package com.android.server.oemlock;

import android.app.ActivityManager;
import android.content.Context;
import android.os.Binder;
import android.os.Bundle;
import android.os.IBinder;
import android.os.SystemProperties;
import android.os.UserHandle;
import android.os.UserManager;
import android.service.oemlock.IOemLockService;
import android.util.Slog;
import com.android.server.LocalServices;
import com.android.server.SystemService;
import com.android.server.pdb.PersistentDataBlockManagerInternal;
import com.android.server.pm.UserManagerInternal;
import com.android.server.pm.UserRestrictionsUtils;

/* loaded from: classes2.dex */
public class OemLockService extends SystemService {
    public Context mContext;
    public OemLock mOemLock;
    public final IBinder mService;
    public final UserManagerInternal.UserRestrictionsListener mUserRestrictionsListener;

    public OemLockService(Context context) {
        this(context, getOemLock(context));
    }

    public OemLockService(Context context, OemLock oemLock) {
        super(context);
        this.mUserRestrictionsListener = new UserManagerInternal.UserRestrictionsListener() { // from class: com.android.server.oemlock.OemLockService.1
            @Override // com.android.server.pm.UserManagerInternal.UserRestrictionsListener
            public void onUserRestrictionsChanged(int i, Bundle bundle, Bundle bundle2) {
                if (!UserRestrictionsUtils.restrictionsChanged(bundle2, bundle, "no_factory_reset") || (!bundle.getBoolean("no_factory_reset"))) {
                    return;
                }
                OemLockService.this.mOemLock.setOemUnlockAllowedByDevice(false);
                OemLockService.this.setPersistentDataBlockOemUnlockAllowedBit(false);
            }
        };
        this.mService = new IOemLockService.Stub() { // from class: com.android.server.oemlock.OemLockService.2
            public String getLockName() {
                super.getLockName_enforcePermission();
                long clearCallingIdentity = Binder.clearCallingIdentity();
                try {
                    return OemLockService.this.mOemLock.getLockName();
                } finally {
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                }
            }

            public boolean isDeviceOemUnlocked() {
                char c;
                super.isDeviceOemUnlocked_enforcePermission();
                String str = SystemProperties.get("ro.boot.flash.locked");
                switch (str.hashCode()) {
                    case 48:
                        if (str.equals("0")) {
                            c = 0;
                            break;
                        }
                    default:
                        c = 65535;
                        break;
                }
                switch (c) {
                    case 0:
                        return true;
                    default:
                        return false;
                }
            }

            public boolean isOemUnlockAllowed() {
                super.isOemUnlockAllowed_enforcePermission();
                long clearCallingIdentity = Binder.clearCallingIdentity();
                try {
                    boolean z = OemLockService.this.mOemLock.isOemUnlockAllowedByCarrier() && OemLockService.this.mOemLock.isOemUnlockAllowedByDevice();
                    OemLockService.this.setPersistentDataBlockOemUnlockAllowedBit(z);
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    return z;
                } catch (Throwable th) {
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    throw th;
                }
            }

            public boolean isOemUnlockAllowedByCarrier() {
                super.isOemUnlockAllowedByCarrier_enforcePermission();
                long clearCallingIdentity = Binder.clearCallingIdentity();
                try {
                    return OemLockService.this.mOemLock.isOemUnlockAllowedByCarrier();
                } finally {
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                }
            }

            public boolean isOemUnlockAllowedByUser() {
                super.isOemUnlockAllowedByUser_enforcePermission();
                long clearCallingIdentity = Binder.clearCallingIdentity();
                try {
                    return OemLockService.this.mOemLock.isOemUnlockAllowedByDevice();
                } finally {
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                }
            }

            public void setOemUnlockAllowedByCarrier(boolean z, byte[] bArr) {
                super.setOemUnlockAllowedByCarrier_enforcePermission();
                OemLockService.this.enforceUserIsAdmin();
                long clearCallingIdentity = Binder.clearCallingIdentity();
                try {
                    OemLockService.this.mOemLock.setOemUnlockAllowedByCarrier(z, bArr);
                } finally {
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                }
            }

            public void setOemUnlockAllowedByUser(boolean z) {
                super.setOemUnlockAllowedByUser_enforcePermission();
                if (ActivityManager.isUserAMonkey()) {
                    return;
                }
                OemLockService.this.enforceUserIsAdmin();
                long clearCallingIdentity = Binder.clearCallingIdentity();
                try {
                    if (!OemLockService.this.isOemUnlockAllowedByAdmin()) {
                        throw new SecurityException("Admin does not allow OEM unlock");
                    }
                    if (!OemLockService.this.mOemLock.isOemUnlockAllowedByCarrier()) {
                        throw new SecurityException("Carrier does not allow OEM unlock");
                    }
                    OemLockService.this.mOemLock.setOemUnlockAllowedByDevice(z);
                    OemLockService.this.setPersistentDataBlockOemUnlockAllowedBit(z);
                } finally {
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                }
            }
        };
        this.mContext = context;
        this.mOemLock = oemLock;
        ((UserManagerInternal) LocalServices.getService(UserManagerInternal.class)).addUserRestrictionsListener(this.mUserRestrictionsListener);
    }

    public static OemLock getOemLock(Context context) {
        if (VendorLockAidl.getOemLockHalService() != null) {
            Slog.i("OemLock", "Using vendor lock via the HAL(aidl)");
            return new VendorLockAidl(context);
        }
        if (VendorLockHidl.getOemLockHalService() != null) {
            Slog.i("OemLock", "Using vendor lock via the HAL(hidl)");
            return new VendorLockHidl(context);
        }
        Slog.i("OemLock", "Using persistent data block based lock");
        return new PersistentDataBlockLock(context);
    }

    public static boolean isHalPresent() {
        return (VendorLockHidl.getOemLockHalService() == null && VendorLockAidl.getOemLockHalService() == null) ? false : true;
    }

    public final void enforceUserIsAdmin() {
        int callingUserId = UserHandle.getCallingUserId();
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            if (UserManager.get(this.mContext).isUserAdmin(callingUserId)) {
            } else {
                throw new SecurityException("Must be an admin user");
            }
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }

    public final boolean isOemUnlockAllowedByAdmin() {
        return !UserManager.get(this.mContext).hasUserRestriction("no_factory_reset", UserHandle.SYSTEM);
    }

    @Override // com.android.server.SystemService
    public void onStart() {
        publishBinderService("oem_lock", this.mService);
    }

    public final void setPersistentDataBlockOemUnlockAllowedBit(boolean z) {
        PersistentDataBlockManagerInternal persistentDataBlockManagerInternal = (PersistentDataBlockManagerInternal) LocalServices.getService(PersistentDataBlockManagerInternal.class);
        if (persistentDataBlockManagerInternal == null || (this.mOemLock instanceof PersistentDataBlockLock)) {
            return;
        }
        Slog.i("OemLock", "Update OEM Unlock bit in pst partition to " + z);
        persistentDataBlockManagerInternal.forceOemUnlockEnabled(z);
    }
}
