package com.android.server.connectivity;

import android.Manifest;
import android.app.AppGlobals;
import android.app.AppOpsManager;
import android.app.PendingIntent;
import android.content.BroadcastReceiver;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.content.ServiceConnection;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
import android.content.pm.UserInfo;
import android.net.ConnectivityManager;
import android.net.IConnectivityManager;
import android.net.INetworkManagementEventObserver;
import android.net.IpPrefix;
import android.net.LinkAddress;
import android.net.LinkProperties;
import android.net.LocalSocket;
import android.net.LocalSocketAddress;
import android.net.NetworkAgent;
import android.net.NetworkCapabilities;
import android.net.NetworkInfo;
import android.net.NetworkMisc;
import android.net.RouteInfo;
import android.net.UidRange;
import android.os.Binder;
import android.os.FileUtils;
import android.os.IBinder;
import android.os.INetworkManagementService;
import android.os.Looper;
import android.os.Parcel;
import android.os.ParcelFileDescriptor;
import android.os.Process;
import android.os.RemoteException;
import android.os.SystemClock;
import android.os.SystemService;
import android.os.UserHandle;
import android.os.UserManager;
import android.security.Credentials;
import android.security.KeyStore;
import android.text.format.DateUtils;
import android.util.Log;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.net.LegacyVpnInfo;
import com.android.internal.net.VpnConfig;
import com.android.internal.net.VpnProfile;
import com.android.internal.policy.impl.keyguard.KeyguardServiceDelegate;
import com.android.server.net.BaseNetworkObserver;
import gov.nist.core.Separators;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.concurrent.atomic.AtomicInteger;
import libcore.io.IoUtils;

/* loaded from: input_file:com/android/server/connectivity/Vpn.class */
public class Vpn {
    private static final String NETWORKTYPE = "VPN";
    private static final String TAG = "Vpn";
    private static final boolean LOGD = true;
    private Context mContext;
    private NetworkInfo mNetworkInfo;
    private int mOwnerUID;
    private String mInterface;
    private Connection mConnection;
    private LegacyVpnRunner mLegacyVpnRunner;
    private PendingIntent mStatusIntent;
    private final IConnectivityManager mConnService;
    private final INetworkManagementService mNetd;
    private VpnConfig mConfig;
    private NetworkAgent mNetworkAgent;
    private final Looper mLooper;
    private final NetworkCapabilities mNetworkCapabilities;
    private BroadcastReceiver mUserIntentReceiver;
    private final int mUserHandle;
    private volatile boolean mEnableTeardown = true;

    @GuardedBy("this")
    private List<UidRange> mVpnUsers = null;
    private INetworkManagementEventObserver mObserver = new BaseNetworkObserver() { // from class: com.android.server.connectivity.Vpn.3
        @Override // com.android.server.net.BaseNetworkObserver, android.net.INetworkManagementEventObserver
        public void interfaceStatusChanged(String str, boolean z) {
            synchronized (Vpn.this) {
                if (!z) {
                    if (Vpn.this.mLegacyVpnRunner != null) {
                        Vpn.this.mLegacyVpnRunner.check(str);
                    }
                }
            }
        }

        @Override // com.android.server.net.BaseNetworkObserver, android.net.INetworkManagementEventObserver
        public void interfaceRemoved(String str) {
            synchronized (Vpn.this) {
                if (str.equals(Vpn.this.mInterface) && Vpn.this.jniCheck(str) == 0) {
                    Vpn.this.mStatusIntent = null;
                    Vpn.this.mVpnUsers = null;
                    Vpn.this.mInterface = null;
                    if (Vpn.this.mConnection != null) {
                        Vpn.this.mContext.unbindService(Vpn.this.mConnection);
                        Vpn.this.mConnection = null;
                        Vpn.this.agentDisconnect();
                    } else if (Vpn.this.mLegacyVpnRunner != null) {
                        Vpn.this.mLegacyVpnRunner.exit();
                        Vpn.this.mLegacyVpnRunner = null;
                    }
                }
            }
        }
    };
    private String mPackage = VpnConfig.LEGACY_VPN;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/server/connectivity/Vpn$Connection.class */
    public class Connection implements ServiceConnection {
        private IBinder mService;

        private Connection() {
        }

        @Override // android.content.ServiceConnection
        public void onServiceConnected(ComponentName componentName, IBinder iBinder) {
            this.mService = iBinder;
        }

        @Override // android.content.ServiceConnection
        public void onServiceDisconnected(ComponentName componentName) {
            this.mService = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/server/connectivity/Vpn$LegacyVpnRunner.class */
    public class LegacyVpnRunner extends Thread {
        private static final String TAG = "LegacyVpnRunner";
        private final String[] mDaemons;
        private final String[][] mArguments;
        private final LocalSocket[] mSockets;
        private final String mOuterInterface;
        private final AtomicInteger mOuterConnection;
        private long mTimer;
        private final BroadcastReceiver mBroadcastReceiver;

        /* JADX WARN: Type inference failed for: r1v9, types: [java.lang.String[], java.lang.String[][]] */
        public LegacyVpnRunner(VpnConfig vpnConfig, String[] strArr, String[] strArr2) {
            super(TAG);
            this.mOuterConnection = new AtomicInteger(-1);
            this.mTimer = -1L;
            this.mBroadcastReceiver = new BroadcastReceiver() { // from class: com.android.server.connectivity.Vpn.LegacyVpnRunner.1
                @Override // android.content.BroadcastReceiver
                public void onReceive(Context context, Intent intent) {
                    NetworkInfo networkInfo;
                    if (Vpn.this.mEnableTeardown && intent.getAction().equals(ConnectivityManager.CONNECTIVITY_ACTION) && intent.getIntExtra("networkType", -1) == LegacyVpnRunner.this.mOuterConnection.get() && (networkInfo = (NetworkInfo) intent.getExtra("networkInfo")) != null && !networkInfo.isConnectedOrConnecting()) {
                        try {
                            Vpn.this.mObserver.interfaceStatusChanged(LegacyVpnRunner.this.mOuterInterface, false);
                        } catch (RemoteException e) {
                        }
                    }
                }
            };
            Vpn.this.mConfig = vpnConfig;
            this.mDaemons = new String[]{"racoon", "mtpd"};
            this.mArguments = new String[]{strArr, strArr2};
            this.mSockets = new LocalSocket[this.mDaemons.length];
            this.mOuterInterface = Vpn.this.mConfig.interfaze;
            try {
                this.mOuterConnection.set(Vpn.this.mConnService.findConnectionTypeForIface(this.mOuterInterface));
            } catch (Exception e) {
                this.mOuterConnection.set(-1);
            }
            IntentFilter intentFilter = new IntentFilter();
            intentFilter.addAction(ConnectivityManager.CONNECTIVITY_ACTION);
            Vpn.this.mContext.registerReceiver(this.mBroadcastReceiver, intentFilter);
        }

        public void check(String str) {
            if (str.equals(this.mOuterInterface)) {
                Log.i(TAG, "Legacy VPN is going down with " + str);
                exit();
            }
        }

        public void exit() {
            interrupt();
            for (LocalSocket localSocket : this.mSockets) {
                IoUtils.closeQuietly(localSocket);
            }
            Vpn.this.agentDisconnect();
            try {
                Vpn.this.mContext.unregisterReceiver(this.mBroadcastReceiver);
            } catch (IllegalArgumentException e) {
            }
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            Log.v(TAG, "Waiting");
            synchronized (TAG) {
                Log.v(TAG, "Executing");
                execute();
                monitorDaemons();
            }
        }

        private void checkpoint(boolean z) throws InterruptedException {
            long elapsedRealtime = SystemClock.elapsedRealtime();
            if (this.mTimer == -1) {
                this.mTimer = elapsedRealtime;
                Thread.sleep(1L);
            } else if (elapsedRealtime - this.mTimer <= DateUtils.MINUTE_IN_MILLIS) {
                Thread.sleep(z ? 200L : 1L);
            } else {
                Vpn.this.updateState(NetworkInfo.DetailedState.FAILED, "checkpoint");
                throw new IllegalStateException("Time is up");
            }
        }

        private void execute() {
            try {
                try {
                    checkpoint(false);
                    for (String str : this.mDaemons) {
                        while (!SystemService.isStopped(str)) {
                            checkpoint(true);
                        }
                    }
                    File file = new File("/data/misc/vpn/state");
                    file.delete();
                    if (file.exists()) {
                        throw new IllegalStateException("Cannot delete the state");
                    }
                    new File("/data/misc/vpn/abort").delete();
                    boolean z = false;
                    for (String[] strArr : this.mArguments) {
                        z = z || strArr != null;
                    }
                    if (!z) {
                        Vpn.this.agentDisconnect();
                        if (1 == 0) {
                            for (String str2 : this.mDaemons) {
                                SystemService.stop(str2);
                            }
                        }
                        if (1 == 0 || Vpn.this.mNetworkInfo.getDetailedState() == NetworkInfo.DetailedState.CONNECTING) {
                            Vpn.this.agentDisconnect();
                            return;
                        }
                        return;
                    }
                    Vpn.this.updateState(NetworkInfo.DetailedState.CONNECTING, "execute");
                    for (int i = 0; i < this.mDaemons.length; i++) {
                        String[] strArr2 = this.mArguments[i];
                        if (strArr2 != null) {
                            String str3 = this.mDaemons[i];
                            SystemService.start(str3);
                            while (!SystemService.isRunning(str3)) {
                                checkpoint(true);
                            }
                            this.mSockets[i] = new LocalSocket();
                            LocalSocketAddress localSocketAddress = new LocalSocketAddress(str3, LocalSocketAddress.Namespace.RESERVED);
                            while (true) {
                                try {
                                    this.mSockets[i].connect(localSocketAddress);
                                    break;
                                } catch (Exception e) {
                                    checkpoint(true);
                                }
                            }
                            this.mSockets[i].setSoTimeout(500);
                            OutputStream outputStream = this.mSockets[i].getOutputStream();
                            for (String str4 : strArr2) {
                                byte[] bytes = str4.getBytes(StandardCharsets.UTF_8);
                                if (bytes.length >= 65535) {
                                    throw new IllegalArgumentException("Argument is too large");
                                }
                                outputStream.write(bytes.length >> 8);
                                outputStream.write(bytes.length);
                                outputStream.write(bytes);
                                checkpoint(false);
                            }
                            outputStream.write(255);
                            outputStream.write(255);
                            outputStream.flush();
                            InputStream inputStream = this.mSockets[i].getInputStream();
                            while (inputStream.read() != -1) {
                                checkpoint(true);
                            }
                        }
                    }
                    while (!file.exists()) {
                        for (int i2 = 0; i2 < this.mDaemons.length; i2++) {
                            String str5 = this.mDaemons[i2];
                            if (this.mArguments[i2] != null && !SystemService.isRunning(str5)) {
                                throw new IllegalStateException(str5 + " is dead");
                            }
                        }
                        checkpoint(true);
                    }
                    String[] split = FileUtils.readTextFile(file, 0, null).split(Separators.RETURN, -1);
                    if (split.length != 7) {
                        throw new IllegalStateException("Cannot parse the state");
                    }
                    Vpn.this.mConfig.interfaze = split[0].trim();
                    Vpn.this.mConfig.addLegacyAddresses(split[1]);
                    if (Vpn.this.mConfig.routes == null || Vpn.this.mConfig.routes.isEmpty()) {
                        Vpn.this.mConfig.addLegacyRoutes(split[2]);
                    }
                    if (Vpn.this.mConfig.dnsServers == null || Vpn.this.mConfig.dnsServers.size() == 0) {
                        String trim = split[3].trim();
                        if (!trim.isEmpty()) {
                            Vpn.this.mConfig.dnsServers = Arrays.asList(trim.split(Separators.SP));
                        }
                    }
                    if (Vpn.this.mConfig.searchDomains == null || Vpn.this.mConfig.searchDomains.size() == 0) {
                        String trim2 = split[4].trim();
                        if (!trim2.isEmpty()) {
                            Vpn.this.mConfig.searchDomains = Arrays.asList(trim2.split(Separators.SP));
                        }
                    }
                    String str6 = split[5];
                    if (!str6.isEmpty()) {
                        try {
                            InetAddress parseNumericAddress = InetAddress.parseNumericAddress(str6);
                            if (parseNumericAddress instanceof Inet4Address) {
                                Vpn.this.mConfig.routes.add(new RouteInfo(new IpPrefix(parseNumericAddress, 32), 9));
                            } else if (parseNumericAddress instanceof Inet6Address) {
                                Vpn.this.mConfig.routes.add(new RouteInfo(new IpPrefix(parseNumericAddress, 128), 9));
                            } else {
                                Log.e(TAG, "Unknown IP address family for VPN endpoint: " + str6);
                            }
                        } catch (IllegalArgumentException e2) {
                            Log.e(TAG, "Exception constructing throw route to " + str6 + ": " + e2);
                        }
                    }
                    synchronized (Vpn.this) {
                        Vpn.this.mConfig.startTime = SystemClock.elapsedRealtime();
                        checkpoint(false);
                        if (Vpn.this.jniCheck(Vpn.this.mConfig.interfaze) == 0) {
                            throw new IllegalStateException(Vpn.this.mConfig.interfaze + " is gone");
                        }
                        Vpn.this.mInterface = Vpn.this.mConfig.interfaze;
                        Vpn.this.mVpnUsers = new ArrayList();
                        Vpn.this.agentConnect();
                        Log.i(TAG, "Connected!");
                    }
                    if (1 == 0) {
                        for (String str7 : this.mDaemons) {
                            SystemService.stop(str7);
                        }
                    }
                    if (1 == 0 || Vpn.this.mNetworkInfo.getDetailedState() == NetworkInfo.DetailedState.CONNECTING) {
                        Vpn.this.agentDisconnect();
                    }
                } catch (Throwable th) {
                    if (0 == 0) {
                        for (String str8 : this.mDaemons) {
                            SystemService.stop(str8);
                        }
                    }
                    if (0 == 0 || Vpn.this.mNetworkInfo.getDetailedState() == NetworkInfo.DetailedState.CONNECTING) {
                        Vpn.this.agentDisconnect();
                    }
                    throw th;
                }
            } catch (Exception e3) {
                Log.i(TAG, "Aborting", e3);
                Vpn.this.updateState(NetworkInfo.DetailedState.FAILED, e3.getMessage());
                exit();
                if (0 == 0) {
                    for (String str9 : this.mDaemons) {
                        SystemService.stop(str9);
                    }
                }
                if (0 == 0 || Vpn.this.mNetworkInfo.getDetailedState() == NetworkInfo.DetailedState.CONNECTING) {
                    Vpn.this.agentDisconnect();
                }
            }
        }

        private void monitorDaemons() {
            if (Vpn.this.mNetworkInfo.isConnected()) {
                loop0: while (true) {
                    try {
                        try {
                            Thread.sleep(2000L);
                            for (int i = 0; i < this.mDaemons.length; i++) {
                                if (this.mArguments[i] != null && SystemService.isStopped(this.mDaemons[i])) {
                                    break loop0;
                                }
                            }
                        } catch (InterruptedException e) {
                            Log.d(TAG, "interrupted during monitorDaemons(); stopping services");
                            for (String str : this.mDaemons) {
                                SystemService.stop(str);
                            }
                            Vpn.this.agentDisconnect();
                            return;
                        }
                    } finally {
                        for (String str2 : this.mDaemons) {
                            SystemService.stop(str2);
                        }
                        Vpn.this.agentDisconnect();
                    }
                }
            }
        }
    }

    public Vpn(Looper looper, Context context, INetworkManagementService iNetworkManagementService, IConnectivityManager iConnectivityManager, int i) {
        this.mUserIntentReceiver = null;
        this.mContext = context;
        this.mNetd = iNetworkManagementService;
        this.mConnService = iConnectivityManager;
        this.mUserHandle = i;
        this.mLooper = looper;
        this.mOwnerUID = getAppUid(this.mPackage, this.mUserHandle);
        try {
            iNetworkManagementService.registerObserver(this.mObserver);
        } catch (RemoteException e) {
            Log.wtf(TAG, "Problem registering observer", e);
        }
        if (i == 0) {
            this.mUserIntentReceiver = new BroadcastReceiver() { // from class: com.android.server.connectivity.Vpn.1
                @Override // android.content.BroadcastReceiver
                public void onReceive(Context context2, Intent intent) {
                    String action = intent.getAction();
                    int intExtra = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, -10000);
                    if (intExtra == -10000) {
                        return;
                    }
                    if (Intent.ACTION_USER_ADDED.equals(action)) {
                        Vpn.this.onUserAdded(intExtra);
                    } else if (Intent.ACTION_USER_REMOVED.equals(action)) {
                        Vpn.this.onUserRemoved(intExtra);
                    }
                }
            };
            IntentFilter intentFilter = new IntentFilter();
            intentFilter.addAction(Intent.ACTION_USER_ADDED);
            intentFilter.addAction(Intent.ACTION_USER_REMOVED);
            this.mContext.registerReceiverAsUser(this.mUserIntentReceiver, UserHandle.ALL, intentFilter, null, null);
        }
        this.mNetworkInfo = new NetworkInfo(17, 0, NETWORKTYPE, "");
        this.mNetworkCapabilities = new NetworkCapabilities();
        this.mNetworkCapabilities.addTransportType(4);
        this.mNetworkCapabilities.removeCapability(15);
    }

    public void setEnableTeardown(boolean z) {
        this.mEnableTeardown = z;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void updateState(NetworkInfo.DetailedState detailedState, String str) {
        Log.d(TAG, "setting state=" + detailedState + ", reason=" + str);
        this.mNetworkInfo.setDetailedState(detailedState, str, null);
        if (this.mNetworkAgent != null) {
            this.mNetworkAgent.sendNetworkInfo(this.mNetworkInfo);
        }
    }

    public synchronized boolean prepare(String str, String str2) {
        long clearCallingIdentity;
        if (str != null && !str.equals(this.mPackage)) {
            if (str.equals(VpnConfig.LEGACY_VPN) || !isVpnUserPreConsented(str)) {
                return false;
            }
            clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                prepare(null, str);
                Binder.restoreCallingIdentity(clearCallingIdentity);
                return true;
            } finally {
            }
        }
        if (str2 == null) {
            return true;
        }
        if (str2.equals(this.mPackage) && !str2.equals(VpnConfig.LEGACY_VPN)) {
            return true;
        }
        enforceControlPermission();
        if (this.mInterface != null) {
            this.mStatusIntent = null;
            agentDisconnect();
            jniReset(this.mInterface);
            this.mInterface = null;
            this.mVpnUsers = null;
        }
        if (this.mConnection != null) {
            try {
                this.mConnection.mService.transact(16777215, Parcel.obtain(), null, 1);
            } catch (Exception e) {
            }
            this.mContext.unbindService(this.mConnection);
            this.mConnection = null;
        } else if (this.mLegacyVpnRunner != null) {
            this.mLegacyVpnRunner.exit();
            this.mLegacyVpnRunner = null;
        }
        clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            try {
                this.mNetd.denyProtect(this.mOwnerUID);
                Binder.restoreCallingIdentity(clearCallingIdentity);
            } catch (Exception e2) {
                Log.wtf(TAG, "Failed to disallow UID " + this.mOwnerUID + " to call protect() " + e2);
                Binder.restoreCallingIdentity(clearCallingIdentity);
            }
            Log.i(TAG, "Switched from " + this.mPackage + " to " + str2);
            this.mPackage = str2;
            this.mOwnerUID = getAppUid(str2, this.mUserHandle);
            long clearCallingIdentity2 = Binder.clearCallingIdentity();
            try {
                try {
                    this.mNetd.allowProtect(this.mOwnerUID);
                    Binder.restoreCallingIdentity(clearCallingIdentity2);
                } catch (Throwable th) {
                    Binder.restoreCallingIdentity(clearCallingIdentity2);
                    throw th;
                }
            } catch (Exception e3) {
                Log.wtf(TAG, "Failed to allow UID " + this.mOwnerUID + " to call protect() " + e3);
            }
            this.mConfig = null;
            updateState(NetworkInfo.DetailedState.IDLE, "prepare");
            return true;
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }

    public void setPackageAuthorization(boolean z) {
        enforceControlPermission();
        if (this.mPackage == null || VpnConfig.LEGACY_VPN.equals(this.mPackage)) {
            return;
        }
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            try {
                ((AppOpsManager) this.mContext.getSystemService(Context.APP_OPS_SERVICE)).setMode(47, this.mOwnerUID, this.mPackage, z ? 0 : 1);
                Binder.restoreCallingIdentity(clearCallingIdentity);
            } catch (Exception e) {
                Log.wtf(TAG, "Failed to set app ops for package " + this.mPackage, e);
                Binder.restoreCallingIdentity(clearCallingIdentity);
            }
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    private boolean isVpnUserPreConsented(String str) {
        return ((AppOpsManager) this.mContext.getSystemService(Context.APP_OPS_SERVICE)).noteOpNoThrow(47, Binder.getCallingUid(), str) == 0;
    }

    private int getAppUid(String str, int i) {
        int i2;
        if (VpnConfig.LEGACY_VPN.equals(str)) {
            return Process.myUid();
        }
        try {
            i2 = this.mContext.getPackageManager().getPackageUid(str, i);
        } catch (PackageManager.NameNotFoundException e) {
            i2 = -1;
        }
        return i2;
    }

    public NetworkInfo getNetworkInfo() {
        return this.mNetworkInfo;
    }

    private LinkProperties makeLinkProperties() {
        boolean z = this.mConfig.allowIPv4;
        boolean z2 = this.mConfig.allowIPv6;
        LinkProperties linkProperties = new LinkProperties();
        linkProperties.setInterfaceName(this.mInterface);
        if (this.mConfig.addresses != null) {
            for (LinkAddress linkAddress : this.mConfig.addresses) {
                linkProperties.addLinkAddress(linkAddress);
                z |= linkAddress.getAddress() instanceof Inet4Address;
                z2 |= linkAddress.getAddress() instanceof Inet6Address;
            }
        }
        if (this.mConfig.routes != null) {
            for (RouteInfo routeInfo : this.mConfig.routes) {
                linkProperties.addRoute(routeInfo);
                InetAddress address = routeInfo.getDestination().getAddress();
                z |= address instanceof Inet4Address;
                z2 |= address instanceof Inet6Address;
            }
        }
        if (this.mConfig.dnsServers != null) {
            Iterator<String> it = this.mConfig.dnsServers.iterator();
            while (it.hasNext()) {
                InetAddress parseNumericAddress = InetAddress.parseNumericAddress(it.next());
                linkProperties.addDnsServer(parseNumericAddress);
                z |= parseNumericAddress instanceof Inet4Address;
                z2 |= parseNumericAddress instanceof Inet6Address;
            }
        }
        if (!z) {
            linkProperties.addRoute(new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), 7));
        }
        if (!z2) {
            linkProperties.addRoute(new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), 7));
        }
        StringBuilder sb = new StringBuilder();
        if (this.mConfig.searchDomains != null) {
            Iterator<String> it2 = this.mConfig.searchDomains.iterator();
            while (it2.hasNext()) {
                sb.append(it2.next()).append(' ');
            }
        }
        linkProperties.setDomains(sb.toString().trim());
        return linkProperties;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void agentConnect() {
        LinkProperties makeLinkProperties = makeLinkProperties();
        if (makeLinkProperties.hasIPv4DefaultRoute() || makeLinkProperties.hasIPv6DefaultRoute()) {
            this.mNetworkCapabilities.addCapability(12);
        } else {
            this.mNetworkCapabilities.removeCapability(12);
        }
        this.mNetworkInfo.setIsAvailable(true);
        this.mNetworkInfo.setDetailedState(NetworkInfo.DetailedState.CONNECTED, null, null);
        NetworkMisc networkMisc = new NetworkMisc();
        networkMisc.allowBypass = this.mConfig.allowBypass;
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            this.mNetworkAgent = new NetworkAgent(this.mLooper, this.mContext, NETWORKTYPE, this.mNetworkInfo, this.mNetworkCapabilities, makeLinkProperties, 0, networkMisc) { // from class: com.android.server.connectivity.Vpn.2
                @Override // android.net.NetworkAgent
                public void unwanted() {
                }
            };
            Binder.restoreCallingIdentity(clearCallingIdentity);
            addVpnUserLocked(this.mUserHandle);
            if (this.mUserHandle == 0) {
                clearCallingIdentity = Binder.clearCallingIdentity();
                try {
                    List<UserInfo> users = UserManager.get(this.mContext).getUsers();
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    for (UserInfo userInfo : users) {
                        if (userInfo.isRestricted()) {
                            addVpnUserLocked(userInfo.id);
                        }
                    }
                } finally {
                }
            }
            this.mNetworkAgent.addUidRanges((UidRange[]) this.mVpnUsers.toArray(new UidRange[this.mVpnUsers.size()]));
        } finally {
        }
    }

    private void agentDisconnect(NetworkInfo networkInfo, NetworkAgent networkAgent) {
        networkInfo.setIsAvailable(false);
        networkInfo.setDetailedState(NetworkInfo.DetailedState.DISCONNECTED, null, null);
        if (networkAgent != null) {
            networkAgent.sendNetworkInfo(networkInfo);
        }
    }

    private void agentDisconnect(NetworkAgent networkAgent) {
        agentDisconnect(new NetworkInfo(this.mNetworkInfo), networkAgent);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void agentDisconnect() {
        if (this.mNetworkInfo.isConnected()) {
            agentDisconnect(this.mNetworkInfo, this.mNetworkAgent);
            this.mNetworkAgent = null;
        }
    }

    public synchronized ParcelFileDescriptor establish(VpnConfig vpnConfig) {
        UserManager userManager = UserManager.get(this.mContext);
        if (Binder.getCallingUid() != this.mOwnerUID) {
            return null;
        }
        Intent intent = new Intent("android.net.VpnService");
        intent.setClassName(this.mPackage, vpnConfig.user);
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            try {
                if (userManager.getUserInfo(this.mUserHandle).isRestricted() || userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN)) {
                    throw new SecurityException("Restricted users cannot establish VPNs");
                }
                ResolveInfo resolveService = AppGlobals.getPackageManager().resolveService(intent, null, 0, this.mUserHandle);
                if (resolveService == null) {
                    throw new SecurityException("Cannot find " + vpnConfig.user);
                }
                if (!Manifest.permission.BIND_VPN_SERVICE.equals(resolveService.serviceInfo.permission)) {
                    throw new SecurityException(vpnConfig.user + " does not require " + Manifest.permission.BIND_VPN_SERVICE);
                }
                VpnConfig vpnConfig2 = this.mConfig;
                String str = this.mInterface;
                Connection connection = this.mConnection;
                NetworkAgent networkAgent = this.mNetworkAgent;
                this.mNetworkAgent = null;
                List<UidRange> list = this.mVpnUsers;
                ParcelFileDescriptor adoptFd = ParcelFileDescriptor.adoptFd(jniCreate(vpnConfig.mtu));
                try {
                    updateState(NetworkInfo.DetailedState.CONNECTING, "establish");
                    String jniGetName = jniGetName(adoptFd.getFd());
                    StringBuilder sb = new StringBuilder();
                    Iterator<LinkAddress> it = vpnConfig.addresses.iterator();
                    while (it.hasNext()) {
                        sb.append(Separators.SP + it.next());
                    }
                    if (jniSetAddresses(jniGetName, sb.toString()) < 1) {
                        throw new IllegalArgumentException("At least one address must be specified");
                    }
                    Connection connection2 = new Connection();
                    if (!this.mContext.bindServiceAsUser(intent, connection2, 1, new UserHandle(this.mUserHandle))) {
                        throw new IllegalStateException("Cannot bind " + vpnConfig.user);
                    }
                    this.mConnection = connection2;
                    this.mInterface = jniGetName;
                    vpnConfig.user = this.mPackage;
                    vpnConfig.interfaze = this.mInterface;
                    vpnConfig.startTime = SystemClock.elapsedRealtime();
                    this.mConfig = vpnConfig;
                    this.mVpnUsers = new ArrayList();
                    agentConnect();
                    if (connection != null) {
                        this.mContext.unbindService(connection);
                    }
                    agentDisconnect(networkAgent);
                    if (str != null && !str.equals(jniGetName)) {
                        jniReset(str);
                    }
                    try {
                        IoUtils.setBlocking(adoptFd.getFileDescriptor(), vpnConfig.blocking);
                        Log.i(TAG, "Established by " + vpnConfig.user + " on " + this.mInterface);
                        return adoptFd;
                    } catch (IOException e) {
                        throw new IllegalStateException("Cannot set tunnel's fd as blocking=" + vpnConfig.blocking, e);
                    }
                } catch (RuntimeException e2) {
                    IoUtils.closeQuietly(adoptFd);
                    agentDisconnect();
                    this.mConfig = vpnConfig2;
                    this.mConnection = connection;
                    this.mVpnUsers = list;
                    this.mNetworkAgent = networkAgent;
                    this.mInterface = str;
                    throw e2;
                }
            } finally {
                Binder.restoreCallingIdentity(clearCallingIdentity);
            }
        } catch (RemoteException e3) {
            throw new SecurityException("Cannot find " + vpnConfig.user);
        }
    }

    private boolean isRunningLocked() {
        return this.mVpnUsers != null;
    }

    private SortedSet<Integer> getAppsUids(List<String> list, int i) {
        TreeSet treeSet = new TreeSet();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            int appUid = getAppUid(it.next(), i);
            if (appUid != -1) {
                treeSet.add(Integer.valueOf(appUid));
            }
        }
        return treeSet;
    }

    private void addVpnUserLocked(int i) {
        if (!isRunningLocked()) {
            throw new IllegalStateException("VPN is not active");
        }
        if (this.mConfig.allowedApplications != null) {
            int i2 = -1;
            int i3 = -1;
            Iterator<Integer> it = getAppsUids(this.mConfig.allowedApplications, i).iterator();
            while (it.hasNext()) {
                int intValue = it.next().intValue();
                if (i2 == -1) {
                    i2 = intValue;
                } else if (intValue != i3 + 1) {
                    this.mVpnUsers.add(new UidRange(i2, i3));
                    i2 = intValue;
                }
                i3 = intValue;
            }
            if (i2 != -1) {
                this.mVpnUsers.add(new UidRange(i2, i3));
            }
        } else if (this.mConfig.disallowedApplications != null) {
            UidRange createForUser = UidRange.createForUser(i);
            int i4 = createForUser.start;
            Iterator<Integer> it2 = getAppsUids(this.mConfig.disallowedApplications, i).iterator();
            while (it2.hasNext()) {
                int intValue2 = it2.next().intValue();
                if (intValue2 == i4) {
                    i4++;
                } else {
                    this.mVpnUsers.add(new UidRange(i4, intValue2 - 1));
                    i4 = intValue2 + 1;
                }
            }
            if (i4 <= createForUser.stop) {
                this.mVpnUsers.add(new UidRange(i4, createForUser.stop));
            }
        } else {
            this.mVpnUsers.add(UidRange.createForUser(i));
        }
        prepareStatusIntent();
    }

    private List<UidRange> uidRangesForUser(int i) {
        UidRange createForUser = UidRange.createForUser(i);
        ArrayList arrayList = new ArrayList();
        for (UidRange uidRange : this.mVpnUsers) {
            if (uidRange.start >= createForUser.start && uidRange.stop <= createForUser.stop) {
                arrayList.add(uidRange);
            }
        }
        return arrayList;
    }

    private void removeVpnUserLocked(int i) {
        if (!isRunningLocked()) {
            throw new IllegalStateException("VPN is not active");
        }
        List<UidRange> uidRangesForUser = uidRangesForUser(i);
        if (this.mNetworkAgent != null) {
            this.mNetworkAgent.removeUidRanges((UidRange[]) uidRangesForUser.toArray(new UidRange[uidRangesForUser.size()]));
        }
        this.mVpnUsers.removeAll(uidRangesForUser);
        this.mStatusIntent = null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onUserAdded(int i) {
        synchronized (this) {
            if (UserManager.get(this.mContext).getUserInfo(i).isRestricted()) {
                try {
                    addVpnUserLocked(i);
                    if (this.mNetworkAgent != null) {
                        List<UidRange> uidRangesForUser = uidRangesForUser(i);
                        this.mNetworkAgent.addUidRanges((UidRange[]) uidRangesForUser.toArray(new UidRange[uidRangesForUser.size()]));
                    }
                } catch (Exception e) {
                    Log.wtf(TAG, "Failed to add restricted user to owner", e);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onUserRemoved(int i) {
        synchronized (this) {
            if (UserManager.get(this.mContext).getUserInfo(i).isRestricted()) {
                try {
                    removeVpnUserLocked(i);
                } catch (Exception e) {
                    Log.wtf(TAG, "Failed to remove restricted user to owner", e);
                }
            }
        }
    }

    public VpnConfig getVpnConfig() {
        enforceControlPermission();
        return this.mConfig;
    }

    @Deprecated
    public synchronized void interfaceStatusChanged(String str, boolean z) {
        try {
            this.mObserver.interfaceStatusChanged(str, z);
        } catch (RemoteException e) {
        }
    }

    private void enforceControlPermission() {
        PackageManager packageManager;
        ApplicationInfo applicationInfo;
        if (Binder.getCallingUid() == 1000) {
            return;
        }
        int appId = UserHandle.getAppId(Binder.getCallingUid());
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            packageManager = this.mContext.getPackageManager();
            applicationInfo = packageManager.getApplicationInfo(VpnConfig.DIALOGS_PACKAGE, 0);
        } catch (Exception e) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
        if ((applicationInfo.flags & 1) != 0 && appId == applicationInfo.uid) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            return;
        }
        ApplicationInfo applicationInfo2 = packageManager.getApplicationInfo(KeyguardServiceDelegate.KEYGUARD_PACKAGE, 0);
        if ((applicationInfo2.flags & 1) != 0) {
            if (appId == applicationInfo2.uid) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                return;
            }
        }
        Binder.restoreCallingIdentity(clearCallingIdentity);
        throw new SecurityException("Unauthorized Caller");
    }

    private void prepareStatusIntent() {
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            this.mStatusIntent = VpnConfig.getIntentForStatusPanel(this.mContext);
            Binder.restoreCallingIdentity(clearCallingIdentity);
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    public synchronized boolean addAddress(String str, int i) {
        if (Binder.getCallingUid() != this.mOwnerUID || this.mInterface == null || this.mNetworkAgent == null) {
            return false;
        }
        boolean jniAddAddress = jniAddAddress(this.mInterface, str, i);
        if (this.mNetworkAgent != null) {
            this.mNetworkAgent.sendLinkProperties(makeLinkProperties());
        }
        return jniAddAddress;
    }

    public synchronized boolean removeAddress(String str, int i) {
        if (Binder.getCallingUid() != this.mOwnerUID || this.mInterface == null || this.mNetworkAgent == null) {
            return false;
        }
        boolean jniDelAddress = jniDelAddress(this.mInterface, str, i);
        if (this.mNetworkAgent != null) {
            this.mNetworkAgent.sendLinkProperties(makeLinkProperties());
        }
        return jniDelAddress;
    }

    private native int jniCreate(int i);

    private native String jniGetName(int i);

    private native int jniSetAddresses(String str, String str2);

    private native void jniReset(String str);

    /* JADX INFO: Access modifiers changed from: private */
    public native int jniCheck(String str);

    private native boolean jniAddAddress(String str, String str2, int i);

    private native boolean jniDelAddress(String str, String str2, int i);

    private static RouteInfo findIPv4DefaultRoute(LinkProperties linkProperties) {
        for (RouteInfo routeInfo : linkProperties.getAllRoutes()) {
            if (routeInfo.isDefaultRoute() && (routeInfo.getGateway() instanceof Inet4Address)) {
                return routeInfo;
            }
        }
        throw new IllegalStateException("Unable to find IPv4 default gateway");
    }

    public void startLegacyVpn(VpnProfile vpnProfile, KeyStore keyStore, LinkProperties linkProperties) {
        enforceControlPermission();
        if (!keyStore.isUnlocked()) {
            throw new IllegalStateException("KeyStore isn't unlocked");
        }
        UserManager userManager = UserManager.get(this.mContext);
        if (userManager.getUserInfo(this.mUserHandle).isRestricted() || userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN)) {
            throw new SecurityException("Restricted users cannot establish VPNs");
        }
        RouteInfo findIPv4DefaultRoute = findIPv4DefaultRoute(linkProperties);
        String hostAddress = findIPv4DefaultRoute.getGateway().getHostAddress();
        String str = findIPv4DefaultRoute.getInterface();
        String str2 = "";
        String str3 = "";
        String str4 = "";
        String str5 = "";
        if (!vpnProfile.ipsecUserCert.isEmpty()) {
            str2 = Credentials.USER_PRIVATE_KEY + vpnProfile.ipsecUserCert;
            byte[] bArr = keyStore.get(Credentials.USER_CERTIFICATE + vpnProfile.ipsecUserCert);
            str3 = bArr == null ? null : new String(bArr, StandardCharsets.UTF_8);
        }
        if (!vpnProfile.ipsecCaCert.isEmpty()) {
            byte[] bArr2 = keyStore.get(Credentials.CA_CERTIFICATE + vpnProfile.ipsecCaCert);
            str4 = bArr2 == null ? null : new String(bArr2, StandardCharsets.UTF_8);
        }
        if (!vpnProfile.ipsecServerCert.isEmpty()) {
            byte[] bArr3 = keyStore.get(Credentials.USER_CERTIFICATE + vpnProfile.ipsecServerCert);
            str5 = bArr3 == null ? null : new String(bArr3, StandardCharsets.UTF_8);
        }
        if (str2 == null || str3 == null || str4 == null || str5 == null) {
            throw new IllegalStateException("Cannot load credentials");
        }
        String[] strArr = null;
        switch (vpnProfile.type) {
            case 1:
                strArr = new String[]{str, vpnProfile.server, "udppsk", vpnProfile.ipsecIdentifier, vpnProfile.ipsecSecret, "1701"};
                break;
            case 2:
                strArr = new String[]{str, vpnProfile.server, "udprsa", str2, str3, str4, str5, "1701"};
                break;
            case 3:
                strArr = new String[]{str, vpnProfile.server, "xauthpsk", vpnProfile.ipsecIdentifier, vpnProfile.ipsecSecret, vpnProfile.username, vpnProfile.password, "", hostAddress};
                break;
            case 4:
                strArr = new String[]{str, vpnProfile.server, "xauthrsa", str2, str3, str4, str5, vpnProfile.username, vpnProfile.password, "", hostAddress};
                break;
            case 5:
                strArr = new String[]{str, vpnProfile.server, "hybridrsa", str4, str5, vpnProfile.username, vpnProfile.password, "", hostAddress};
                break;
        }
        String[] strArr2 = null;
        switch (vpnProfile.type) {
            case 0:
                String[] strArr3 = new String[20];
                strArr3[0] = str;
                strArr3[1] = "pptp";
                strArr3[2] = vpnProfile.server;
                strArr3[3] = "1723";
                strArr3[4] = "name";
                strArr3[5] = vpnProfile.username;
                strArr3[6] = "password";
                strArr3[7] = vpnProfile.password;
                strArr3[8] = "linkname";
                strArr3[9] = "vpn";
                strArr3[10] = "refuse-eap";
                strArr3[11] = "nodefaultroute";
                strArr3[12] = "usepeerdns";
                strArr3[13] = "idle";
                strArr3[14] = "1800";
                strArr3[15] = "mtu";
                strArr3[16] = "1400";
                strArr3[17] = "mru";
                strArr3[18] = "1400";
                strArr3[19] = vpnProfile.mppe ? "+mppe" : "nomppe";
                strArr2 = strArr3;
                break;
            case 1:
            case 2:
                strArr2 = new String[]{str, "l2tp", vpnProfile.server, "1701", vpnProfile.l2tpSecret, "name", vpnProfile.username, "password", vpnProfile.password, "linkname", "vpn", "refuse-eap", "nodefaultroute", "usepeerdns", "idle", "1800", "mtu", "1400", "mru", "1400"};
                break;
        }
        VpnConfig vpnConfig = new VpnConfig();
        vpnConfig.legacy = true;
        vpnConfig.user = vpnProfile.key;
        vpnConfig.interfaze = str;
        vpnConfig.session = vpnProfile.name;
        vpnConfig.addLegacyRoutes(vpnProfile.routes);
        if (!vpnProfile.dnsServers.isEmpty()) {
            vpnConfig.dnsServers = Arrays.asList(vpnProfile.dnsServers.split(" +"));
        }
        if (!vpnProfile.searchDomains.isEmpty()) {
            vpnConfig.searchDomains = Arrays.asList(vpnProfile.searchDomains.split(" +"));
        }
        startLegacyVpn(vpnConfig, strArr, strArr2);
    }

    private synchronized void startLegacyVpn(VpnConfig vpnConfig, String[] strArr, String[] strArr2) {
        stopLegacyVpn();
        prepare(null, VpnConfig.LEGACY_VPN);
        updateState(NetworkInfo.DetailedState.CONNECTING, "startLegacyVpn");
        this.mLegacyVpnRunner = new LegacyVpnRunner(vpnConfig, strArr, strArr2);
        this.mLegacyVpnRunner.start();
    }

    public synchronized void stopLegacyVpn() {
        if (this.mLegacyVpnRunner != null) {
            this.mLegacyVpnRunner.exit();
            this.mLegacyVpnRunner = null;
            synchronized ("LegacyVpnRunner") {
            }
        }
    }

    public synchronized LegacyVpnInfo getLegacyVpnInfo() {
        enforceControlPermission();
        if (this.mLegacyVpnRunner == null) {
            return null;
        }
        LegacyVpnInfo legacyVpnInfo = new LegacyVpnInfo();
        legacyVpnInfo.key = this.mConfig.user;
        legacyVpnInfo.state = LegacyVpnInfo.stateFromNetworkInfo(this.mNetworkInfo);
        if (this.mNetworkInfo.isConnected()) {
            legacyVpnInfo.intent = this.mStatusIntent;
        }
        return legacyVpnInfo;
    }

    public VpnConfig getLegacyVpnConfig() {
        if (this.mLegacyVpnRunner != null) {
            return this.mConfig;
        }
        return null;
    }
}
