package com.android.server.security;

import android.os.SharedMemory;
import android.system.ErrnoException;
import android.system.Os;
import android.system.OsConstants;
import android.util.Pair;
import android.util.Slog;
import android.util.apk.ApkSignatureVerifier;
import android.util.apk.ByteBufferFactory;
import android.util.apk.SignatureNotFoundException;
import java.io.FileDescriptor;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.DigestException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;

/* loaded from: input_file:com/android/server/security/VerityUtils.class */
public abstract class VerityUtils {
    private static final String TAG = "VerityUtils";
    private static final boolean DEBUG = false;

    /* loaded from: input_file:com/android/server/security/VerityUtils$SetupResult.class */
    public static class SetupResult {
        private static final int RESULT_OK = 1;
        private static final int RESULT_SKIPPED = 2;
        private static final int RESULT_FAILED = 3;
        private final int mCode;
        private final FileDescriptor mFileDescriptor;
        private final int mContentSize;

        public static SetupResult ok(FileDescriptor fileDescriptor, int i) {
            return new SetupResult(1, fileDescriptor, i);
        }

        public static SetupResult skipped() {
            return new SetupResult(2, null, -1);
        }

        public static SetupResult failed() {
            return new SetupResult(3, null, -1);
        }

        private SetupResult(int i, FileDescriptor fileDescriptor, int i2) {
            this.mCode = i;
            this.mFileDescriptor = fileDescriptor;
            this.mContentSize = i2;
        }

        public boolean isFailed() {
            return this.mCode == 3;
        }

        public boolean isOk() {
            return this.mCode == 1;
        }

        public FileDescriptor getUnownedFileDescriptor() {
            return this.mFileDescriptor;
        }

        public int getContentSize() {
            return this.mContentSize;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/server/security/VerityUtils$TrackedShmBufferFactory.class */
    public static class TrackedShmBufferFactory implements ByteBufferFactory {
        private SharedMemory mShm;
        private ByteBuffer mBuffer;

        private TrackedShmBufferFactory() {
        }

        @Override // android.util.apk.ByteBufferFactory
        public ByteBuffer create(int i) throws SecurityException {
            try {
                if (this.mBuffer != null) {
                    throw new IllegalStateException("Multiple instantiation from this factory");
                }
                this.mShm = SharedMemory.create("apkverity", i);
                if (!this.mShm.setProtect(OsConstants.PROT_READ | OsConstants.PROT_WRITE)) {
                    throw new SecurityException("Failed to set protection");
                }
                this.mBuffer = this.mShm.mapReadWrite();
                return this.mBuffer;
            } catch (ErrnoException e) {
                throw new SecurityException("Failed to set protection", e);
            }
        }

        public SharedMemory releaseSharedMemory() {
            if (this.mBuffer != null) {
                SharedMemory.unmap(this.mBuffer);
                this.mBuffer = null;
            }
            SharedMemory sharedMemory = this.mShm;
            this.mShm = null;
            return sharedMemory;
        }

        public int getBufferLimit() {
            if (this.mBuffer == null) {
                return -1;
            }
            return this.mBuffer.limit();
        }
    }

    public static SetupResult generateApkVeritySetupData(String str) {
        AutoCloseable autoCloseable = null;
        try {
            try {
                byte[] verityRootHash = ApkSignatureVerifier.getVerityRootHash(str);
                if (verityRootHash == null) {
                    SetupResult skipped = SetupResult.skipped();
                    if (0 != 0) {
                        autoCloseable.close();
                    }
                    return skipped;
                }
                Pair<SharedMemory, Integer> generateApkVerityIntoSharedMemory = generateApkVerityIntoSharedMemory(str, verityRootHash);
                SharedMemory sharedMemory = generateApkVerityIntoSharedMemory.first;
                int intValue = generateApkVerityIntoSharedMemory.second.intValue();
                FileDescriptor fileDescriptor = sharedMemory.getFileDescriptor();
                if (fileDescriptor == null || !fileDescriptor.valid()) {
                    SetupResult failed = SetupResult.failed();
                    if (sharedMemory != null) {
                        sharedMemory.close();
                    }
                    return failed;
                }
                SetupResult ok = SetupResult.ok(Os.dup(fileDescriptor), intValue);
                if (sharedMemory != null) {
                    sharedMemory.close();
                }
                return ok;
            } catch (ErrnoException | SignatureNotFoundException | IOException | SecurityException | DigestException | NoSuchAlgorithmException e) {
                Slog.e(TAG, "Failed to set up apk verity: ", e);
                SetupResult failed2 = SetupResult.failed();
                if (0 != 0) {
                    autoCloseable.close();
                }
                return failed2;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                autoCloseable.close();
            }
            throw th;
        }
    }

    public static byte[] generateFsverityRootHash(String str) throws NoSuchAlgorithmException, DigestException, IOException {
        return ApkSignatureVerifier.generateFsverityRootHash(str);
    }

    public static byte[] getVerityRootHash(String str) throws IOException, SignatureNotFoundException, SecurityException {
        return ApkSignatureVerifier.getVerityRootHash(str);
    }

    private static Pair<SharedMemory, Integer> generateApkVerityIntoSharedMemory(String str, byte[] bArr) throws IOException, SecurityException, DigestException, NoSuchAlgorithmException, SignatureNotFoundException {
        TrackedShmBufferFactory trackedShmBufferFactory = new TrackedShmBufferFactory();
        if (!Arrays.equals(bArr, ApkSignatureVerifier.generateApkVerity(str, trackedShmBufferFactory))) {
            throw new SecurityException("Locally generated verity root hash does not match");
        }
        int bufferLimit = trackedShmBufferFactory.getBufferLimit();
        SharedMemory releaseSharedMemory = trackedShmBufferFactory.releaseSharedMemory();
        if (releaseSharedMemory == null) {
            throw new IllegalStateException("Failed to generate verity tree into shared memory");
        }
        if (releaseSharedMemory.setProtect(OsConstants.PROT_READ)) {
            return Pair.create(releaseSharedMemory, Integer.valueOf(bufferLimit));
        }
        throw new SecurityException("Failed to set up shared memory correctly");
    }
}
