package com.android.server.oemlock;

import android.app.ActivityManager;
import android.content.Context;
import android.hardware.oemlock.V1_0.IOemLock;
import android.os.Binder;
import android.os.Bundle;
import android.os.IBinder;
import android.os.SystemProperties;
import android.os.UserHandle;
import android.os.UserManager;
import android.service.oemlock.IOemLockService;
import android.util.Slog;
import com.android.server.LocalServices;
import com.android.server.PersistentDataBlockManagerInternal;
import com.android.server.SystemService;
import com.android.server.pm.UserManagerInternal;
import com.android.server.pm.UserRestrictionsUtils;

/* loaded from: input_file:com/android/server/oemlock/OemLockService.class */
public class OemLockService extends SystemService {
    private static final String TAG = "OemLock";
    private static final String FLASH_LOCK_PROP = "ro.boot.flash.locked";
    private static final String FLASH_LOCK_UNLOCKED = "0";
    private Context mContext;
    private OemLock mOemLock;
    private final UserManagerInternal.UserRestrictionsListener mUserRestrictionsListener;
    private final IBinder mService;

    public static boolean isHalPresent() {
        return VendorLock.getOemLockHalService() != null;
    }

    private static OemLock getOemLock(Context context) {
        IOemLock oemLockHalService = VendorLock.getOemLockHalService();
        if (oemLockHalService != null) {
            Slog.i(TAG, "Using vendor lock via the HAL");
            return new VendorLock(context, oemLockHalService);
        }
        Slog.i(TAG, "Using persistent data block based lock");
        return new PersistentDataBlockLock(context);
    }

    public OemLockService(Context context) {
        this(context, getOemLock(context));
    }

    OemLockService(Context context, OemLock oemLock) {
        super(context);
        this.mUserRestrictionsListener = new UserManagerInternal.UserRestrictionsListener() { // from class: com.android.server.oemlock.OemLockService.1
            @Override // com.android.server.pm.UserManagerInternal.UserRestrictionsListener
            public void onUserRestrictionsChanged(int i, Bundle bundle, Bundle bundle2) {
                if (UserRestrictionsUtils.restrictionsChanged(bundle2, bundle, "no_factory_reset")) {
                    if (!bundle.getBoolean("no_factory_reset")) {
                        return;
                    }
                    OemLockService.this.mOemLock.setOemUnlockAllowedByDevice(false);
                    OemLockService.this.setPersistentDataBlockOemUnlockAllowedBit(false);
                }
            }
        };
        this.mService = new IOemLockService.Stub() { // from class: com.android.server.oemlock.OemLockService.2
            @Override // android.service.oemlock.IOemLockService
            public String getLockName() {
                OemLockService.this.enforceManageCarrierOemUnlockPermission();
                long clearCallingIdentity = Binder.clearCallingIdentity();
                try {
                    String lockName = OemLockService.this.mOemLock.getLockName();
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    return lockName;
                } catch (Throwable th) {
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    throw th;
                }
            }

            @Override // android.service.oemlock.IOemLockService
            public void setOemUnlockAllowedByCarrier(boolean z, byte[] bArr) {
                OemLockService.this.enforceManageCarrierOemUnlockPermission();
                OemLockService.this.enforceUserIsAdmin();
                long clearCallingIdentity = Binder.clearCallingIdentity();
                try {
                    OemLockService.this.mOemLock.setOemUnlockAllowedByCarrier(z, bArr);
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                } catch (Throwable th) {
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    throw th;
                }
            }

            @Override // android.service.oemlock.IOemLockService
            public boolean isOemUnlockAllowedByCarrier() {
                OemLockService.this.enforceManageCarrierOemUnlockPermission();
                long clearCallingIdentity = Binder.clearCallingIdentity();
                try {
                    boolean isOemUnlockAllowedByCarrier = OemLockService.this.mOemLock.isOemUnlockAllowedByCarrier();
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    return isOemUnlockAllowedByCarrier;
                } catch (Throwable th) {
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    throw th;
                }
            }

            @Override // android.service.oemlock.IOemLockService
            public void setOemUnlockAllowedByUser(boolean z) {
                if (ActivityManager.isUserAMonkey()) {
                    return;
                }
                OemLockService.this.enforceManageUserOemUnlockPermission();
                OemLockService.this.enforceUserIsAdmin();
                long clearCallingIdentity = Binder.clearCallingIdentity();
                try {
                    if (!OemLockService.this.isOemUnlockAllowedByAdmin()) {
                        throw new SecurityException("Admin does not allow OEM unlock");
                    }
                    if (!OemLockService.this.mOemLock.isOemUnlockAllowedByCarrier()) {
                        throw new SecurityException("Carrier does not allow OEM unlock");
                    }
                    OemLockService.this.mOemLock.setOemUnlockAllowedByDevice(z);
                    OemLockService.this.setPersistentDataBlockOemUnlockAllowedBit(z);
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                } catch (Throwable th) {
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    throw th;
                }
            }

            @Override // android.service.oemlock.IOemLockService
            public boolean isOemUnlockAllowedByUser() {
                OemLockService.this.enforceManageUserOemUnlockPermission();
                long clearCallingIdentity = Binder.clearCallingIdentity();
                try {
                    boolean isOemUnlockAllowedByDevice = OemLockService.this.mOemLock.isOemUnlockAllowedByDevice();
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    return isOemUnlockAllowedByDevice;
                } catch (Throwable th) {
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    throw th;
                }
            }

            @Override // android.service.oemlock.IOemLockService
            public boolean isOemUnlockAllowed() {
                OemLockService.this.enforceOemUnlockReadPermission();
                long clearCallingIdentity = Binder.clearCallingIdentity();
                try {
                    boolean z = OemLockService.this.mOemLock.isOemUnlockAllowedByCarrier() && OemLockService.this.mOemLock.isOemUnlockAllowedByDevice();
                    OemLockService.this.setPersistentDataBlockOemUnlockAllowedBit(z);
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    return z;
                } catch (Throwable th) {
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    throw th;
                }
            }

            @Override // android.service.oemlock.IOemLockService
            public boolean isDeviceOemUnlocked() {
                OemLockService.this.enforceOemUnlockReadPermission();
                String str = SystemProperties.get(OemLockService.FLASH_LOCK_PROP);
                boolean z = -1;
                switch (str.hashCode()) {
                    case 48:
                        if (str.equals("0")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        return true;
                    default:
                        return false;
                }
            }
        };
        this.mContext = context;
        this.mOemLock = oemLock;
        ((UserManagerInternal) LocalServices.getService(UserManagerInternal.class)).addUserRestrictionsListener(this.mUserRestrictionsListener);
    }

    @Override // com.android.server.SystemService
    public void onStart() {
        publishBinderService("oem_lock", this.mService);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setPersistentDataBlockOemUnlockAllowedBit(boolean z) {
        PersistentDataBlockManagerInternal persistentDataBlockManagerInternal = (PersistentDataBlockManagerInternal) LocalServices.getService(PersistentDataBlockManagerInternal.class);
        if (persistentDataBlockManagerInternal == null || (this.mOemLock instanceof PersistentDataBlockLock)) {
            return;
        }
        Slog.i(TAG, "Update OEM Unlock bit in pst partition to " + z);
        persistentDataBlockManagerInternal.forceOemUnlockEnabled(z);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isOemUnlockAllowedByAdmin() {
        return !UserManager.get(this.mContext).hasUserRestriction("no_factory_reset", UserHandle.SYSTEM);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void enforceManageCarrierOemUnlockPermission() {
        this.mContext.enforceCallingOrSelfPermission("android.permission.MANAGE_CARRIER_OEM_UNLOCK_STATE", "Can't manage OEM unlock allowed by carrier");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void enforceManageUserOemUnlockPermission() {
        this.mContext.enforceCallingOrSelfPermission("android.permission.MANAGE_USER_OEM_UNLOCK_STATE", "Can't manage OEM unlock allowed by user");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void enforceOemUnlockReadPermission() {
        if (this.mContext.checkCallingOrSelfPermission("android.permission.READ_OEM_UNLOCK_STATE") == -1 && this.mContext.checkCallingOrSelfPermission("android.permission.OEM_UNLOCK_STATE") == -1) {
            throw new SecurityException("Can't access OEM unlock state. Requires READ_OEM_UNLOCK_STATE or OEM_UNLOCK_STATE permission.");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void enforceUserIsAdmin() {
        int callingUserId = UserHandle.getCallingUserId();
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            if (UserManager.get(this.mContext).isUserAdmin(callingUserId)) {
            } else {
                throw new SecurityException("Must be an admin user");
            }
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }
}
