package com.android.server.blob;

import android.app.blob.BlobHandle;
import android.app.blob.IBlobCommitCallback;
import android.app.blob.IBlobStoreSession;
import android.app.blob.XmlTags;
import android.content.Context;
import android.os.Binder;
import android.os.FileUtils;
import android.os.ParcelFileDescriptor;
import android.os.RemoteException;
import android.os.RevocableFileDescriptor;
import android.os.Trace;
import android.os.storage.StorageManager;
import android.provider.MediaStore;
import android.system.ErrnoException;
import android.system.Os;
import android.system.OsConstants;
import android.util.ExceptionUtils;
import android.util.Slog;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.util.IndentingPrintWriter;
import com.android.internal.util.Preconditions;
import com.android.internal.util.XmlUtils;
import com.android.server.blob.BlobStoreManagerService;
import java.io.File;
import java.io.FileDescriptor;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Objects;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;
import org.xmlpull.v1.XmlSerializer;

/* JADX INFO: Access modifiers changed from: package-private */
@VisibleForTesting
/* loaded from: input_file:com/android/server/blob/BlobStoreSession.class */
public class BlobStoreSession extends IBlobStoreSession.Stub {
    static final int STATE_OPENED = 1;
    static final int STATE_CLOSED = 0;
    static final int STATE_ABANDONED = 2;
    static final int STATE_COMMITTED = 3;
    static final int STATE_VERIFIED_VALID = 4;
    static final int STATE_VERIFIED_INVALID = 5;
    private final Object mSessionLock;
    private final Context mContext;
    private final BlobStoreManagerService.SessionStateChangeListener mListener;
    private final BlobHandle mBlobHandle;
    private final long mSessionId;
    private final int mOwnerUid;
    private final String mOwnerPackageName;
    private final long mCreationTimeMs;
    private File mSessionFile;

    @GuardedBy({"mRevocableFds"})
    private ArrayList<RevocableFileDescriptor> mRevocableFds;
    private byte[] mDataDigest;

    @GuardedBy({"mSessionLock"})
    private int mState;

    @GuardedBy({"mSessionLock"})
    private final BlobAccessMode mBlobAccessMode;

    @GuardedBy({"mSessionLock"})
    private IBlobCommitCallback mBlobCommitCallback;

    private BlobStoreSession(Context context, long j, BlobHandle blobHandle, int i, String str, long j2, BlobStoreManagerService.SessionStateChangeListener sessionStateChangeListener) {
        this.mSessionLock = new Object();
        this.mRevocableFds = new ArrayList<>();
        this.mState = 0;
        this.mBlobAccessMode = new BlobAccessMode();
        this.mContext = context;
        this.mBlobHandle = blobHandle;
        this.mSessionId = j;
        this.mOwnerUid = i;
        this.mOwnerPackageName = str;
        this.mCreationTimeMs = j2;
        this.mListener = sessionStateChangeListener;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BlobStoreSession(Context context, long j, BlobHandle blobHandle, int i, String str, BlobStoreManagerService.SessionStateChangeListener sessionStateChangeListener) {
        this(context, j, blobHandle, i, str, System.currentTimeMillis(), sessionStateChangeListener);
    }

    public BlobHandle getBlobHandle() {
        return this.mBlobHandle;
    }

    public long getSessionId() {
        return this.mSessionId;
    }

    public int getOwnerUid() {
        return this.mOwnerUid;
    }

    public String getOwnerPackageName() {
        return this.mOwnerPackageName;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasAccess(int i, String str) {
        return this.mOwnerUid == i && this.mOwnerPackageName.equals(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void open() {
        synchronized (this.mSessionLock) {
            if (isFinalized()) {
                throw new IllegalStateException("Not allowed to open session with state: " + stateToString(this.mState));
            }
            this.mState = 1;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getState() {
        int i;
        synchronized (this.mSessionLock) {
            i = this.mState;
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void sendCommitCallbackResult(int i) {
        synchronized (this.mSessionLock) {
            try {
                this.mBlobCommitCallback.onResult(i);
            } catch (RemoteException e) {
                Slog.d(BlobStoreConfig.TAG, "Error sending the callback result", e);
            }
            this.mBlobCommitCallback = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BlobAccessMode getBlobAccessMode() {
        BlobAccessMode blobAccessMode;
        synchronized (this.mSessionLock) {
            blobAccessMode = this.mBlobAccessMode;
        }
        return blobAccessMode;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isFinalized() {
        boolean z;
        synchronized (this.mSessionLock) {
            z = this.mState == 3 || this.mState == 2;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isExpired() {
        long lastModified = getSessionFile().lastModified();
        return BlobStoreConfig.hasSessionExpired(lastModified == 0 ? this.mCreationTimeMs : lastModified);
    }

    @Override // android.app.blob.IBlobStoreSession
    public ParcelFileDescriptor openWrite(long j, long j2) {
        ParcelFileDescriptor openWriteLocked;
        Preconditions.checkArgumentNonnegative(j, "offsetBytes must not be negative");
        assertCallerIsOwner();
        synchronized (this.mSessionLock) {
            if (this.mState != 1) {
                throw new IllegalStateException("Not allowed to write in state: " + stateToString(this.mState));
            }
            try {
                openWriteLocked = openWriteLocked(j, j2);
            } catch (IOException e) {
                throw ExceptionUtils.wrap(e);
            }
        }
        return openWriteLocked;
    }

    @GuardedBy({"mSessionLock"})
    private ParcelFileDescriptor openWriteLocked(long j, long j2) throws IOException {
        File sessionFile;
        FileDescriptor fileDescriptor = null;
        try {
            sessionFile = getSessionFile();
        } catch (ErrnoException e) {
            e.rethrowAsIOException();
        }
        if (sessionFile == null) {
            throw new IllegalStateException("Couldn't get the file for this session");
        }
        fileDescriptor = Os.open(sessionFile.getPath(), OsConstants.O_CREAT | OsConstants.O_RDWR, 384);
        if (j > 0 && Os.lseek(fileDescriptor, j, OsConstants.SEEK_SET) != j) {
            throw new IllegalStateException("Failed to seek " + j + "; curOffset=" + j);
        }
        if (j2 > 0) {
            ((StorageManager) this.mContext.getSystemService(StorageManager.class)).allocateBytes(fileDescriptor, j2);
        }
        return createRevocableFdLocked(fileDescriptor);
    }

    @Override // android.app.blob.IBlobStoreSession
    public ParcelFileDescriptor openRead() {
        ParcelFileDescriptor openReadLocked;
        assertCallerIsOwner();
        synchronized (this.mSessionLock) {
            if (this.mState != 1) {
                throw new IllegalStateException("Not allowed to read in state: " + stateToString(this.mState));
            }
            try {
                openReadLocked = openReadLocked();
            } catch (IOException e) {
                throw ExceptionUtils.wrap(e);
            }
        }
        return openReadLocked;
    }

    @GuardedBy({"mSessionLock"})
    private ParcelFileDescriptor openReadLocked() throws IOException {
        File sessionFile;
        FileDescriptor fileDescriptor = null;
        try {
            sessionFile = getSessionFile();
        } catch (ErrnoException e) {
            e.rethrowAsIOException();
        }
        if (sessionFile == null) {
            throw new IllegalStateException("Couldn't get the file for this session");
        }
        fileDescriptor = Os.open(sessionFile.getPath(), OsConstants.O_RDONLY, 0);
        return createRevocableFdLocked(fileDescriptor);
    }

    @Override // android.app.blob.IBlobStoreSession
    public long getSize() {
        return getSessionFile().length();
    }

    @Override // android.app.blob.IBlobStoreSession
    public void allowPackageAccess(String str, byte[] bArr) {
        assertCallerIsOwner();
        Objects.requireNonNull(str, "packageName must not be null");
        synchronized (this.mSessionLock) {
            if (this.mState != 1) {
                throw new IllegalStateException("Not allowed to change access type in state: " + stateToString(this.mState));
            }
            this.mBlobAccessMode.allowPackageAccess(str, bArr);
        }
    }

    @Override // android.app.blob.IBlobStoreSession
    public void allowSameSignatureAccess() {
        assertCallerIsOwner();
        synchronized (this.mSessionLock) {
            if (this.mState != 1) {
                throw new IllegalStateException("Not allowed to change access type in state: " + stateToString(this.mState));
            }
            this.mBlobAccessMode.allowSameSignatureAccess();
        }
    }

    @Override // android.app.blob.IBlobStoreSession
    public void allowPublicAccess() {
        assertCallerIsOwner();
        synchronized (this.mSessionLock) {
            if (this.mState != 1) {
                throw new IllegalStateException("Not allowed to change access type in state: " + stateToString(this.mState));
            }
            this.mBlobAccessMode.allowPublicAccess();
        }
    }

    @Override // android.app.blob.IBlobStoreSession
    public boolean isPackageAccessAllowed(String str, byte[] bArr) {
        boolean isPackageAccessAllowed;
        assertCallerIsOwner();
        Objects.requireNonNull(str, "packageName must not be null");
        Preconditions.checkByteArrayNotEmpty(bArr, "certificate");
        synchronized (this.mSessionLock) {
            if (this.mState != 1) {
                throw new IllegalStateException("Not allowed to get access type in state: " + stateToString(this.mState));
            }
            isPackageAccessAllowed = this.mBlobAccessMode.isPackageAccessAllowed(str, bArr);
        }
        return isPackageAccessAllowed;
    }

    @Override // android.app.blob.IBlobStoreSession
    public boolean isSameSignatureAccessAllowed() {
        boolean isSameSignatureAccessAllowed;
        assertCallerIsOwner();
        synchronized (this.mSessionLock) {
            if (this.mState != 1) {
                throw new IllegalStateException("Not allowed to get access type in state: " + stateToString(this.mState));
            }
            isSameSignatureAccessAllowed = this.mBlobAccessMode.isSameSignatureAccessAllowed();
        }
        return isSameSignatureAccessAllowed;
    }

    @Override // android.app.blob.IBlobStoreSession
    public boolean isPublicAccessAllowed() {
        boolean isPublicAccessAllowed;
        assertCallerIsOwner();
        synchronized (this.mSessionLock) {
            if (this.mState != 1) {
                throw new IllegalStateException("Not allowed to get access type in state: " + stateToString(this.mState));
            }
            isPublicAccessAllowed = this.mBlobAccessMode.isPublicAccessAllowed();
        }
        return isPublicAccessAllowed;
    }

    @Override // android.app.blob.IBlobStoreSession
    public void close() {
        closeSession(0, false);
    }

    @Override // android.app.blob.IBlobStoreSession
    public void abandon() {
        closeSession(2, true);
    }

    @Override // android.app.blob.IBlobStoreSession
    public void commit(IBlobCommitCallback iBlobCommitCallback) {
        synchronized (this.mSessionLock) {
            this.mBlobCommitCallback = iBlobCommitCallback;
            closeSession(3, true);
        }
    }

    private void closeSession(int i, boolean z) {
        assertCallerIsOwner();
        synchronized (this.mSessionLock) {
            if (this.mState != 1) {
                if (i != 0) {
                    throw new IllegalStateException("Not allowed to delete or abandon a session with state: " + stateToString(this.mState));
                }
            } else {
                this.mState = i;
                revokeAllFdsLocked();
                if (z) {
                    this.mListener.onStateChanged(this);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void computeDigest() {
        try {
            try {
                Trace.traceBegin(524288L, "computeBlobDigest-i" + this.mSessionId + "-l" + getSessionFile().length());
                this.mDataDigest = FileUtils.digest(getSessionFile(), this.mBlobHandle.algorithm);
                Trace.traceEnd(524288L);
            } catch (IOException | NoSuchAlgorithmException e) {
                Slog.e(BlobStoreConfig.TAG, "Error computing the digest", e);
                Trace.traceEnd(524288L);
            }
        } catch (Throwable th) {
            Trace.traceEnd(524288L);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verifyBlobData() {
        synchronized (this.mSessionLock) {
            if (this.mDataDigest == null || !Arrays.equals(this.mDataDigest, this.mBlobHandle.digest)) {
                Slog.d(BlobStoreConfig.TAG, "Digest of the data (" + (this.mDataDigest == null ? "null" : BlobHandle.safeDigest(this.mDataDigest)) + ") didn't match the given BlobHandle.digest (" + BlobHandle.safeDigest(this.mBlobHandle.digest) + ")");
                this.mState = 5;
                sendCommitCallbackResult(1);
            } else {
                this.mState = 4;
            }
            this.mListener.onStateChanged(this);
        }
    }

    @GuardedBy({"mSessionLock"})
    private void revokeAllFdsLocked() {
        for (int size = this.mRevocableFds.size() - 1; size >= 0; size--) {
            this.mRevocableFds.get(size).revoke();
        }
        this.mRevocableFds.clear();
    }

    @GuardedBy({"mSessionLock"})
    private ParcelFileDescriptor createRevocableFdLocked(FileDescriptor fileDescriptor) throws IOException {
        RevocableFileDescriptor revocableFileDescriptor = new RevocableFileDescriptor(this.mContext, fileDescriptor);
        synchronized (this.mRevocableFds) {
            this.mRevocableFds.add(revocableFileDescriptor);
        }
        revocableFileDescriptor.addOnCloseListener(iOException -> {
            synchronized (this.mRevocableFds) {
                this.mRevocableFds.remove(revocableFileDescriptor);
            }
        });
        return revocableFileDescriptor.getRevocableFileDescriptor();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public File getSessionFile() {
        if (this.mSessionFile == null) {
            this.mSessionFile = BlobStoreConfig.prepareBlobFile(this.mSessionId);
        }
        return this.mSessionFile;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String stateToString(int i) {
        switch (i) {
            case 0:
                return "<closed>";
            case 1:
                return "<opened>";
            case 2:
                return "<abandoned>";
            case 3:
                return "<committed>";
            case 4:
                return "<verified_valid>";
            case 5:
                return "<verified_invalid>";
            default:
                Slog.wtf(BlobStoreConfig.TAG, "Unknown state: " + i);
                return MediaStore.UNKNOWN_STRING;
        }
    }

    public String toString() {
        return "BlobStoreSession {id:" + this.mSessionId + ",handle:" + this.mBlobHandle + ",uid:" + this.mOwnerUid + ",pkg:" + this.mOwnerPackageName + "}";
    }

    private void assertCallerIsOwner() {
        if (Binder.getCallingUid() != this.mOwnerUid) {
            throw new SecurityException(this.mOwnerUid + " is not the session owner");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void dump(IndentingPrintWriter indentingPrintWriter, BlobStoreManagerService.DumpArgs dumpArgs) {
        synchronized (this.mSessionLock) {
            indentingPrintWriter.println("state: " + stateToString(this.mState));
            indentingPrintWriter.println("ownerUid: " + this.mOwnerUid);
            indentingPrintWriter.println("ownerPkg: " + this.mOwnerPackageName);
            indentingPrintWriter.println("creation time: " + BlobStoreUtils.formatTime(this.mCreationTimeMs));
            indentingPrintWriter.println("blobHandle:");
            indentingPrintWriter.increaseIndent();
            this.mBlobHandle.dump(indentingPrintWriter, dumpArgs.shouldDumpFull());
            indentingPrintWriter.decreaseIndent();
            indentingPrintWriter.println("accessMode:");
            indentingPrintWriter.increaseIndent();
            this.mBlobAccessMode.dump(indentingPrintWriter);
            indentingPrintWriter.decreaseIndent();
            indentingPrintWriter.println("Open fds: #" + this.mRevocableFds.size());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void writeToXml(XmlSerializer xmlSerializer) throws IOException {
        synchronized (this.mSessionLock) {
            XmlUtils.writeLongAttribute(xmlSerializer, "id", this.mSessionId);
            XmlUtils.writeStringAttribute(xmlSerializer, "p", this.mOwnerPackageName);
            XmlUtils.writeIntAttribute(xmlSerializer, XmlTags.ATTR_UID, this.mOwnerUid);
            XmlUtils.writeLongAttribute(xmlSerializer, XmlTags.ATTR_CREATION_TIME_MS, this.mCreationTimeMs);
            xmlSerializer.startTag(null, XmlTags.TAG_BLOB_HANDLE);
            this.mBlobHandle.writeToXml(xmlSerializer);
            xmlSerializer.endTag(null, XmlTags.TAG_BLOB_HANDLE);
            xmlSerializer.startTag(null, XmlTags.TAG_ACCESS_MODE);
            this.mBlobAccessMode.writeToXml(xmlSerializer);
            xmlSerializer.endTag(null, XmlTags.TAG_ACCESS_MODE);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static BlobStoreSession createFromXml(XmlPullParser xmlPullParser, int i, Context context, BlobStoreManagerService.SessionStateChangeListener sessionStateChangeListener) throws IOException, XmlPullParserException {
        long readLongAttribute = XmlUtils.readLongAttribute(xmlPullParser, "id");
        String readStringAttribute = XmlUtils.readStringAttribute(xmlPullParser, "p");
        int readIntAttribute = XmlUtils.readIntAttribute(xmlPullParser, XmlTags.ATTR_UID);
        long readLongAttribute2 = i >= 5 ? XmlUtils.readLongAttribute(xmlPullParser, XmlTags.ATTR_CREATION_TIME_MS) : System.currentTimeMillis();
        int depth = xmlPullParser.getDepth();
        BlobHandle blobHandle = null;
        BlobAccessMode blobAccessMode = null;
        while (XmlUtils.nextElementWithin(xmlPullParser, depth)) {
            if (XmlTags.TAG_BLOB_HANDLE.equals(xmlPullParser.getName())) {
                blobHandle = BlobHandle.createFromXml(xmlPullParser);
            } else if (XmlTags.TAG_ACCESS_MODE.equals(xmlPullParser.getName())) {
                blobAccessMode = BlobAccessMode.createFromXml(xmlPullParser);
            }
        }
        if (blobHandle == null) {
            Slog.wtf(BlobStoreConfig.TAG, "blobHandle should be available");
            return null;
        }
        if (blobAccessMode == null) {
            Slog.wtf(BlobStoreConfig.TAG, "blobAccessMode should be available");
            return null;
        }
        BlobStoreSession blobStoreSession = new BlobStoreSession(context, readLongAttribute, blobHandle, readIntAttribute, readStringAttribute, readLongAttribute2, sessionStateChangeListener);
        blobStoreSession.mBlobAccessMode.allow(blobAccessMode);
        return blobStoreSession;
    }
}
