package com.android.server.pm;

import android.content.pm.ApplicationInfo;
import android.content.pm.PackageParser;
import android.os.Environment;
import android.provider.Telephony;
import android.security.keystore.KeyProperties;
import android.system.ErrnoException;
import android.system.Os;
import android.system.OsConstants;
import android.util.Slog;
import android.util.Xml;
import com.android.server.pm.Policy;
import gov.nist.core.Separators;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import libcore.io.IoUtils;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;

/* loaded from: input_file:com/android/server/pm/SELinuxMMAC.class */
public final class SELinuxMMAC {
    static final String TAG = "SELinuxMMAC";
    private static final boolean DEBUG_POLICY = false;
    private static final boolean DEBUG_POLICY_INSTALL = false;
    private static final boolean DEBUG_POLICY_ORDER = false;
    private static List<Policy> sPolicies = new ArrayList();
    private static final File VERSION_FILE = new File("/selinux_version");
    private static final File MAC_PERMISSIONS = new File(Environment.getRootDirectory(), "/etc/security/mac_permissions.xml");
    private static final File SEAPP_CONTEXTS = new File("/seapp_contexts");
    private static final byte[] SEAPP_CONTEXTS_HASH = returnHash(SEAPP_CONTEXTS);
    private static final String XATTR_SEAPP_HASH = "user.seapp_hash";
    private static final String PRIVILEGED_APP_STR = ":privapp";
    private static final String AUTOPLAY_APP_STR = ":autoplayapp";

    public static boolean readInstallPolicy() {
        ArrayList arrayList = new ArrayList();
        FileReader fileReader = null;
        XmlPullParser newPullParser = Xml.newPullParser();
        try {
            try {
                try {
                    fileReader = new FileReader(MAC_PERMISSIONS);
                    Slog.d(TAG, "Using policy file " + MAC_PERMISSIONS);
                    newPullParser.setInput(fileReader);
                    newPullParser.nextTag();
                    newPullParser.require(2, null, "policy");
                    while (newPullParser.next() != 3) {
                        if (newPullParser.getEventType() == 2) {
                            String name = newPullParser.getName();
                            boolean z = -1;
                            switch (name.hashCode()) {
                                case -902467798:
                                    if (name.equals("signer")) {
                                        z = false;
                                    }
                                default:
                                    switch (z) {
                                        case false:
                                            arrayList.add(readSignerOrThrow(newPullParser));
                                            break;
                                        default:
                                            skip(newPullParser);
                                            break;
                                    }
                                    break;
                            }
                        }
                    }
                    IoUtils.closeQuietly(fileReader);
                    PolicyComparator policyComparator = new PolicyComparator();
                    Collections.sort(arrayList, policyComparator);
                    if (policyComparator.foundDuplicate()) {
                        Slog.w(TAG, "ERROR! Duplicate entries found parsing " + MAC_PERMISSIONS);
                        return false;
                    }
                    synchronized (sPolicies) {
                        sPolicies = arrayList;
                    }
                    return true;
                } catch (IllegalArgumentException | IllegalStateException | XmlPullParserException e) {
                    Slog.w(TAG, "Exception @" + newPullParser.getPositionDescription() + " while parsing " + MAC_PERMISSIONS + Separators.COLON + e);
                    IoUtils.closeQuietly(fileReader);
                    return false;
                }
            } catch (IOException e2) {
                Slog.w(TAG, "Exception parsing " + MAC_PERMISSIONS, e2);
                IoUtils.closeQuietly(fileReader);
                return false;
            }
        } catch (Throwable th) {
            IoUtils.closeQuietly(fileReader);
            throw th;
        }
    }

    private static Policy readSignerOrThrow(XmlPullParser xmlPullParser) throws IOException, XmlPullParserException {
        xmlPullParser.require(2, null, "signer");
        Policy.PolicyBuilder policyBuilder = new Policy.PolicyBuilder();
        String attributeValue = xmlPullParser.getAttributeValue(null, "signature");
        if (attributeValue != null) {
            policyBuilder.addSignature(attributeValue);
        }
        while (xmlPullParser.next() != 3) {
            if (xmlPullParser.getEventType() == 2) {
                String name = xmlPullParser.getName();
                if ("seinfo".equals(name)) {
                    policyBuilder.setGlobalSeinfoOrThrow(xmlPullParser.getAttributeValue(null, "value"));
                    readSeinfo(xmlPullParser);
                } else if (Telephony.Sms.Intents.EXTRA_PACKAGE_NAME.equals(name)) {
                    readPackageOrThrow(xmlPullParser, policyBuilder);
                } else if ("cert".equals(name)) {
                    policyBuilder.addSignature(xmlPullParser.getAttributeValue(null, "signature"));
                    readCert(xmlPullParser);
                } else {
                    skip(xmlPullParser);
                }
            }
        }
        return policyBuilder.build();
    }

    private static void readPackageOrThrow(XmlPullParser xmlPullParser, Policy.PolicyBuilder policyBuilder) throws IOException, XmlPullParserException {
        xmlPullParser.require(2, null, Telephony.Sms.Intents.EXTRA_PACKAGE_NAME);
        String attributeValue = xmlPullParser.getAttributeValue(null, "name");
        while (xmlPullParser.next() != 3) {
            if (xmlPullParser.getEventType() == 2) {
                if ("seinfo".equals(xmlPullParser.getName())) {
                    policyBuilder.addInnerPackageMapOrThrow(attributeValue, xmlPullParser.getAttributeValue(null, "value"));
                    readSeinfo(xmlPullParser);
                } else {
                    skip(xmlPullParser);
                }
            }
        }
    }

    private static void readCert(XmlPullParser xmlPullParser) throws IOException, XmlPullParserException {
        xmlPullParser.require(2, null, "cert");
        xmlPullParser.nextTag();
    }

    private static void readSeinfo(XmlPullParser xmlPullParser) throws IOException, XmlPullParserException {
        xmlPullParser.require(2, null, "seinfo");
        xmlPullParser.nextTag();
    }

    private static void skip(XmlPullParser xmlPullParser) throws IOException, XmlPullParserException {
        if (xmlPullParser.getEventType() != 2) {
            throw new IllegalStateException();
        }
        int i = 1;
        while (i != 0) {
            switch (xmlPullParser.next()) {
                case 2:
                    i++;
                    break;
                case 3:
                    i--;
                    break;
            }
        }
    }

    public static void assignSeinfoValue(PackageParser.Package r4) {
        synchronized (sPolicies) {
            Iterator<Policy> it = sPolicies.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String matchedSeinfo = it.next().getMatchedSeinfo(r4);
                if (matchedSeinfo != null) {
                    r4.applicationInfo.seinfo = matchedSeinfo;
                    break;
                }
            }
        }
        if (r4.applicationInfo.isAutoPlayApp()) {
            StringBuilder sb = new StringBuilder();
            ApplicationInfo applicationInfo = r4.applicationInfo;
            applicationInfo.seinfo = sb.append(applicationInfo.seinfo).append(AUTOPLAY_APP_STR).toString();
        }
        if (r4.applicationInfo.isPrivilegedApp()) {
            StringBuilder sb2 = new StringBuilder();
            ApplicationInfo applicationInfo2 = r4.applicationInfo;
            applicationInfo2.seinfo = sb2.append(applicationInfo2.seinfo).append(PRIVILEGED_APP_STR).toString();
        }
    }

    public static boolean isRestoreconNeeded(File file) {
        try {
            byte[] bArr = new byte[20];
            if (Os.getxattr(file.getAbsolutePath(), XATTR_SEAPP_HASH, bArr) == 20) {
                return !Arrays.equals(SEAPP_CONTEXTS_HASH, bArr);
            }
            return true;
        } catch (ErrnoException e) {
            if (e.errno == OsConstants.ENODATA) {
                return true;
            }
            Slog.e(TAG, "Failed to read seapp hash for " + file, e);
            return true;
        }
    }

    public static void setRestoreconDone(File file) {
        try {
            Os.setxattr(file.getAbsolutePath(), XATTR_SEAPP_HASH, SEAPP_CONTEXTS_HASH, 0);
        } catch (ErrnoException e) {
            Slog.e(TAG, "Failed to persist seapp hash in " + file, e);
        }
    }

    private static byte[] returnHash(File file) {
        try {
            return MessageDigest.getInstance(KeyProperties.DIGEST_SHA1).digest(IoUtils.readFileAsByteArray(file.getAbsolutePath()));
        } catch (IOException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
