package com.android.server.recoverysystem;

import android.Manifest;
import android.content.Context;
import android.content.IntentSender;
import android.net.INetd;
import android.net.LocalSocket;
import android.net.LocalSocketAddress;
import android.os.Binder;
import android.os.IRecoverySystem;
import android.os.IRecoverySystemProgressListener;
import android.os.PowerManager;
import android.os.RecoverySystem;
import android.os.RemoteException;
import android.os.ResultReceiver;
import android.os.ShellCallback;
import android.os.SystemProperties;
import android.util.Slog;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.widget.LockSettingsInternal;
import com.android.internal.widget.RebootEscrowListener;
import com.android.server.LocalServices;
import com.android.server.SystemService;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.FileDescriptor;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import libcore.io.IoUtils;

/* loaded from: input_file:com/android/server/recoverysystem/RecoverySystemService.class */
public class RecoverySystemService extends IRecoverySystem.Stub implements RebootEscrowListener {
    private static final String TAG = "RecoverySystemService";
    private static final boolean DEBUG = false;
    private static final String UNCRYPT_SOCKET = "uncrypt";

    @VisibleForTesting
    static final String INIT_SERVICE_UNCRYPT = "init.svc.uncrypt";

    @VisibleForTesting
    static final String INIT_SERVICE_SETUP_BCB = "init.svc.setup-bcb";

    @VisibleForTesting
    static final String INIT_SERVICE_CLEAR_BCB = "init.svc.clear-bcb";
    private static final Object sRequestLock = new Object();
    private static final int SOCKET_CONNECTION_MAX_RETRY = 30;
    private final Injector mInjector;
    private final Context mContext;
    private boolean mPreparedForReboot;
    private String mUnattendedRebootToken;
    private IntentSender mPreparedForRebootIntentSender;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/android/server/recoverysystem/RecoverySystemService$Injector.class */
    public static class Injector {
        protected final Context mContext;

        Injector(Context context) {
            this.mContext = context;
        }

        public Context getContext() {
            return this.mContext;
        }

        public LockSettingsInternal getLockSettingsService() {
            return (LockSettingsInternal) LocalServices.getService(LockSettingsInternal.class);
        }

        public PowerManager getPowerManager() {
            return (PowerManager) this.mContext.getSystemService(Context.POWER_SERVICE);
        }

        public String systemPropertiesGet(String str) {
            return SystemProperties.get(str);
        }

        public void systemPropertiesSet(String str, String str2) {
            SystemProperties.set(str, str2);
        }

        public boolean uncryptPackageFileDelete() {
            return RecoverySystem.UNCRYPT_PACKAGE_FILE.delete();
        }

        public String getUncryptPackageFileName() {
            return RecoverySystem.UNCRYPT_PACKAGE_FILE.getName();
        }

        public FileWriter getUncryptPackageFileWriter() throws IOException {
            return new FileWriter(RecoverySystem.UNCRYPT_PACKAGE_FILE);
        }

        public UncryptSocket connectService() {
            UncryptSocket uncryptSocket = new UncryptSocket();
            if (uncryptSocket.connectService()) {
                return uncryptSocket;
            }
            uncryptSocket.close();
            return null;
        }

        public void threadSleep(long j) throws InterruptedException {
            Thread.sleep(j);
        }
    }

    /* loaded from: input_file:com/android/server/recoverysystem/RecoverySystemService$Lifecycle.class */
    public static final class Lifecycle extends SystemService {
        private RecoverySystemService mRecoverySystemService;

        public Lifecycle(Context context) {
            super(context);
        }

        @Override // com.android.server.SystemService
        public void onBootPhase(int i) {
            if (i == 500) {
                this.mRecoverySystemService.onSystemServicesReady();
            }
        }

        @Override // com.android.server.SystemService
        public void onStart() {
            this.mRecoverySystemService = new RecoverySystemService(getContext());
            publishBinderService("recovery", this.mRecoverySystemService);
        }
    }

    /* loaded from: input_file:com/android/server/recoverysystem/RecoverySystemService$UncryptSocket.class */
    public static class UncryptSocket {
        private LocalSocket mLocalSocket;
        private DataInputStream mInputStream;
        private DataOutputStream mOutputStream;

        public boolean connectService() {
            this.mLocalSocket = new LocalSocket();
            boolean z = false;
            for (int i = 0; i < 30; i++) {
                try {
                    this.mLocalSocket.connect(new LocalSocketAddress(RecoverySystemService.UNCRYPT_SOCKET, LocalSocketAddress.Namespace.RESERVED));
                    z = true;
                    break;
                } catch (IOException e) {
                    try {
                        Thread.sleep(1000L);
                    } catch (InterruptedException e2) {
                        Slog.w(RecoverySystemService.TAG, "Interrupted:", e2);
                    }
                }
            }
            if (!z) {
                Slog.e(RecoverySystemService.TAG, "Timed out connecting to uncrypt socket");
                close();
                return false;
            }
            try {
                this.mInputStream = new DataInputStream(this.mLocalSocket.getInputStream());
                this.mOutputStream = new DataOutputStream(this.mLocalSocket.getOutputStream());
                return true;
            } catch (IOException e3) {
                close();
                return false;
            }
        }

        public void sendCommand(String str) throws IOException {
            byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
            this.mOutputStream.writeInt(bytes.length);
            this.mOutputStream.write(bytes, 0, bytes.length);
        }

        public int getPercentageUncrypted() throws IOException {
            return this.mInputStream.readInt();
        }

        public void sendAck() throws IOException {
            this.mOutputStream.writeInt(0);
        }

        public void close() {
            IoUtils.closeQuietly(this.mInputStream);
            IoUtils.closeQuietly(this.mOutputStream);
            IoUtils.closeQuietly(this.mLocalSocket);
        }
    }

    private RecoverySystemService(Context context) {
        this(new Injector(context));
    }

    @VisibleForTesting
    RecoverySystemService(Injector injector) {
        this.mInjector = injector;
        this.mContext = injector.getContext();
    }

    @VisibleForTesting
    void onSystemServicesReady() {
        this.mInjector.getLockSettingsService().setRebootEscrowListener(this);
    }

    /* JADX WARN: Finally extract failed */
    @Override // android.os.IRecoverySystem
    public boolean uncrypt(String str, IRecoverySystemProgressListener iRecoverySystemProgressListener) {
        int percentageUncrypted;
        synchronized (sRequestLock) {
            this.mContext.enforceCallingOrSelfPermission(Manifest.permission.RECOVERY, null);
            if (!checkAndWaitForUncryptService()) {
                Slog.e(TAG, "uncrypt service is unavailable.");
                return false;
            }
            this.mInjector.uncryptPackageFileDelete();
            try {
                FileWriter uncryptPackageFileWriter = this.mInjector.getUncryptPackageFileWriter();
                try {
                    uncryptPackageFileWriter.write(str + "\n");
                    if (uncryptPackageFileWriter != null) {
                        uncryptPackageFileWriter.close();
                    }
                    this.mInjector.systemPropertiesSet("ctl.start", UNCRYPT_SOCKET);
                    UncryptSocket connectService = this.mInjector.connectService();
                    if (connectService == null) {
                        Slog.e(TAG, "Failed to connect to uncrypt socket");
                        return false;
                    }
                    int i = Integer.MIN_VALUE;
                    while (true) {
                        try {
                            try {
                                percentageUncrypted = connectService.getPercentageUncrypted();
                                if (percentageUncrypted != i || i == Integer.MIN_VALUE) {
                                    i = percentageUncrypted;
                                    if (percentageUncrypted < 0 || percentageUncrypted > 100) {
                                        break;
                                    }
                                    Slog.i(TAG, "uncrypt read status: " + percentageUncrypted);
                                    if (iRecoverySystemProgressListener != null) {
                                        try {
                                            iRecoverySystemProgressListener.onProgress(percentageUncrypted);
                                        } catch (RemoteException e) {
                                            Slog.w(TAG, "RemoteException when posting progress");
                                        }
                                    }
                                    if (percentageUncrypted == 100) {
                                        Slog.i(TAG, "uncrypt successfully finished.");
                                        connectService.sendAck();
                                        connectService.close();
                                        return true;
                                    }
                                }
                            } catch (IOException e2) {
                                Slog.e(TAG, "IOException when reading status: ", e2);
                                connectService.close();
                                return false;
                            }
                        } catch (Throwable th) {
                            connectService.close();
                            throw th;
                        }
                    }
                    Slog.e(TAG, "uncrypt failed with status: " + percentageUncrypted);
                    connectService.sendAck();
                    connectService.close();
                    return false;
                } catch (Throwable th2) {
                    if (uncryptPackageFileWriter != null) {
                        try {
                            uncryptPackageFileWriter.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    }
                    throw th2;
                }
            } catch (IOException e3) {
                Slog.e(TAG, "IOException when writing \"" + this.mInjector.getUncryptPackageFileName() + "\":", e3);
                return false;
            }
        }
    }

    @Override // android.os.IRecoverySystem
    public boolean clearBcb() {
        boolean z;
        synchronized (sRequestLock) {
            z = setupOrClearBcb(false, null);
        }
        return z;
    }

    @Override // android.os.IRecoverySystem
    public boolean setupBcb(String str) {
        boolean z;
        synchronized (sRequestLock) {
            z = setupOrClearBcb(true, str);
        }
        return z;
    }

    @Override // android.os.IRecoverySystem
    public void rebootRecoveryWithCommand(String str) {
        synchronized (sRequestLock) {
            if (setupOrClearBcb(true, str)) {
                this.mInjector.getPowerManager().reboot("recovery");
            }
        }
    }

    @Override // android.os.IRecoverySystem
    public boolean requestLskf(String str, IntentSender intentSender) {
        this.mContext.enforceCallingOrSelfPermission(Manifest.permission.RECOVERY, null);
        if (str == null) {
            return false;
        }
        if (this.mPreparedForReboot && str.equals(this.mUnattendedRebootToken)) {
            return true;
        }
        this.mPreparedForReboot = false;
        this.mUnattendedRebootToken = str;
        this.mPreparedForRebootIntentSender = intentSender;
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            this.mInjector.getLockSettingsService().prepareRebootEscrow();
            Binder.restoreCallingIdentity(clearCallingIdentity);
            return true;
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }

    @Override // com.android.internal.widget.RebootEscrowListener
    public void onPreparedForReboot(boolean z) {
        if (this.mUnattendedRebootToken == null) {
            Slog.w(TAG, "onPreparedForReboot called when mUnattendedRebootToken is null");
        }
        this.mPreparedForReboot = z;
        if (z) {
            sendPreparedForRebootIntentIfNeeded();
        }
    }

    private void sendPreparedForRebootIntentIfNeeded() {
        IntentSender intentSender = this.mPreparedForRebootIntentSender;
        if (intentSender != null) {
            try {
                intentSender.sendIntent(null, 0, null, null, null);
            } catch (IntentSender.SendIntentException e) {
                Slog.w(TAG, "Could not send intent for prepared reboot: " + e.getMessage());
            }
        }
    }

    @Override // android.os.IRecoverySystem
    public boolean clearLskf() {
        this.mContext.enforceCallingOrSelfPermission(Manifest.permission.RECOVERY, null);
        this.mPreparedForReboot = false;
        this.mUnattendedRebootToken = null;
        this.mPreparedForRebootIntentSender = null;
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            this.mInjector.getLockSettingsService().clearRebootEscrow();
            return true;
        } finally {
            Binder.restoreCallingIdentity(clearCallingIdentity);
        }
    }

    @Override // android.os.IRecoverySystem
    public boolean rebootWithLskf(String str, String str2) {
        this.mContext.enforceCallingOrSelfPermission(Manifest.permission.RECOVERY, null);
        if (!this.mPreparedForReboot) {
            Slog.i(TAG, "Reboot requested before prepare completed");
            return false;
        }
        if (str != null && !str.equals(this.mUnattendedRebootToken)) {
            Slog.i(TAG, "Reboot requested after preparation, but with mismatching token");
            return false;
        }
        if (this.mInjector.getLockSettingsService().armRebootEscrow()) {
            this.mInjector.getPowerManager().reboot(str2);
            return true;
        }
        Slog.w(TAG, "Failure to escrow key for reboot");
        return false;
    }

    private boolean checkAndWaitForUncryptService() {
        for (int i = 0; i < 30; i++) {
            if (!(INetd.IF_FLAG_RUNNING.equals(this.mInjector.systemPropertiesGet(INIT_SERVICE_UNCRYPT)) || INetd.IF_FLAG_RUNNING.equals(this.mInjector.systemPropertiesGet(INIT_SERVICE_SETUP_BCB)) || INetd.IF_FLAG_RUNNING.equals(this.mInjector.systemPropertiesGet(INIT_SERVICE_CLEAR_BCB)))) {
                return true;
            }
            try {
                this.mInjector.threadSleep(1000L);
            } catch (InterruptedException e) {
                Slog.w(TAG, "Interrupted:", e);
            }
        }
        return false;
    }

    private boolean setupOrClearBcb(boolean z, String str) {
        this.mContext.enforceCallingOrSelfPermission(Manifest.permission.RECOVERY, null);
        if (!checkAndWaitForUncryptService()) {
            Slog.e(TAG, "uncrypt service is unavailable.");
            return false;
        }
        if (z) {
            this.mInjector.systemPropertiesSet("ctl.start", "setup-bcb");
        } else {
            this.mInjector.systemPropertiesSet("ctl.start", "clear-bcb");
        }
        UncryptSocket connectService = this.mInjector.connectService();
        try {
            if (connectService == null) {
                Slog.e(TAG, "Failed to connect to uncrypt socket");
                return false;
            }
            if (z) {
                try {
                    connectService.sendCommand(str);
                } catch (IOException e) {
                    Slog.e(TAG, "IOException when communicating with uncrypt:", e);
                    connectService.close();
                    return false;
                }
            }
            int percentageUncrypted = connectService.getPercentageUncrypted();
            connectService.sendAck();
            if (percentageUncrypted == 100) {
                Slog.i(TAG, "uncrypt " + (z ? "setup" : "clear") + " bcb successfully finished.");
                connectService.close();
                return true;
            }
            Slog.e(TAG, "uncrypt failed with status: " + percentageUncrypted);
            connectService.close();
            return false;
        } catch (Throwable th) {
            connectService.close();
            throw th;
        }
    }

    private boolean isCallerShell() {
        int callingUid = Binder.getCallingUid();
        return callingUid == 2000 || callingUid == 0;
    }

    private void enforceShell() {
        if (!isCallerShell()) {
            throw new SecurityException("Caller must be shell");
        }
    }

    @Override // android.os.Binder
    public void onShellCommand(FileDescriptor fileDescriptor, FileDescriptor fileDescriptor2, FileDescriptor fileDescriptor3, String[] strArr, ShellCallback shellCallback, ResultReceiver resultReceiver) {
        enforceShell();
        long clearCallingIdentity = Binder.clearCallingIdentity();
        try {
            new RecoverySystemShellCommand(this).exec(this, fileDescriptor, fileDescriptor2, fileDescriptor3, strArr, shellCallback, resultReceiver);
            Binder.restoreCallingIdentity(clearCallingIdentity);
        } catch (Throwable th) {
            Binder.restoreCallingIdentity(clearCallingIdentity);
            throw th;
        }
    }
}
