package com.android.server.policy;

import android.Manifest;
import android.app.AppOpsManager;
import android.content.Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManagerInternal;
import android.content.pm.PackageParser;
import android.content.pm.PermissionInfo;
import android.os.UserHandle;
import android.permission.PermissionControllerManager;
import android.permission.PermissionManagerInternal;
import android.util.Slog;
import android.util.SparseIntArray;
import com.android.server.FgThread;
import com.android.server.LocalServices;
import com.android.server.SystemService;
import java.util.ArrayList;
import java.util.concurrent.CountDownLatch;

/* loaded from: input_file:com/android/server/policy/PermissionPolicyService.class */
public final class PermissionPolicyService extends SystemService {
    private static final String LOG_TAG = PermissionPolicyService.class.getSimpleName();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/server/policy/PermissionPolicyService$PermissionToOpSynchroniser.class */
    public static class PermissionToOpSynchroniser {
        private final Context mContext;
        private final PackageManager mPackageManager;
        private final AppOpsManager mAppOpsManager;
        private final SparseIntArray mAllUids = new SparseIntArray();
        private final ArrayList<OpToRestrict> mOpsToDefault = new ArrayList<>();
        private final ArrayList<OpToUnrestrict> mOpsToAllow = new ArrayList<>();
        private final ArrayList<OpToUnrestrict> mOpsToIgnore = new ArrayList<>();
        private final ArrayList<FgPermission> mFgPermOps = new ArrayList<>();

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:com/android/server/policy/PermissionPolicyService$PermissionToOpSynchroniser$FgPermission.class */
        public class FgPermission {
            final int uid;
            final String packageName;
            final String fgPermissionName;
            final String bgPermissionName;

            private FgPermission(int i, String str, String str2, String str3) {
                this.uid = i;
                this.packageName = str;
                this.fgPermissionName = str2;
                this.bgPermissionName = str3;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:com/android/server/policy/PermissionPolicyService$PermissionToOpSynchroniser$OpToRestrict.class */
        public class OpToRestrict {
            final int uid;
            final int code;

            OpToRestrict(int i, int i2) {
                this.uid = i;
                this.code = i2;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:com/android/server/policy/PermissionPolicyService$PermissionToOpSynchroniser$OpToUnrestrict.class */
        public class OpToUnrestrict {
            final int uid;
            final String packageName;
            final int code;

            OpToUnrestrict(int i, String str, int i2) {
                this.uid = i;
                this.packageName = str;
                this.code = i2;
            }
        }

        PermissionToOpSynchroniser(Context context) {
            this.mContext = context;
            this.mPackageManager = context.getPackageManager();
            this.mAppOpsManager = (AppOpsManager) context.getSystemService(AppOpsManager.class);
        }

        private void syncRestrictedOps() {
            int size = this.mOpsToAllow.size();
            for (int i = 0; i < size; i++) {
                OpToUnrestrict opToUnrestrict = this.mOpsToAllow.get(i);
                setUidModeAllowedIfDefault(opToUnrestrict.code, opToUnrestrict.uid, opToUnrestrict.packageName);
            }
            int size2 = this.mOpsToIgnore.size();
            for (int i2 = 0; i2 < size2; i2++) {
                OpToUnrestrict opToUnrestrict2 = this.mOpsToIgnore.get(i2);
                setUidModeIgnoredIfDefault(opToUnrestrict2.code, opToUnrestrict2.uid, opToUnrestrict2.packageName);
            }
            int size3 = this.mOpsToDefault.size();
            for (int i3 = 0; i3 < size3; i3++) {
                OpToRestrict opToRestrict = this.mOpsToDefault.get(i3);
                setUidModeDefault(opToRestrict.code, opToRestrict.uid);
            }
        }

        private void syncOpsOfFgPermissions() {
            int size = this.mFgPermOps.size();
            for (int i = 0; i < size; i++) {
                FgPermission fgPermission = this.mFgPermOps.get(i);
                if (this.mPackageManager.checkPermission(fgPermission.fgPermissionName, fgPermission.packageName) != 0) {
                    this.mAppOpsManager.setUidMode(AppOpsManager.permissionToOpCode(fgPermission.fgPermissionName), fgPermission.uid, 1);
                } else if (this.mPackageManager.checkPermission(fgPermission.bgPermissionName, fgPermission.packageName) == 0) {
                    this.mAppOpsManager.setUidMode(AppOpsManager.permissionToOpCode(fgPermission.fgPermissionName), fgPermission.uid, 0);
                } else {
                    this.mAppOpsManager.setUidMode(AppOpsManager.permissionToOpCode(fgPermission.fgPermissionName), fgPermission.uid, 4);
                }
            }
        }

        void syncPackages() {
            syncRestrictedOps();
            syncOpsOfFgPermissions();
        }

        private void addOpIfRestricted(PermissionInfo permissionInfo, PackageInfo packageInfo) {
            String str = permissionInfo.name;
            int permissionToOpCode = AppOpsManager.permissionToOpCode(str);
            int i = packageInfo.applicationInfo.uid;
            if (permissionInfo.isRestricted()) {
                boolean z = PackageManager.RESTRICTED_PERMISSIONS_ENABLED && (this.mPackageManager.getPermissionFlags(str, packageInfo.packageName, this.mContext.getUser()) & 16384) != 0;
                if (permissionInfo.isHardRestricted()) {
                    if (z) {
                        this.mOpsToDefault.add(new OpToRestrict(i, permissionToOpCode));
                        return;
                    } else {
                        this.mOpsToAllow.add(new OpToUnrestrict(i, packageInfo.packageName, permissionToOpCode));
                        return;
                    }
                }
                if (permissionInfo.isSoftRestricted()) {
                    if (Manifest.permission.READ_EXTERNAL_STORAGE.equals(str) || Manifest.permission.WRITE_EXTERNAL_STORAGE.equals(str)) {
                        if (z) {
                            this.mOpsToDefault.add(new OpToRestrict(i, 87));
                        } else if (packageInfo.applicationInfo.hasRequestedLegacyExternalStorage()) {
                            this.mOpsToAllow.add(new OpToUnrestrict(i, packageInfo.packageName, 87));
                        } else {
                            this.mOpsToIgnore.add(new OpToUnrestrict(i, packageInfo.packageName, 87));
                        }
                    }
                }
            }
        }

        private void addOpIfFgPermissions(PermissionInfo permissionInfo, PackageInfo packageInfo) {
            if (packageInfo.applicationInfo.targetSdkVersion >= 23 && permissionInfo.backgroundPermission != null) {
                this.mFgPermOps.add(new FgPermission(packageInfo.applicationInfo.uid, packageInfo.packageName, permissionInfo.name, permissionInfo.backgroundPermission));
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void addPackage(String str) {
            try {
                PackageInfo packageInfo = this.mPackageManager.getPackageInfo(str, 4096);
                this.mAllUids.put(packageInfo.applicationInfo.uid, packageInfo.applicationInfo.uid);
                if (packageInfo.requestedPermissions == null) {
                    return;
                }
                for (String str2 : packageInfo.requestedPermissions) {
                    if (AppOpsManager.permissionToOpCode(str2) != -1) {
                        try {
                            PermissionInfo permissionInfo = this.mPackageManager.getPermissionInfo(str2, 0);
                            addOpIfRestricted(permissionInfo, packageInfo);
                            addOpIfFgPermissions(permissionInfo, packageInfo);
                        } catch (PackageManager.NameNotFoundException e) {
                        }
                    }
                }
            } catch (PackageManager.NameNotFoundException e2) {
            }
        }

        private void setUidModeAllowedIfDefault(int i, int i2, String str) {
            setUidModeIfDefault(i, i2, 0, str);
        }

        private void setUidModeIgnoredIfDefault(int i, int i2, String str) {
            setUidModeIfDefault(i, i2, 1, str);
        }

        private void setUidModeIfDefault(int i, int i2, int i3, String str) {
            if (this.mAppOpsManager.unsafeCheckOpRaw(AppOpsManager.opToPublicName(i), i2, str) == 3) {
                this.mAppOpsManager.setUidMode(i, i2, i3);
            }
        }

        private void setUidModeDefault(int i, int i2) {
            this.mAppOpsManager.setUidMode(i, i2, 3);
        }
    }

    public PermissionPolicyService(Context context) {
        super(context);
    }

    @Override // com.android.server.SystemService
    public void onStart() {
        ((PackageManagerInternal) LocalServices.getService(PackageManagerInternal.class)).getPackageList(new PackageManagerInternal.PackageListObserver() { // from class: com.android.server.policy.PermissionPolicyService.1
            @Override // android.content.pm.PackageManagerInternal.PackageListObserver
            public void onPackageAdded(String str, int i) {
                PermissionPolicyService.synchronizePackagePermissionsAndAppOpsForUser(PermissionPolicyService.this.getContext(), str, UserHandle.getUserId(i));
            }

            @Override // android.content.pm.PackageManagerInternal.PackageListObserver
            public void onPackageChanged(String str, int i) {
                PermissionPolicyService.synchronizePackagePermissionsAndAppOpsForUser(PermissionPolicyService.this.getContext(), str, UserHandle.getUserId(i));
            }

            @Override // android.content.pm.PackageManagerInternal.PackageListObserver
            public void onPackageRemoved(String str, int i) {
            }
        });
    }

    @Override // com.android.server.SystemService
    public void onStartUser(int i) {
        grantOrUpgradeDefaultRuntimePermissionsInNeeded(getContext(), i);
        synchronizePermissionsAndAppOpsForUser(getContext(), i);
        startWatchingRuntimePermissionChanges(getContext(), i);
    }

    private static void grantOrUpgradeDefaultRuntimePermissionsInNeeded(Context context, int i) {
        if (((PackageManagerInternal) LocalServices.getService(PackageManagerInternal.class)).wereDefaultPermissionsGrantedSinceBoot(i)) {
            CountDownLatch countDownLatch = new CountDownLatch(1);
            new PermissionControllerManager(context, FgThread.getHandler()).grantOrUpgradeDefaultRuntimePermissions(FgThread.getExecutor(), bool -> {
                if (bool.booleanValue()) {
                    countDownLatch.countDown();
                } else {
                    Slog.wtf(LOG_TAG, "Error granting/upgrading runtime permissions");
                    throw new IllegalStateException("Error granting/upgrading runtime permissions");
                }
            });
            try {
                countDownLatch.await();
            } catch (InterruptedException e) {
            }
        }
    }

    private static void startWatchingRuntimePermissionChanges(Context context, int i) {
        ((PermissionManagerInternal) LocalServices.getService(PermissionManagerInternal.class)).addOnRuntimePermissionStateChangedListener((str, i2) -> {
            if (i == i2) {
                synchronizePackagePermissionsAndAppOpsForUser(context, str, i);
            }
        });
    }

    private static Context getUserContext(Context context, UserHandle userHandle) {
        if (context.getUser().equals(userHandle)) {
            return context;
        }
        try {
            return context.createPackageContextAsUser(context.getPackageName(), 0, userHandle);
        } catch (PackageManager.NameNotFoundException e) {
            Slog.e(LOG_TAG, "Cannot create context for user " + userHandle, e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void synchronizePackagePermissionsAndAppOpsForUser(Context context, String str, int i) {
        PackageManagerInternal packageManagerInternal = (PackageManagerInternal) LocalServices.getService(PackageManagerInternal.class);
        PackageInfo packageInfo = packageManagerInternal.getPackageInfo(str, 0, 1000, i);
        if (packageInfo == null) {
            return;
        }
        PermissionToOpSynchroniser permissionToOpSynchroniser = new PermissionToOpSynchroniser(getUserContext(context, UserHandle.of(i)));
        permissionToOpSynchroniser.addPackage(packageInfo.packageName);
        String[] packagesForSharedUserId = packageManagerInternal.getPackagesForSharedUserId(packageInfo.sharedUserId, i);
        if (packagesForSharedUserId != null) {
            for (String str2 : packagesForSharedUserId) {
                PackageParser.Package r0 = packageManagerInternal.getPackage(str2);
                if (r0 != null) {
                    permissionToOpSynchroniser.addPackage(r0.packageName);
                }
            }
        }
        permissionToOpSynchroniser.syncPackages();
    }

    private static void synchronizePermissionsAndAppOpsForUser(Context context, int i) {
        PackageManagerInternal packageManagerInternal = (PackageManagerInternal) LocalServices.getService(PackageManagerInternal.class);
        PermissionToOpSynchroniser permissionToOpSynchroniser = new PermissionToOpSynchroniser(getUserContext(context, UserHandle.of(i)));
        packageManagerInternal.forEachPackage(r4 -> {
            permissionToOpSynchroniser.addPackage(r4.packageName);
        });
        permissionToOpSynchroniser.syncPackages();
    }
}
