if (this.mScheduledHandleRetryIkeSessionFuture != null) {
                Log.d("IkeV2VpnRunner", "Cancel the task for handling new ike session timeout");
                this.mScheduledHandleRetryIkeSessionFuture.cancel(false);
                this.mScheduledHandleRetryIkeSessionFuture = null;
            }
        }

        /* renamed from: disconnectVpnRunner, reason: merged with bridge method [inline-methods] */
        public final void lambda$exitVpnRunner$6() {
            Vpn.this.mEventChanges.log("[VPNRunner] Disconnect runner, underlying net " + this.mActiveNetwork);
            this.mActiveNetwork = null;
            this.mUnderlyingNetworkCapabilities = null;
            this.mUnderlyingLinkProperties = null;
            this.mIsRunning = false;
            resetIkeState();
            if (Vpn.this.mCarrierConfigManager != null) {
                Vpn.this.mCarrierConfigManager.unregisterCarrierConfigChangeListener(this.mCarrierConfigChangeListener);
            }
            Vpn.this.mConnectivityManager.unregisterNetworkCallback(this.mNetworkCallback);
            this.mExecutor.shutdown();
        }

        @Override // com.android.server.connectivity.Vpn.VpnRunner
        public void exitVpnRunner() {
            Vpn.this.clearVpnNetworkPreference(this.mSessionKey);
            try {
                this.mExecutor.execute(new Runnable() { // from class: com.android.server.connectivity.Vpn$IkeV2VpnRunner$$ExternalSyntheticLambda1
                    @Override // java.lang.Runnable
                    public final void run() {
                        Vpn.IkeV2VpnRunner.this.lambda$exitVpnRunner$6();
                    }
                });
            } catch (RejectedExecutionException e) {
            }
        }

        public final CarrierConfigInfo getCarrierConfigForUnderlyingNetwork() {
            if (Vpn.this.mCarrierConfigManager == null) {
                return null;
            }
            int cellSubIdForNetworkCapabilities = Vpn.getCellSubIdForNetworkCapabilities(this.mUnderlyingNetworkCapabilities);
            if (cellSubIdForNetworkCapabilities == -1) {
                Log.d("IkeV2VpnRunner", "Underlying network is not a cellular network");
                return null;
            }
            synchronized (Vpn.this) {
                try {
                    if (Vpn.this.mCachedCarrierConfigInfoPerSubId.contains(cellSubIdForNetworkCapabilities)) {
                        Log.d("IkeV2VpnRunner", "Get cached config");
                        return (CarrierConfigInfo) Vpn.this.mCachedCarrierConfigInfoPerSubId.get(cellSubIdForNetworkCapabilities);
                    }
                    TelephonyManager createForSubscriptionId = Vpn.this.mTelephonyManager.createForSubscriptionId(cellSubIdForNetworkCapabilities);
                    if (createForSubscriptionId.getSimApplicationState() != 10) {
                        Log.d("IkeV2VpnRunner", "SIM card is not ready on sub " + cellSubIdForNetworkCapabilities);
                        return null;
                    }
                    PersistableBundle configForSubId = Vpn.this.mCarrierConfigManager.getConfigForSubId(cellSubIdForNetworkCapabilities);
                    if (!CarrierConfigManager.isConfigForIdentifiedCarrier(configForSubId)) {
                        return null;
                    }
                    CarrierConfigInfo buildCarrierConfigInfo = buildCarrierConfigInfo(createForSubscriptionId.getSimOperator(cellSubIdForNetworkCapabilities), configForSubId.getInt("min_udp_port_4500_nat_timeout_sec_int"), configForSubId.getInt("preferred_ike_protocol_int", -1));
                    synchronized (Vpn.this) {
                        Vpn.this.mCachedCarrierConfigInfoPerSubId.put(cellSubIdForNetworkCapabilities, buildCarrierConfigInfo);
                    }
                    return buildCarrierConfigInfo;
                } catch (Throwable th) {
                    throw th;
                }
            }
        }

        public final ChildSessionParams getChildSessionParams() {
            IkeTunnelConnectionParams ikeTunnelConnectionParams = this.mProfile.getIkeTunnelConnectionParams();
            return ikeTunnelConnectionParams != null ? ikeTunnelConnectionParams.getTunnelModeChildSessionParams() : VpnIkev2Utils.buildChildSessionParams(this.mProfile.getAllowedAlgorithms());
        }

        public final IkeSessionParams getIkeSessionParams(Network network) {
            IkeTunnelConnectionParams ikeTunnelConnectionParams = this.mProfile.getIkeTunnelConnectionParams();
            IkeSessionParams.Builder network2 = ikeTunnelConnectionParams != null ? new IkeSessionParams.Builder(ikeTunnelConnectionParams.getIkeSessionParams()).setNetwork(network) : VpnIkev2Utils.makeIkeSessionParamsBuilder(Vpn.this.mContext, this.mProfile, network);
            if (this.mProfile.isAutomaticNattKeepaliveTimerEnabled()) {
                network2.setNattKeepAliveDelaySeconds(guessNattKeepaliveTimerForNetwork());
            }
            if (this.mProfile.isAutomaticIpVersionSelectionEnabled()) {
                network2.setIpVersion(guessEspIpVersionForNetwork());
                network2.setEncapType(guessEspEncapTypeForNetwork());
            }
            return network2.build();
        }

        public final int getOrGuessKeepaliveDelaySeconds() {
            if (this.mProfile.isAutomaticNattKeepaliveTimerEnabled()) {
                return guessNattKeepaliveTimerForNetwork();
            }
            if (this.mProfile.getIkeTunnelConnectionParams() != null) {
                return this.mProfile.getIkeTunnelConnectionParams().getIkeSessionParams().getNattKeepAliveDelaySeconds();
            }
            return 300;
        }

        public final int guessEspEncapTypeForNetwork() {
            if (this.mUnderlyingNetworkCapabilities.getTransportInfo() instanceof VcnTransportInfo) {
                Log.d("IkeV2VpnRunner", "Running over VCN, encap type is auto");
                return 0;
            }
            CarrierConfigInfo carrierConfigForUnderlyingNetwork = getCarrierConfigForUnderlyingNetwork();
            int i = carrierConfigForUnderlyingNetwork != null ? carrierConfigForUnderlyingNetwork.encapType : 0;
            if (carrierConfigForUnderlyingNetwork != null) {
                Log.d("IkeV2VpnRunner", "Get customized encap type (" + i + ") on SIM (mccmnc=" + carrierConfigForUnderlyingNetwork.mccMnc + ")");
            }
            return i;
        }

        public final int guessEspIpVersionForNetwork() {
            if (this.mUnderlyingNetworkCapabilities.getTransportInfo() instanceof VcnTransportInfo) {
                Log.d("IkeV2VpnRunner", "Running over VCN, esp IP version is auto");
                return 0;
            }
            CarrierConfigInfo carrierConfigForUnderlyingNetwork = getCarrierConfigForUnderlyingNetwork();
            int i = carrierConfigForUnderlyingNetwork != null ? carrierConfigForUnderlyingNetwork.ipVersion : 0;
            if (carrierConfigForUnderlyingNetwork != null) {
                Log.d("IkeV2VpnRunner", "Get customized IP version (" + i + ") on SIM (mccmnc=" + carrierConfigForUnderlyingNetwork.mccMnc + ")");
            }
            return i;
        }

        public final int guessNattKeepaliveTimerForNetwork() {
            VcnTransportInfo transportInfo = this.mUnderlyingNetworkCapabilities.getTransportInfo();
            if (transportInfo instanceof VcnTransportInfo) {
                int minUdpPort4500NatTimeoutSeconds = transportInfo.getMinUdpPort4500NatTimeoutSeconds();
                Log.d("IkeV2VpnRunner", "Running over VCN, keepalive timer : " + minUdpPort4500NatTimeoutSeconds + "s");
                if (-1 != minUdpPort4500NatTimeoutSeconds) {
                    return minUdpPort4500NatTimeoutSeconds;
                }
            }
            CarrierConfigInfo carrierConfigForUnderlyingNetwork = getCarrierConfigForUnderlyingNetwork();
            int i = carrierConfigForUnderlyingNetwork != null ? carrierConfigForUnderlyingNetwork.keepaliveDelaySec : 30;
            if (carrierConfigForUnderlyingNetwork != null) {
                Log.d("IkeV2VpnRunner", "Get customized keepalive (" + i + "s) on SIM (mccmnc=" + carrierConfigForUnderlyingNetwork.mccMnc + ")");
            }
            return i;
        }

        public final void handleSessionLost(Exception exc, Network network) {
            String str;
            int i;
            int i2;
            int i3;
            cancelHandleNetworkLostTimeout();
            if (exc instanceof IllegalArgumentException) {
                markFailedAndDisconnect(exc);
                return;
            }
            if (exc instanceof IkeProtocolException) {
                IkeProtocolException ikeProtocolException = (IkeProtocolException) exc;
                int errorType = ikeProtocolException.getErrorType();
                switch (ikeProtocolException.getErrorType()) {
                    case 14:
                    case 17:
                    case 24:
                    case 34:
                    case 37:
                    case 38:
                        i3 = 1;
                        break;
                    default:
                        i3 = 2;
                        break;
                }
                str = "android.net.category.EVENT_IKE_ERROR";
                i = i3;
                i2 = errorType;
            } else if (exc instanceof IkeNetworkLostException) {
                str = "android.net.category.EVENT_NETWORK_ERROR";
                i = 2;
                i2 = 2;
            } else if (!(exc instanceof IkeNonProtocolException)) {
                if (exc != null) {
                    Log.wtf("IkeV2VpnRunner", "onSessionLost: exception = " + exc);
                }
                str = null;
                i = -1;
                i2 = -1;
            } else if (exc.getCause() instanceof UnknownHostException) {
                str = "android.net.category.EVENT_NETWORK_ERROR";
                i = 2;
                i2 = 0;
            } else if (exc.getCause() instanceof IkeTimeoutException) {
                str = "android.net.category.EVENT_NETWORK_ERROR";
                i = 2;
                i2 = 1;
            } else if (exc.getCause() instanceof IOException) {
                str = "android.net.category.EVENT_NETWORK_ERROR";
                i = 2;
                i2 = 3;
            } else {
                str = "android.net.category.EVENT_NETWORK_ERROR";
                i = 2;
                i2 = -1;
            }
            synchronized (Vpn.this) {
                try {
                    if (Vpn.this.mVpnRunner != this) {
                        return;
                    }
                    if (str != null && Vpn.isVpnApp(Vpn.this.mPackage)) {
                        Vpn.this.sendEventToVpnManagerApp(str, i, i2, Vpn.this.getPackage(), this.mSessionKey, Vpn.this.makeVpnProfileStateLocked(), this.mActiveNetwork, Vpn.this.getRedactedNetworkCapabilities(this.mUnderlyingNetworkCapabilities), Vpn.this.getRedactedLinkProperties(this.mUnderlyingLinkProperties));
                    }
                    if (i == 1) {
                        markFailedAndDisconnect(exc);
                        return;
                    }
                    scheduleStartIkeSession(-1L);
                    Log.d("IkeV2VpnRunner", "Resetting state for token: " + this.mCurrentToken);
                    synchronized (Vpn.this) {
                        try {
                            if (Vpn.this.mVpnRunner != this) {
                                return;
                            }
                            Vpn.this.mInterface = null;
                            if (Vpn.this.mConfig != null) {
                                Vpn.this.mConfig.interfaze = null;
                                if (Vpn.this.mConfig.routes != null) {
                                    ArrayList arrayList = new ArrayList(Vpn.this.mConfig.routes);
                                    Vpn.this.mConfig.routes.clear();
                                    Iterator it = arrayList.iterator();
                                    while (it.hasNext()) {
                                        Vpn.this.mConfig.routes.add(new RouteInfo(((RouteInfo) it.next()).getDestination(), null, null, 7));
                                    }
                                    if (Vpn.this.mNetworkAgent != null) {
                                        Vpn.doSendLinkProperties(Vpn.this.mNetworkAgent, Vpn.this.makeLinkProperties());
                                    }
                                }
                            }
                            resetIkeState();
                            if (i2 == 2 || Vpn.this.mDeps.getNextRetryDelayMs(this.mRetryCount - 1) <= 5000) {
                                return;
                            }
                            Vpn.this.clearVpnNetworkPreference(this.mSessionKey);
                        } finally {
                        }
                    }
                } finally {
                }
            }
        }

        public final boolean isActiveNetwork(Network network) {
            return Objects.equals(this.mActiveNetwork, network) && this.mIsRunning;
        }

        public final boolean isActiveToken(int i) {
            return this.mCurrentToken == i && this.mIsRunning;
        }

        public final /* synthetic */ void lambda$onDefaultNetworkLost$5(int i, Network network) {
            if (isActiveToken(i)) {
                handleSessionLost(new IkeNetworkLostException(network), network);
                synchronized (Vpn.this) {
                    try {
                        if (Vpn.this.mVpnRunner != this) {
                            return;
                        } else {
                            Vpn.this.updateState(NetworkInfo.DetailedState.DISCONNECTED, "Network lost");
                        }
                    } finally {
                    }
                }
            } else {
                Log.d("IkeV2VpnRunner", "Scheduled handleSessionLost fired for obsolete token " + i);
            }
            this.mScheduledHandleNetworkLostFuture = null;
        }

        public final /* synthetic */ void lambda$onValidationStatus$2() {
            this.mValidationFailRetryCount = 0;
            if (this.mScheduledHandleDataStallFuture != null) {
                Log.d("IkeV2VpnRunner", "Recovered from stall. Cancel pending reset action.");
                this.mScheduledHandleDataStallFuture.cancel(false);
                this.mScheduledHandleDataStallFuture = null;
            }
        }

        public final /* synthetic */ void lambda$onValidationStatus$3() {
            maybeMigrateIkeSessionAndUpdateVpnTransportInfo(this.mActiveNetwork);
        }

        public final /* synthetic */ void lambda$onValidationStatus$4() {
            if (this.mValidationFailRetryCount > 0) {
                Log.d("IkeV2VpnRunner", "Reset session to recover stalled network");
                startIkeSession(this.mActiveNetwork);
            }
            this.mScheduledHandleDataStallFuture = null;
        }

        public final /* synthetic */ void lambda$scheduleStartIkeSession$1() {
            startOrMigrateIkeSession(this.mActiveNetwork);
            this.mScheduledHandleRetryIkeSessionFuture = null;
        }

        public final void markFailedAndDisconnect(Exception exc) {
            synchronized (Vpn.this) {
                try {
                    if (Vpn.this.mVpnRunner != this) {
                        return;
                    }
                    Vpn.this.updateState(NetworkInfo.DetailedState.FAILED, exc.getMessage());
                    Vpn.this.clearVpnNetworkPreference(this.mSessionKey);
                    lambda$exitVpnRunner$6();
                } catch (Throwable th) {
                    throw th;
                }
            }
        }

        public final boolean maybeMigrateIkeSession(Network network, int i) {
            int i2;
            int i3;
            if (this.mSession == null || !this.mMobikeEnabled) {
                return false;
            }
            Log.d("IkeV2VpnRunner", "Migrate IKE Session with token " + this.mCurrentToken + " to network " + network);
            if (this.mProfile.isAutomaticIpVersionSelectionEnabled()) {
                i2 = guessEspIpVersionForNetwork();
                i3 = guessEspEncapTypeForNetwork();
            } else if (this.mProfile.getIkeTunnelConnectionParams() != null) {
                i2 = this.mProfile.getIkeTunnelConnectionParams().getIkeSessionParams().getIpVersion();
                i3 = this.mProfile.getIkeTunnelConnectionParams().getIkeSessionParams().getEncapType();
            } else {
                i2 = 0;
                i3 = 0;
            }
            this.mSession.setNetwork(network, i2, i3, i);
            return true;
        }

        public boolean maybeMigrateIkeSessionAndUpdateVpnTransportInfo(Network network) {
            int orGuessKeepaliveDelaySeconds = getOrGuessKeepaliveDelaySeconds();
            boolean maybeMigrateIkeSession = maybeMigrateIkeSession(network, orGuessKeepaliveDelaySeconds);
            if (maybeMigrateIkeSession) {
                updateVpnTransportInfoAndNetCap(orGuessKeepaliveDelaySeconds);
            }
            return maybeMigrateIkeSession;
        }

        @Override // com.android.server.connectivity.Vpn.IkeV2VpnRunnerCallback
        public void onChildMigrated(int i, IpSecTransform ipSecTransform, IpSecTransform ipSecTransform2) {
            if (!isActiveToken(i)) {
                Vpn.this.mEventChanges.log("[IKEEvent-" + this.mSessionKey + "] onChildMigrated obsolete token=" + i);
                StringBuilder sb = new StringBuilder();
                sb.append("onChildMigrated for obsolete token ");
                sb.append(i);
                Log.d("IkeV2VpnRunner", sb.toString());
                return;
            }
            Vpn.this.mEventChanges.log("[IKEEvent-" + this.mSessionKey + "] onChildMigrated token=" + i + ", in=" + ipSecTransform + ", out=" + ipSecTransform2);
            Network network = this.mIkeConnectionInfo.getNetwork();
            try {
                synchronized (Vpn.this) {
                    try {
                        if (Vpn.this.mVpnRunner != this) {
                            return;
                        }
                        LinkProperties makeLinkProperties = Vpn.this.makeLinkProperties();
                        Vpn.this.mConfig.underlyingNetworks = new Network[]{network};
                        Vpn.this.mConfig.mtu = calculateVpnMtu();
                        LinkProperties makeLinkProperties2 = Vpn.this.makeLinkProperties();
                        if (makeLinkProperties2.getLinkAddresses().isEmpty()) {
                            onSessionLost(i, new IkeIOException(new IOException("No valid addresses for MTU < 1280")));
                            return;
                        }
                        HashSet<LinkAddress> hashSet = new HashSet(makeLinkProperties.getLinkAddresses());
                        hashSet.removeAll(makeLinkProperties2.getLinkAddresses());
                        if (!hashSet.isEmpty()) {
                            Vpn.this.startNewNetworkAgent(Vpn.this.mNetworkAgent, "MTU too low for IPv6; restarting network agent");
                            for (LinkAddress linkAddress : hashSet) {
                                this.mTunnelIface.removeAddress(linkAddress.getAddress(), linkAddress.getPrefixLength());
                            }
                        } else if (!makeLinkProperties2.equals(makeLinkProperties)) {
                            Vpn.doSendLinkProperties(Vpn.this.mNetworkAgent, makeLinkProperties2);
                        }
                        this.mTunnelIface.setUnderlyingNetwork(network);
                        this.mIpSecManager.applyTunnelModeTransform(this.mTunnelIface, 0, ipSecTransform);
                        this.mIpSecManager.applyTunnelModeTransform(this.mTunnelIface, 1, ipSecTransform2);
                    } catch (Throwable th) {
                        throw th;
                    }
                }
            } catch (IOException | IllegalArgumentException e) {
                Log.d("IkeV2VpnRunner", "Transform application failed for token " + i, e);
                onSessionLost(i, e);
            }
        }

        @Override // com.android.server.connectivity.Vpn.IkeV2VpnRunnerCallback
        public void onChildOpened(int i, ChildSessionConfiguration childSessionConfiguration) {
            if (!isActiveToken(i)) {
                Vpn.this.mEventChanges.log("[IKEEvent-" + this.mSessionKey + "] onChildOpened obsolete token=" + i);
                StringBuilder sb = new StringBuilder();
                sb.append("onChildOpened called for obsolete token ");
                sb.append(i);
                Log.d("IkeV2VpnRunner", sb.toString());
                return;
            }
            Vpn.this.mEventChanges.log("[IKEEvent-" + this.mSessionKey + "] onChildOpened token=" + i + ", addr=" + TextUtils.join(", ", childSessionConfiguration.getInternalAddresses()) + " dns=" + TextUtils.join(", ", childSessionConfiguration.getInternalDnsServers()));
            try {
                String interfaceName = this.mTunnelIface.getInterfaceName();
                List<LinkAddress> internalAddresses = childSessionConfiguration.getInternalAddresses();
                ArrayList arrayList = new ArrayList();
                int calculateVpnMtu = calculateVpnMtu();
                if (Vpn.isIPv6Only(internalAddresses) && calculateVpnMtu < 1280) {
                    onSessionLost(i, new IkeIOException(new IOException("No valid addresses for MTU < 1280")));
                    return;
                }
                Collection routesFromTrafficSelectors = VpnIkev2Utils.getRoutesFromTrafficSelectors(childSessionConfiguration.getOutboundTrafficSelectors());
                for (LinkAddress linkAddress : internalAddresses) {
                    this.mTunnelIface.addAddress(linkAddress.getAddress(), linkAddress.getPrefixLength());
                }
                Iterator it = childSessionConfiguration.getInternalDnsServers().iterator();
                while (it.hasNext()) {
                    arrayList.add(((InetAddress) it.next()).getHostAddress());
                }
                Network network = this.mIkeConnectionInfo.getNetwork();
                synchronized (Vpn.this) {
                    try {
                        if (Vpn.this.mVpnRunner != this) {
                            return;
                        }
                        Vpn.this.mInterface = interfaceName;
                        Vpn.this.mConfig.mtu = calculateVpnMtu;
                        Vpn.this.mConfig.interfaze = Vpn.this.mInterface;
                        Vpn.this.mConfig.addresses.clear();
                        Vpn.this.mConfig.addresses.addAll(internalAddresses);
                        Vpn.this.mConfig.routes.clear();
                        Vpn.this.mConfig.routes.addAll(routesFromTrafficSelectors);
                        if (Vpn.this.mConfig.dnsServers == null) {
                            Vpn.this.mConfig.dnsServers = new ArrayList();
                        }
                        Vpn.this.mConfig.dnsServers.clear();
                        Vpn.this.mConfig.dnsServers.addAll(arrayList);
                        Vpn.this.mConfig.underlyingNetworks = new Network[]{network};
                        NetworkAgent networkAgent = Vpn.this.mNetworkAgent;
                        if (networkAgent == null) {
                            if (Vpn.this.isSettingsVpnLocked()) {
                                Vpn.this.prepareStatusIntent();
                            }
                            Vpn.this.agentConnect(new ValidationStatusCallback() { // from class: com.android.server.connectivity.Vpn$IkeV2VpnRunner$$ExternalSyntheticLambda4
                                @Override // com.android.server.connectivity.Vpn.ValidationStatusCallback
                                public final void onValidationStatus(int i2) {
                                    Vpn.IkeV2VpnRunner.this.onValidationStatus(i2);
                                }
                            });
                        } else {
                            Vpn.doSendLinkProperties(networkAgent, Vpn.this.makeLinkProperties());
                            this.mRetryCount = 0;
                        }
                    } finally {
                    }
                }
            } catch (Exception e) {
                Log.d("IkeV2VpnRunner", "Error in ChildOpened for token " + i, e);
                onSessionLost(i, e);
            }
        }

        @Override // com.android.server.connectivity.Vpn.IkeV2VpnRunnerCallback
        public void onChildTransformCreated(int i, IpSecTransform ipSecTransform, int i2) {
            if (!isActiveToken(i)) {
                Vpn.this.mEventChanges.log("[IKEEvent-" + this.mSessionKey + "] onChildTransformCreated obsolete token=" + i);
                StringBuilder sb = new StringBuilder();
                sb.append("ChildTransformCreated for obsolete token ");
                sb.append(i);
                Log.d("IkeV2VpnRunner", sb.toString());
                return;
            }
            Vpn.this.mEventChanges.log("[IKEEvent-" + this.mSessionKey + "] onChildTransformCreated token=" + i + ", direction=" + i2 + ", transform=" + ipSecTransform);
            try {
                this.mTunnelIface.setUnderlyingNetwork(this.mIkeConnectionInfo.getNetwork());
                this.mIpSecManager.applyTunnelModeTransform(this.mTunnelIface, i2, ipSecTransform);
            } catch (IOException | IllegalArgumentException e) {
                Log.d("IkeV2VpnRunner", "Transform application failed for token " + i, e);
                onSessionLost(i, e);
            }
        }

        @Override // com.android.server.connectivity.Vpn.IkeV2VpnRunnerCallback
        public void onDefaultNetworkCapabilitiesChanged(NetworkCapabilities networkCapabilities) {
            if (significantCapsChange(this.mUnderlyingNetworkCapabilities, networkCapabilities)) {
                Vpn.this.mEventChanges.log("[UnderlyingNW] Cap changed from " + this.mUnderlyingNetworkCapabilities + " to " + networkCapabilities);
            }
            NetworkCapabilities networkCapabilities2 = this.mUnderlyingNetworkCapabilities;
            this.mUnderlyingNetworkCapabilities = networkCapabilities;
            if (networkCapabilities2 == null || !networkCapabilities.getSubscriptionIds().equals(networkCapabilities2.getSubscriptionIds())) {
                scheduleStartIkeSession(300L);
            }
        }

        @Override // com.android.server.connectivity.Vpn.IkeV2VpnRunnerCallback
        public void onDefaultNetworkChanged(Network network) {
            Vpn.this.mEventChanges.log("[UnderlyingNW] Default network changed to " + network);
            Log.d("IkeV2VpnRunner", "onDefaultNetworkChanged: " + network);
            cancelRetryNewIkeSessionFuture();
            cancelHandleNetworkLostTimeout();
            if (!this.mIsRunning) {
                Log.d("IkeV2VpnRunner", "onDefaultNetworkChanged after exit");
                return;
            }
            this.mActiveNetwork = network;
            this.mUnderlyingLinkProperties = null;
            this.mUnderlyingNetworkCapabilities = null;
            this.mRetryCount = 0;
        }

        @Override // com.android.server.connectivity.Vpn.IkeV2VpnRunnerCallback
        public void onDefaultNetworkLinkPropertiesChanged(LinkProperties linkProperties) {
            LinkProperties linkProperties2 = this.mUnderlyingLinkProperties;
            Vpn.this.mEventChanges.log("[UnderlyingNW] Lp changed from " + linkProperties2 + " to " + linkProperties);
            this.mUnderlyingLinkProperties = linkProperties;
            if (linkProperties2 == null || !LinkPropertiesUtils.isIdenticalAllLinkAddresses(linkProperties2, linkProperties)) {
                scheduleStartIkeSession(300L);
            }
        }

        @Override // com.android.server.connectivity.Vpn.IkeV2VpnRunnerCallback
        public void onDefaultNetworkLost(final Network network) {
            Vpn.this.mEventChanges.log("[UnderlyingNW] Network lost " + network);
            cancelRetryNewIkeSessionFuture();
            if (!isActiveNetwork(network)) {
                Log.d("IkeV2VpnRunner", "onDefaultNetworkLost called for obsolete network " + network);
                return;
            }
            this.mActiveNetwork = null;
            this.mUnderlyingNetworkCapabilities = null;
            this.mUnderlyingLinkProperties = null;
            if (this.mScheduledHandleNetworkLostFuture != null) {
                IllegalStateException illegalStateException = new IllegalStateException("Found a pending mScheduledHandleNetworkLostFuture");
                Log.i("IkeV2VpnRunner", "Unexpected error in onDefaultNetworkLost. Tear down session", illegalStateException);
                handleSessionLost(illegalStateException, network);
                return;
            }
            Log.d("IkeV2VpnRunner", "Schedule a delay handleSessionLost for losing network " + network + " on session with token " + this.mCurrentToken);
            final int i = this.mCurrentToken;
            this.mScheduledHandleNetworkLostFuture = this.mExecutor.schedule(new Runnable() { // from class: com.android.server.connectivity.Vpn$IkeV2VpnRunner$$ExternalSyntheticLambda2
                @Override // java.lang.Runnable
                public final void run() {
                    Vpn.IkeV2VpnRunner.this.lambda$onDefaultNetworkLost$5(i, network);
                }
            }, 5000L, TimeUnit.MILLISECONDS);
        }

        @Override // com.android.server.connectivity.Vpn.IkeV2VpnRunnerCallback
        public void onIkeConnectionInfoChanged(int i, IkeSessionConnectionInfo ikeSessionConnectionInfo) {
            if (!isActiveToken(i)) {
                Vpn.this.mEventChanges.log("[IKEEvent-" + this.mSessionKey + "] onIkeConnectionInfoChanged obsolete token=" + i);
                StringBuilder sb = new StringBuilder();
                sb.append("onIkeConnectionInfoChanged called for obsolete token ");
                sb.append(i);
                Log.d("IkeV2VpnRunner", sb.toString());
                return;
            }
            Vpn.this.mEventChanges.log("[IKEEvent-" + this.mSessionKey + "] onIkeConnectionInfoChanged token=" + i + ", localAddr=" + ikeSessionConnectionInfo.getLocalAddress() + ", network=" + ikeSessionConnectionInfo.getNetwork());
            this.mIkeConnectionInfo = ikeSessionConnectionInfo;
        }

        @Override // com.android.server.connectivity.Vpn.IkeV2VpnRunnerCallback
        public void onIkeOpened(int i, IkeSessionConfiguration ikeSessionConfiguration) {
            if (!isActiveToken(i)) {
                Vpn.this.mEventChanges.log("[IKEEvent-" + this.mSessionKey + "] onIkeOpened obsolete token=" + i);
                StringBuilder sb = new StringBuilder();
                sb.append("onIkeOpened called for obsolete token ");
                sb.append(i);
                Log.d("IkeV2VpnRunner", sb.toString());
                return;
            }
            this.mMobikeEnabled = ikeSessionConfiguration.isIkeExtensionEnabled(2);
            IkeSessionConnectionInfo ikeSessionConnectionInfo = ikeSessionConfiguration.getIkeSessionConnectionInfo();
            Vpn.this.mEventChanges.log("[IKEEvent-" + this.mSessionKey + "] onIkeOpened token=" + i + ", localAddr=" + ikeSessionConnectionInfo.getLocalAddress() + ", network=" + ikeSessionConnectionInfo.getNetwork() + ", mobikeEnabled= " + this.mMobikeEnabled);
            onIkeConnectionInfoChanged(i, ikeSessionConnectionInfo);
        }

        @Override // com.android.server.connectivity.Vpn.IkeV2VpnRunnerCallback
        public void onSessionLost(int i, Exception exc) {
            String str;
            LocalLog localLog = Vpn.this.mEventChanges;
            StringBuilder sb = new StringBuilder();
            sb.append("[IKE] Session lost on network ");
            sb.append(this.mActiveNetwork);
            if (exc == null) {
                str = "";
            } else {
                str = " reason " + exc.getMessage();
            }
            sb.append(str);
            localLog.log(sb.toString());
            Log.d("IkeV2VpnRunner", "onSessionLost() called for token " + i);
            if (isActiveToken(i)) {
                handleSessionLost(exc, this.mActiveNetwork);
                return;
            }
            Log.d("IkeV2VpnRunner", "onSessionLost() called for obsolete token " + i);
        }

        public void onValidationStatus(int i) {
            Vpn.this.mEventChanges.log("[Validation] validation status " + i);
            if (i == 1) {
                this.mExecutor.execute(new Runnable() { // from class: com.android.server.connectivity.Vpn$IkeV2VpnRunner$$ExternalSyntheticLambda5
                    @Override // java.lang.Runnable
                    public final void run() {
                        Vpn.IkeV2VpnRunner.this.lambda$onValidationStatus$2();
                    }
                });
                return;
            }
            if (this.mScheduledHandleDataStallFuture != null) {
                return;
            }
            if (this.mValidationFailRetryCount == 0) {
                Vpn.this.mConnectivityManager.reportNetworkConnectivity(this.mActiveNetwork, false);
            }
            if (this.mValidationFailRetryCount >= 2) {
                ScheduledThreadPoolExecutor scheduledThreadPoolExecutor = this.mExecutor;
                Runnable runnable = new Runnable() { // from class: com.android.server.connectivity.Vpn$IkeV2VpnRunner$$ExternalSyntheticLambda7
                    @Override // java.lang.Runnable
                    public final void run() {
                        Vpn.IkeV2VpnRunner.this.lambda$onValidationStatus$4();
                    }
                };
                Dependencies dependencies = Vpn.this.mDeps;
                int i2 = this.mValidationFailRetryCount;
                this.mValidationFailRetryCount = i2 + 1;
                this.mScheduledHandleDataStallFuture = scheduledThreadPoolExecutor.schedule(runnable, dependencies.getValidationFailRecoveryMs(i2), TimeUnit.MILLISECONDS);
                return;
            }
            Log.d("IkeV2VpnRunner", "Validation failed");
            ScheduledThreadPoolExecutor scheduledThreadPoolExecutor2 = this.mExecutor;
            Runnable runnable2 = new Runnable() { // from class: com.android.server.connectivity.Vpn$IkeV2VpnRunner$$ExternalSyntheticLambda6
                @Override // java.lang.Runnable
                public final void run() {
                    Vpn.IkeV2VpnRunner.this.lambda$onValidationStatus$3();
                }
            };
            Dependencies dependencies2 = Vpn.this.mDeps;
            int i3 = this.mValidationFailRetryCount;
            this.mValidationFailRetryCount = i3 + 1;
            scheduledThreadPoolExecutor2.schedule(runnable2, dependencies2.getValidationFailRecoveryMs(i3), TimeUnit.MILLISECONDS);
        }

        public final void resetIkeState() {
            if (this.mTunnelIface != null) {
                this.mTunnelIface.close();
                this.mTunnelIface = null;
            }
            if (this.mSession != null) {
                this.mSession.kill();
                this.mSession = null;
            }
            this.mIkeConnectionInfo = null;
            this.mMobikeEnabled = false;
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            if (!this.mProfile.isRestrictedToTestNetworks()) {
                Vpn.this.mConnectivityManager.registerSystemDefaultNetworkCallback(this.mNetworkCallback, new Handler(Vpn.this.mLooper));
            } else {
                Vpn.this.mConnectivityManager.requestNetwork(new NetworkRequest.Builder().clearCapabilities().addTransportType(7).addCapability(15).build(), this.mNetworkCallback);
            }
        }

        public final void scheduleStartIkeSession(long j) {
            long nextRetryDelayMs;
            if (this.mScheduledHandleRetryIkeSessionFuture != null) {
                Log.d("IkeV2VpnRunner", "There is a pending retrying task, skip the new retrying task");
                return;
            }
            if (-1 != j) {
                nextRetryDelayMs = j;
            } else {
                Dependencies dependencies = Vpn.this.mDeps;
                int i = this.mRetryCount;
                this.mRetryCount = i + 1;
                nextRetryDelayMs = dependencies.getNextRetryDelayMs(i);
            }
            Log.d("IkeV2VpnRunner", "Retry new IKE session after " + nextRetryDelayMs + " milliseconds.");
            this.mScheduledHandleRetryIkeSessionFuture = this.mExecutor.schedule(new Runnable() { // from class: com.android.server.connectivity.Vpn$IkeV2VpnRunner$$ExternalSyntheticLambda3
                @Override // java.lang.Runnable
                public final void run() {
                    Vpn.IkeV2VpnRunner.this.lambda$scheduleStartIkeSession$1();
                }
            }, nextRetryDelayMs, TimeUnit.MILLISECONDS);
        }

        public final boolean significantCapsChange(NetworkCapabilities networkCapabilities, NetworkCapabilities networkCapabilities2) {
            if (networkCapabilities == networkCapabilities2) {
                return false;
            }
            return (networkCapabilities != null && networkCapabilities2 != null && Arrays.equals(networkCapabilities.getTransportTypes(), networkCapabilities2.getTransportTypes()) && Arrays.equals(networkCapabilities.getCapabilities(), networkCapabilities2.getCapabilities()) && Arrays.equals(networkCapabilities.getEnterpriseIds(), networkCapabilities2.getEnterpriseIds()) && Objects.equals(networkCapabilities.getTransportInfo(), networkCapabilities2.getTransportInfo()) && Objects.equals(networkCapabilities.getAllowedUids(), networkCapabilities2.getAllowedUids()) && Objects.equals(networkCapabilities.getUnderlyingNetworks(), networkCapabilities2.getUnderlyingNetworks()) && Objects.equals(networkCapabilities.getNetworkSpecifier(), networkCapabilities2.getNetworkSpecifier())) ? false : true;
        }

        public final void startIkeSession(Network network) {
            Log.d("IkeV2VpnRunner", "Start new IKE session on network " + network);
            Vpn.this.mEventChanges.log("[IKE] Start IKE session over " + network);
            try {
                synchronized (Vpn.this) {
                    try {
                        if (Vpn.this.mVpnRunner != this) {
                            return;
                        }
                        Vpn.this.mInterface = null;
                        resetIkeState();
                        InetAddress localHost = InetAddress.getLocalHost();
                        this.mTunnelIface = this.mIpSecManager.createIpSecTunnelInterface(localHost, localHost, network);
                        NetdUtils.setInterfaceUp(Vpn.this.mNetd, this.mTunnelIface.getInterfaceName());
                        int i = this.mCurrentToken + 1;
                        this.mCurrentToken = i;
                        this.mSession = Vpn.this.mIkev2SessionCreator.createIkeSession(Vpn.this.mContext, getIkeSessionParams(network), getChildSessionParams(), this.mExecutor, new VpnIkev2Utils.IkeSessionCallbackImpl("IkeV2VpnRunner", this, i), new VpnIkev2Utils.ChildSessionCallbackImpl("IkeV2VpnRunner", this, i));
                        Log.d("IkeV2VpnRunner", "IKE session started for token " + i);
                    } catch (Throwable th) {
                        throw th;
                    }
                }
            } catch (Exception e) {
                Log.i("IkeV2VpnRunner", "Setup failed for token " + this.mCurrentToken + ". Aborting", e);
                onSessionLost(this.mCurrentToken, e);
            }
        }

        public final void startOrMigrateIkeSession(Network network) {
            synchronized (Vpn.this) {
                try {
                    if (Vpn.this.mVpnRunner != this) {
                        return;
                    }
                    Vpn.this.setVpnNetworkPreference(this.mSessionKey, Vpn.this.createUserAndRestrictedProfilesRanges(Vpn.this.mUserId, Vpn.this.mConfig.allowedApplications, Vpn.this.mConfig.disallowedApplications));
                    if (network == null) {
                        Log.d("IkeV2VpnRunner", "There is no active network for starting an IKE session");
                        return;
                    }
                    List singletonList = Collections.singletonList(network);
                    if (!singletonList.equals(Vpn.this.mNetworkCapabilities.getUnderlyingNetworks())) {
                        Vpn.this.mNetworkCapabilities = new NetworkCapabilities.Builder(Vpn.this.mNetworkCapabilities).setUnderlyingNetworks(singletonList).build();
                        if (Vpn.this.mNetworkAgent != null) {
                            Vpn.this.doSetUnderlyingNetworks(Vpn.this.mNetworkAgent, singletonList);
                        }
                    }
                    if (maybeMigrateIkeSessionAndUpdateVpnTransportInfo(network)) {
                        return;
                    }
                    startIkeSession(network);
                } catch (Throwable th) {
                    throw th;
                }
            }
        }

        public void updateVpnTransportInfoAndNetCap(int i) {
            VpnTransportInfo vpnTransportInfo;
            synchronized (Vpn.this) {
                try {
                    vpnTransportInfo = new VpnTransportInfo(Vpn.this.getActiveVpnType(), Vpn.this.mConfig.session, Vpn.this.mConfig.allowBypass && !Vpn.this.mLockdown, Vpn.areLongLivedTcpConnectionsExpensive(i));
                } catch (Throwable th) {
                    throw th;
                }
            }
            if (!vpnTransportInfo.equals(Vpn.this.mNetworkCapabilities.getTransportInfo())) {
                Vpn.this.mNetworkCapabilities = new NetworkCapabilities.Builder(Vpn.this.mNetworkCapabilities).setTransportInfo(vpnTransportInfo).build();
                Vpn.this.mEventChanges.log("[VPNRunner] Update agent caps " + Vpn.this.mNetworkCapabilities);
                Vpn.doSendNetworkCapabilities(Vpn.this.mNetworkAgent, Vpn.this.mNetworkCapabilities);
            }
        }
    }

    /* loaded from: classes.dex */
    public interface IkeV2VpnRunnerCallback {
        void onChildMigrated(int i, IpSecTransform ipSecTransform, IpSecTransform ipSecTransform2);

        void onChildOpened(int i, ChildSessionConfiguration childSessionConfiguration);

        void onChildTransformCreated(int i, IpSecTransform ipSecTransform, int i2);

        void onDefaultNetworkCapabilitiesChanged(NetworkCapabilities networkCapabilities);

        void onDefaultNetworkChanged(Network network);

        void onDefaultNetworkLinkPropertiesChanged(LinkProperties linkProperties);

        void onDefaultNetworkLost(Network network);

        void onIkeConnectionInfoChanged(int i, IkeSessionConnectionInfo ikeSessionConnectionInfo);

        void onIkeOpened(int i, IkeSessionConfiguration ikeSessionConfiguration);

        void onSessionLost(int i, Exception exc);
    }

    @VisibleForTesting
    /* loaded from: classes.dex */
    public class Ikev2SessionCreator {
        public IkeSessionWrapper createIkeSession(Context context, IkeSessionParams ikeSessionParams, ChildSessionParams childSessionParams, Executor executor, IkeSessionCallback ikeSessionCallback, ChildSessionCallback childSessionCallback) {
            return new IkeSessionWrapper(new IkeSession(context, ikeSessionParams, childSessionParams, executor, ikeSessionCallback, childSessionCallback));
        }
    }

    @VisibleForTesting
    /* loaded from: classes.dex */
    public class SystemServices {
        public final Context mContext;

        public SystemServices(Context context) {
            this.mContext = context;
        }

        public final ContentResolver getContentResolverAsUser(int i) {
            return this.mContext.createContextAsUser(UserHandle.of(i), 0).getContentResolver();
        }

        public PendingIntent pendingIntentGetActivityAsUser(Intent intent, int i, UserHandle userHandle) {
            return PendingIntent.getActivity(this.mContext.createContextAsUser(userHandle, 0), 0, intent, i);
        }

        public int settingsSecureGetIntForUser(String str, int i, int i2) {
            return Settings.Secure.getInt(getContentResolverAsUser(i2), str, i);
        }

        public String settingsSecureGetStringForUser(String str, int i) {
            return Settings.Secure.getString(getContentResolverAsUser(i), str);
        }

        public void settingsSecurePutIntForUser(String str, int i, int i2) {
            Settings.Secure.putInt(getContentResolverAsUser(i2), str, i);
        }

        public void settingsSecurePutStringForUser(String str, String str2, int i) {
            Settings.Secure.putString(getContentResolverAsUser(i), str, str2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: classes.dex */
    public interface ValidationStatusCallback {
        void onValidationStatus(int i);
    }

    @VisibleForTesting
    /* loaded from: classes.dex */
    public class VpnNetworkAgentWrapper extends NetworkAgent {
        public final ValidationStatusCallback mCallback;

        public VpnNetworkAgentWrapper(Context context, Looper looper, String str, NetworkCapabilities networkCapabilities, LinkProperties linkProperties, NetworkScore networkScore, NetworkAgentConfig networkAgentConfig, NetworkProvider networkProvider, ValidationStatusCallback validationStatusCallback) {
            super(context, looper, str, networkCapabilities, linkProperties, networkScore, networkAgentConfig, networkProvider);
            this.mCallback = validationStatusCallback;
        }

        public void doSendLinkProperties(LinkProperties linkProperties) {
            sendLinkProperties(linkProperties);
        }

        public void doSendNetworkCapabilities(NetworkCapabilities networkCapabilities) {
            sendNetworkCapabilities(networkCapabilities);
        }

        public void doSetUnderlyingNetworks(List list) {
            setUnderlyingNetworks(list);
        }

        public void onNetworkUnwanted() {
        }

        public void onValidationStatus(int i, Uri uri) {
            if (this.mCallback != null) {
                this.mCallback.onValidationStatus(i);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: classes.dex */
    public abstract class VpnRunner extends Thread {
        public VpnRunner(String str) {
            super(str);
        }

        public final void exit() {
            synchronized (Vpn.this) {
                exitVpnRunner();
                Vpn.this.cleanupVpnStateLocked();
            }
        }

        public abstract void exitVpnRunner();
    }

    public Vpn(Looper looper, Context context, INetworkManagementService iNetworkManagementService, INetd iNetd, int i, VpnProfileStore vpnProfileStore) {
        this(looper, context, new Dependencies(), iNetworkManagementService, iNetd, i, vpnProfileStore, new SystemServices(context), new Ikev2SessionCreator());
    }

    @VisibleForTesting
    public Vpn(Looper looper, Context context, Dependencies dependencies, INetworkManagementService iNetworkManagementService, INetd iNetd, int i, VpnProfileStore vpnProfileStore) {
        this(looper, context, dependencies, iNetworkManagementService, iNetd, i, vpnProfileStore, new SystemServices(context), new Ikev2SessionCreator());
    }

    @VisibleForTesting
    public Vpn(Looper looper, Context context, Dependencies dependencies, INetworkManagementService iNetworkManagementService, INetd iNetd, int i, VpnProfileStore vpnProfileStore, SystemServices systemServices, Ikev2SessionCreator ikev2SessionCreator) {
        this.mEnableTeardown = true;
        this.mEventChanges = new LocalLog(100);
        this.mCachedCarrierConfigInfoPerSubId = new SparseArray();
        this.mAlwaysOn = false;
        this.mLockdown = false;
        this.mLockdownAllowlist = Collections.emptyList();
        this.mBlockedUidsAsToldToConnectivity = new ArraySet();
        this.mObserver = new BaseNetworkObserver() { // from class: com.android.server.connectivity.Vpn.1
            public void interfaceRemoved(String str) {
                synchronized (Vpn.this) {
                    try {
                        if (str.equals(Vpn.this.mInterface) && Vpn.this.jniCheck(str) == 0) {
                            if (Vpn.this.mConnection != null) {
                                Vpn.this.mAppOpsManager.finishOp("android:establish_vpn_service", Vpn.this.mOwnerUID, Vpn.this.mPackage, null);
                                Vpn.this.mContext.unbindService(Vpn.this.mConnection);
                                Vpn.this.cleanupVpnStateLocked();
                            } else if (Vpn.this.mVpnRunner != null) {
                                if (!"[Legacy VPN]".equals(Vpn.this.mPackage)) {
                                    Vpn.this.mAppOpsManager.finishOp("android:establish_vpn_manager", Vpn.this.mOwnerUID, Vpn.this.mPackage, null);
                                }
                                Vpn.this.mVpnRunner.exit();
                            }
                        }
                    } catch (Throwable th) {
                        throw th;
                    }
                }
            }
        };
        this.mVpnProfileStore = vpnProfileStore;
        this.mContext = context;
        this.mConnectivityManager = (ConnectivityManager) this.mContext.getSystemService(ConnectivityManager.class);
        this.mAppOpsManager = (AppOpsManager) this.mContext.getSystemService(AppOpsManager.class);
        this.mUserIdContext = context.createContextAsUser(UserHandle.of(i), 0);
        this.mConnectivityDiagnosticsManager = (ConnectivityDiagnosticsManager) this.mContext.getSystemService(ConnectivityDiagnosticsManager.class);
        this.mCarrierConfigManager = (CarrierConfigManager) this.mContext.getSystemService(CarrierConfigManager.class);
        this.mTelephonyManager = (TelephonyManager) this.mContext.getSystemService(TelephonyManager.class);
        this.mSubscriptionManager = (SubscriptionManager) this.mContext.getSystemService(SubscriptionManager.class);
        this.mDeps = dependencies;
        this.mNetd = iNetd;
        this.mUserId = i;
        this.mLooper = looper;
        this.mSystemServices = systemServices;
        this.mIkev2SessionCreator = ikev2SessionCreator;
        this.mUserManager = (UserManager) this.mContext.getSystemService(UserManager.class);
        this.mPackage = "[Legacy VPN]";
        this.mOwnerUID = getAppUid(this.mContext, this.mPackage, this.mUserId);
        this.mIsPackageTargetingAtLeastQ = doesPackageTargetAtLeastQ(this.mPackage);
        try {
            iNetworkManagementService.registerObserver(this.mObserver);
        } catch (RemoteException e) {
            Log.wtf("Vpn", "Problem registering observer", e);
        }
        this.mNetworkProvider = new NetworkProvider(context, looper, "VpnNetworkProvider:" + this.mUserId);
        this.mConnectivityManager.registerNetworkProvider(this.mNetworkProvider);
        this.mLegacyState = 0;
        this.mNetworkInfo = new NetworkInfo(17, 0, "VPN", "");
        this.mNetworkCapabilities = new NetworkCapabilities.Builder().addTransportType(4).removeCapability(15).addCapability(28).setTransportInfo(new VpnTransportInfo(-1, (String) null, false, false)).build();
        loadAlwaysOnPackage();
    }

    public static boolean areLongLivedTcpConnectionsExpensive(int i) {
        return i < 60;
    }

    public static boolean areLongLivedTcpConnectionsExpensive(VpnRunner vpnRunner) {
        if (vpnRunner instanceof IkeV2VpnRunner) {
            return areLongLivedTcpConnectionsExpensive(((IkeV2VpnRunner) vpnRunner).getOrGuessKeepaliveDelaySeconds());
        }
        return false;
    }

    @VisibleForTesting
    public static Range<Integer> createUidRangeForUser(int i) {
        return new Range<>(Integer.valueOf(i * 100000), Integer.valueOf(((i + 1) * 100000) - 1));
    }

    public static void doSendLinkProperties(NetworkAgent networkAgent, LinkProperties linkProperties) {
        if (networkAgent instanceof VpnNetworkAgentWrapper) {
            ((VpnNetworkAgentWrapper) networkAgent).doSendLinkProperties(linkProperties);
        } else {
            networkAgent.sendLinkProperties(linkProperties);
        }
    }

    public static void doSendNetworkCapabilities(NetworkAgent networkAgent, NetworkCapabilities networkCapabilities) {
        if (networkAgent instanceof VpnNetworkAgentWrapper) {
            ((VpnNetworkAgentWrapper) networkAgent).doSendNetworkCapabilities(networkCapabilities);
        } else {
            networkAgent.sendNetworkCapabilities(networkCapabilities);
        }
    }

    public static boolean doesPackageHaveAppop(Context context, String str, String str2) {
        return ((AppOpsManager) context.getSystemService("appops")).noteOpNoThrow(str2, Binder.getCallingUid(), str, null, null) == 0;
    }

    public static int getAppUid(Context context, String str, int i) {
        if ("[Legacy VPN]".equals(str)) {
            return Process.myUid();
        }
        PackageManager packageManager = context.getPackageManager();
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            int packageUidAsUser = packageManager.getPackageUidAsUser(str, i);
            Binder.restoreCallingIdentity(clearCallingIdentity);
            return packageUidAsUser;
        } catch (PackageManager.NameNotFoundException e) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            return -1;
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    public static int getCellSubIdForNetworkCapabilities(NetworkCapabilities networkCapabilities) {
        if (networkCapabilities == null || !networkCapabilities.hasTransport(0)) {
            return -1;
        }
        NetworkSpecifier networkSpecifier = networkCapabilities.getNetworkSpecifier();
        if (networkSpecifier instanceof TelephonyNetworkSpecifier) {
            return ((TelephonyNetworkSpecifier) networkSpecifier).getSubscriptionId();
        }
        return -1;
    }

    public static boolean isIPv6Only(List list) {
        boolean z = false;
        boolean z2 = false;
        Iterator it = list.iterator();
        while (it.hasNext()) {
            LinkAddress linkAddress = (LinkAddress) it.next();
            z |= linkAddress.isIpv6();
            z2 |= linkAddress.isIpv4();
        }
        return z && !z2;
    }

    public static boolean isNullOrLegacyVpn(String str) {
        return str == null || "[Legacy VPN]".equals(str);
    }

    public static boolean isVpnApp(String str) {
        return (str == null || "[Legacy VPN]".equals(str)) ? false : true;
    }

    public static boolean isVpnPreConsented(Context context, String str, int i) {
        switch (i) {
            case 1:
                return isVpnServicePreConsented(context, str);
            case 2:
                return isVpnProfilePreConsented(context, str);
            case 3:
                return "[Legacy VPN]".equals(str);
            default:
                return false;
        }
    }

    public static boolean isVpnProfilePreConsented(Context context, String str) {
        return doesPackageHaveAppop(context, str, "android:activate_platform_vpn") || isVpnServicePreConsented(context, str);
    }

    public static boolean isVpnServicePreConsented(Context context, String str) {
        return doesPackageHaveAppop(context, str, "android:activate_vpn");
    }

    private native boolean jniAddAddress(String str, String str2, int i);

    /* JADX INFO: Access modifiers changed from: private */
    public native int jniCheck(String str);

    /* JADX INFO: Access modifiers changed from: private */
    public native int jniCreate(int i);

    private native boolean jniDelAddress(String str, String str2, int i);

    /* JADX INFO: Access modifiers changed from: private */
    public native String jniGetName(int i);

    private native void jniReset(String str);

    /* JADX INFO: Access modifiers changed from: private */
    public native int jniSetAddresses(String str, String str2);

    public static List uidRangesForUser(int i, Set set) {
        Range<Integer> createUidRangeForUser = createUidRangeForUser(i);
        ArrayList arrayList = new ArrayList();
        Iterator it = set.iterator();
        while (it.hasNext()) {
            Range<Integer> range = (Range) it.next();
            if (createUidRangeForUser.contains(range)) {
                arrayList.add(range);
            }
        }
        return arrayList;
    }

    public synchronized boolean addAddress(String str, int i) {
        if (!isCallerEstablishedOwnerLocked()) {
            return false;
        }
        boolean jniAddAddress = jniAddAddress(this.mInterface, str, i);
        doSendLinkProperties(this.mNetworkAgent, makeLinkProperties());
        return jniAddAddress;
    }

    @VisibleForTesting
    public void addUserToRanges(@NonNull Set<Range<Integer>> set, int i, @Nullable List<String> list, @Nullable List<String> list2) {
        if (list != null) {
            int i2 = -1;
            int i3 = -1;
            Iterator it = getAppsUids(list, i).iterator();
            while (it.hasNext()) {
                int intValue = ((Integer) it.next()).intValue();
                if (i2 == -1) {
                    i2 = intValue;
                } else if (intValue != i3 + 1) {
                    set.add(new Range<>(Integer.valueOf(i2), Integer.valueOf(i3)));
                    i2 = intValue;
                }
                i3 = intValue;
            }
            if (i2 != -1) {
                set.add(new Range<>(Integer.valueOf(i2), Integer.valueOf(i3)));
                return;
            }
            return;
        }
        if (list2 == null) {
            set.add(createUidRangeForUser(i));
            return;
        }
        Range<Integer> createUidRangeForUser = createUidRangeForUser(i);
        int intValue2 = createUidRangeForUser.getLower().intValue();
        Iterator it2 = getAppsUids(list2, i).iterator();
        while (it2.hasNext()) {
            int intValue3 = ((Integer) it2.next()).intValue();
            if (intValue3 == intValue2) {
                intValue2++;
            } else {
                set.add(new Range<>(Integer.valueOf(intValue2), Integer.valueOf(intValue3 - 1)));
                intValue2 = intValue3 + 1;
            }
        }
        if (intValue2 <= createUidRangeForUser.getUpper().intValue()) {
            set.add(new Range<>(Integer.valueOf(intValue2), createUidRangeForUser.getUpper()));
        }
    }

    public final void agentConnect() {
        agentConnect(null);
    }

    public final void agentConnect(ValidationStatusCallback validationStatusCallback) {
        IkeSessionWrapper ikeSessionWrapper;
        LinkProperties makeLinkProperties = makeLinkProperties();
        NetworkCapabilities.Builder builder = new NetworkCapabilities.Builder(this.mNetworkCapabilities);
        builder.addCapability(12);
        this.mLegacyState = 2;
        updateState(NetworkInfo.DetailedState.CONNECTING, "agentConnect");
        boolean z = this.mConfig.allowBypass && !this.mLockdown;
        NetworkAgentConfig build = new NetworkAgentConfig.Builder().setLegacyType(17).setLegacyTypeName("VPN").setBypassableVpn(z).setVpnRequiresValidation(this.mConfig.requiresInternetValidation).setLocalRoutesExcludedForVpn(this.mConfig.excludeLocalRoutes).setLegacyExtraInfo("VPN:" + this.mPackage).build();
        builder.setOwnerUid(this.mOwnerUID);
        builder.setAdministratorUids(new int[]{this.mOwnerUID});
        builder.setUids(createUserAndRestrictedProfilesRanges(this.mUserId, this.mConfig.allowedApplications, this.mConfig.disallowedApplications));
        builder.setTransportInfo(new VpnTransportInfo(getActiveVpnType(), this.mConfig.session, z, areLongLivedTcpConnectionsExpensive(this.mVpnRunner)));
        if (this.mIsPackageTargetingAtLeastQ && this.mConfig.isMetered) {
            builder.removeCapability(11);
        } else {
            builder.addCapability(11);
        }
        builder.setUnderlyingNetworks(this.mConfig.underlyingNetworks != null ? Arrays.asList(this.mConfig.underlyingNetworks) : null);
        this.mNetworkCapabilities = builder.build();
        logUnderlyNetworkChanges(this.mNetworkCapabilities.getUnderlyingNetworks());
        this.mNetworkAgent = this.mDeps.newNetworkAgent(this.mContext, this.mLooper, "VPN", this.mNetworkCapabilities, makeLinkProperties, new NetworkScore.Builder().setLegacyInt(101).build(), build, this.mNetworkProvider, validationStatusCallback);
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            try {
                this.mNetworkAgent.register();
                Binder.restoreCallingIdentity(clearCallingIdentity);
                updateState(NetworkInfo.DetailedState.CONNECTED, "agentConnect");
                if (!isIkev2VpnRunner() || (ikeSessionWrapper = ((IkeV2VpnRunner) this.mVpnRunner).mSession) == null) {
                    return;
                }
                ikeSessionWrapper.setUnderpinnedNetwork(this.mNetworkAgent.getNetwork());
            } catch (Exception e) {
                this.mNetworkAgent = null;
                throw e;
            }
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    public final void agentDisconnect() {
        updateState(NetworkInfo.DetailedState.DISCONNECTED, "agentDisconnect");
    }

    public final void agentDisconnect(NetworkAgent networkAgent) {
        if (networkAgent != null) {
            networkAgent.unregister();
        }
    }

    public final Intent buildVpnManagerEventIntent(String str, int i, int i2, String str2, String str3, VpnProfileState vpnProfileState, Network network, NetworkCapabilities networkCapabilities, LinkProperties linkProperties) {
        Log.d("Vpn", "buildVpnManagerEventIntent: sessionKey = " + str3);
        Intent intent = new Intent("android.net.action.VPN_MANAGER_EVENT");
        intent.setPackage(str2);
        intent.addCategory(str);
        intent.putExtra("android.net.extra.VPN_PROFILE_STATE", vpnProfileState);
        intent.putExtra("android.net.extra.SESSION_KEY", str3);
        intent.putExtra("android.net.extra.UNDERLYING_NETWORK", network);
        intent.putExtra("android.net.extra.UNDERLYING_NETWORK_CAPABILITIES", networkCapabilities);
        intent.putExtra("android.net.extra.UNDERLYING_LINK_PROPERTIES", linkProperties);
        intent.putExtra("android.net.extra.TIMESTAMP_MILLIS", System.currentTimeMillis());
        if (!"android.net.category.EVENT_DEACTIVATED_BY_USER".equals(str) || !"android.net.category.EVENT_ALWAYS_ON_STATE_CHANGED".equals(str)) {
            intent.putExtra("android.net.extra.ERROR_CLASS", i);
            intent.putExtra("android.net.extra.ERROR_CODE", i2);
        }
        return intent;
    }

    public final boolean canHaveRestrictedProfile(int i) {
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            return ((UserManager) this.mContext.createContextAsUser(UserHandle.of(i), 0).getSystemService(UserManager.class)).canHaveRestrictedProfile();
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }

    public final void cleanupVpnStateLocked() {
        this.mStatusIntent = null;
        resetNetworkCapabilities();
        this.mConfig = null;
        this.mInterface = null;
        this.mVpnRunner = null;
        this.mConnection = null;
        agentDisconnect();
    }

    public final void clearVpnNetworkPreference(final String str) {
        BinderUtils.withCleanCallingIdentity(new BinderUtils.ThrowingRunnable() { // from class: com.android.server.connectivity.Vpn$$ExternalSyntheticLambda1
            public final void run() {
                Vpn.this.lambda$clearVpnNetworkPreference$1(str);
            }
        });
    }

    @VisibleForTesting
    public Set<Range<Integer>> createUserAndRestrictedProfilesRanges(int i, @Nullable List<String> list, @Nullable List<String> list2) {
        ArraySet arraySet = new ArraySet();
        addUserToRanges(arraySet, i, list, list2);
        if (canHaveRestrictedProfile(i)) {
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                List<UserInfo> aliveUsers = this.mUserManager.getAliveUsers();
                Binder.restoreCallingIdentity(clearCallingIdentity);
                for (UserInfo userInfo : aliveUsers) {
                    if (userInfo.isRestricted() && userInfo.restrictedProfileParentId == i) {
                        addUserToRanges(arraySet, userInfo.id, list, list2);
                    }
                }
            } catch (Throwable th) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        }
        return arraySet;
    }

    public synchronized void deleteVpnProfile(String str) {
        Objects.requireNonNull(str, "No package name provided");
        verifyCallingUidAndPackage(str);
        enforceNotRestrictedUser();
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            if (isCurrentIkev2VpnLocked(str)) {
                try {
                    if (this.mAlwaysOn) {
                        setAlwaysOnPackage(null, false, null);
                    } else {
                        prepareInternal("[Legacy VPN]");
                    }
                } catch (Throwable th) {
                    th = th;
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    throw th;
                }
            }
            getVpnProfileStore().remove(getProfileNameForPackage(str));
            Binder.restoreCallingIdentity(clearCallingIdentity);
        } catch (Throwable th2) {
            th = th2;
        }
    }

    public final void doSetUnderlyingNetworks(NetworkAgent networkAgent, List list) {
        logUnderlyNetworkChanges(list);
        if (networkAgent instanceof VpnNetworkAgentWrapper) {
            ((VpnNetworkAgentWrapper) networkAgent).doSetUnderlyingNetworks(list);
        } else {
            networkAgent.setUnderlyingNetworks(list);
        }
    }

    public final boolean doesPackageTargetAtLeastQ(String str) {
        if ("[Legacy VPN]".equals(str)) {
            return true;
        }
        try {
            return this.mContext.getPackageManager().getApplicationInfoAsUser(str, 0, this.mUserId).targetSdkVersion >= 29;
        } catch (PackageManager.NameNotFoundException e) {
            Log.w("Vpn", "Can't find \"" + str + "\"");
            return false;
        }
    }

    public void dump(IndentingPrintWriter indentingPrintWriter) {
        synchronized (this) {
            try {
                indentingPrintWriter.println("Active package name: " + this.mPackage);
                indentingPrintWriter.println("Active vpn type: " + getActiveVpnType());
                indentingPrintWriter.println("NetworkCapabilities: " + this.mNetworkCapabilities);
                if (isIkev2VpnRunner()) {
                    IkeV2VpnRunner ikeV2VpnRunner = (IkeV2VpnRunner) this.mVpnRunner;
                    indentingPrintWriter.println("SessionKey: " + ikeV2VpnRunner.mSessionKey);
                    StringBuilder sb = new StringBuilder();
                    sb.append("MOBIKE ");
                    sb.append(ikeV2VpnRunner.mMobikeEnabled ? "enabled" : "disabled");
                    indentingPrintWriter.println(sb.toString());
                    indentingPrintWriter.println("Profile: " + ikeV2VpnRunner.mProfile);
                    indentingPrintWriter.println("Token: " + ikeV2VpnRunner.mCurrentToken);
                    indentingPrintWriter.println("Validation failed retry count:" + ikeV2VpnRunner.mValidationFailRetryCount);
                    if (ikeV2VpnRunner.mScheduledHandleDataStallFuture != null) {
                        indentingPrintWriter.println("Reset session scheduled");
                    }
                }
                indentingPrintWriter.println();
                indentingPrintWriter.println("mCachedCarrierConfigInfoPerSubId=" + this.mCachedCarrierConfigInfoPerSubId);
                indentingPrintWriter.println("mEventChanges (most recent first):");
                indentingPrintWriter.increaseIndent();
                this.mEventChanges.reverseDump(indentingPrintWriter);
                indentingPrintWriter.decreaseIndent();
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    public final void enforceControlPermission() {
        this.mContext.enforceCallingPermission("android.permission.CONTROL_VPN", "Unauthorized Caller");
    }

    public final void enforceControlPermissionOrInternalCaller() {
        this.mContext.enforceCallingOrSelfPermission("android.permission.CONTROL_VPN", "Unauthorized Caller");
    }

    public final void enforceNotRestrictedUser() {
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            if (this.mUserManager.getUserInfo(this.mUserId).isRestricted()) {
                throw new SecurityException("Restricted users cannot configure VPNs");
            }
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }

    public final void enforceSettingsPermission() {
        this.mContext.enforceCallingOrSelfPermission("android.permission.NETWORK_SETTINGS", "Unauthorized Caller");
    }

    public synchronized ParcelFileDescriptor establish(VpnConfig vpnConfig) {
        try {
            if (Binder.getCallingUid() != this.mOwnerUID) {
                return null;
            }
            if (!isVpnServicePreConsented(this.mContext, this.mPackage)) {
                return null;
            }
            Intent intent = new Intent("android.net.VpnService");
            intent.setClassName(this.mPackage, vpnConfig.user);
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                enforceNotRestrictedUser();
                PackageManager packageManager = this.mUserIdContext.getPackageManager();
                if (packageManager == null) {
                    throw new IllegalStateException("Cannot get PackageManager.");
                }
                ResolveInfo resolveService = packageManager.resolveService(intent, 0);
                if (resolveService == null) {
                    throw new SecurityException("Cannot find " + vpnConfig.user);
                }
                if (!"android.permission.BIND_VPN_SERVICE".equals(resolveService.serviceInfo.permission)) {
                    throw new SecurityException(vpnConfig.user + " does not require android.permission.BIND_VPN_SERVICE");
                }
                Binder.restoreCallingIdentity(clearCallingIdentity);
                VpnConfig vpnConfig2 = this.mConfig;
                String str = this.mInterface;
                Connection connection = this.mConnection;
                NetworkAgent networkAgent = this.mNetworkAgent;
                Set uids = this.mNetworkCapabilities.getUids();
                ParcelFileDescriptor adoptFd = this.mDeps.adoptFd(this, vpnConfig.mtu);
                try {
                    String jniGetName = this.mDeps.jniGetName(this, adoptFd.getFd());
                    StringBuilder sb = new StringBuilder();
                    for (LinkAddress linkAddress : vpnConfig.addresses) {
                        sb.append(" ");
                        sb.append(linkAddress);
                    }
                    if (this.mDeps.jniSetAddresses(this, jniGetName, sb.toString()) < 1) {
                        throw new IllegalArgumentException("At least one address must be specified");
                    }
                    Connection connection2 = new Connection();
                    if (!this.mContext.bindServiceAsUser(intent, connection2, 67108865, new UserHandle(this.mUserId))) {
                        throw new IllegalStateException("Cannot bind " + vpnConfig.user);
                    }
                    this.mConnection = connection2;
                    this.mInterface = jniGetName;
                    vpnConfig.user = this.mPackage;
                    vpnConfig.interfaze = this.mInterface;
                    vpnConfig.startTime = SystemClock.elapsedRealtime();
                    this.mConfig = vpnConfig;
                    if (vpnConfig2 == null || !updateLinkPropertiesInPlaceIfPossible(this.mNetworkAgent, vpnConfig2)) {
                        startNewNetworkAgent(networkAgent, "establish");
                    } else if (!Arrays.equals(vpnConfig2.underlyingNetworks, vpnConfig.underlyingNetworks)) {
                        setUnderlyingNetworks(vpnConfig.underlyingNetworks);
                    }
                    if (connection != null) {
                        this.mContext.unbindService(connection);
                    }
                    if (str != null && !str.equals(jniGetName)) {
                        jniReset(str);
                    }
                    this.mDeps.setBlocking(adoptFd.getFileDescriptor(), vpnConfig.blocking);
                    if (networkAgent != this.mNetworkAgent) {
                        this.mAppOpsManager.startOp("android:establish_vpn_service", this.mOwnerUID, this.mPackage, null, null);
                    }
                    Log.i("Vpn", "Established by " + vpnConfig.user + " on " + this.mInterface);
                    return adoptFd;
                } catch (RuntimeException e) {
                    IoUtils.closeQuietly(adoptFd);
                    if (networkAgent != this.mNetworkAgent) {
                        agentDisconnect();
                    }
                    this.mConfig = vpnConfig2;
                    this.mConnection = connection;
                    this.mNetworkCapabilities = new NetworkCapabilities.Builder(this.mNetworkCapabilities).setUids(uids).build();
                    this.mNetworkAgent = networkAgent;
                    this.mInterface = str;
                    throw e;
                }
            } finally {
                Binder.restoreCallingIdentity(clearCallingIdentity);
            }
        } catch (Throwable th) {
            throw th;
        }
    }

    public synchronized int getActiveVpnType() {
        if (!this.mNetworkInfo.isConnectedOrConnecting()) {
            return -1;
        }
        if (this.mVpnRunner == null) {
            return 1;
        }
        return isIkev2VpnRunner() ? 2 : 3;
    }

    public synchronized boolean getAlwaysOn() {
        return this.mAlwaysOn;
    }

    public synchronized String getAlwaysOnPackage() {
        enforceControlPermissionOrInternalCaller();
        return this.mAlwaysOn ? this.mPackage : null;
    }

    /* JADX WARN: Not initialized variable reg: 0, insn: 0x004a: INVOKE (r0 I:long) STATIC call: android.os.Binder.restoreCallingIdentity(long):void A[Catch: all -> 0x0026, MD:(long):void (c), TRY_ENTER], block:B:27:0x004a */
    public synchronized List getAppExclusionList(String str) {
        long restoreCallingIdentity;
        try {
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                byte[] bArr = getVpnProfileStore().get(getVpnAppExcludedForPackage(str));
                if (bArr != null && bArr.length != 0) {
                    List list = PersistableBundleUtils.toList(PersistableBundleUtils.fromDiskStableBytes(bArr), PersistableBundleUtils.STRING_DESERIALIZER);
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    return list;
                }
                ArrayList arrayList = new ArrayList();
                Binder.restoreCallingIdentity(clearCallingIdentity);
                return arrayList;
            } catch (IOException e) {
                Log.e("Vpn", "problem reading from stream", e);
                Binder.restoreCallingIdentity(clearCallingIdentity);
                return new ArrayList();
            }
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(restoreCallingIdentity);
            throw th;
        }
    }

    public final SortedSet getAppsUids(List list, int i) {
        TreeSet treeSet = new TreeSet();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            int appUid = getAppUid(this.mContext, (String) it.next(), i);
            if (appUid != -1) {
                treeSet.add(Integer.valueOf(appUid));
            }
            if (Process.isApplicationUid(appUid)) {
                treeSet.add(Integer.valueOf(Process.toSdkSandboxUid(appUid)));
            }
        }
        return treeSet;
    }

    public final String getCaCertificateFromKeystoreAsPem(KeyStore keyStore, String str) {
        if (keyStore.isCertificateEntry(str)) {
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate == null) {
                return null;
            }
            return new String(Credentials.convertToPem(new Certificate[]{certificate}), StandardCharsets.UTF_8);
        }
        Certificate[] certificateChain = keyStore.getCertificateChain(str);
        if (certificateChain == null || certificateChain.length <= 1) {
            return null;
        }
        return new String(Credentials.convertToPem((Certificate[]) Arrays.copyOfRange(certificateChain, 1, certificateChain.length)), StandardCharsets.UTF_8);
    }

    @VisibleForTesting
    public boolean getEnableTeardown() {
        return this.mEnableTeardown;
    }

    public synchronized VpnConfig getLegacyVpnConfig() {
        if (!isSettingsVpnLocked()) {
            return null;
        }
        return this.mConfig;
    }

    public synchronized LegacyVpnInfo getLegacyVpnInfo() {
        enforceControlPermission();
        return getLegacyVpnInfoPrivileged();
    }

    public final synchronized LegacyVpnInfo getLegacyVpnInfoPrivileged() {
        if (!isSettingsVpnLocked()) {
            return null;
        }
        LegacyVpnInfo legacyVpnInfo = new LegacyVpnInfo();
        legacyVpnInfo.key = this.mConfig.user;
        legacyVpnInfo.state = this.mLegacyState;
        if (this.mNetworkInfo.isConnected()) {
            legacyVpnInfo.intent = this.mStatusIntent;
        }
        return legacyVpnInfo;
    }

    public synchronized boolean getLockdown() {
        return this.mLockdown;
    }

    public synchronized List getLockdownAllowlist() {
        return this.mLockdown ? this.mLockdownAllowlist : null;
    }

    @VisibleForTesting
    @Nullable
    public synchronized Network getNetwork() {
        NetworkAgent networkAgent = this.mNetworkAgent;
        if (networkAgent == null) {
            return null;
        }
        Network network = networkAgent.getNetwork();
        if (network == null) {
            return null;
        }
        return network;
    }

    public NetworkInfo getNetworkInfo() {
        return this.mNetworkInfo;
    }

    public synchronized String getPackage() {
        return this.mPackage;
    }

    @VisibleForTesting
    public String getProfileNameForPackage(String str) {
        return "PLATFORM_VPN_" + this.mUserId + "_" + str;
    }

    public synchronized VpnProfileState getProvisionedVpnProfileState(String str) {
        Objects.requireNonNull(str, "No package name provided");
        enforceNotRestrictedUser();
        return isCurrentIkev2VpnLocked(str) ? makeVpnProfileStateLocked() : null;
    }

    public final synchronized LinkProperties getRedactedLinkProperties(LinkProperties linkProperties) {
        if (linkProperties == null) {
            return null;
        }
        return this.mConnectivityManager.getRedactedLinkPropertiesForPackage(linkProperties, this.mOwnerUID, this.mPackage);
    }

    public final synchronized NetworkCapabilities getRedactedNetworkCapabilities(NetworkCapabilities networkCapabilities) {
        if (networkCapabilities == null) {
            return null;
        }
        return this.mConnectivityManager.getRedactedNetworkCapabilitiesForPackage(networkCapabilities, this.mOwnerUID, this.mPackage);
    }

    public final String getSessionKeyLocked() {
        boolean isIkev2VpnRunner = isIkev2VpnRunner();
        String str = isIkev2VpnRunner ? ((IkeV2VpnRunner) this.mVpnRunner).mSessionKey : null;
        Log.d("Vpn", "getSessionKeyLocked: isIkev2VpnRunner = " + isIkev2VpnRunner + ", sessionKey = " + str);
        return str;
    }

    public final int getStateFromLegacyState(int i) {
        switch (i) {
            case 0:
                return 0;
            case 1:
            case 4:
            default:
                Log.wtf("Vpn", "Unhandled state " + i + ", treat it as STATE_DISCONNECTED");
                return 0;
            case 2:
                return 1;
            case 3:
                return 2;
            case 5:
                return 3;
        }
    }

    public synchronized UnderlyingNetworkInfo getUnderlyingNetworkInfo() {
        if (!isRunningLocked()) {
            return null;
        }
        return new UnderlyingNetworkInfo(this.mOwnerUID, this.mInterface, new ArrayList());
    }

    @VisibleForTesting
    public String getVpnAppExcludedForPackage(String str) {
        return VPN_APP_EXCLUDED + this.mUserId + "_" + str;
    }

    public synchronized VpnConfig getVpnConfig() {
        enforceControlPermission();
        if (this.mConfig == null) {
            return null;
        }
        return new VpnConfig(this.mConfig);
    }

    public final String getVpnManagerEventClassName(int i) {
        switch (i) {
            case 1:
                return "ERROR_CLASS_NOT_RECOVERABLE";
            case 2:
                return "ERROR_CLASS_RECOVERABLE";
            default:
                return "UNKNOWN_CLASS";
        }
    }

    public final String getVpnManagerEventErrorName(int i) {
        switch (i) {
            case 0:
                return "ERROR_CODE_NETWORK_UNKNOWN_HOST";
            case 1:
                return "ERROR_CODE_NETWORK_PROTOCOL_TIMEOUT";
            case 2:
                return "ERROR_CODE_NETWORK_LOST";
            case 3:
                return "ERROR_CODE_NETWORK_IO";
            default:
                return "UNKNOWN_ERROR";
        }
    }

    @VisibleForTesting
    @Nullable
    public VpnProfile getVpnProfilePrivileged(@NonNull String str) {
        if (!this.mDeps.isCallerSystem()) {
            Log.wtf("Vpn", "getVpnProfilePrivileged called as non-System UID ");
            return null;
        }
        byte[] bArr = getVpnProfileStore().get(getProfileNameForPackage(str));
        if (bArr == null) {
            return null;
        }
        return VpnProfile.decode("", bArr);
    }

    @VisibleForTesting
    public VpnProfileStore getVpnProfileStore() {
        return this.mVpnProfileStore;
    }

    public boolean isAlwaysOnPackageSupported(String str) {
        enforceSettingsPermission();
        if (str == null) {
            return false;
        }
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            if (getVpnProfilePrivileged(str) != null) {
                return true;
            }
            Binder.restoreCallingIdentity(clearCallingIdentity);
            PackageManager packageManager = this.mContext.getPackageManager();
            ApplicationInfo applicationInfo = null;
            try {
                applicationInfo = packageManager.getApplicationInfoAsUser(str, 0, this.mUserId);
            } catch (PackageManager.NameNotFoundException e) {
                Log.w("Vpn", "Can't find \"" + str + "\" when checking always-on support");
            }
            if (applicationInfo == null || applicationInfo.targetSdkVersion < 24) {
                return false;
            }
            Intent intent = new Intent("android.net.VpnService");
            intent.setPackage(str);
            List queryIntentServicesAsUser = packageManager.queryIntentServicesAsUser(intent, 128, this.mUserId);
            if (queryIntentServicesAsUser == null || queryIntentServicesAsUser.size() == 0) {
                return false;
            }
            Iterator it = queryIntentServicesAsUser.iterator();
            while (it.hasNext()) {
                Bundle bundle = ((ResolveInfo) it.next()).serviceInfo.metaData;
                if (bundle != null && !bundle.getBoolean("android.net.VpnService.SUPPORTS_ALWAYS_ON", true)) {
                    return false;
                }
            }
            return true;
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }

    @VisibleForTesting
    public boolean isCallerEstablishedOwnerLocked() {
        return isRunningLocked() && Binder.getCallingUid() == this.mOwnerUID;
    }

    public final boolean isCurrentIkev2VpnLocked(String str) {
        return isCurrentPreparedPackage(str) && isIkev2VpnRunner();
    }

    public final boolean isCurrentPreparedPackage(String str) {
        return getAppUid(this.mContext, str, this.mUserId) == this.mOwnerUID && this.mPackage.equals(str);
    }

    public final boolean isIkev2VpnRunner() {
        return this.mVpnRunner instanceof IkeV2VpnRunner;
    }

    public final boolean isRunningLocked() {
        return (this.mNetworkAgent == null || this.mInterface == null) ? false : true;
    }

    public final boolean isSettingsVpnLocked() {
        return this.mVpnRunner != null && "[Legacy VPN]".equals(this.mPackage);
    }

    public final /* synthetic */ void lambda$clearVpnNetworkPreference$1(String str) {
        this.mConnectivityManager.setVpnDefaultForUids(str, Collections.EMPTY_LIST);
    }

    public final /* synthetic */ void lambda$setVpnNetworkPreference$0(String str, Set set) {
        this.mConnectivityManager.setVpnDefaultForUids(str, set);
    }

    public final void loadAlwaysOnPackage() {
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            String str = this.mSystemServices.settingsSecureGetStringForUser("always_on_vpn_app", this.mUserId);
            boolean z = this.mSystemServices.settingsSecureGetIntForUser("always_on_vpn_lockdown", 0, this.mUserId) != 0;
            String str2 = this.mSystemServices.settingsSecureGetStringForUser("always_on_vpn_lockdown_whitelist", this.mUserId);
            setAlwaysOnPackageInternal(str, z, TextUtils.isEmpty(str2) ? Collections.emptyList() : Arrays.asList(str2.split(",")));
            Binder.restoreCallingIdentity(clearCallingIdentity);
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    public final void logUnderlyNetworkChanges(List list) {
        LocalLog localLog = this.mEventChanges;
        StringBuilder sb = new StringBuilder();
        sb.append("[UnderlyingNW] Switch to ");
        sb.append(list != null ? TextUtils.join(", ", list) : "null");
        localLog.log(sb.toString());
    }

    public final VpnProfileState makeDisconnectedVpnProfileState() {
        return new VpnProfileState(0, null, false, false);
    }

    public final LinkProperties makeLinkProperties() {
        boolean z = isIkev2VpnRunner() && this.mConfig.mtu < 1280;
        boolean z2 = this.mConfig.allowIPv4;
        boolean z3 = this.mConfig.allowIPv6;
        LinkProperties linkProperties = new LinkProperties();
        linkProperties.setInterfaceName(this.mInterface);
        if (this.mConfig.addresses != null) {
            for (LinkAddress linkAddress : this.mConfig.addresses) {
                if (!z || !linkAddress.isIpv6()) {
                    linkProperties.addLinkAddress(linkAddress);
                    z2 |= linkAddress.getAddress() instanceof Inet4Address;
                    z3 |= linkAddress.getAddress() instanceof Inet6Address;
                }
            }
        }
        if (this.mConfig.routes != null) {
            for (RouteInfo routeInfo : this.mConfig.routes) {
                InetAddress address = routeInfo.getDestination().getAddress();
                if (!z || !(address instanceof Inet6Address)) {
                    linkProperties.addRoute(routeInfo);
                    if (routeInfo.getType() == 1) {
                        z2 |= address instanceof Inet4Address;
                        z3 |= address instanceof Inet6Address;
                    }
                }
            }
        }
        if (this.mConfig.dnsServers != null) {
            Iterator it = this.mConfig.dnsServers.iterator();
            while (it.hasNext()) {
                InetAddress parseNumericAddress = InetAddresses.parseNumericAddress((String) it.next());
                if (!z || !(parseNumericAddress instanceof Inet6Address)) {
                    linkProperties.addDnsServer(parseNumericAddress);
                    z2 |= parseNumericAddress instanceof Inet4Address;
                    z3 |= parseNumericAddress instanceof Inet6Address;
                }
            }
        }
        linkProperties.setHttpProxy(this.mConfig.proxyInfo);
        if (!z2) {
            linkProperties.addRoute(new RouteInfo(new IpPrefix(NetworkStackConstants.IPV4_ADDR_ANY, 0), null, null, 7));
        }
        if (!z3 || z) {
            linkProperties.addRoute(new RouteInfo(new IpPrefix(NetworkStackConstants.IPV6_ADDR_ANY, 0), null, null, 7));
        }
        StringBuilder sb = new StringBuilder();
        if (this.mConfig.searchDomains != null) {
            Iterator it2 = this.mConfig.searchDomains.iterator();
            while (it2.hasNext()) {
                sb.append((String) it2.next());
                sb.append(' ');
            }
        }
        linkProperties.setDomains(sb.toString().trim());
        if (this.mConfig.mtu > 0) {
            linkProperties.setMtu(this.mConfig.mtu);
        }
        return linkProperties;
    }

    public final VpnProfileState makeVpnProfileStateLocked() {
        return new VpnProfileState(getStateFromLegacyState(this.mLegacyState), isIkev2VpnRunner() ? getSessionKeyLocked() : null, this.mAlwaysOn, this.mLockdown);
    }

    public final synchronized void notifyVpnManagerVpnStopped(String str, int i, Intent intent) {
        this.mAppOpsManager.finishOp("android:establish_vpn_manager", i, str, null);
        this.mEventChanges.log("[VMEvent] " + str + " stopped");
        sendEventToVpnManagerApp(intent, str);
    }

    public void onUserAdded(int i) {
        UserInfo userInfo = this.mUserManager.getUserInfo(i);
        if (userInfo.isRestricted() && userInfo.restrictedProfileParentId == this.mUserId) {
            synchronized (this) {
                Set uids = this.mNetworkCapabilities.getUids();
                if (uids != null) {
                    try {
                        addUserToRanges(uids, i, this.mConfig.allowedApplications, this.mConfig.disallowedApplications);
                        this.mNetworkCapabilities = new NetworkCapabilities.Builder(this.mNetworkCapabilities).setUids(uids).build();
                    } catch (Exception e) {
                        Log.wtf("Vpn", "Failed to add restricted user to owner", e);
                    }
                    if (this.mNetworkAgent != null) {
                        doSendNetworkCapabilities(this.mNetworkAgent, this.mNetworkCapabilities);
                    }
                }
                setVpnForcedLocked(this.mLockdown);
            }
        }
    }

    public void onUserRemoved(int i) {
        UserInfo userInfo = this.mUserManager.getUserInfo(i);
        if (userInfo.isRestricted() && userInfo.restrictedProfileParentId == this.mUserId) {
            synchronized (this) {
                Set uids = this.mNetworkCapabilities.getUids();
                if (uids != null) {
                    try {
                        uids.removeAll(uidRangesForUser(i, uids));
                        this.mNetworkCapabilities = new NetworkCapabilities.Builder(this.mNetworkCapabilities).setUids(uids).build();
                    } catch (Exception e) {
                        Log.wtf("Vpn", "Failed to remove restricted user to owner", e);
                    }
                    if (this.mNetworkAgent != null) {
                        doSendNetworkCapabilities(this.mNetworkAgent, this.mNetworkCapabilities);
                    }
                }
                setVpnForcedLocked(this.mLockdown);
            }
        }
    }

    public synchronized void onUserStopped() {
        setVpnForcedLocked(false);
        this.mAlwaysOn = false;
        agentDisconnect();
        this.mConnectivityManager.unregisterNetworkProvider(this.mNetworkProvider);
    }

    public synchronized boolean prepare(String str, String str2, int i) {
        try {
            if (this.mContext.checkCallingOrSelfPermission("android.permission.CONTROL_VPN") != 0) {
                if (str != null) {
                    verifyCallingUidAndPackage(str);
                }
                if (str2 != null) {
                    verifyCallingUidAndPackage(str2);
                }
            }
            if (str != null) {
                if (this.mAlwaysOn && !isCurrentPreparedPackage(str)) {
                    return false;
                }
                if (!isCurrentPreparedPackage(str)) {
                    if (str.equals("[Legacy VPN]") || !isVpnPreConsented(this.mContext, str, i)) {
                        return false;
                    }
                    prepareInternal(str);
                    return true;
                }
                if (!str.equals("[Legacy VPN]") && !isVpnPreConsented(this.mContext, str, i)) {
                    prepareInternal("[Legacy VPN]");
                    return false;
                }
            }
            if (str2 != null && (str2.equals("[Legacy VPN]") || !isCurrentPreparedPackage(str2))) {
                enforceControlPermissionOrInternalCaller();
                if (this.mAlwaysOn && !isCurrentPreparedPackage(str2)) {
                    return false;
                }
                prepareInternal(str2);
                return true;
            }
            return true;
        } finally {
        }
    }

    public final void prepareInternal(String str) {
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            if (this.mInterface != null) {
                this.mStatusIntent = null;
                agentDisconnect();
                jniReset(this.mInterface);
                this.mInterface = null;
                resetNetworkCapabilities();
            }
            if (this.mConnection != null) {
                try {
                    this.mConnection.mService.transact(16777215, Parcel.obtain(), null, 1);
                } catch (Exception e) {
                }
                this.mAppOpsManager.finishOp("android:establish_vpn_service", this.mOwnerUID, this.mPackage, null);
                this.mContext.unbindService(this.mConnection);
                cleanupVpnStateLocked();
            } else if (this.mVpnRunner != null) {
                stopVpnRunnerAndNotifyAppLocked();
            }
            try {
                this.mNetd.networkSetProtectDeny(this.mOwnerUID);
            } catch (Exception e2) {
                Log.wtf("Vpn", "Failed to disallow UID " + this.mOwnerUID + " to call protect() " + e2);
            }
            Log.i("Vpn", "Switched from " + this.mPackage + " to " + str);
            this.mPackage = str;
            this.mOwnerUID = getAppUid(this.mContext, str, this.mUserId);
            this.mIsPackageTargetingAtLeastQ = doesPackageTargetAtLeastQ(str);
            try {
                this.mNetd.networkSetProtectAllow(this.mOwnerUID);
            } catch (Exception e3) {
                Log.wtf("Vpn", "Failed to allow UID " + this.mOwnerUID + " to call protect() " + e3);
            }
            this.mConfig = null;
            updateState(NetworkInfo.DetailedState.DISCONNECTED, "prepare");
            setVpnForcedLocked(this.mLockdown);
            Binder.restoreCallingIdentity(clearCallingIdentity);
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    public final void prepareStatusIntent() {
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            this.mStatusIntent = this.mDeps.getIntentForStatusPanel(this.mContext);
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }

    public synchronized boolean provisionVpnProfile(String str, VpnProfile vpnProfile) {
        try {
            Objects.requireNonNull(str, "No package name provided");
            Objects.requireNonNull(vpnProfile, "No profile provided");
            verifyCallingUidAndPackage(str);
            enforceNotRestrictedUser();
            validateRequiredFeatures(vpnProfile);
            if (vpnProfile.isRestrictedToTestNetworks) {
                this.mContext.enforceCallingPermission("android.permission.MANAGE_TEST_NETWORKS", "Test-mode profiles require the MANAGE_TEST_NETWORKS permission");
            }
            byte[] encode = vpnProfile.encode();
            if (encode.length > 131072) {
                throw new IllegalArgumentException("Profile too big");
            }
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                getVpnProfileStore().put(getProfileNameForPackage(str), encode);
                Binder.restoreCallingIdentity(clearCallingIdentity);
            } catch (Throwable th) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        } catch (Throwable th2) {
            throw th2;
        }
        return isVpnProfilePreConsented(this.mContext, str);
    }

    public synchronized void refreshPlatformVpnAppExclusionList() {
        updateAppExclusionList(getAppExclusionList(this.mPackage));
    }

    public synchronized boolean removeAddress(String str, int i) {
        if (!isCallerEstablishedOwnerLocked()) {
            return false;
        }
        boolean jniDelAddress = jniDelAddress(this.mInterface, str, i);
        doSendLinkProperties(this.mNetworkAgent, makeLinkProperties());
        return jniDelAddress;
    }

    public final void resetNetworkCapabilities() {
        this.mNetworkCapabilities = new NetworkCapabilities.Builder(this.mNetworkCapabilities).setUids((Set) null).setTransportInfo(new VpnTransportInfo(-1, (String) null, false, false)).build();
    }

    public final void saveAlwaysOnPackage() {
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            this.mSystemServices.settingsSecurePutStringForUser("always_on_vpn_app", getAlwaysOnPackage(), this.mUserId);
            this.mSystemServices.settingsSecurePutIntForUser("always_on_vpn_lockdown", (this.mAlwaysOn && this.mLockdown) ? 1 : 0, this.mUserId);
            this.mSystemServices.settingsSecurePutStringForUser("always_on_vpn_lockdown_whitelist", String.join(",", this.mLockdownAllowlist), this.mUserId);
            Binder.restoreCallingIdentity(clearCallingIdentity);
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    public final boolean sendEventToVpnManagerApp(Intent intent, String str) {
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            try {
                this.mDeps.getDeviceIdleInternal().addPowerSaveTempWhitelistApp(Process.myUid(), str, 30000L, this.mUserId, false, 309, "VpnManager event");
                try {
                    boolean z = this.mUserIdContext.startService(intent) != null;
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    return z;
                } catch (RuntimeException e) {
                    Log.e("Vpn", "Service of VpnManager app " + intent + " failed to start", e);
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    return false;
                }
            } catch (Throwable th) {
                th = th;
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    public final boolean sendEventToVpnManagerApp(String str, int i, int i2, String str2, String str3, VpnProfileState vpnProfileState, Network network, NetworkCapabilities networkCapabilities, LinkProperties linkProperties) {
        this.mEventChanges.log("[VMEvent] Event class=" + getVpnManagerEventClassName(i) + ", err=" + getVpnManagerEventErrorName(i2) + " for " + str2 + " on session " + str3);
        return sendEventToVpnManagerApp(buildVpnManagerEventIntent(str, i, i2, str2, str3, vpnProfileState, network, networkCapabilities, linkProperties), str2);
    }

    public final boolean setAllowOnlyVpnForUids(boolean z, Collection collection) {
        if (collection.size() == 0) {
            return true;
        }
        ArrayList arrayList = new ArrayList(collection.size());
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            UidRangeParcel uidRangeParcel = (UidRangeParcel) it.next();
            arrayList.add(new Range(Integer.valueOf(uidRangeParcel.start), Integer.valueOf(uidRangeParcel.stop)));
        }
        try {
            this.mConnectivityManager.setRequireVpnForUids(z, arrayList);
            if (z) {
                this.mBlockedUidsAsToldToConnectivity.addAll(collection);
            } else {
                this.mBlockedUidsAsToldToConnectivity.removeAll(collection);
            }
            return true;
        } catch (RuntimeException e) {
            Log.e("Vpn", "Updating blocked=" + z + " for UIDs " + Arrays.toString(collection.toArray()) + " failed", e);
            return false;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:21:0x0042 A[DONT_GENERATE] */
    /* JADX WARN: Removed duplicated region for block: B:24:0x0044 A[Catch: all -> 0x002a, TRY_ENTER, TryCatch #0 {all -> 0x002a, blocks: (B:4:0x0003, B:7:0x0015, B:9:0x001c, B:11:0x0020, B:15:0x002f, B:19:0x003b, B:24:0x0044, B:28:0x004d, B:29:0x0058, B:31:0x0069, B:35:0x0053), top: B:3:0x0003 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized boolean setAlwaysOnPackage(java.lang.String r18, boolean r19, java.util.List r20) {
        /*
            r17 = this;
            r1 = r17
            monitor-enter(r17)
            r1.enforceControlPermissionOrInternalCaller()     // Catch: java.lang.Throwable -> L2a
            java.lang.String r5 = r1.mPackage     // Catch: java.lang.Throwable -> L2a
            r0 = r18
            boolean r2 = java.util.Objects.equals(r0, r5)     // Catch: java.lang.Throwable -> L2a
            r3 = 0
            r11 = 1
            if (r2 != 0) goto L14
            r2 = r11
            goto L15
        L14:
            r2 = r3
        L15:
            r12 = r2
            boolean r2 = isVpnApp(r5)     // Catch: java.lang.Throwable -> L2a
            if (r2 == 0) goto L2c
            boolean r2 = r1.mAlwaysOn     // Catch: java.lang.Throwable -> L2a
            if (r2 == 0) goto L2c
            boolean r2 = r1.mLockdown     // Catch: java.lang.Throwable -> L2a
            r13 = r19
            if (r13 != r2) goto L28
            if (r12 == 0) goto L2e
        L28:
            r2 = r11
            goto L2f
        L2a:
            r0 = move-exception
            goto L80
        L2c:
            r13 = r19
        L2e:
            r2 = r3
        L2f:
            r14 = r2
            boolean r2 = isVpnApp(r0)     // Catch: java.lang.Throwable -> L2a
            if (r2 == 0) goto L3a
            if (r12 == 0) goto L3a
            r2 = r11
            goto L3b
        L3a:
            r2 = r3
        L3b:
            r15 = r2
            boolean r2 = r17.setAlwaysOnPackageInternal(r18, r19, r20)     // Catch: java.lang.Throwable -> L2a
            if (r2 != 0) goto L44
            monitor-exit(r17)
            return r3
        L44:
            r1.saveAlwaysOnPackage()     // Catch: java.lang.Throwable -> L2a
            if (r14 == 0) goto L65
            java.lang.String r2 = "android.net.category.EVENT_ALWAYS_ON_STATE_CHANGED"
            if (r12 == 0) goto L53
            android.net.VpnProfileState r3 = r1.makeDisconnectedVpnProfileState()     // Catch: java.lang.Throwable -> L2a
            r7 = r3
            goto L58
        L53:
            android.net.VpnProfileState r3 = r1.makeVpnProfileStateLocked()     // Catch: java.lang.Throwable -> L2a
            r7 = r3
        L58:
            r3 = -1
            r4 = -1
            r6 = 0
            r8 = 0
            r9 = 0
            r10 = 0
            r1.sendEventToVpnManagerApp(r2, r3, r4, r5, r6, r7, r8, r9, r10)     // Catch: java.lang.Throwable -> L2a
            r16 = r5
            goto L67
        L65:
            r16 = r5
        L67:
            if (r15 == 0) goto L7e
            java.lang.String r2 = "android.net.category.EVENT_ALWAYS_ON_STATE_CHANGED"
            java.lang.String r6 = r17.getSessionKeyLocked()     // Catch: java.lang.Throwable -> L2a
            android.net.VpnProfileState r7 = r17.makeVpnProfileStateLocked()     // Catch: java.lang.Throwable -> L2a
            r3 = -1
            r4 = -1
            r8 = 0
            r9 = 0
            r10 = 0
            r1 = r17
            r5 = r0
            r1.sendEventToVpnManagerApp(r2, r3, r4, r5, r6, r7, r8, r9, r10)     // Catch: java.lang.Throwable -> L2a
        L7e:
            monitor-exit(r17)
            return r11
        L80:
            monitor-exit(r17)     // Catch: java.lang.Throwable -> L2a
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.android.server.connectivity.Vpn.setAlwaysOnPackage(java.lang.String, boolean, java.util.List):boolean");
    }

    public final boolean setAlwaysOnPackageInternal(String str, boolean z, List list) {
        boolean z2 = false;
        if ("[Legacy VPN]".equals(str)) {
            Log.w("Vpn", "Not setting legacy VPN \"" + str + "\" as always-on.");
            return false;
        }
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                String str2 = (String) it.next();
                if (str2.contains(",")) {
                    Log.w("Vpn", "Not setting always-on vpn, invalid allowed package: " + str2);
                    return false;
                }
            }
        }
        if (str != null) {
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                if (!setPackageAuthorization(str, getVpnProfilePrivileged(str) == null ? 1 : 2)) {
                    return false;
                }
                this.mAlwaysOn = true;
            } finally {
                Binder.restoreCallingIdentity(clearCallingIdentity);
            }
        } else {
            str = "[Legacy VPN]";
            this.mAlwaysOn = false;
        }
        boolean z3 = this.mLockdown;
        if (this.mAlwaysOn && z) {
            z2 = true;
        }
        this.mLockdown = z2;
        this.mLockdownAllowlist = (!this.mLockdown || list == null) ? Collections.emptyList() : Collections.unmodifiableList(new ArrayList(list));
        this.mEventChanges.log("[LockdownAlwaysOn] Mode changed: lockdown=" + this.mLockdown + " alwaysOn=" + this.mAlwaysOn + " calling from " + Binder.getCallingUid());
        if (isCurrentPreparedPackage(str)) {
            updateAlwaysOnNotification(this.mNetworkInfo.getDetailedState());
            setVpnForcedLocked(this.mLockdown);
            if (this.mNetworkAgent != null && z3 != this.mLockdown) {
                startNewNetworkAgent(this.mNetworkAgent, "Lockdown mode changed");
            }
        } else {
            prepareInternal(str);
        }
        return true;
    }

    public synchronized boolean setAppExclusionList(String str, List list) {
        enforceNotRestrictedUser();
        if (!storeAppExclusionList(str, list)) {
            return false;
        }
        updateAppExclusionList(list);
        return true;
    }

    public void setEnableTeardown(boolean z) {
        this.mEnableTeardown = z;
    }

    public synchronized void setLockdown(boolean z) {
        enforceControlPermissionOrInternalCaller();
        setVpnForcedLocked(z);
        this.mLockdown = z;
        if (this.mAlwaysOn) {
            saveAlwaysOnPackage();
        }
    }

    public boolean setPackageAuthorization(String str, int i) {
        String[] strArr;
        enforceControlPermissionOrInternalCaller();
        int appUid = getAppUid(this.mContext, str, this.mUserId);
        if (appUid == -1 || "[Legacy VPN]".equals(str)) {
            return false;
        }
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            switch (i) {
                case -1:
                    strArr = new String[]{"android:activate_vpn", "android:activate_platform_vpn"};
                    break;
                case 0:
                default:
                    Log.wtf("Vpn", "Unrecognized VPN type while granting authorization");
                    return false;
                case 1:
                    strArr = new String[]{"android:activate_vpn"};
                    break;
                case 2:
                    strArr = new String[]{"android:activate_platform_vpn"};
                    break;
                case 3:
                    return false;
            }
            int length = strArr.length;
            int i2 = 0;
            while (true) {
                int i3 = 1;
                if (i2 >= length) {
                    return true;
                }
                String str2 = strArr[i2];
                AppOpsManager appOpsManager = this.mAppOpsManager;
                if (i != -1) {
                    i3 = 0;
                }
                appOpsManager.setMode(str2, appUid, str, i3);
                i2++;
            }
        } catch (Exception e) {
            Log.wtf("Vpn", "Failed to set app ops for package " + str + ", uid " + appUid, e);
            return false;
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }

    public synchronized boolean setUnderlyingNetworks(Network[] networkArr) {
        try {
            if (!isCallerEstablishedOwnerLocked()) {
                return false;
            }
            this.mConfig.underlyingNetworks = networkArr != null ? (Network[]) Arrays.copyOf(networkArr, networkArr.length) : null;
            doSetUnderlyingNetworks(this.mNetworkAgent, this.mConfig.underlyingNetworks != null ? Arrays.asList(this.mConfig.underlyingNetworks) : null);
            return true;
        } catch (Throwable th) {
            throw th;
        }
    }

    public final void setVpnForcedLocked(boolean z) {
        List<String> arrayList;
        Set emptySet;
        if (isNullOrLegacyVpn(this.mPackage)) {
            arrayList = null;
        } else {
            arrayList = new ArrayList<>(this.mLockdownAllowlist);
            arrayList.add(this.mPackage);
        }
        ArraySet arraySet = new ArraySet(this.mBlockedUidsAsToldToConnectivity);
        if (z) {
            Set<Range<Integer>> createUserAndRestrictedProfilesRanges = createUserAndRestrictedProfilesRanges(this.mUserId, null, arrayList);
            ArraySet arraySet2 = new ArraySet();
            for (Range<Integer> range : createUserAndRestrictedProfilesRanges) {
                if (range.getLower().intValue() == 0 && range.getUpper().intValue() != 0) {
                    arraySet2.add(new UidRangeParcel(1, range.getUpper().intValue()));
                } else if (range.getLower().intValue() != 0) {
                    arraySet2.add(new UidRangeParcel(range.getLower().intValue(), range.getUpper().intValue()));
                }
            }
            arraySet.removeAll((Collection<?>) arraySet2);
            emptySet = arraySet2;
            emptySet.removeAll(this.mBlockedUidsAsToldToConnectivity);
        } else {
            emptySet = Collections.emptySet();
        }
        setAllowOnlyVpnForUids(false, arraySet);
        setAllowOnlyVpnForUids(true, emptySet);
    }

    public final void setVpnNetworkPreference(final String str, final Set set) {
        BinderUtils.withCleanCallingIdentity(new BinderUtils.ThrowingRunnable() { // from class: com.android.server.connectivity.Vpn$$ExternalSyntheticLambda0
            public final void run() {
                Vpn.this.lambda$setVpnNetworkPreference$0(str, set);
            }
        });
    }

    public boolean startAlwaysOnVpn() {
        synchronized (this) {
            try {
                String alwaysOnPackage = getAlwaysOnPackage();
                if (alwaysOnPackage == null) {
                    return true;
                }
                if (!isAlwaysOnPackageSupported(alwaysOnPackage)) {
                    setAlwaysOnPackage(null, false, null);
                    return false;
                }
                if (getNetworkInfo().isConnected()) {
                    return true;
                }
                long clearCallingIdentity = Binder.clearCallingIdentity();
                try {
                    VpnProfile vpnProfilePrivileged = getVpnProfilePrivileged(alwaysOnPackage);
                    if (vpnProfilePrivileged != null) {
                        startVpnProfilePrivileged(vpnProfilePrivileged, alwaysOnPackage);
                        return true;
                    }
                    this.mDeps.getDeviceIdleInternal().addPowerSaveTempWhitelistApp(Process.myUid(), alwaysOnPackage, 60000L, this.mUserId, false, 309, "vpn");
                    Intent intent = new Intent("android.net.VpnService");
                    intent.setPackage(alwaysOnPackage);
                    try {
                        return this.mUserIdContext.startService(intent) != null;
                    } catch (RuntimeException e) {
                        Log.e("Vpn", "VpnService " + intent + " failed to start", e);
                        return false;
                    }
                } catch (Exception e2) {
                    Log.e("Vpn", "Error starting always-on VPN", e2);
                    return false;
                } finally {
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                }
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    public void startLegacyVpn(VpnProfile vpnProfile) {
        enforceControlPermission();
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            startLegacyVpnPrivileged(vpnProfile);
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }

    public void startLegacyVpnPrivileged(VpnProfile vpnProfile) {
        VpnProfile clone = vpnProfile.clone();
        if (this.mUserManager.getUserInfo(this.mUserId).isRestricted() || this.mUserManager.hasUserRestriction("no_config_vpn", new UserHandle(this.mUserId))) {
            throw new SecurityException("Restricted users cannot establish VPNs");
        }
        String str = "";
        String str2 = "";
        String str3 = "";
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            String str4 = null;
            keyStore.load(null);
            if (!clone.ipsecUserCert.isEmpty()) {
                str = clone.ipsecUserCert;
                Certificate certificate = keyStore.getCertificate(clone.ipsecUserCert);
                str2 = certificate == null ? null : new String(Credentials.convertToPem(new Certificate[]{certificate}), StandardCharsets.UTF_8);
            }
            String caCertificateFromKeystoreAsPem = clone.ipsecCaCert.isEmpty() ? "" : getCaCertificateFromKeystoreAsPem(keyStore, clone.ipsecCaCert);
            if (!clone.ipsecServerCert.isEmpty()) {
                Certificate certificate2 = keyStore.getCertificate(clone.ipsecServerCert);
                if (certificate2 != null) {
                    str4 = new String(Credentials.convertToPem(new Certificate[]{certificate2}), StandardCharsets.UTF_8);
                }
                str3 = str4;
            }
            if (str2 == null || caCertificateFromKeystoreAsPem == null || str3 == null) {
                throw new IllegalStateException("Cannot load credentials");
            }
            switch (clone.type) {
                case 6:
                    break;
                case 7:
                    clone.ipsecSecret = Ikev2VpnProfile.encodeForIpsecSecret(clone.ipsecSecret.getBytes());
                    clone.setAllowedAlgorithms(Ikev2VpnProfile.DEFAULT_ALGORITHMS);
                    startVpnProfilePrivileged(clone, "[Legacy VPN]");
                    return;
                case 8:
                    clone.ipsecSecret = "KEYSTORE_ALIAS:" + str;
                    clone.ipsecUserCert = str2;
                    break;
                case 9:
                    startVpnProfilePrivileged(clone, "[Legacy VPN]");
                    return;
                default:
                    throw new UnsupportedOperationException("Legacy VPN is deprecated");
            }
            clone.ipsecCaCert = caCertificateFromKeystoreAsPem;
            clone.setAllowedAlgorithms(Ikev2VpnProfile.DEFAULT_ALGORITHMS);
            startVpnProfilePrivileged(clone, "[Legacy VPN]");
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new IllegalStateException("Failed to load credentials from AndroidKeyStore", e);
        }
    }

    public final void startNewNetworkAgent(NetworkAgent networkAgent, String str) {
        this.mNetworkAgent = null;
        updateState(NetworkInfo.DetailedState.CONNECTING, str);
        agentConnect();
        agentDisconnect(networkAgent);
    }

    public synchronized String startVpnProfile(String str) {
        String sessionKeyLocked;
        Objects.requireNonNull(str, "No package name provided");
        enforceNotRestrictedUser();
        if (!prepare(str, null, 2)) {
            throw new SecurityException("User consent not granted for package " + str);
        }
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            VpnProfile vpnProfilePrivileged = getVpnProfilePrivileged(str);
            if (vpnProfilePrivileged == null) {
                throw new IllegalArgumentException("No profile found for " + str);
            }
            startVpnProfilePrivileged(vpnProfilePrivileged, str);
            if (!isIkev2VpnRunner()) {
                throw new IllegalStateException("mVpnRunner shouldn't be null and should also be an instance of Ikev2VpnRunner");
            }
            try {
                sessionKeyLocked = getSessionKeyLocked();
                Binder.restoreCallingIdentity(clearCallingIdentity);
            } catch (Throwable th) {
                th = th;
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
        return sessionKeyLocked;
    }

    public final synchronized void startVpnProfilePrivileged(VpnProfile vpnProfile, String str) {
        try {
            prepareInternal(str);
            updateState(NetworkInfo.DetailedState.CONNECTING, "startPlatformVpn");
            try {
                VpnConfig vpnConfig = new VpnConfig();
                if ("[Legacy VPN]".equals(str)) {
                    vpnConfig.legacy = true;
                    vpnConfig.session = vpnProfile.name;
                    vpnConfig.user = vpnProfile.key;
                    vpnConfig.isMetered = true;
                } else {
                    vpnConfig.user = str;
                    vpnConfig.isMetered = vpnProfile.isMetered;
                }
                vpnConfig.startTime = SystemClock.elapsedRealtime();
                vpnConfig.proxyInfo = vpnProfile.proxy;
                vpnConfig.requiresInternetValidation = vpnProfile.requiresInternetValidation;
                vpnConfig.excludeLocalRoutes = vpnProfile.excludeLocalRoutes;
                vpnConfig.allowBypass = vpnProfile.isBypassable;
                vpnConfig.disallowedApplications = getAppExclusionList(this.mPackage);
                this.mConfig = vpnConfig;
                switch (vpnProfile.type) {
                    case 6:
                    case 7:
                    case 8:
                    case 9:
                        this.mVpnRunner = new IkeV2VpnRunner(Ikev2VpnProfile.fromVpnProfile(vpnProfile), this.mDeps.newScheduledThreadPoolExecutor());
                        this.mVpnRunner.start();
                        break;
                    default:
                        this.mConfig = null;
                        updateState(NetworkInfo.DetailedState.FAILED, "Invalid platform VPN type");
                        Log.d("Vpn", "Unknown VPN profile type: " + vpnProfile.type);
                        break;
                }
                if (!"[Legacy VPN]".equals(str)) {
                    this.mAppOpsManager.startOp("android:establish_vpn_manager", this.mOwnerUID, this.mPackage, null, null);
                }
            } catch (GeneralSecurityException e) {
                this.mConfig = null;
                updateState(NetworkInfo.DetailedState.FAILED, "VPN startup failed");
                throw new IllegalArgumentException("VPN startup failed", e);
            }
        } catch (Throwable th) {
            throw th;
        }
    }

    public synchronized void stopVpnProfile(String str) {
        Objects.requireNonNull(str, "No package name provided");
        enforceNotRestrictedUser();
        if (isCurrentIkev2VpnLocked(str)) {
            stopVpnRunnerAndNotifyAppLocked();
        }
    }

    public final void stopVpnRunnerAndNotifyAppLocked() {
        Vpn vpn;
        int i = this.mOwnerUID;
        Intent intent = null;
        if (isVpnApp(this.mPackage)) {
            vpn = this;
            intent = vpn.buildVpnManagerEventIntent("android.net.category.EVENT_DEACTIVATED_BY_USER", -1, -1, this.mPackage, getSessionKeyLocked(), makeVpnProfileStateLocked(), null, null, null);
        } else {
            vpn = this;
        }
        vpn.mVpnRunner.exit();
        if (intent == null || !isVpnApp(vpn.mPackage)) {
            return;
        }
        notifyVpnManagerVpnStopped(vpn.mPackage, i, intent);
    }

    public synchronized void stopVpnRunnerPrivileged() {
        if (isSettingsVpnLocked()) {
            this.mVpnRunner.exit();
        }
    }

    public final boolean storeAppExclusionList(String str, List list) {
        try {
            byte[] diskStableBytes = PersistableBundleUtils.toDiskStableBytes(PersistableBundleUtils.fromList(list, PersistableBundleUtils.STRING_SERIALIZER));
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                getVpnProfileStore().put(getVpnAppExcludedForPackage(str), diskStableBytes);
                Binder.restoreCallingIdentity(clearCallingIdentity);
                return true;
            } catch (Throwable th) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        } catch (IOException e) {
            Log.e("Vpn", "problem writing into stream", e);
            return false;
        }
    }

    public final void updateAlwaysOnNotification(NetworkInfo.DetailedState detailedState) {
        boolean z = this.mAlwaysOn && detailedState != NetworkInfo.DetailedState.CONNECTED;
        UserHandle of = UserHandle.of(this.mUserId);
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            NotificationManager notificationManager = (NotificationManager) this.mUserIdContext.getSystemService(NotificationManager.class);
            if (!z) {
                notificationManager.cancel("Vpn", 17);
                return;
            }
            Intent intent = new Intent();
            intent.setComponent(ComponentName.unflattenFromString(this.mContext.getString(R.string.config_dozeTapSensorType)));
            intent.putExtra("lockdown", this.mLockdown);
            intent.addFlags(268435456);
            notificationManager.notify("Vpn", 17, new Notification.Builder(this.mContext, "VPN").setSmallIcon(17304172).setContentTitle(this.mContext.getString(17042008)).setContentText(this.mContext.getString(17042005)).setContentIntent(this.mSystemServices.pendingIntentGetActivityAsUser(intent, 201326592, of)).setCategory("sys").setVisibility(1).setOngoing(true).setColor(this.mContext.getColor(R.color.system_notification_accent_color)).build());
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }

    public final synchronized void updateAppExclusionList(List list) {
        if (this.mNetworkAgent != null && isIkev2VpnRunner()) {
            this.mConfig.disallowedApplications = List.copyOf(list);
            this.mNetworkCapabilities = new NetworkCapabilities.Builder(this.mNetworkCapabilities).setUids(createUserAndRestrictedProfilesRanges(this.mUserId, null, list)).build();
            setVpnNetworkPreference(getSessionKeyLocked(), createUserAndRestrictedProfilesRanges(this.mUserId, this.mConfig.allowedApplications, this.mConfig.disallowedApplications));
            doSendNetworkCapabilities(this.mNetworkAgent, this.mNetworkCapabilities);
        }
    }

    public final boolean updateLinkPropertiesInPlaceIfPossible(NetworkAgent networkAgent, VpnConfig vpnConfig) {
        if (vpnConfig.allowBypass != this.mConfig.allowBypass) {
            Log.i("Vpn", "Handover not possible due to changes to allowBypass");
            return false;
        }
        if (Objects.equals(vpnConfig.allowedApplications, this.mConfig.allowedApplications) && Objects.equals(vpnConfig.disallowedApplications, this.mConfig.disallowedApplications)) {
            networkAgent.sendLinkProperties(makeLinkProperties());
            return true;
        }
        Log.i("Vpn", "Handover not possible due to changes to allowed/denied apps");
        return false;
    }

    @GuardedBy({"this"})
    @VisibleForTesting
    public void updateState(NetworkInfo.DetailedState detailedState, String str) {
        Log.d("Vpn", "setting state=" + detailedState + ", reason=" + str);
        this.mLegacyState = LegacyVpnInfo.stateFromNetworkInfo(detailedState);
        this.mNetworkInfo.setDetailedState(detailedState, str, null);
        switch (AnonymousClass2.$SwitchMap$android$net$NetworkInfo$DetailedState[detailedState.ordinal()]) {
            case 1:
                if (this.mNetworkAgent != null) {
                    this.mNetworkAgent.markConnected();
                    break;
                }
                break;
            case 2:
            case 3:
                if (this.mNetworkAgent != null) {
                    this.mNetworkAgent.unregister();
                    this.mNetworkAgent = null;
                    break;
                }
                break;
            case 4:
                if (this.mNetworkAgent != null) {
                    throw new IllegalStateException("VPN can only go to CONNECTING state when the agent is null.");
                }
                break;
            default:
                throw new IllegalArgumentException("Illegal state argument " + detailedState);
        }
        updateAlwaysOnNotification(detailedState);
    }

    @VisibleForTesting
    public void validateRequiredFeatures(VpnProfile vpnProfile) {
        switch (vpnProfile.type) {
            case 6:
            case 7:
            case 8:
            case 9:
                if (!this.mContext.getPackageManager().hasSystemFeature("android.software.ipsec_tunnels")) {
                    throw new UnsupportedOperationException("Ikev2VpnProfile(s) requires PackageManager.FEATURE_IPSEC_TUNNELS");
                }
                return;
            default:
                return;
        }
    }

    public final void verifyCallingUidAndPackage(String str) {
        this.mDeps.verifyCallingUidAndPackage(this.mContext, str, this.mUserId);
    }
}
