package com.android.server.connectivity;

import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManagerInternal;
import android.content.pm.UserInfo;
import android.net.INetd;
import android.net.UidRange;
import android.os.Build;
import android.os.RemoteException;
import android.os.ServiceSpecificException;
import android.os.UserHandle;
import android.os.UserManager;
import android.system.OsConstants;
import android.util.ArraySet;
import android.util.Log;
import android.util.SparseArray;
import android.util.SparseIntArray;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.util.ArrayUtils;
import com.android.internal.util.IndentingPrintWriter;
import com.android.server.LocalServices;
import com.android.server.SystemConfig;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/android/server/connectivity/PermissionMonitor.class */
public class PermissionMonitor {
    private static final String TAG = "PermissionMonitor";
    private static final boolean DBG = true;
    protected static final Boolean SYSTEM = Boolean.TRUE;
    protected static final Boolean NETWORK = Boolean.FALSE;
    private static final int VERSION_Q = 29;
    private final PackageManager mPackageManager;
    private final UserManager mUserManager;
    private final INetd mNetd;

    @GuardedBy({"this"})
    private final Set<Integer> mUsers = new HashSet();

    @GuardedBy({"this"})
    private final Map<Integer, Boolean> mApps = new HashMap();

    @GuardedBy({"this"})
    private final Map<String, Set<UidRange>> mVpnUidRanges = new HashMap();

    @GuardedBy({"this"})
    private final Set<Integer> mAllApps = new HashSet();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/server/connectivity/PermissionMonitor$PackageListObserver.class */
    public class PackageListObserver implements PackageManagerInternal.PackageListObserver {
        private PackageListObserver() {
        }

        private int getPermissionForUid(int i) {
            int i2 = 0;
            String[] packagesForUid = PermissionMonitor.this.mPackageManager.getPackagesForUid(i);
            if (packagesForUid == null || packagesForUid.length <= 0) {
                i2 = -1;
            } else {
                for (String str : packagesForUid) {
                    PackageInfo packageInfo = PermissionMonitor.this.getPackageInfo(str);
                    if (packageInfo != null && packageInfo.requestedPermissions != null) {
                        i2 |= PermissionMonitor.getNetdPermissionMask(packageInfo.requestedPermissions, packageInfo.requestedPermissionsFlags);
                    }
                }
            }
            return i2;
        }

        @Override // android.content.pm.PackageManagerInternal.PackageListObserver
        public void onPackageAdded(String str, int i) {
            PermissionMonitor.this.sendPackagePermissionsForUid(i, getPermissionForUid(i));
        }

        @Override // android.content.pm.PackageManagerInternal.PackageListObserver
        public void onPackageRemoved(String str, int i) {
            PermissionMonitor.this.sendPackagePermissionsForUid(i, getPermissionForUid(i));
        }
    }

    public PermissionMonitor(Context context, INetd iNetd) {
        this.mPackageManager = context.getPackageManager();
        this.mUserManager = (UserManager) context.getSystemService("user");
        this.mNetd = iNetd;
    }

    public synchronized void startMonitoring() {
        Boolean bool;
        log("Monitoring");
        PackageManagerInternal packageManagerInternal = (PackageManagerInternal) LocalServices.getService(PackageManagerInternal.class);
        if (packageManagerInternal != null) {
            packageManagerInternal.getPackageList(new PackageListObserver());
        } else {
            loge("failed to get the PackageManagerInternal service");
        }
        List<PackageInfo> installedPackages = this.mPackageManager.getInstalledPackages(4198400);
        if (installedPackages == null) {
            loge("No apps");
            return;
        }
        SparseIntArray sparseIntArray = new SparseIntArray();
        for (PackageInfo packageInfo : installedPackages) {
            int i = packageInfo.applicationInfo != null ? packageInfo.applicationInfo.uid : -1;
            if (i >= 0) {
                this.mAllApps.add(Integer.valueOf(UserHandle.getAppId(i)));
                boolean hasNetworkPermission = hasNetworkPermission(packageInfo);
                boolean hasRestrictedNetworkPermission = hasRestrictedNetworkPermission(packageInfo);
                if ((hasNetworkPermission || hasRestrictedNetworkPermission) && ((bool = this.mApps.get(Integer.valueOf(i))) == null || bool == NETWORK)) {
                    this.mApps.put(Integer.valueOf(i), Boolean.valueOf(hasRestrictedNetworkPermission));
                }
                sparseIntArray.put(i, sparseIntArray.get(i) | getNetdPermissionMask(packageInfo.requestedPermissions, packageInfo.requestedPermissionsFlags));
            }
        }
        List<UserInfo> users = this.mUserManager.getUsers(true);
        if (users != null) {
            Iterator<UserInfo> it = users.iterator();
            while (it.hasNext()) {
                this.mUsers.add(Integer.valueOf(it.next().id));
            }
        }
        SparseArray<ArraySet<String>> systemPermissions = SystemConfig.getInstance().getSystemPermissions();
        for (int i2 = 0; i2 < systemPermissions.size(); i2++) {
            ArraySet<String> valueAt = systemPermissions.valueAt(i2);
            int keyAt = systemPermissions.keyAt(i2);
            int i3 = 0;
            if (valueAt != null) {
                i3 = 0 | (valueAt.contains("android.permission.UPDATE_DEVICE_STATS") ? 8 : 0) | (valueAt.contains("android.permission.INTERNET") ? 4 : 0);
            }
            sparseIntArray.put(keyAt, sparseIntArray.get(keyAt) | i3);
        }
        log("Users: " + this.mUsers.size() + ", Apps: " + this.mApps.size());
        update(this.mUsers, this.mApps, true);
        sendPackagePermissionsToNetd(sparseIntArray);
    }

    @VisibleForTesting
    static boolean isVendorApp(ApplicationInfo applicationInfo) {
        return applicationInfo.isVendor() || applicationInfo.isOem() || applicationInfo.isProduct();
    }

    @VisibleForTesting
    protected int getDeviceFirstSdkInt() {
        return Build.VERSION.FIRST_SDK_INT;
    }

    @VisibleForTesting
    boolean hasPermission(PackageInfo packageInfo, String str) {
        if (packageInfo.requestedPermissions == null) {
            return false;
        }
        for (String str2 : packageInfo.requestedPermissions) {
            if (str.equals(str2)) {
                return true;
            }
        }
        return false;
    }

    private boolean hasNetworkPermission(PackageInfo packageInfo) {
        return hasPermission(packageInfo, "android.permission.CHANGE_NETWORK_STATE");
    }

    private boolean hasRestrictedNetworkPermission(PackageInfo packageInfo) {
        if (packageInfo.applicationInfo != null) {
            if (packageInfo.applicationInfo.uid == 1000 && getDeviceFirstSdkInt() < 29) {
                return true;
            }
            if (packageInfo.applicationInfo.targetSdkVersion < 29 && isVendorApp(packageInfo.applicationInfo)) {
                return true;
            }
        }
        return hasPermission(packageInfo, "android.permission.CONNECTIVITY_INTERNAL") || hasPermission(packageInfo, "android.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS");
    }

    private boolean hasUseBackgroundNetworksPermission(PackageInfo packageInfo) {
        return hasPermission(packageInfo, "android.permission.CHANGE_NETWORK_STATE") || hasPermission(packageInfo, "android.permission.NETWORK_STACK") || hasRestrictedNetworkPermission(packageInfo);
    }

    public boolean hasUseBackgroundNetworksPermission(int i) {
        String[] packagesForUid = this.mPackageManager.getPackagesForUid(i);
        if (null == packagesForUid || packagesForUid.length == 0) {
            return false;
        }
        try {
            return hasUseBackgroundNetworksPermission(this.mPackageManager.getPackageInfoAsUser(packagesForUid[0], 4096, UserHandle.getUserId(i)));
        } catch (PackageManager.NameNotFoundException e) {
            loge("NameNotFoundException " + packagesForUid[0], e);
            return false;
        }
    }

    private int[] toIntArray(Collection<Integer> collection) {
        int[] iArr = new int[collection.size()];
        int i = 0;
        Iterator<Integer> it = collection.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            iArr[i2] = it.next().intValue();
        }
        return iArr;
    }

    private void update(Set<Integer> set, Map<Integer, Boolean> map, boolean z) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (Map.Entry<Integer, Boolean> entry : map.entrySet()) {
            ArrayList arrayList3 = entry.getValue().booleanValue() ? arrayList2 : arrayList;
            Iterator<Integer> it = set.iterator();
            while (it.hasNext()) {
                arrayList3.add(Integer.valueOf(UserHandle.getUid(it.next().intValue(), entry.getKey().intValue())));
            }
        }
        try {
            if (z) {
                this.mNetd.networkSetPermissionForUser(1, toIntArray(arrayList));
                this.mNetd.networkSetPermissionForUser(2, toIntArray(arrayList2));
            } else {
                this.mNetd.networkClearPermissionForUser(toIntArray(arrayList));
                this.mNetd.networkClearPermissionForUser(toIntArray(arrayList2));
            }
        } catch (RemoteException e) {
            loge("Exception when updating permissions: " + e);
        }
    }

    public synchronized void onUserAdded(int i) {
        if (i < 0) {
            loge("Invalid user in onUserAdded: " + i);
            return;
        }
        this.mUsers.add(Integer.valueOf(i));
        HashSet hashSet = new HashSet();
        hashSet.add(Integer.valueOf(i));
        update(hashSet, this.mApps, true);
    }

    public synchronized void onUserRemoved(int i) {
        if (i < 0) {
            loge("Invalid user in onUserRemoved: " + i);
            return;
        }
        this.mUsers.remove(Integer.valueOf(i));
        HashSet hashSet = new HashSet();
        hashSet.add(Integer.valueOf(i));
        update(hashSet, this.mApps, false);
    }

    @VisibleForTesting
    protected Boolean highestPermissionForUid(Boolean bool, String str) {
        if (bool == SYSTEM) {
            return bool;
        }
        try {
            PackageInfo packageInfo = this.mPackageManager.getPackageInfo(str, 4096);
            boolean hasNetworkPermission = hasNetworkPermission(packageInfo);
            boolean hasRestrictedNetworkPermission = hasRestrictedNetworkPermission(packageInfo);
            if (hasNetworkPermission || hasRestrictedNetworkPermission) {
                bool = Boolean.valueOf(hasRestrictedNetworkPermission);
            }
        } catch (PackageManager.NameNotFoundException e) {
            loge("NameNotFoundException " + str);
        }
        return bool;
    }

    public synchronized void onPackageAdded(String str, int i) {
        Boolean highestPermissionForUid = highestPermissionForUid(this.mApps.get(Integer.valueOf(i)), str);
        if (highestPermissionForUid != this.mApps.get(Integer.valueOf(i))) {
            this.mApps.put(Integer.valueOf(i), highestPermissionForUid);
            HashMap hashMap = new HashMap();
            hashMap.put(Integer.valueOf(i), highestPermissionForUid);
            update(this.mUsers, hashMap, true);
        }
        for (Map.Entry<String, Set<UidRange>> entry : this.mVpnUidRanges.entrySet()) {
            if (UidRange.containsUid(entry.getValue(), i)) {
                HashSet hashSet = new HashSet();
                hashSet.add(Integer.valueOf(i));
                removeBypassingUids(hashSet, -1);
                updateVpnUids(entry.getKey(), hashSet, true);
            }
        }
        this.mAllApps.add(Integer.valueOf(UserHandle.getAppId(i)));
    }

    public synchronized void onPackageRemoved(int i) {
        for (Map.Entry<String, Set<UidRange>> entry : this.mVpnUidRanges.entrySet()) {
            if (UidRange.containsUid(entry.getValue(), i)) {
                HashSet hashSet = new HashSet();
                hashSet.add(Integer.valueOf(i));
                removeBypassingUids(hashSet, -1);
                updateVpnUids(entry.getKey(), hashSet, false);
            }
        }
        if (this.mPackageManager.getNameForUid(i) == null) {
            this.mAllApps.remove(Integer.valueOf(UserHandle.getAppId(i)));
        }
        HashMap hashMap = new HashMap();
        Boolean bool = null;
        String[] packagesForUid = this.mPackageManager.getPackagesForUid(i);
        if (packagesForUid != null && packagesForUid.length > 0) {
            for (String str : packagesForUid) {
                bool = highestPermissionForUid(bool, str);
                if (bool == SYSTEM) {
                    return;
                }
            }
        }
        if (bool == this.mApps.get(Integer.valueOf(i))) {
            return;
        }
        if (bool != null) {
            this.mApps.put(Integer.valueOf(i), bool);
            hashMap.put(Integer.valueOf(i), bool);
            update(this.mUsers, hashMap, true);
        } else {
            this.mApps.remove(Integer.valueOf(i));
            hashMap.put(Integer.valueOf(i), NETWORK);
            update(this.mUsers, hashMap, false);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int getNetdPermissionMask(String[] strArr, int[] iArr) {
        int i = 0;
        if (strArr == null || iArr == null) {
            return 0;
        }
        for (int i2 = 0; i2 < strArr.length; i2++) {
            if (strArr[i2].equals("android.permission.INTERNET") && (iArr[i2] & 2) != 0) {
                i |= 4;
            }
            if (strArr[i2].equals("android.permission.UPDATE_DEVICE_STATS") && (iArr[i2] & 2) != 0) {
                i |= 8;
            }
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public PackageInfo getPackageInfo(String str) {
        try {
            return this.mPackageManager.getPackageInfo(str, 4198400);
        } catch (PackageManager.NameNotFoundException e) {
            return null;
        }
    }

    public synchronized void onVpnUidRangesAdded(String str, Set<UidRange> set, int i) {
        Set<Integer> intersectUids = intersectUids(set, this.mAllApps);
        removeBypassingUids(intersectUids, i);
        updateVpnUids(str, intersectUids, true);
        if (this.mVpnUidRanges.containsKey(str)) {
            this.mVpnUidRanges.get(str).addAll(set);
        } else {
            this.mVpnUidRanges.put(str, new HashSet(set));
        }
    }

    public synchronized void onVpnUidRangesRemoved(String str, Set<UidRange> set, int i) {
        Set<Integer> intersectUids = intersectUids(set, this.mAllApps);
        removeBypassingUids(intersectUids, i);
        updateVpnUids(str, intersectUids, false);
        Set<UidRange> orDefault = this.mVpnUidRanges.getOrDefault(str, null);
        if (orDefault == null) {
            loge("Attempt to remove unknown vpn uid Range iface = " + str);
            return;
        }
        orDefault.removeAll(set);
        if (orDefault.size() == 0) {
            this.mVpnUidRanges.remove(str);
        }
    }

    private Set<Integer> intersectUids(Set<UidRange> set, Set<Integer> set2) {
        HashSet hashSet = new HashSet();
        for (UidRange uidRange : set) {
            for (int startUser = uidRange.getStartUser(); startUser <= uidRange.getEndUser(); startUser++) {
                Iterator<Integer> it = set2.iterator();
                while (it.hasNext()) {
                    int uid = UserHandle.getUid(startUser, it.next().intValue());
                    if (uidRange.contains(uid)) {
                        hashSet.add(Integer.valueOf(uid));
                    }
                }
            }
        }
        return hashSet;
    }

    private void removeBypassingUids(Set<Integer> set, int i) {
        set.remove(Integer.valueOf(i));
        set.removeIf(num -> {
            return this.mApps.getOrDefault(num, NETWORK) == SYSTEM;
        });
    }

    private void updateVpnUids(String str, Set<Integer> set, boolean z) {
        if (set.size() == 0) {
            return;
        }
        try {
            if (z) {
                this.mNetd.firewallAddUidInterfaceRules(str, toIntArray(set));
            } else {
                this.mNetd.firewallRemoveUidInterfaceRules(toIntArray(set));
            }
        } catch (RemoteException e) {
            loge("Exception when updating permissions: ", e);
        } catch (ServiceSpecificException e2) {
            if (e2.errorCode != OsConstants.EOPNOTSUPP) {
                loge("Exception when updating permissions: ", e2);
            }
        }
    }

    @VisibleForTesting
    void sendPackagePermissionsForUid(int i, int i2) {
        SparseIntArray sparseIntArray = new SparseIntArray();
        sparseIntArray.put(i, i2);
        sendPackagePermissionsToNetd(sparseIntArray);
    }

    @VisibleForTesting
    void sendPackagePermissionsToNetd(SparseIntArray sparseIntArray) {
        if (this.mNetd == null) {
            Log.e(TAG, "Failed to get the netd service");
            return;
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        ArrayList arrayList5 = new ArrayList();
        for (int i = 0; i < sparseIntArray.size(); i++) {
            int valueAt = sparseIntArray.valueAt(i);
            switch (valueAt) {
                case -1:
                    arrayList5.add(Integer.valueOf(sparseIntArray.keyAt(i)));
                    break;
                case 0:
                    arrayList4.add(Integer.valueOf(sparseIntArray.keyAt(i)));
                    continue;
                case 4:
                    arrayList2.add(Integer.valueOf(sparseIntArray.keyAt(i)));
                    continue;
                case 8:
                    arrayList3.add(Integer.valueOf(sparseIntArray.keyAt(i)));
                    continue;
                case 12:
                    arrayList.add(Integer.valueOf(sparseIntArray.keyAt(i)));
                    continue;
            }
            Log.e(TAG, "unknown permission type: " + valueAt + "for uid: " + sparseIntArray.keyAt(i));
        }
        try {
            if (arrayList.size() != 0) {
                this.mNetd.trafficSetNetPermForUids(12, ArrayUtils.convertToIntArray(arrayList));
            }
            if (arrayList2.size() != 0) {
                this.mNetd.trafficSetNetPermForUids(4, ArrayUtils.convertToIntArray(arrayList2));
            }
            if (arrayList3.size() != 0) {
                this.mNetd.trafficSetNetPermForUids(8, ArrayUtils.convertToIntArray(arrayList3));
            }
            if (arrayList4.size() != 0) {
                this.mNetd.trafficSetNetPermForUids(0, ArrayUtils.convertToIntArray(arrayList4));
            }
            if (arrayList5.size() != 0) {
                this.mNetd.trafficSetNetPermForUids(-1, ArrayUtils.convertToIntArray(arrayList5));
            }
        } catch (RemoteException e) {
            Log.e(TAG, "Pass appId list of special permission failed." + e);
        }
    }

    @VisibleForTesting
    public Set<UidRange> getVpnUidRanges(String str) {
        return this.mVpnUidRanges.get(str);
    }

    public void dump(IndentingPrintWriter indentingPrintWriter) {
        indentingPrintWriter.println("Interface filtering rules:");
        indentingPrintWriter.increaseIndent();
        for (Map.Entry<String, Set<UidRange>> entry : this.mVpnUidRanges.entrySet()) {
            indentingPrintWriter.println("Interface: " + entry.getKey());
            indentingPrintWriter.println("UIDs: " + entry.getValue().toString());
            indentingPrintWriter.println();
        }
        indentingPrintWriter.decreaseIndent();
    }

    private static void log(String str) {
        Log.d(TAG, str);
    }

    private static void loge(String str) {
        Log.e(TAG, str);
    }

    private static void loge(String str, Throwable th) {
        Log.e(TAG, str, th);
    }
}
