package com.android.server.pm;

import android.apex.ApexInfo;
import android.apex.ApexInfoList;
import android.apex.ApexSessionInfo;
import android.apex.ApexSessionParams;
import android.content.Context;
import android.content.Intent;
import android.content.pm.IPackageInstallObserver2;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.SigningDetails;
import android.content.pm.parsing.result.ParseResult;
import android.content.pm.parsing.result.ParseTypeImpl;
import android.content.rollback.RollbackInfo;
import android.content.rollback.RollbackManager;
import android.net.connectivity.org.chromium.net.NetError;
import android.os.Bundle;
import android.os.Handler;
import android.os.Looper;
import android.os.RemoteException;
import android.os.UserHandle;
import android.util.IntArray;
import android.util.Slog;
import android.util.apk.ApkSignatureVerifier;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.content.InstallLocationUtils;
import com.android.internal.pm.parsing.PackageParser2;
import com.android.internal.pm.parsing.PackageParserException;
import com.android.internal.pm.parsing.pkg.ParsedPackage;
import com.android.server.LocalServices;
import com.android.server.SystemConfig;
import com.android.server.pm.StagingManager;
import com.android.server.rollback.RollbackManagerInternal;
import java.io.File;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.function.Supplier;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/android/server/pm/PackageSessionVerifier.class */
public final class PackageSessionVerifier {
    private static final String TAG = "PackageSessionVerifier";
    private final Context mContext;
    private final PackageManagerService mPm;
    private final ApexManager mApexManager;
    private final Supplier<PackageParser2> mPackageParserSupplier;
    private final Handler mHandler;
    private final List<StagingManager.StagedSession> mStagedSessions;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/android/server/pm/PackageSessionVerifier$Callback.class */
    public interface Callback {
        void onResult(int i, String str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PackageSessionVerifier(Context context, PackageManagerService packageManagerService, ApexManager apexManager, Supplier<PackageParser2> supplier, Looper looper) {
        this.mStagedSessions = new ArrayList();
        this.mContext = context;
        this.mPm = packageManagerService;
        this.mApexManager = apexManager;
        this.mPackageParserSupplier = supplier;
        this.mHandler = new Handler(looper);
    }

    @VisibleForTesting
    PackageSessionVerifier() {
        this.mStagedSessions = new ArrayList();
        this.mContext = null;
        this.mPm = null;
        this.mApexManager = null;
        this.mPackageParserSupplier = null;
        this.mHandler = null;
    }

    public void verify(PackageInstallerSession packageInstallerSession, Callback callback) {
        this.mHandler.post(() -> {
            try {
                storeSession(packageInstallerSession.mStagedSession);
                if (packageInstallerSession.isMultiPackage()) {
                    for (PackageInstallerSession packageInstallerSession2 : packageInstallerSession.getChildSessions()) {
                        checkApexUpdateAllowed(packageInstallerSession2);
                        checkRebootlessApex(packageInstallerSession2);
                        checkApexSignature(packageInstallerSession2);
                    }
                } else {
                    checkApexUpdateAllowed(packageInstallerSession);
                    checkRebootlessApex(packageInstallerSession);
                    checkApexSignature(packageInstallerSession);
                }
                verifyAPK(packageInstallerSession, callback);
            } catch (PackageManagerException e) {
                packageInstallerSession.setSessionFailed(e.error, PackageManager.installStatusToString(e.error, e.getMessage()));
                callback.onResult(e.error, e.getMessage());
            }
        });
    }

    private SigningDetails getSigningDetails(PackageInfo packageInfo) throws PackageManagerException {
        String str = packageInfo.applicationInfo.sourceDir;
        ParseResult<SigningDetails> verify = ApkSignatureVerifier.verify(ParseTypeImpl.forDefaultParsing(), str, ApkSignatureVerifier.getMinimumSignatureSchemeVersionForTargetSdk(packageInfo.applicationInfo.targetSdkVersion));
        if (verify.isError()) {
            throw new PackageManagerException(-22, "Failed to verify APEX package " + str + " : " + verify.getException(), verify.getException());
        }
        return verify.getResult();
    }

    private void checkApexSignature(PackageInstallerSession packageInstallerSession) throws PackageManagerException {
        if (packageInstallerSession.isApexSession()) {
            String packageName = packageInstallerSession.getPackageName();
            PackageInfo packageInfo = this.mPm.snapshotComputer().getPackageInfo(packageInstallerSession.getPackageName(), 1073741824L, 0);
            if (packageInfo == null) {
                throw new PackageManagerException(-23, "Attempting to install new APEX package " + packageName);
            }
            SigningDetails signingDetails = getSigningDetails(packageInfo);
            SigningDetails signingDetails2 = packageInstallerSession.getSigningDetails();
            if (!signingDetails2.checkCapability(signingDetails, 1) && !signingDetails.checkCapability(signingDetails2, 8)) {
                throw new PackageManagerException(-22, "APK container signature of APEX package " + packageName + " is not compatible with the one currently installed on device");
            }
        }
    }

    private void verifyAPK(final PackageInstallerSession packageInstallerSession, final Callback callback) throws PackageManagerException {
        VerifyingSession createVerifyingSession = createVerifyingSession(packageInstallerSession, new IPackageInstallObserver2.Stub() { // from class: com.android.server.pm.PackageSessionVerifier.1
            @Override // android.content.pm.IPackageInstallObserver2
            public void onUserActionRequired(Intent intent) {
                throw new IllegalStateException();
            }

            @Override // android.content.pm.IPackageInstallObserver2
            public void onPackageInstalled(String str, int i, String str2, Bundle bundle) {
                if (packageInstallerSession.isStaged() && i == 1) {
                    PackageSessionVerifier.this.verifyStaged(packageInstallerSession.mStagedSession, callback);
                    return;
                }
                if (i == 1) {
                    packageInstallerSession.setSessionReady();
                    callback.onResult(1, null);
                } else {
                    packageInstallerSession.setSessionFailed(i, PackageManager.installStatusToString(i, str2));
                    callback.onResult(i, str2);
                }
            }
        });
        if (!packageInstallerSession.isMultiPackage()) {
            createVerifyingSession.verifyStage();
            return;
        }
        List<PackageInstallerSession> childSessions = packageInstallerSession.getChildSessions();
        ArrayList arrayList = new ArrayList(childSessions.size());
        Iterator<PackageInstallerSession> it = childSessions.iterator();
        while (it.hasNext()) {
            arrayList.add(createVerifyingSession(it.next(), null));
        }
        createVerifyingSession.verifyStage(arrayList);
    }

    private VerifyingSession createVerifyingSession(PackageInstallerSession packageInstallerSession, IPackageInstallObserver2 iPackageInstallObserver2) {
        return new VerifyingSession((packageInstallerSession.params.installFlags & 64) != 0 ? UserHandle.ALL : new UserHandle(packageInstallerSession.userId), packageInstallerSession.stageDir, iPackageInstallObserver2, packageInstallerSession.params, packageInstallerSession.getInstallSource(), packageInstallerSession.getInstallerUid(), packageInstallerSession.getSigningDetails(), packageInstallerSession.sessionId, packageInstallerSession.getPackageLite(), packageInstallerSession.getUserActionRequired(), this.mPm);
    }

    private void verifyStaged(StagingManager.StagedSession stagedSession, Callback callback) {
        Slog.d(TAG, "Starting preRebootVerification for session " + stagedSession.sessionId());
        this.mHandler.post(() -> {
            try {
                checkActiveSessions();
                checkRollbacks(stagedSession);
                if (stagedSession.isMultiPackage()) {
                    Iterator<StagingManager.StagedSession> it = stagedSession.getChildSessions().iterator();
                    while (it.hasNext()) {
                        checkOverlaps(stagedSession, it.next());
                    }
                } else {
                    checkOverlaps(stagedSession, stagedSession);
                }
                dispatchVerifyApex(stagedSession, callback);
            } catch (PackageManagerException e) {
                onVerificationFailure(stagedSession, callback, e.error, e.getMessage());
            }
        });
    }

    @VisibleForTesting
    void storeSession(StagingManager.StagedSession stagedSession) {
        if (stagedSession != null) {
            this.mStagedSessions.add(stagedSession);
        }
    }

    private void onVerificationSuccess(StagingManager.StagedSession stagedSession, Callback callback) {
        callback.onResult(1, null);
    }

    private void onVerificationFailure(StagingManager.StagedSession stagedSession, Callback callback, int i, String str) {
        if (!ensureActiveApexSessionIsAborted(stagedSession)) {
            Slog.e(TAG, "Failed to abort apex session " + stagedSession.sessionId());
        }
        stagedSession.setSessionFailed(i, str);
        callback.onResult(-22, str);
    }

    private void dispatchVerifyApex(StagingManager.StagedSession stagedSession, Callback callback) {
        this.mHandler.post(() -> {
            try {
                verifyApex(stagedSession);
                dispatchEndVerification(stagedSession, callback);
            } catch (PackageManagerException e) {
                onVerificationFailure(stagedSession, callback, e.error, e.getMessage());
            }
        });
    }

    private void dispatchEndVerification(StagingManager.StagedSession stagedSession, Callback callback) {
        this.mHandler.post(() -> {
            try {
                endVerification(stagedSession);
                onVerificationSuccess(stagedSession, callback);
            } catch (PackageManagerException e) {
                onVerificationFailure(stagedSession, callback, e.error, e.getMessage());
            }
        });
    }

    private void verifyApex(StagingManager.StagedSession stagedSession) throws PackageManagerException {
        int i = -1;
        if ((stagedSession.sessionParams().installFlags & 262144) != 0) {
            try {
                i = ((RollbackManagerInternal) LocalServices.getService(RollbackManagerInternal.class)).notifyStagedSession(stagedSession.sessionId());
            } catch (RuntimeException e) {
                Slog.e(TAG, "Failed to notifyStagedSession for session: " + stagedSession.sessionId(), e);
            }
        } else if (isRollback(stagedSession)) {
            i = retrieveRollbackIdForCommitSession(stagedSession.sessionId());
        }
        if (stagedSession.containsApexSession()) {
            submitSessionToApexService(stagedSession, i);
        }
    }

    private void endVerification(StagingManager.StagedSession stagedSession) throws PackageManagerException {
        try {
            if (InstallLocationUtils.getStorageManager().supportsCheckpoint()) {
                InstallLocationUtils.getStorageManager().startCheckpoint(2);
            }
            Slog.d(TAG, "Marking session " + stagedSession.sessionId() + " as ready");
            stagedSession.setSessionReady();
            if (stagedSession.isSessionReady() && stagedSession.containsApexSession()) {
                this.mApexManager.markStagedSessionReady(stagedSession.sessionId());
            }
        } catch (Exception e) {
            Slog.e(TAG, "Failed to get hold of StorageManager", e);
            throw new PackageManagerException(NetError.ERR_SSL_CLIENT_AUTH_CERT_NEEDED, "Failed to get hold of StorageManager");
        }
    }

    private void submitSessionToApexService(StagingManager.StagedSession stagedSession, int i) throws PackageManagerException {
        IntArray intArray = new IntArray();
        if (stagedSession.isMultiPackage()) {
            for (StagingManager.StagedSession stagedSession2 : stagedSession.getChildSessions()) {
                if (stagedSession2.isApexSession()) {
                    intArray.add(stagedSession2.sessionId());
                }
            }
        }
        ApexSessionParams apexSessionParams = new ApexSessionParams();
        apexSessionParams.sessionId = stagedSession.sessionId();
        apexSessionParams.childSessionIds = intArray.toArray();
        if (stagedSession.sessionParams().installReason == 5) {
            apexSessionParams.isRollback = true;
            apexSessionParams.rollbackId = i;
        } else if (i != -1) {
            apexSessionParams.hasRollbackEnabled = true;
            apexSessionParams.rollbackId = i;
        }
        ApexInfoList submitStagedSession = this.mApexManager.submitStagedSession(apexSessionParams);
        ArrayList arrayList = new ArrayList();
        for (ApexInfo apexInfo : submitStagedSession.apexInfos) {
            try {
                PackageParser2 packageParser2 = this.mPackageParserSupplier.get();
                try {
                    ParsedPackage parsePackage = packageParser2.parsePackage(new File(apexInfo.modulePath), 1024, false);
                    if (packageParser2 != null) {
                        packageParser2.close();
                    }
                    arrayList.add(parsePackage.getPackageName());
                } finally {
                }
            } catch (PackageParserException e) {
                throw new PackageManagerException(-22, "Failed to parse APEX package " + apexInfo.modulePath + " : " + e, e);
            }
        }
        Slog.d(TAG, "Session " + stagedSession.sessionId() + " has following APEX packages: " + arrayList);
    }

    private int retrieveRollbackIdForCommitSession(int i) throws PackageManagerException {
        List<RollbackInfo> recentlyCommittedRollbacks = ((RollbackManager) this.mContext.getSystemService(RollbackManager.class)).getRecentlyCommittedRollbacks();
        int size = recentlyCommittedRollbacks.size();
        for (int i2 = 0; i2 < size; i2++) {
            RollbackInfo rollbackInfo = recentlyCommittedRollbacks.get(i2);
            if (rollbackInfo.getCommittedSessionId() == i) {
                return rollbackInfo.getRollbackId();
            }
        }
        throw new PackageManagerException(-22, "Could not find rollback id for commit session: " + i);
    }

    private static boolean isRollback(StagingManager.StagedSession stagedSession) {
        return stagedSession.sessionParams().installReason == 5;
    }

    private static boolean isApexSessionFinalized(ApexSessionInfo apexSessionInfo) {
        return apexSessionInfo.isUnknown || apexSessionInfo.isActivationFailed || apexSessionInfo.isSuccess || apexSessionInfo.isReverted;
    }

    private boolean ensureActiveApexSessionIsAborted(StagingManager.StagedSession stagedSession) {
        int sessionId;
        ApexSessionInfo stagedSessionInfo;
        if (!stagedSession.containsApexSession() || (stagedSessionInfo = this.mApexManager.getStagedSessionInfo((sessionId = stagedSession.sessionId()))) == null || isApexSessionFinalized(stagedSessionInfo)) {
            return true;
        }
        return this.mApexManager.abortStagedSession(sessionId);
    }

    private boolean isApexUpdateAllowed(String str, String str2) {
        if (this.mPm.getModuleInfo(str, 0) != null) {
            String modulesInstallerPackageName = SystemConfig.getInstance().getModulesInstallerPackageName();
            if (modulesInstallerPackageName != null) {
                return modulesInstallerPackageName.equals(str2);
            }
            Slog.w(TAG, "No modules installer defined");
            return false;
        }
        String str3 = SystemConfig.getInstance().getAllowedVendorApexes().get(str);
        if (str3 != null) {
            return str3.equals(str2);
        }
        Slog.w(TAG, str + " is not allowed to be updated");
        return false;
    }

    private void checkApexUpdateAllowed(PackageInstallerSession packageInstallerSession) throws PackageManagerException {
        if (packageInstallerSession.isApexSession() && (packageInstallerSession.params.installFlags & 8388608) == 0) {
            String packageName = packageInstallerSession.getPackageName();
            String str = packageInstallerSession.getInstallSource().mInstallerPackageName;
            if (!isApexUpdateAllowed(packageName, str)) {
                throw new PackageManagerException(-22, "Update of APEX package " + packageName + " is not allowed for " + str);
            }
        }
    }

    @VisibleForTesting
    void checkRebootlessApex(PackageInstallerSession packageInstallerSession) throws PackageManagerException {
        if (packageInstallerSession.isStaged() || !packageInstallerSession.isApexSession()) {
            return;
        }
        String packageName = packageInstallerSession.getPackageName();
        if (packageName == null) {
            throw new PackageManagerException(-22, "Invalid session " + packageInstallerSession.sessionId + " with package name null");
        }
        for (StagingManager.StagedSession stagedSession : this.mStagedSessions) {
            if (!stagedSession.isDestroyed() && !stagedSession.isInTerminalState() && stagedSession.sessionContains(stagedSession2 -> {
                return packageName.equals(stagedSession2.getPackageName());
            })) {
                throw new PackageManagerException(-22, "Staged session " + stagedSession.sessionId() + " already contains " + packageName);
            }
        }
    }

    private void checkActiveSessions() throws PackageManagerException {
        try {
            checkActiveSessions(InstallLocationUtils.getStorageManager().supportsCheckpoint());
        } catch (RemoteException e) {
            throw new PackageManagerException(NetError.ERR_SSL_CLIENT_AUTH_CERT_NEEDED, "Can't query fs-checkpoint status : " + e);
        }
    }

    @VisibleForTesting
    void checkActiveSessions(boolean z) throws PackageManagerException {
        int i = 0;
        for (StagingManager.StagedSession stagedSession : this.mStagedSessions) {
            if (!stagedSession.isDestroyed() && !stagedSession.isInTerminalState()) {
                i++;
            }
        }
        if (!z && i > 1) {
            throw new PackageManagerException(NetError.ERR_HOST_RESOLVER_QUEUE_TOO_LARGE, "Cannot stage multiple sessions without checkpoint support");
        }
    }

    @VisibleForTesting
    void checkRollbacks(StagingManager.StagedSession stagedSession) throws PackageManagerException {
        if (stagedSession.isDestroyed() || stagedSession.isInTerminalState()) {
            return;
        }
        for (StagingManager.StagedSession stagedSession2 : this.mStagedSessions) {
            if (!stagedSession2.isDestroyed() && !stagedSession2.isInTerminalState()) {
                if (isRollback(stagedSession) && !isRollback(stagedSession2)) {
                    if (!ensureActiveApexSessionIsAborted(stagedSession2)) {
                        Slog.e(TAG, "Failed to abort apex session " + stagedSession2.sessionId());
                    }
                    stagedSession2.setSessionFailed(NetError.ERR_HOST_RESOLVER_QUEUE_TOO_LARGE, "Session was failed by rollback session: " + stagedSession.sessionId());
                    Slog.i(TAG, "Session " + stagedSession2.sessionId() + " is marked failed due to rollback session: " + stagedSession.sessionId());
                } else if (!isRollback(stagedSession) && isRollback(stagedSession2)) {
                    throw new PackageManagerException(NetError.ERR_HOST_RESOLVER_QUEUE_TOO_LARGE, "Session was failed by rollback session: " + stagedSession2.sessionId());
                }
            }
        }
    }

    @VisibleForTesting
    void checkOverlaps(StagingManager.StagedSession stagedSession, StagingManager.StagedSession stagedSession2) throws PackageManagerException {
        if (stagedSession.isDestroyed() || stagedSession.isInTerminalState()) {
            return;
        }
        String packageName = stagedSession2.getPackageName();
        if (packageName == null) {
            throw new PackageManagerException(-22, "Cannot stage session " + stagedSession2.sessionId() + " with package name null");
        }
        for (StagingManager.StagedSession stagedSession3 : this.mStagedSessions) {
            if (!stagedSession3.isDestroyed() && !stagedSession3.isInTerminalState() && stagedSession3.sessionId() != stagedSession.sessionId() && stagedSession3.sessionContains(stagedSession4 -> {
                return packageName.equals(stagedSession4.getPackageName());
            })) {
                if (stagedSession3.getCommittedMillis() < stagedSession.getCommittedMillis()) {
                    throw new PackageManagerException(NetError.ERR_HOST_RESOLVER_QUEUE_TOO_LARGE, "Package: " + packageName + " in session: " + stagedSession2.sessionId() + " has been staged already by session: " + stagedSession3.sessionId());
                }
                stagedSession3.setSessionFailed(NetError.ERR_HOST_RESOLVER_QUEUE_TOO_LARGE, "Package: " + packageName + " in session: " + stagedSession3.sessionId() + " has been staged already by session: " + stagedSession2.sessionId());
            }
        }
    }
}
