package com.android.server.connectivity;

import android.Manifest;
import android.R;
import android.app.AppGlobals;
import android.app.AppOpsManager;
import android.app.Notification;
import android.app.NotificationManager;
import android.app.PendingIntent;
import android.content.BroadcastReceiver;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.content.ServiceConnection;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
import android.content.pm.UserInfo;
import android.icu.text.PluralRules;
import android.net.ConnectivityManager;
import android.net.INetworkManagementEventObserver;
import android.net.IpPrefix;
import android.net.LinkAddress;
import android.net.LinkProperties;
import android.net.LocalSocket;
import android.net.LocalSocketAddress;
import android.net.Network;
import android.net.NetworkAgent;
import android.net.NetworkCapabilities;
import android.net.NetworkInfo;
import android.net.NetworkMisc;
import android.net.NetworkUtils;
import android.net.RouteInfo;
import android.net.UidRange;
import android.net.VpnService;
import android.os.Binder;
import android.os.Bundle;
import android.os.FileUtils;
import android.os.IBinder;
import android.os.INetworkManagementService;
import android.os.Looper;
import android.os.Parcel;
import android.os.ParcelFileDescriptor;
import android.os.Process;
import android.os.RemoteException;
import android.os.SystemClock;
import android.os.SystemService;
import android.os.UserHandle;
import android.os.UserManager;
import android.provider.Settings;
import android.security.Credentials;
import android.security.KeyStore;
import android.text.TextUtils;
import android.util.ArraySet;
import android.util.Log;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.LegacyVpnInfo;
import com.android.internal.net.VpnConfig;
import com.android.internal.net.VpnInfo;
import com.android.internal.net.VpnProfile;
import com.android.internal.notification.SystemNotificationChannels;
import com.android.internal.util.ArrayUtils;
import com.android.server.DeviceIdleController;
import com.android.server.LocalServices;
import com.android.server.net.BaseNetworkObserver;
import gov.nist.core.Separators;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.concurrent.atomic.AtomicInteger;
import libcore.io.IoUtils;

/* loaded from: input_file:com/android/server/connectivity/Vpn.class */
public class Vpn {
    private static final String NETWORKTYPE = "VPN";
    private static final String TAG = "Vpn";
    private static final boolean LOGD = true;
    private static final long VPN_LAUNCH_IDLE_WHITELIST_DURATION_MS = 60000;
    private static final long MOST_IPV4_ADDRESSES_COUNT = 3650722201L;
    private static final BigInteger MOST_IPV6_ADDRESSES_COUNT = BigInteger.ONE.shiftLeft(128).multiply(BigInteger.valueOf(85)).divide(BigInteger.valueOf(100));
    private static final int MAX_ROUTES_TO_EVALUATE = 150;
    private final Context mContext;
    private final NetworkInfo mNetworkInfo;
    private String mPackage;
    private int mOwnerUID;
    private boolean mIsPackageTargetingAtLeastQ;
    private String mInterface;
    private Connection mConnection;
    private LegacyVpnRunner mLegacyVpnRunner;
    private PendingIntent mStatusIntent;
    private volatile boolean mEnableTeardown;
    private final INetworkManagementService mNetd;

    @VisibleForTesting
    protected VpnConfig mConfig;

    @VisibleForTesting
    protected NetworkAgent mNetworkAgent;
    private final Looper mLooper;

    @VisibleForTesting
    protected final NetworkCapabilities mNetworkCapabilities;
    private final SystemServices mSystemServices;
    private boolean mAlwaysOn;
    private boolean mLockdown;
    private List<String> mLockdownWhitelist;

    @GuardedBy({"this"})
    private Set<UidRange> mBlockedUsers;
    private final int mUserHandle;
    private INetworkManagementEventObserver mObserver;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/server/connectivity/Vpn$Connection.class */
    public class Connection implements ServiceConnection {
        private IBinder mService;

        private Connection() {
        }

        @Override // android.content.ServiceConnection
        public void onServiceConnected(ComponentName componentName, IBinder iBinder) {
            this.mService = iBinder;
        }

        @Override // android.content.ServiceConnection
        public void onServiceDisconnected(ComponentName componentName) {
            this.mService = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/server/connectivity/Vpn$LegacyVpnRunner.class */
    public class LegacyVpnRunner extends Thread {
        private static final String TAG = "LegacyVpnRunner";
        private final String[] mDaemons;
        private final String[][] mArguments;
        private final LocalSocket[] mSockets;
        private final String mOuterInterface;
        private final AtomicInteger mOuterConnection;
        private long mBringupStartTime;
        private final BroadcastReceiver mBroadcastReceiver;

        /* JADX WARN: Type inference failed for: r1v9, types: [java.lang.String[], java.lang.String[][]] */
        public LegacyVpnRunner(VpnConfig vpnConfig, String[] strArr, String[] strArr2) {
            super(TAG);
            NetworkInfo networkInfo;
            this.mOuterConnection = new AtomicInteger(-1);
            this.mBringupStartTime = -1L;
            this.mBroadcastReceiver = new BroadcastReceiver() { // from class: com.android.server.connectivity.Vpn.LegacyVpnRunner.1
                @Override // android.content.BroadcastReceiver
                public void onReceive(Context context, Intent intent) {
                    NetworkInfo networkInfo2;
                    if (Vpn.this.mEnableTeardown && intent.getAction().equals(ConnectivityManager.CONNECTIVITY_ACTION) && intent.getIntExtra("networkType", -1) == LegacyVpnRunner.this.mOuterConnection.get() && (networkInfo2 = (NetworkInfo) intent.getExtra("networkInfo")) != null && !networkInfo2.isConnectedOrConnecting()) {
                        try {
                            Vpn.this.mObserver.interfaceStatusChanged(LegacyVpnRunner.this.mOuterInterface, false);
                        } catch (RemoteException e) {
                        }
                    }
                }
            };
            Vpn.this.mConfig = vpnConfig;
            this.mDaemons = new String[]{"racoon", "mtpd"};
            this.mArguments = new String[]{strArr, strArr2};
            this.mSockets = new LocalSocket[this.mDaemons.length];
            this.mOuterInterface = Vpn.this.mConfig.interfaze;
            if (!TextUtils.isEmpty(this.mOuterInterface)) {
                ConnectivityManager from = ConnectivityManager.from(Vpn.this.mContext);
                for (Network network : from.getAllNetworks()) {
                    LinkProperties linkProperties = from.getLinkProperties(network);
                    if (linkProperties != null && linkProperties.getAllInterfaceNames().contains(this.mOuterInterface) && (networkInfo = from.getNetworkInfo(network)) != null) {
                        this.mOuterConnection.set(networkInfo.getType());
                    }
                }
            }
            IntentFilter intentFilter = new IntentFilter();
            intentFilter.addAction(ConnectivityManager.CONNECTIVITY_ACTION);
            Vpn.this.mContext.registerReceiver(this.mBroadcastReceiver, intentFilter);
        }

        public void check(String str) {
            if (str.equals(this.mOuterInterface)) {
                Log.i(TAG, "Legacy VPN is going down with " + str);
                exit();
            }
        }

        public void exit() {
            interrupt();
            Vpn.this.agentDisconnect();
            try {
                Vpn.this.mContext.unregisterReceiver(this.mBroadcastReceiver);
            } catch (IllegalArgumentException e) {
            }
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            Log.v(TAG, "Waiting");
            synchronized (TAG) {
                Log.v(TAG, "Executing");
                try {
                    bringup();
                    waitForDaemonsToStop();
                    interrupted();
                    for (LocalSocket localSocket : this.mSockets) {
                        IoUtils.closeQuietly(localSocket);
                    }
                    try {
                        Thread.sleep(50L);
                    } catch (InterruptedException e) {
                    }
                    for (String str : this.mDaemons) {
                        SystemService.stop(str);
                    }
                } catch (InterruptedException e2) {
                    for (LocalSocket localSocket2 : this.mSockets) {
                        IoUtils.closeQuietly(localSocket2);
                    }
                    try {
                        Thread.sleep(50L);
                    } catch (InterruptedException e3) {
                    }
                    for (String str2 : this.mDaemons) {
                        SystemService.stop(str2);
                    }
                } catch (Throwable th) {
                    for (LocalSocket localSocket3 : this.mSockets) {
                        IoUtils.closeQuietly(localSocket3);
                    }
                    try {
                        Thread.sleep(50L);
                    } catch (InterruptedException e4) {
                    }
                    for (String str3 : this.mDaemons) {
                        SystemService.stop(str3);
                    }
                    throw th;
                }
                Vpn.this.agentDisconnect();
            }
        }

        private void checkInterruptAndDelay(boolean z) throws InterruptedException {
            if (SystemClock.elapsedRealtime() - this.mBringupStartTime <= 60000) {
                Thread.sleep(z ? 200L : 1L);
            } else {
                Vpn.this.updateState(NetworkInfo.DetailedState.FAILED, "checkpoint");
                throw new IllegalStateException("VPN bringup took too long");
            }
        }

        private void bringup() {
            try {
                this.mBringupStartTime = SystemClock.elapsedRealtime();
                for (String str : this.mDaemons) {
                    while (!SystemService.isStopped(str)) {
                        checkInterruptAndDelay(true);
                    }
                }
                File file = new File("/data/misc/vpn/state");
                file.delete();
                if (file.exists()) {
                    throw new IllegalStateException("Cannot delete the state");
                }
                new File("/data/misc/vpn/abort").delete();
                boolean z = false;
                for (String[] strArr : this.mArguments) {
                    z = z || strArr != null;
                }
                if (!z) {
                    Vpn.this.agentDisconnect();
                    return;
                }
                Vpn.this.updateState(NetworkInfo.DetailedState.CONNECTING, "execute");
                for (int i = 0; i < this.mDaemons.length; i++) {
                    String[] strArr2 = this.mArguments[i];
                    if (strArr2 != null) {
                        String str2 = this.mDaemons[i];
                        SystemService.start(str2);
                        while (!SystemService.isRunning(str2)) {
                            checkInterruptAndDelay(true);
                        }
                        this.mSockets[i] = new LocalSocket();
                        LocalSocketAddress localSocketAddress = new LocalSocketAddress(str2, LocalSocketAddress.Namespace.RESERVED);
                        while (true) {
                            try {
                                this.mSockets[i].connect(localSocketAddress);
                                break;
                            } catch (Exception e) {
                                checkInterruptAndDelay(true);
                            }
                        }
                        this.mSockets[i].setSoTimeout(500);
                        OutputStream outputStream = this.mSockets[i].getOutputStream();
                        for (String str3 : strArr2) {
                            byte[] bytes = str3.getBytes(StandardCharsets.UTF_8);
                            if (bytes.length >= 65535) {
                                throw new IllegalArgumentException("Argument is too large");
                            }
                            outputStream.write(bytes.length >> 8);
                            outputStream.write(bytes.length);
                            outputStream.write(bytes);
                            checkInterruptAndDelay(false);
                        }
                        outputStream.write(255);
                        outputStream.write(255);
                        outputStream.flush();
                        InputStream inputStream = this.mSockets[i].getInputStream();
                        while (inputStream.read() != -1) {
                            checkInterruptAndDelay(true);
                        }
                    }
                }
                while (!file.exists()) {
                    for (int i2 = 0; i2 < this.mDaemons.length; i2++) {
                        String str4 = this.mDaemons[i2];
                        if (this.mArguments[i2] != null && !SystemService.isRunning(str4)) {
                            throw new IllegalStateException(str4 + " is dead");
                        }
                    }
                    checkInterruptAndDelay(true);
                }
                String[] split = FileUtils.readTextFile(file, 0, null).split(Separators.RETURN, -1);
                if (split.length != 7) {
                    throw new IllegalStateException("Cannot parse the state");
                }
                Vpn.this.mConfig.interfaze = split[0].trim();
                Vpn.this.mConfig.addLegacyAddresses(split[1]);
                if (Vpn.this.mConfig.routes == null || Vpn.this.mConfig.routes.isEmpty()) {
                    Vpn.this.mConfig.addLegacyRoutes(split[2]);
                }
                if (Vpn.this.mConfig.dnsServers == null || Vpn.this.mConfig.dnsServers.size() == 0) {
                    String trim = split[3].trim();
                    if (!trim.isEmpty()) {
                        Vpn.this.mConfig.dnsServers = Arrays.asList(trim.split(" "));
                    }
                }
                if (Vpn.this.mConfig.searchDomains == null || Vpn.this.mConfig.searchDomains.size() == 0) {
                    String trim2 = split[4].trim();
                    if (!trim2.isEmpty()) {
                        Vpn.this.mConfig.searchDomains = Arrays.asList(trim2.split(" "));
                    }
                }
                String str5 = split[5];
                if (!str5.isEmpty()) {
                    try {
                        InetAddress parseNumericAddress = InetAddress.parseNumericAddress(str5);
                        if (parseNumericAddress instanceof Inet4Address) {
                            Vpn.this.mConfig.routes.add(new RouteInfo(new IpPrefix(parseNumericAddress, 32), 9));
                        } else if (parseNumericAddress instanceof Inet6Address) {
                            Vpn.this.mConfig.routes.add(new RouteInfo(new IpPrefix(parseNumericAddress, 128), 9));
                        } else {
                            Log.e(TAG, "Unknown IP address family for VPN endpoint: " + str5);
                        }
                    } catch (IllegalArgumentException e2) {
                        Log.e(TAG, "Exception constructing throw route to " + str5 + PluralRules.KEYWORD_RULE_SEPARATOR + e2);
                    }
                }
                synchronized (Vpn.this) {
                    Vpn.this.mConfig.startTime = SystemClock.elapsedRealtime();
                    checkInterruptAndDelay(false);
                    if (Vpn.this.jniCheck(Vpn.this.mConfig.interfaze) == 0) {
                        throw new IllegalStateException(Vpn.this.mConfig.interfaze + " is gone");
                    }
                    Vpn.this.mInterface = Vpn.this.mConfig.interfaze;
                    Vpn.this.prepareStatusIntent();
                    Vpn.this.agentConnect();
                    Log.i(TAG, "Connected!");
                }
            } catch (Exception e3) {
                Log.i(TAG, "Aborting", e3);
                Vpn.this.updateState(NetworkInfo.DetailedState.FAILED, e3.getMessage());
                exit();
            }
        }

        private void waitForDaemonsToStop() throws InterruptedException {
            if (!Vpn.this.mNetworkInfo.isConnected()) {
                return;
            }
            while (true) {
                Thread.sleep(2000L);
                for (int i = 0; i < this.mDaemons.length; i++) {
                    if (this.mArguments[i] != null && SystemService.isStopped(this.mDaemons[i])) {
                        return;
                    }
                }
            }
        }
    }

    @VisibleForTesting
    /* loaded from: input_file:com/android/server/connectivity/Vpn$SystemServices.class */
    public static class SystemServices {
        private final Context mContext;

        public SystemServices(Context context) {
            this.mContext = context;
        }

        public PendingIntent pendingIntentGetActivityAsUser(Intent intent, int i, UserHandle userHandle) {
            return PendingIntent.getActivityAsUser(this.mContext, 0, intent, i, null, userHandle);
        }

        public void settingsSecurePutStringForUser(String str, String str2, int i) {
            Settings.Secure.putStringForUser(this.mContext.getContentResolver(), str, str2, i);
        }

        public void settingsSecurePutIntForUser(String str, int i, int i2) {
            Settings.Secure.putIntForUser(this.mContext.getContentResolver(), str, i, i2);
        }

        public String settingsSecureGetStringForUser(String str, int i) {
            return Settings.Secure.getStringForUser(this.mContext.getContentResolver(), str, i);
        }

        public int settingsSecureGetIntForUser(String str, int i, int i2) {
            return Settings.Secure.getIntForUser(this.mContext.getContentResolver(), str, i, i2);
        }
    }

    public Vpn(Looper looper, Context context, INetworkManagementService iNetworkManagementService, int i) {
        this(looper, context, iNetworkManagementService, i, new SystemServices(context));
    }

    @VisibleForTesting
    protected Vpn(Looper looper, Context context, INetworkManagementService iNetworkManagementService, int i, SystemServices systemServices) {
        this.mEnableTeardown = true;
        this.mAlwaysOn = false;
        this.mLockdown = false;
        this.mLockdownWhitelist = Collections.emptyList();
        this.mBlockedUsers = new ArraySet();
        this.mObserver = new BaseNetworkObserver() { // from class: com.android.server.connectivity.Vpn.2
            @Override // com.android.server.net.BaseNetworkObserver, android.net.INetworkManagementEventObserver
            public void interfaceStatusChanged(String str, boolean z) {
                synchronized (Vpn.this) {
                    if (!z) {
                        if (Vpn.this.mLegacyVpnRunner != null) {
                            Vpn.this.mLegacyVpnRunner.check(str);
                        }
                    }
                }
            }

            @Override // com.android.server.net.BaseNetworkObserver, android.net.INetworkManagementEventObserver
            public void interfaceRemoved(String str) {
                synchronized (Vpn.this) {
                    if (str.equals(Vpn.this.mInterface) && Vpn.this.jniCheck(str) == 0) {
                        Vpn.this.mStatusIntent = null;
                        Vpn.this.mNetworkCapabilities.setUids(null);
                        Vpn.this.mConfig = null;
                        Vpn.this.mInterface = null;
                        if (Vpn.this.mConnection != null) {
                            Vpn.this.mContext.unbindService(Vpn.this.mConnection);
                            Vpn.this.mConnection = null;
                            Vpn.this.agentDisconnect();
                        } else if (Vpn.this.mLegacyVpnRunner != null) {
                            Vpn.this.mLegacyVpnRunner.exit();
                            Vpn.this.mLegacyVpnRunner = null;
                        }
                    }
                }
            }
        };
        this.mContext = context;
        this.mNetd = iNetworkManagementService;
        this.mUserHandle = i;
        this.mLooper = looper;
        this.mSystemServices = systemServices;
        this.mPackage = VpnConfig.LEGACY_VPN;
        this.mOwnerUID = getAppUid(this.mPackage, this.mUserHandle);
        this.mIsPackageTargetingAtLeastQ = doesPackageTargetAtLeastQ(this.mPackage);
        try {
            iNetworkManagementService.registerObserver(this.mObserver);
        } catch (RemoteException e) {
            Log.wtf(TAG, "Problem registering observer", e);
        }
        this.mNetworkInfo = new NetworkInfo(17, 0, NETWORKTYPE, "");
        this.mNetworkCapabilities = new NetworkCapabilities();
        this.mNetworkCapabilities.addTransportType(4);
        this.mNetworkCapabilities.removeCapability(15);
        updateCapabilities(null);
        loadAlwaysOnPackage();
    }

    public void setEnableTeardown(boolean z) {
        this.mEnableTeardown = z;
    }

    @VisibleForTesting
    protected void updateState(NetworkInfo.DetailedState detailedState, String str) {
        Log.d(TAG, "setting state=" + detailedState + ", reason=" + str);
        this.mNetworkInfo.setDetailedState(detailedState, str, null);
        if (this.mNetworkAgent != null) {
            this.mNetworkAgent.sendNetworkInfo(this.mNetworkInfo);
        }
        updateAlwaysOnNotification(detailedState);
    }

    public synchronized NetworkCapabilities updateCapabilities(Network network) {
        if (this.mConfig == null) {
            return null;
        }
        Network[] networkArr = this.mConfig.underlyingNetworks;
        if (networkArr == null && network != null) {
            networkArr = new Network[]{network};
        }
        applyUnderlyingCapabilities((ConnectivityManager) this.mContext.getSystemService(ConnectivityManager.class), networkArr, this.mNetworkCapabilities, this.mIsPackageTargetingAtLeastQ && this.mConfig.isMetered);
        return new NetworkCapabilities(this.mNetworkCapabilities);
    }

    @VisibleForTesting
    public static void applyUnderlyingCapabilities(ConnectivityManager connectivityManager, Network[] networkArr, NetworkCapabilities networkCapabilities, boolean z) {
        int[] iArr = {4};
        int i = 0;
        int i2 = 0;
        boolean z2 = z;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        if (null != networkArr) {
            for (Network network : networkArr) {
                NetworkCapabilities networkCapabilities2 = connectivityManager.getNetworkCapabilities(network);
                if (networkCapabilities2 != null) {
                    z5 = true;
                    for (int i3 : networkCapabilities2.getTransportTypes()) {
                        iArr = ArrayUtils.appendInt(iArr, i3);
                    }
                    i = NetworkCapabilities.minBandwidth(i, networkCapabilities2.getLinkDownstreamBandwidthKbps());
                    i2 = NetworkCapabilities.minBandwidth(i2, networkCapabilities2.getLinkUpstreamBandwidthKbps());
                    z2 |= !networkCapabilities2.hasCapability(11);
                    z3 |= !networkCapabilities2.hasCapability(18);
                    z4 |= !networkCapabilities2.hasCapability(20);
                }
            }
        }
        if (!z5) {
            z2 = true;
            z3 = false;
            z4 = false;
        }
        networkCapabilities.setTransportTypes(iArr);
        networkCapabilities.setLinkDownstreamBandwidthKbps(i);
        networkCapabilities.setLinkUpstreamBandwidthKbps(i2);
        networkCapabilities.setCapability(11, !z2);
        networkCapabilities.setCapability(18, !z3);
        networkCapabilities.setCapability(20, !z4);
    }

    public synchronized void setLockdown(boolean z) {
        enforceControlPermissionOrInternalCaller();
        setVpnForcedLocked(z);
        this.mLockdown = z;
        if (this.mAlwaysOn) {
            saveAlwaysOnPackage();
        }
    }

    public synchronized boolean getLockdown() {
        return this.mLockdown;
    }

    public synchronized boolean getAlwaysOn() {
        return this.mAlwaysOn;
    }

    public boolean isAlwaysOnPackageSupported(String str) {
        enforceSettingsPermission();
        if (str == null) {
            return false;
        }
        PackageManager packageManager = this.mContext.getPackageManager();
        ApplicationInfo applicationInfo = null;
        try {
            applicationInfo = packageManager.getApplicationInfoAsUser(str, 0, this.mUserHandle);
        } catch (PackageManager.NameNotFoundException e) {
            Log.w(TAG, "Can't find \"" + str + "\" when checking always-on support");
        }
        if (applicationInfo == null || applicationInfo.targetSdkVersion < 24) {
            return false;
        }
        Intent intent = new Intent("android.net.VpnService");
        intent.setPackage(str);
        List<ResolveInfo> queryIntentServicesAsUser = packageManager.queryIntentServicesAsUser(intent, 128, this.mUserHandle);
        if (queryIntentServicesAsUser == null || queryIntentServicesAsUser.size() == 0) {
            return false;
        }
        Iterator<ResolveInfo> it = queryIntentServicesAsUser.iterator();
        while (it.hasNext()) {
            Bundle bundle = it.next().serviceInfo.metaData;
            if (bundle != null && !bundle.getBoolean(VpnService.SERVICE_META_DATA_SUPPORTS_ALWAYS_ON, true)) {
                return false;
            }
        }
        return true;
    }

    public synchronized boolean setAlwaysOnPackage(String str, boolean z, List<String> list) {
        enforceControlPermissionOrInternalCaller();
        if (!setAlwaysOnPackageInternal(str, z, list)) {
            return false;
        }
        saveAlwaysOnPackage();
        return true;
    }

    @GuardedBy({"this"})
    private boolean setAlwaysOnPackageInternal(String str, boolean z, List<String> list) {
        if (VpnConfig.LEGACY_VPN.equals(str)) {
            Log.w(TAG, "Not setting legacy VPN \"" + str + "\" as always-on.");
            return false;
        }
        if (list != null) {
            for (String str2 : list) {
                if (str2.contains(",")) {
                    Log.w(TAG, "Not setting always-on vpn, invalid whitelisted package: " + str2);
                    return false;
                }
            }
        }
        if (str == null) {
            str = VpnConfig.LEGACY_VPN;
            this.mAlwaysOn = false;
        } else {
            if (!setPackageAuthorization(str, true)) {
                return false;
            }
            this.mAlwaysOn = true;
        }
        this.mLockdown = this.mAlwaysOn && z;
        this.mLockdownWhitelist = (!this.mLockdown || list == null) ? Collections.emptyList() : Collections.unmodifiableList(new ArrayList(list));
        if (!isCurrentPreparedPackage(str)) {
            prepareInternal(str);
            return true;
        }
        updateAlwaysOnNotification(this.mNetworkInfo.getDetailedState());
        setVpnForcedLocked(this.mLockdown);
        return true;
    }

    private static boolean isNullOrLegacyVpn(String str) {
        return str == null || VpnConfig.LEGACY_VPN.equals(str);
    }

    public synchronized String getAlwaysOnPackage() {
        enforceControlPermissionOrInternalCaller();
        if (this.mAlwaysOn) {
            return this.mPackage;
        }
        return null;
    }

    public synchronized List<String> getLockdownWhitelist() {
        if (this.mLockdown) {
            return this.mLockdownWhitelist;
        }
        return null;
    }

    @GuardedBy({"this"})
    private void saveAlwaysOnPackage() {
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            this.mSystemServices.settingsSecurePutStringForUser(Settings.Secure.ALWAYS_ON_VPN_APP, getAlwaysOnPackage(), this.mUserHandle);
            this.mSystemServices.settingsSecurePutIntForUser(Settings.Secure.ALWAYS_ON_VPN_LOCKDOWN, (this.mAlwaysOn && this.mLockdown) ? 1 : 0, this.mUserHandle);
            this.mSystemServices.settingsSecurePutStringForUser(Settings.Secure.ALWAYS_ON_VPN_LOCKDOWN_WHITELIST, String.join(",", this.mLockdownWhitelist), this.mUserHandle);
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }

    @GuardedBy({"this"})
    private void loadAlwaysOnPackage() {
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            String str = this.mSystemServices.settingsSecureGetStringForUser(Settings.Secure.ALWAYS_ON_VPN_APP, this.mUserHandle);
            boolean z = this.mSystemServices.settingsSecureGetIntForUser(Settings.Secure.ALWAYS_ON_VPN_LOCKDOWN, 0, this.mUserHandle) != 0;
            String str2 = this.mSystemServices.settingsSecureGetStringForUser(Settings.Secure.ALWAYS_ON_VPN_LOCKDOWN_WHITELIST, this.mUserHandle);
            setAlwaysOnPackageInternal(str, z, TextUtils.isEmpty(str2) ? Collections.emptyList() : Arrays.asList(str2.split(",")));
            Binder.restoreCallingIdentity(clearCallingIdentity);
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    public boolean startAlwaysOnVpn() {
        synchronized (this) {
            String alwaysOnPackage = getAlwaysOnPackage();
            if (alwaysOnPackage == null) {
                return true;
            }
            if (!isAlwaysOnPackageSupported(alwaysOnPackage)) {
                setAlwaysOnPackage(null, false, null);
                return false;
            }
            if (getNetworkInfo().isConnected()) {
                return true;
            }
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                ((DeviceIdleController.LocalService) LocalServices.getService(DeviceIdleController.LocalService.class)).addPowerSaveTempWhitelistApp(Process.myUid(), alwaysOnPackage, 60000L, this.mUserHandle, false, "vpn");
                Intent intent = new Intent("android.net.VpnService");
                intent.setPackage(alwaysOnPackage);
                try {
                    boolean z = this.mContext.startServiceAsUser(intent, UserHandle.of(this.mUserHandle)) != null;
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    return z;
                } catch (RuntimeException e) {
                    Log.e(TAG, "VpnService " + intent + " failed to start", e);
                    Binder.restoreCallingIdentity(clearCallingIdentity);
                    return false;
                }
            } catch (Throwable th) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        }
    }

    public synchronized boolean prepare(String str, String str2) {
        if (str != null) {
            if (this.mAlwaysOn && !isCurrentPreparedPackage(str)) {
                return false;
            }
            if (!isCurrentPreparedPackage(str)) {
                if (str.equals(VpnConfig.LEGACY_VPN) || !isVpnUserPreConsented(str)) {
                    return false;
                }
                prepareInternal(str);
                return true;
            }
            if (!str.equals(VpnConfig.LEGACY_VPN) && !isVpnUserPreConsented(str)) {
                prepareInternal(VpnConfig.LEGACY_VPN);
                return false;
            }
        }
        if (str2 == null) {
            return true;
        }
        if (!str2.equals(VpnConfig.LEGACY_VPN) && isCurrentPreparedPackage(str2)) {
            return true;
        }
        enforceControlPermission();
        if (this.mAlwaysOn && !isCurrentPreparedPackage(str2)) {
            return false;
        }
        prepareInternal(str2);
        return true;
    }

    private boolean isCurrentPreparedPackage(String str) {
        return getAppUid(str, this.mUserHandle) == this.mOwnerUID;
    }

    private void prepareInternal(String str) {
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            if (this.mInterface != null) {
                this.mStatusIntent = null;
                agentDisconnect();
                jniReset(this.mInterface);
                this.mInterface = null;
                this.mNetworkCapabilities.setUids(null);
            }
            if (this.mConnection != null) {
                try {
                    this.mConnection.mService.transact(16777215, Parcel.obtain(), null, 1);
                } catch (Exception e) {
                }
                this.mContext.unbindService(this.mConnection);
                this.mConnection = null;
            } else if (this.mLegacyVpnRunner != null) {
                this.mLegacyVpnRunner.exit();
                this.mLegacyVpnRunner = null;
            }
            try {
                this.mNetd.denyProtect(this.mOwnerUID);
            } catch (Exception e2) {
                Log.wtf(TAG, "Failed to disallow UID " + this.mOwnerUID + " to call protect() " + e2);
            }
            Log.i(TAG, "Switched from " + this.mPackage + " to " + str);
            this.mPackage = str;
            this.mOwnerUID = getAppUid(str, this.mUserHandle);
            this.mIsPackageTargetingAtLeastQ = doesPackageTargetAtLeastQ(str);
            try {
                this.mNetd.allowProtect(this.mOwnerUID);
            } catch (Exception e3) {
                Log.wtf(TAG, "Failed to allow UID " + this.mOwnerUID + " to call protect() " + e3);
            }
            this.mConfig = null;
            updateState(NetworkInfo.DetailedState.IDLE, "prepare");
            setVpnForcedLocked(this.mLockdown);
            Binder.restoreCallingIdentity(clearCallingIdentity);
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    public boolean setPackageAuthorization(String str, boolean z) {
        enforceControlPermissionOrInternalCaller();
        int appUid = getAppUid(str, this.mUserHandle);
        if (appUid == -1 || VpnConfig.LEGACY_VPN.equals(str)) {
            return false;
        }
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            try {
                ((AppOpsManager) this.mContext.getSystemService(Context.APP_OPS_SERVICE)).setMode(47, appUid, str, z ? 0 : 1);
                Binder.restoreCallingIdentity(clearCallingIdentity);
                return true;
            } catch (Exception e) {
                Log.wtf(TAG, "Failed to set app ops for package " + str + ", uid " + appUid, e);
                Binder.restoreCallingIdentity(clearCallingIdentity);
                return false;
            }
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    private boolean isVpnUserPreConsented(String str) {
        return ((AppOpsManager) this.mContext.getSystemService(Context.APP_OPS_SERVICE)).noteOpNoThrow(47, Binder.getCallingUid(), str) == 0;
    }

    private int getAppUid(String str, int i) {
        int i2;
        if (VpnConfig.LEGACY_VPN.equals(str)) {
            return Process.myUid();
        }
        try {
            i2 = this.mContext.getPackageManager().getPackageUidAsUser(str, i);
        } catch (PackageManager.NameNotFoundException e) {
            i2 = -1;
        }
        return i2;
    }

    private boolean doesPackageTargetAtLeastQ(String str) {
        if (VpnConfig.LEGACY_VPN.equals(str)) {
            return true;
        }
        try {
            return this.mContext.getPackageManager().getApplicationInfoAsUser(str, 0, this.mUserHandle).targetSdkVersion >= 29;
        } catch (PackageManager.NameNotFoundException e) {
            Log.w(TAG, "Can't find \"" + str + Separators.DOUBLE_QUOTE);
            return false;
        }
    }

    public NetworkInfo getNetworkInfo() {
        return this.mNetworkInfo;
    }

    public int getNetId() {
        if (this.mNetworkAgent != null) {
            return this.mNetworkAgent.netId;
        }
        return 0;
    }

    private LinkProperties makeLinkProperties() {
        boolean z = this.mConfig.allowIPv4;
        boolean z2 = this.mConfig.allowIPv6;
        LinkProperties linkProperties = new LinkProperties();
        linkProperties.setInterfaceName(this.mInterface);
        if (this.mConfig.addresses != null) {
            for (LinkAddress linkAddress : this.mConfig.addresses) {
                linkProperties.addLinkAddress(linkAddress);
                z |= linkAddress.getAddress() instanceof Inet4Address;
                z2 |= linkAddress.getAddress() instanceof Inet6Address;
            }
        }
        if (this.mConfig.routes != null) {
            for (RouteInfo routeInfo : this.mConfig.routes) {
                linkProperties.addRoute(routeInfo);
                InetAddress address = routeInfo.getDestination().getAddress();
                z |= address instanceof Inet4Address;
                z2 |= address instanceof Inet6Address;
            }
        }
        if (this.mConfig.dnsServers != null) {
            Iterator<String> it = this.mConfig.dnsServers.iterator();
            while (it.hasNext()) {
                InetAddress parseNumericAddress = InetAddress.parseNumericAddress(it.next());
                linkProperties.addDnsServer(parseNumericAddress);
                z |= parseNumericAddress instanceof Inet4Address;
                z2 |= parseNumericAddress instanceof Inet6Address;
            }
        }
        linkProperties.setHttpProxy(this.mConfig.proxyInfo);
        if (!z) {
            linkProperties.addRoute(new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), 7));
        }
        if (!z2) {
            linkProperties.addRoute(new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), 7));
        }
        StringBuilder sb = new StringBuilder();
        if (this.mConfig.searchDomains != null) {
            Iterator<String> it2 = this.mConfig.searchDomains.iterator();
            while (it2.hasNext()) {
                sb.append(it2.next()).append(' ');
            }
        }
        linkProperties.setDomains(sb.toString().trim());
        return linkProperties;
    }

    @VisibleForTesting
    static boolean providesRoutesToMostDestinations(LinkProperties linkProperties) {
        List<RouteInfo> allRoutes = linkProperties.getAllRoutes();
        if (allRoutes.size() > 150) {
            return true;
        }
        Comparator<IpPrefix> lengthComparator = IpPrefix.lengthComparator();
        TreeSet treeSet = new TreeSet(lengthComparator);
        TreeSet treeSet2 = new TreeSet(lengthComparator);
        for (RouteInfo routeInfo : allRoutes) {
            if (routeInfo.getType() != 7) {
                IpPrefix destination = routeInfo.getDestination();
                if (destination.isIPv4()) {
                    treeSet.add(destination);
                } else {
                    treeSet2.add(destination);
                }
            }
        }
        return NetworkUtils.routedIPv4AddressCount(treeSet) > MOST_IPV4_ADDRESSES_COUNT || NetworkUtils.routedIPv6AddressCount(treeSet2).compareTo(MOST_IPV6_ADDRESSES_COUNT) >= 0;
    }

    private boolean updateLinkPropertiesInPlaceIfPossible(NetworkAgent networkAgent, VpnConfig vpnConfig) {
        if (vpnConfig.allowBypass != this.mConfig.allowBypass) {
            Log.i(TAG, "Handover not possible due to changes to allowBypass");
            return false;
        }
        if (!Objects.equals(vpnConfig.allowedApplications, this.mConfig.allowedApplications) || !Objects.equals(vpnConfig.disallowedApplications, this.mConfig.disallowedApplications)) {
            Log.i(TAG, "Handover not possible due to changes to whitelisted/blacklisted apps");
            return false;
        }
        LinkProperties makeLinkProperties = makeLinkProperties();
        if (this.mNetworkCapabilities.hasCapability(12) != providesRoutesToMostDestinations(makeLinkProperties)) {
            Log.i(TAG, "Handover not possible due to changes to INTERNET capability");
            return false;
        }
        networkAgent.sendLinkProperties(makeLinkProperties);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void agentConnect() {
        LinkProperties makeLinkProperties = makeLinkProperties();
        if (providesRoutesToMostDestinations(makeLinkProperties)) {
            this.mNetworkCapabilities.addCapability(12);
        } else {
            this.mNetworkCapabilities.removeCapability(12);
        }
        this.mNetworkInfo.setDetailedState(NetworkInfo.DetailedState.CONNECTING, null, null);
        NetworkMisc networkMisc = new NetworkMisc();
        networkMisc.allowBypass = this.mConfig.allowBypass && !this.mLockdown;
        this.mNetworkCapabilities.setEstablishingVpnAppUid(Binder.getCallingUid());
        this.mNetworkCapabilities.setUids(createUserAndRestrictedProfilesRanges(this.mUserHandle, this.mConfig.allowedApplications, this.mConfig.disallowedApplications));
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            this.mNetworkAgent = new NetworkAgent(this.mLooper, this.mContext, NETWORKTYPE, this.mNetworkInfo, this.mNetworkCapabilities, makeLinkProperties, 101, networkMisc, -2) { // from class: com.android.server.connectivity.Vpn.1
                @Override // android.net.NetworkAgent
                public void unwanted() {
                }
            };
            Binder.restoreCallingIdentity(clearCallingIdentity);
            this.mNetworkInfo.setIsAvailable(true);
            updateState(NetworkInfo.DetailedState.CONNECTED, "agentConnect");
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    private boolean canHaveRestrictedProfile(int i) {
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            boolean canHaveRestrictedProfile = UserManager.get(this.mContext).canHaveRestrictedProfile(i);
            Binder.restoreCallingIdentity(clearCallingIdentity);
            return canHaveRestrictedProfile;
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    private void agentDisconnect(NetworkAgent networkAgent) {
        if (networkAgent != null) {
            NetworkInfo networkInfo = new NetworkInfo(this.mNetworkInfo);
            networkInfo.setIsAvailable(false);
            networkInfo.setDetailedState(NetworkInfo.DetailedState.DISCONNECTED, null, null);
            networkAgent.sendNetworkInfo(networkInfo);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void agentDisconnect() {
        if (this.mNetworkInfo.isConnected()) {
            this.mNetworkInfo.setIsAvailable(false);
            updateState(NetworkInfo.DetailedState.DISCONNECTED, "agentDisconnect");
            this.mNetworkAgent = null;
        }
    }

    public synchronized ParcelFileDescriptor establish(VpnConfig vpnConfig) {
        UserManager userManager = UserManager.get(this.mContext);
        if (Binder.getCallingUid() != this.mOwnerUID || !isVpnUserPreConsented(this.mPackage)) {
            return null;
        }
        Intent intent = new Intent("android.net.VpnService");
        intent.setClassName(this.mPackage, vpnConfig.user);
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            try {
                if (userManager.getUserInfo(this.mUserHandle).isRestricted()) {
                    throw new SecurityException("Restricted users cannot establish VPNs");
                }
                ResolveInfo resolveService = AppGlobals.getPackageManager().resolveService(intent, null, 0, this.mUserHandle);
                if (resolveService == null) {
                    throw new SecurityException("Cannot find " + vpnConfig.user);
                }
                if (!Manifest.permission.BIND_VPN_SERVICE.equals(resolveService.serviceInfo.permission)) {
                    throw new SecurityException(vpnConfig.user + " does not require " + Manifest.permission.BIND_VPN_SERVICE);
                }
                VpnConfig vpnConfig2 = this.mConfig;
                String str = this.mInterface;
                Connection connection = this.mConnection;
                NetworkAgent networkAgent = this.mNetworkAgent;
                Set<UidRange> uids = this.mNetworkCapabilities.getUids();
                ParcelFileDescriptor adoptFd = ParcelFileDescriptor.adoptFd(jniCreate(vpnConfig.mtu));
                try {
                    String jniGetName = jniGetName(adoptFd.getFd());
                    StringBuilder sb = new StringBuilder();
                    Iterator<LinkAddress> it = vpnConfig.addresses.iterator();
                    while (it.hasNext()) {
                        sb.append(" " + it.next());
                    }
                    if (jniSetAddresses(jniGetName, sb.toString()) < 1) {
                        throw new IllegalArgumentException("At least one address must be specified");
                    }
                    Connection connection2 = new Connection();
                    if (!this.mContext.bindServiceAsUser(intent, connection2, 67108865, new UserHandle(this.mUserHandle))) {
                        throw new IllegalStateException("Cannot bind " + vpnConfig.user);
                    }
                    this.mConnection = connection2;
                    this.mInterface = jniGetName;
                    vpnConfig.user = this.mPackage;
                    vpnConfig.interfaze = this.mInterface;
                    vpnConfig.startTime = SystemClock.elapsedRealtime();
                    this.mConfig = vpnConfig;
                    if (vpnConfig2 == null || !updateLinkPropertiesInPlaceIfPossible(this.mNetworkAgent, vpnConfig2)) {
                        this.mNetworkAgent = null;
                        updateState(NetworkInfo.DetailedState.CONNECTING, "establish");
                        agentConnect();
                        agentDisconnect(networkAgent);
                    }
                    if (connection != null) {
                        this.mContext.unbindService(connection);
                    }
                    if (str != null && !str.equals(jniGetName)) {
                        jniReset(str);
                    }
                    try {
                        IoUtils.setBlocking(adoptFd.getFileDescriptor(), vpnConfig.blocking);
                        Log.i(TAG, "Established by " + vpnConfig.user + " on " + this.mInterface);
                        return adoptFd;
                    } catch (IOException e) {
                        throw new IllegalStateException("Cannot set tunnel's fd as blocking=" + vpnConfig.blocking, e);
                    }
                } catch (RuntimeException e2) {
                    IoUtils.closeQuietly(adoptFd);
                    agentDisconnect();
                    this.mConfig = vpnConfig2;
                    this.mConnection = connection;
                    this.mNetworkCapabilities.setUids(uids);
                    this.mNetworkAgent = networkAgent;
                    this.mInterface = str;
                    throw e2;
                }
            } catch (RemoteException e3) {
                throw new SecurityException("Cannot find " + vpnConfig.user);
            }
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }

    private boolean isRunningLocked() {
        return (this.mNetworkAgent == null || this.mInterface == null) ? false : true;
    }

    @VisibleForTesting
    protected boolean isCallerEstablishedOwnerLocked() {
        return isRunningLocked() && Binder.getCallingUid() == this.mOwnerUID;
    }

    private SortedSet<Integer> getAppsUids(List<String> list, int i) {
        TreeSet treeSet = new TreeSet();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            int appUid = getAppUid(it.next(), i);
            if (appUid != -1) {
                treeSet.add(Integer.valueOf(appUid));
            }
        }
        return treeSet;
    }

    @VisibleForTesting
    Set<UidRange> createUserAndRestrictedProfilesRanges(int i, List<String> list, List<String> list2) {
        ArraySet arraySet = new ArraySet();
        addUserToRanges(arraySet, i, list, list2);
        if (canHaveRestrictedProfile(i)) {
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                List<UserInfo> users = UserManager.get(this.mContext).getUsers(true);
                Binder.restoreCallingIdentity(clearCallingIdentity);
                for (UserInfo userInfo : users) {
                    if (userInfo.isRestricted() && userInfo.restrictedProfileParentId == i) {
                        addUserToRanges(arraySet, userInfo.id, list, list2);
                    }
                }
            } catch (Throwable th) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        }
        return arraySet;
    }

    @VisibleForTesting
    void addUserToRanges(Set<UidRange> set, int i, List<String> list, List<String> list2) {
        if (list != null) {
            int i2 = -1;
            int i3 = -1;
            Iterator<Integer> it = getAppsUids(list, i).iterator();
            while (it.hasNext()) {
                int intValue = it.next().intValue();
                if (i2 == -1) {
                    i2 = intValue;
                } else if (intValue != i3 + 1) {
                    set.add(new UidRange(i2, i3));
                    i2 = intValue;
                }
                i3 = intValue;
            }
            if (i2 != -1) {
                set.add(new UidRange(i2, i3));
                return;
            }
            return;
        }
        if (list2 == null) {
            set.add(UidRange.createForUser(i));
            return;
        }
        UidRange createForUser = UidRange.createForUser(i);
        int i4 = createForUser.start;
        Iterator<Integer> it2 = getAppsUids(list2, i).iterator();
        while (it2.hasNext()) {
            int intValue2 = it2.next().intValue();
            if (intValue2 == i4) {
                i4++;
            } else {
                set.add(new UidRange(i4, intValue2 - 1));
                i4 = intValue2 + 1;
            }
        }
        if (i4 <= createForUser.stop) {
            set.add(new UidRange(i4, createForUser.stop));
        }
    }

    private static List<UidRange> uidRangesForUser(int i, Set<UidRange> set) {
        UidRange createForUser = UidRange.createForUser(i);
        ArrayList arrayList = new ArrayList();
        for (UidRange uidRange : set) {
            if (createForUser.containsRange(uidRange)) {
                arrayList.add(uidRange);
            }
        }
        return arrayList;
    }

    public void onUserAdded(int i) {
        UserInfo userInfo = UserManager.get(this.mContext).getUserInfo(i);
        if (userInfo.isRestricted() && userInfo.restrictedProfileParentId == this.mUserHandle) {
            synchronized (this) {
                Set<UidRange> uids = this.mNetworkCapabilities.getUids();
                if (uids != null) {
                    try {
                        addUserToRanges(uids, i, this.mConfig.allowedApplications, this.mConfig.disallowedApplications);
                        this.mNetworkCapabilities.setUids(uids);
                    } catch (Exception e) {
                        Log.wtf(TAG, "Failed to add restricted user to owner", e);
                    }
                }
                setVpnForcedLocked(this.mLockdown);
            }
        }
    }

    public void onUserRemoved(int i) {
        UserInfo userInfo = UserManager.get(this.mContext).getUserInfo(i);
        if (userInfo.isRestricted() && userInfo.restrictedProfileParentId == this.mUserHandle) {
            synchronized (this) {
                Set<UidRange> uids = this.mNetworkCapabilities.getUids();
                if (uids != null) {
                    try {
                        uids.removeAll(uidRangesForUser(i, uids));
                        this.mNetworkCapabilities.setUids(uids);
                    } catch (Exception e) {
                        Log.wtf(TAG, "Failed to remove restricted user to owner", e);
                    }
                }
                setVpnForcedLocked(this.mLockdown);
            }
        }
    }

    public synchronized void onUserStopped() {
        setLockdown(false);
        this.mAlwaysOn = false;
        agentDisconnect();
    }

    @GuardedBy({"this"})
    private void setVpnForcedLocked(boolean z) {
        List<String> arrayList;
        if (isNullOrLegacyVpn(this.mPackage)) {
            arrayList = null;
        } else {
            arrayList = new ArrayList<>(this.mLockdownWhitelist);
            arrayList.add(this.mPackage);
        }
        ArraySet arraySet = new ArraySet(this.mBlockedUsers);
        Set<UidRange> emptySet = Collections.emptySet();
        if (z) {
            emptySet = createUserAndRestrictedProfilesRanges(this.mUserHandle, null, arrayList);
            for (UidRange uidRange : emptySet) {
                if (uidRange.start == 0) {
                    emptySet.remove(uidRange);
                    if (uidRange.stop != 0) {
                        emptySet.add(new UidRange(1, uidRange.stop));
                    }
                }
            }
            arraySet.removeAll(emptySet);
            emptySet.removeAll(this.mBlockedUsers);
        }
        setAllowOnlyVpnForUids(false, arraySet);
        setAllowOnlyVpnForUids(true, emptySet);
    }

    @GuardedBy({"this"})
    private boolean setAllowOnlyVpnForUids(boolean z, Collection<UidRange> collection) {
        if (collection.size() == 0) {
            return true;
        }
        try {
            this.mNetd.setAllowOnlyVpnForUids(z, (UidRange[]) collection.toArray(new UidRange[collection.size()]));
            if (z) {
                this.mBlockedUsers.addAll(collection);
                return true;
            }
            this.mBlockedUsers.removeAll(collection);
            return true;
        } catch (RemoteException | RuntimeException e) {
            Log.e(TAG, "Updating blocked=" + z + " for UIDs " + Arrays.toString(collection.toArray()) + " failed", e);
            return false;
        }
    }

    public VpnConfig getVpnConfig() {
        enforceControlPermission();
        return this.mConfig;
    }

    @Deprecated
    public synchronized void interfaceStatusChanged(String str, boolean z) {
        try {
            this.mObserver.interfaceStatusChanged(str, z);
        } catch (RemoteException e) {
        }
    }

    private void enforceControlPermission() {
        this.mContext.enforceCallingPermission(Manifest.permission.CONTROL_VPN, "Unauthorized Caller");
    }

    private void enforceControlPermissionOrInternalCaller() {
        this.mContext.enforceCallingOrSelfPermission(Manifest.permission.CONTROL_VPN, "Unauthorized Caller");
    }

    private void enforceSettingsPermission() {
        this.mContext.enforceCallingOrSelfPermission(Manifest.permission.NETWORK_SETTINGS, "Unauthorized Caller");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void prepareStatusIntent() {
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            this.mStatusIntent = VpnConfig.getIntentForStatusPanel(this.mContext);
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }

    public synchronized boolean addAddress(String str, int i) {
        if (!isCallerEstablishedOwnerLocked()) {
            return false;
        }
        boolean jniAddAddress = jniAddAddress(this.mInterface, str, i);
        this.mNetworkAgent.sendLinkProperties(makeLinkProperties());
        return jniAddAddress;
    }

    public synchronized boolean removeAddress(String str, int i) {
        if (!isCallerEstablishedOwnerLocked()) {
            return false;
        }
        boolean jniDelAddress = jniDelAddress(this.mInterface, str, i);
        this.mNetworkAgent.sendLinkProperties(makeLinkProperties());
        return jniDelAddress;
    }

    public synchronized boolean setUnderlyingNetworks(Network[] networkArr) {
        if (!isCallerEstablishedOwnerLocked()) {
            return false;
        }
        if (networkArr == null) {
            this.mConfig.underlyingNetworks = null;
            return true;
        }
        this.mConfig.underlyingNetworks = new Network[networkArr.length];
        for (int i = 0; i < networkArr.length; i++) {
            if (networkArr[i] == null) {
                this.mConfig.underlyingNetworks[i] = null;
            } else {
                this.mConfig.underlyingNetworks[i] = new Network(networkArr[i].netId);
            }
        }
        return true;
    }

    public synchronized Network[] getUnderlyingNetworks() {
        if (isRunningLocked()) {
            return this.mConfig.underlyingNetworks;
        }
        return null;
    }

    public synchronized VpnInfo getVpnInfo() {
        if (!isRunningLocked()) {
            return null;
        }
        VpnInfo vpnInfo = new VpnInfo();
        vpnInfo.ownerUid = this.mOwnerUID;
        vpnInfo.vpnIface = this.mInterface;
        return vpnInfo;
    }

    public synchronized boolean appliesToUid(int i) {
        if (isRunningLocked()) {
            return this.mNetworkCapabilities.appliesToUid(i);
        }
        return false;
    }

    public synchronized boolean isBlockingUid(int i) {
        return this.mNetworkInfo.isConnected() ? !appliesToUid(i) : UidRange.containsUid(this.mBlockedUsers, i);
    }

    private void updateAlwaysOnNotification(NetworkInfo.DetailedState detailedState) {
        boolean z = this.mAlwaysOn && detailedState != NetworkInfo.DetailedState.CONNECTED;
        UserHandle of = UserHandle.of(this.mUserHandle);
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            NotificationManager from = NotificationManager.from(this.mContext);
            if (!z) {
                from.cancelAsUser(TAG, 17, of);
                Binder.restoreCallingIdentity(clearCallingIdentity);
                return;
            }
            Intent intent = new Intent();
            intent.setComponent(ComponentName.unflattenFromString(this.mContext.getString(R.string.config_customVpnAlwaysOnDisconnectedDialogComponent)));
            intent.putExtra("lockdown", this.mLockdown);
            intent.addFlags(268435456);
            from.notifyAsUser(TAG, 17, new Notification.Builder(this.mContext, SystemNotificationChannels.VPN).setSmallIcon(R.drawable.vpn_connected).setContentTitle(this.mContext.getString(R.string.vpn_lockdown_disconnected)).setContentText(this.mContext.getString(R.string.vpn_lockdown_config)).setContentIntent(this.mSystemServices.pendingIntentGetActivityAsUser(intent, 201326592, of)).setCategory(Notification.CATEGORY_SYSTEM).setVisibility(1).setOngoing(true).setColor(this.mContext.getColor(R.color.system_notification_accent_color)).build(), of);
            Binder.restoreCallingIdentity(clearCallingIdentity);
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    private native int jniCreate(int i);

    private native String jniGetName(int i);

    private native int jniSetAddresses(String str, String str2);

    private native void jniReset(String str);

    /* JADX INFO: Access modifiers changed from: private */
    public native int jniCheck(String str);

    private native boolean jniAddAddress(String str, String str2, int i);

    private native boolean jniDelAddress(String str, String str2, int i);

    private static RouteInfo findIPv4DefaultRoute(LinkProperties linkProperties) {
        for (RouteInfo routeInfo : linkProperties.getAllRoutes()) {
            if (routeInfo.isDefaultRoute() && (routeInfo.getGateway() instanceof Inet4Address)) {
                return routeInfo;
            }
        }
        throw new IllegalStateException("Unable to find IPv4 default gateway");
    }

    public void startLegacyVpn(VpnProfile vpnProfile, KeyStore keyStore, LinkProperties linkProperties) {
        enforceControlPermission();
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            startLegacyVpnPrivileged(vpnProfile, keyStore, linkProperties);
            Binder.restoreCallingIdentity(clearCallingIdentity);
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    public void startLegacyVpnPrivileged(VpnProfile vpnProfile, KeyStore keyStore, LinkProperties linkProperties) {
        UserManager userManager = UserManager.get(this.mContext);
        if (userManager.getUserInfo(this.mUserHandle).isRestricted() || userManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN, new UserHandle(this.mUserHandle))) {
            throw new SecurityException("Restricted users cannot establish VPNs");
        }
        RouteInfo findIPv4DefaultRoute = findIPv4DefaultRoute(linkProperties);
        String hostAddress = findIPv4DefaultRoute.getGateway().getHostAddress();
        String str = findIPv4DefaultRoute.getInterface();
        String str2 = "";
        String str3 = "";
        String str4 = "";
        String str5 = "";
        if (!vpnProfile.ipsecUserCert.isEmpty()) {
            str2 = Credentials.USER_PRIVATE_KEY + vpnProfile.ipsecUserCert;
            byte[] bArr = keyStore.get(Credentials.USER_CERTIFICATE + vpnProfile.ipsecUserCert);
            str3 = bArr == null ? null : new String(bArr, StandardCharsets.UTF_8);
        }
        if (!vpnProfile.ipsecCaCert.isEmpty()) {
            byte[] bArr2 = keyStore.get(Credentials.CA_CERTIFICATE + vpnProfile.ipsecCaCert);
            str4 = bArr2 == null ? null : new String(bArr2, StandardCharsets.UTF_8);
        }
        if (!vpnProfile.ipsecServerCert.isEmpty()) {
            byte[] bArr3 = keyStore.get(Credentials.USER_CERTIFICATE + vpnProfile.ipsecServerCert);
            str5 = bArr3 == null ? null : new String(bArr3, StandardCharsets.UTF_8);
        }
        if (str2 == null || str3 == null || str4 == null || str5 == null) {
            throw new IllegalStateException("Cannot load credentials");
        }
        String[] strArr = null;
        switch (vpnProfile.type) {
            case 1:
                strArr = new String[]{str, vpnProfile.server, "udppsk", vpnProfile.ipsecIdentifier, vpnProfile.ipsecSecret, "1701"};
                break;
            case 2:
                strArr = new String[]{str, vpnProfile.server, "udprsa", str2, str3, str4, str5, "1701"};
                break;
            case 3:
                strArr = new String[]{str, vpnProfile.server, "xauthpsk", vpnProfile.ipsecIdentifier, vpnProfile.ipsecSecret, vpnProfile.username, vpnProfile.password, "", hostAddress};
                break;
            case 4:
                strArr = new String[]{str, vpnProfile.server, "xauthrsa", str2, str3, str4, str5, vpnProfile.username, vpnProfile.password, "", hostAddress};
                break;
            case 5:
                strArr = new String[]{str, vpnProfile.server, "hybridrsa", str4, str5, vpnProfile.username, vpnProfile.password, "", hostAddress};
                break;
        }
        String[] strArr2 = null;
        switch (vpnProfile.type) {
            case 0:
                String[] strArr3 = new String[20];
                strArr3[0] = str;
                strArr3[1] = "pptp";
                strArr3[2] = vpnProfile.server;
                strArr3[3] = "1723";
                strArr3[4] = "name";
                strArr3[5] = vpnProfile.username;
                strArr3[6] = "password";
                strArr3[7] = vpnProfile.password;
                strArr3[8] = "linkname";
                strArr3[9] = "vpn";
                strArr3[10] = "refuse-eap";
                strArr3[11] = "nodefaultroute";
                strArr3[12] = "usepeerdns";
                strArr3[13] = "idle";
                strArr3[14] = "1800";
                strArr3[15] = "mtu";
                strArr3[16] = "1400";
                strArr3[17] = "mru";
                strArr3[18] = "1400";
                strArr3[19] = vpnProfile.mppe ? "+mppe" : "nomppe";
                strArr2 = strArr3;
                break;
            case 1:
            case 2:
                strArr2 = new String[]{str, "l2tp", vpnProfile.server, "1701", vpnProfile.l2tpSecret, "name", vpnProfile.username, "password", vpnProfile.password, "linkname", "vpn", "refuse-eap", "nodefaultroute", "usepeerdns", "idle", "1800", "mtu", "1400", "mru", "1400"};
                break;
        }
        VpnConfig vpnConfig = new VpnConfig();
        vpnConfig.legacy = true;
        vpnConfig.user = vpnProfile.key;
        vpnConfig.interfaze = str;
        vpnConfig.session = vpnProfile.name;
        vpnConfig.isMetered = false;
        vpnConfig.proxyInfo = vpnProfile.proxy;
        vpnConfig.addLegacyRoutes(vpnProfile.routes);
        if (!vpnProfile.dnsServers.isEmpty()) {
            vpnConfig.dnsServers = Arrays.asList(vpnProfile.dnsServers.split(" +"));
        }
        if (!vpnProfile.searchDomains.isEmpty()) {
            vpnConfig.searchDomains = Arrays.asList(vpnProfile.searchDomains.split(" +"));
        }
        startLegacyVpn(vpnConfig, strArr, strArr2);
    }

    private synchronized void startLegacyVpn(VpnConfig vpnConfig, String[] strArr, String[] strArr2) {
        stopLegacyVpnPrivileged();
        prepareInternal(VpnConfig.LEGACY_VPN);
        updateState(NetworkInfo.DetailedState.CONNECTING, "startLegacyVpn");
        this.mLegacyVpnRunner = new LegacyVpnRunner(vpnConfig, strArr, strArr2);
        this.mLegacyVpnRunner.start();
    }

    public synchronized void stopLegacyVpnPrivileged() {
        if (this.mLegacyVpnRunner != null) {
            this.mLegacyVpnRunner.exit();
            this.mLegacyVpnRunner = null;
            synchronized ("LegacyVpnRunner") {
            }
        }
    }

    public synchronized LegacyVpnInfo getLegacyVpnInfo() {
        enforceControlPermission();
        return getLegacyVpnInfoPrivileged();
    }

    public synchronized LegacyVpnInfo getLegacyVpnInfoPrivileged() {
        if (this.mLegacyVpnRunner == null) {
            return null;
        }
        LegacyVpnInfo legacyVpnInfo = new LegacyVpnInfo();
        legacyVpnInfo.key = this.mConfig.user;
        legacyVpnInfo.state = LegacyVpnInfo.stateFromNetworkInfo(this.mNetworkInfo);
        if (this.mNetworkInfo.isConnected()) {
            legacyVpnInfo.intent = this.mStatusIntent;
        }
        return legacyVpnInfo;
    }

    public VpnConfig getLegacyVpnConfig() {
        if (this.mLegacyVpnRunner != null) {
            return this.mConfig;
        }
        return null;
    }
}
