package com.android.server.pm;

import android.content.pm.ApplicationInfo;
import android.os.Environment;
import android.util.Slog;
import android.util.Xml;
import com.android.server.compat.PlatformCompat;
import com.android.server.pm.Policy;
import com.android.server.pm.parsing.pkg.AndroidPackage;
import com.android.server.pm.parsing.pkg.AndroidPackageUtils;
import com.android.server.pm.pkg.SharedUserApi;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import libcore.io.IoUtils;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;

/* loaded from: input_file:com/android/server/pm/SELinuxMMAC.class */
public final class SELinuxMMAC {
    static final String TAG = "SELinuxMMAC";
    private static final boolean DEBUG_POLICY = false;
    private static final boolean DEBUG_POLICY_INSTALL = false;
    private static final boolean DEBUG_POLICY_ORDER = false;
    private static boolean sPolicyRead;
    private static final String DEFAULT_SEINFO = "default";
    private static final String PRIVILEGED_APP_STR = ":privapp";
    private static final String TARGETSDKVERSION_STR = ":targetSdkVersion=";
    static final long SELINUX_LATEST_CHANGES = 143539591;
    static final long SELINUX_R_CHANGES = 168782947;
    private static List<Policy> sPolicies = new ArrayList();
    private static List<File> sMacPermissions = new ArrayList();

    public static boolean readInstallPolicy() {
        synchronized (sPolicies) {
            if (sPolicyRead) {
                return true;
            }
            ArrayList arrayList = new ArrayList();
            FileReader fileReader = null;
            XmlPullParser newPullParser = Xml.newPullParser();
            int size = sMacPermissions.size();
            for (int i = 0; i < size; i++) {
                File file = sMacPermissions.get(i);
                try {
                    try {
                        fileReader = new FileReader(file);
                        Slog.d(TAG, "Using policy file " + file);
                        newPullParser.setInput(fileReader);
                        newPullParser.nextTag();
                        newPullParser.require(2, null, "policy");
                        while (newPullParser.next() != 3) {
                            if (newPullParser.getEventType() == 2) {
                                String name = newPullParser.getName();
                                boolean z = -1;
                                switch (name.hashCode()) {
                                    case -902467798:
                                        if (name.equals("signer")) {
                                            z = false;
                                        }
                                    default:
                                        switch (z) {
                                            case false:
                                                arrayList.add(readSignerOrThrow(newPullParser));
                                                break;
                                            default:
                                                skip(newPullParser);
                                                break;
                                        }
                                        break;
                                }
                            }
                        }
                        IoUtils.closeQuietly(fileReader);
                    } catch (IOException e) {
                        Slog.w(TAG, "Exception parsing " + file, e);
                        IoUtils.closeQuietly(fileReader);
                        return false;
                    } catch (IllegalArgumentException | IllegalStateException | XmlPullParserException e2) {
                        Slog.w(TAG, "Exception @" + newPullParser.getPositionDescription() + " while parsing " + file + ":" + e2);
                        IoUtils.closeQuietly(fileReader);
                        return false;
                    }
                } catch (Throwable th) {
                    IoUtils.closeQuietly(fileReader);
                    throw th;
                }
            }
            PolicyComparator policyComparator = new PolicyComparator();
            Collections.sort(arrayList, policyComparator);
            if (policyComparator.foundDuplicate()) {
                Slog.w(TAG, "ERROR! Duplicate entries found parsing mac_permissions.xml files");
                return false;
            }
            synchronized (sPolicies) {
                sPolicies.clear();
                sPolicies.addAll(arrayList);
                sPolicyRead = true;
            }
            return true;
        }
    }

    private static Policy readSignerOrThrow(XmlPullParser xmlPullParser) throws IOException, XmlPullParserException {
        xmlPullParser.require(2, null, "signer");
        Policy.PolicyBuilder policyBuilder = new Policy.PolicyBuilder();
        String attributeValue = xmlPullParser.getAttributeValue(null, "signature");
        if (attributeValue != null) {
            policyBuilder.addSignature(attributeValue);
        }
        while (xmlPullParser.next() != 3) {
            if (xmlPullParser.getEventType() == 2) {
                String name = xmlPullParser.getName();
                if ("seinfo".equals(name)) {
                    policyBuilder.setGlobalSeinfoOrThrow(xmlPullParser.getAttributeValue(null, "value"));
                    readSeinfo(xmlPullParser);
                } else if ("package".equals(name)) {
                    readPackageOrThrow(xmlPullParser, policyBuilder);
                } else if ("cert".equals(name)) {
                    policyBuilder.addSignature(xmlPullParser.getAttributeValue(null, "signature"));
                    readCert(xmlPullParser);
                } else {
                    skip(xmlPullParser);
                }
            }
        }
        return policyBuilder.build();
    }

    private static void readPackageOrThrow(XmlPullParser xmlPullParser, Policy.PolicyBuilder policyBuilder) throws IOException, XmlPullParserException {
        xmlPullParser.require(2, null, "package");
        String attributeValue = xmlPullParser.getAttributeValue(null, "name");
        while (xmlPullParser.next() != 3) {
            if (xmlPullParser.getEventType() == 2) {
                if ("seinfo".equals(xmlPullParser.getName())) {
                    policyBuilder.addInnerPackageMapOrThrow(attributeValue, xmlPullParser.getAttributeValue(null, "value"));
                    readSeinfo(xmlPullParser);
                } else {
                    skip(xmlPullParser);
                }
            }
        }
    }

    private static void readCert(XmlPullParser xmlPullParser) throws IOException, XmlPullParserException {
        xmlPullParser.require(2, null, "cert");
        xmlPullParser.nextTag();
    }

    private static void readSeinfo(XmlPullParser xmlPullParser) throws IOException, XmlPullParserException {
        xmlPullParser.require(2, null, "seinfo");
        xmlPullParser.nextTag();
    }

    private static void skip(XmlPullParser xmlPullParser) throws IOException, XmlPullParserException {
        if (xmlPullParser.getEventType() != 2) {
            throw new IllegalStateException();
        }
        int i = 1;
        while (i != 0) {
            switch (xmlPullParser.next()) {
                case 2:
                    i++;
                    break;
                case 3:
                    i--;
                    break;
            }
        }
    }

    private static int getTargetSdkVersionForSeInfo(AndroidPackage androidPackage, SharedUserApi sharedUserApi, PlatformCompat platformCompat) {
        if (sharedUserApi != null && sharedUserApi.getPackages().size() != 0) {
            return sharedUserApi.getSeInfoTargetSdkVersion();
        }
        ApplicationInfo generateAppInfoWithoutState = AndroidPackageUtils.generateAppInfoWithoutState(androidPackage);
        return platformCompat.isChangeEnabledInternal(SELINUX_LATEST_CHANGES, generateAppInfoWithoutState) ? Math.max(10000, androidPackage.getTargetSdkVersion()) : platformCompat.isChangeEnabledInternal(SELINUX_R_CHANGES, generateAppInfoWithoutState) ? Math.max(30, androidPackage.getTargetSdkVersion()) : androidPackage.getTargetSdkVersion();
    }

    public static String getSeInfo(AndroidPackage androidPackage, SharedUserApi sharedUserApi, PlatformCompat platformCompat) {
        return getSeInfo(androidPackage, sharedUserApi != null ? sharedUserApi.isPrivileged() | androidPackage.isPrivileged() : androidPackage.isPrivileged(), getTargetSdkVersionForSeInfo(androidPackage, sharedUserApi, platformCompat));
    }

    public static String getSeInfo(AndroidPackage androidPackage, boolean z, int i) {
        String str = null;
        synchronized (sPolicies) {
            if (sPolicyRead) {
                Iterator<Policy> it = sPolicies.iterator();
                while (it.hasNext()) {
                    str = it.next().getMatchedSeInfo(androidPackage);
                    if (str != null) {
                        break;
                    }
                }
            }
        }
        if (str == null) {
            str = "default";
        }
        if (z) {
            str = str + PRIVILEGED_APP_STR;
        }
        return str + TARGETSDKVERSION_STR + i;
    }

    static {
        sMacPermissions.add(new File(Environment.getRootDirectory(), "/etc/selinux/plat_mac_permissions.xml"));
        File file = new File(Environment.getSystemExtDirectory(), "/etc/selinux/system_ext_mac_permissions.xml");
        if (file.exists()) {
            sMacPermissions.add(file);
        }
        File file2 = new File(Environment.getProductDirectory(), "/etc/selinux/product_mac_permissions.xml");
        if (file2.exists()) {
            sMacPermissions.add(file2);
        }
        File file3 = new File(Environment.getVendorDirectory(), "/etc/selinux/vendor_mac_permissions.xml");
        if (file3.exists()) {
            sMacPermissions.add(file3);
        }
        File file4 = new File(Environment.getOdmDirectory(), "/etc/selinux/odm_mac_permissions.xml");
        if (file4.exists()) {
            sMacPermissions.add(file4);
        }
    }
}
