package com.android.server.biometrics;

import android.Manifest;
import android.app.AppOpsManager;
import android.content.Context;
import android.hardware.biometrics.BiometricManager;
import android.hardware.biometrics.IAuthService;
import android.hardware.biometrics.IBiometricEnabledOnKeyguardCallback;
import android.hardware.biometrics.IBiometricService;
import android.hardware.biometrics.IBiometricServiceReceiver;
import android.hardware.biometrics.IInvalidationCallback;
import android.hardware.biometrics.ITestSession;
import android.hardware.biometrics.ITestSessionCallback;
import android.hardware.biometrics.PromptInfo;
import android.hardware.biometrics.SensorPropertiesInternal;
import android.hardware.face.FaceSensorPropertiesInternal;
import android.hardware.face.IFaceService;
import android.hardware.fingerprint.FingerprintSensorPropertiesInternal;
import android.hardware.fingerprint.IFingerprintService;
import android.hardware.iris.IIrisService;
import android.os.Binder;
import android.os.Build;
import android.os.IBinder;
import android.os.RemoteException;
import android.os.ServiceManager;
import android.os.UserHandle;
import android.provider.Settings;
import android.util.Slog;
import com.android.internal.R;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.util.ArrayUtils;
import com.android.server.SystemService;
import java.util.ArrayList;
import java.util.List;

/* loaded from: input_file:com/android/server/biometrics/AuthService.class */
public class AuthService extends SystemService {
    private static final String TAG = "AuthService";
    private static final String SETTING_HIDL_DISABLED = "com.android.server.biometrics.AuthService.hidlDisabled";
    private static final int DEFAULT_HIDL_DISABLED = 0;
    private final Injector mInjector;
    private IBiometricService mBiometricService;

    @VisibleForTesting
    final IAuthService.Stub mImpl;

    /* loaded from: input_file:com/android/server/biometrics/AuthService$AuthServiceImpl.class */
    private final class AuthServiceImpl extends IAuthService.Stub {
        private AuthServiceImpl() {
        }

        @Override // android.hardware.biometrics.IAuthService
        public ITestSession createTestSession(int i, ITestSessionCallback iTestSessionCallback, String str) throws RemoteException {
            Utils.checkPermission(AuthService.this.getContext(), Manifest.permission.TEST_BIOMETRIC);
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                ITestSession createTestSession = AuthService.this.mInjector.getBiometricService().createTestSession(i, iTestSessionCallback, str);
                Binder.restoreCallingIdentity(clearCallingIdentity);
                return createTestSession;
            } catch (Throwable th) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        }

        @Override // android.hardware.biometrics.IAuthService
        public List<SensorPropertiesInternal> getSensorProperties(String str) throws RemoteException {
            Utils.checkPermission(AuthService.this.getContext(), Manifest.permission.TEST_BIOMETRIC);
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                List<SensorPropertiesInternal> sensorProperties = AuthService.this.mInjector.getBiometricService().getSensorProperties(str);
                Binder.restoreCallingIdentity(clearCallingIdentity);
                return sensorProperties;
            } catch (Throwable th) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        }

        @Override // android.hardware.biometrics.IAuthService
        public String getUiPackage() {
            Utils.checkPermission(AuthService.this.getContext(), Manifest.permission.TEST_BIOMETRIC);
            return AuthService.this.getContext().getResources().getString(R.string.config_biometric_prompt_ui_package);
        }

        @Override // android.hardware.biometrics.IAuthService
        public void authenticate(IBinder iBinder, long j, int i, IBiometricServiceReceiver iBiometricServiceReceiver, String str, PromptInfo promptInfo) throws RemoteException {
            int callingUserId = UserHandle.getCallingUserId();
            int callingUid = Binder.getCallingUid();
            int callingPid = Binder.getCallingPid();
            if (i == callingUserId) {
                AuthService.this.checkPermission();
            } else {
                Slog.w(AuthService.TAG, "User " + callingUserId + " is requesting authentication of userid: " + i);
                AuthService.this.checkInternalPermission();
            }
            if (!AuthService.this.checkAppOps(callingUid, str, "authenticate()")) {
                authenticateFastFail("Denied by app ops: " + str, iBiometricServiceReceiver);
                return;
            }
            if (iBinder == null || iBiometricServiceReceiver == null || str == null || promptInfo == null) {
                authenticateFastFail("Unable to authenticate, one or more null arguments", iBiometricServiceReceiver);
                return;
            }
            if (!Utils.isForeground(callingUid, callingPid)) {
                authenticateFastFail("Caller is not foreground: " + str, iBiometricServiceReceiver);
                return;
            }
            if (promptInfo.containsTestConfigurations() && AuthService.this.getContext().checkCallingOrSelfPermission(Manifest.permission.TEST_BIOMETRIC) != 0) {
                AuthService.this.checkInternalPermission();
            }
            if (promptInfo.containsPrivateApiConfigurations()) {
                AuthService.this.checkInternalPermission();
            }
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                AuthService.this.mBiometricService.authenticate(iBinder, j, i, iBiometricServiceReceiver, str, promptInfo);
                Binder.restoreCallingIdentity(clearCallingIdentity);
            } catch (Throwable th) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        }

        private void authenticateFastFail(String str, IBiometricServiceReceiver iBiometricServiceReceiver) {
            Slog.e(AuthService.TAG, str);
            try {
                iBiometricServiceReceiver.onError(0, 5, 0);
            } catch (RemoteException e) {
                Slog.e(AuthService.TAG, "authenticateFastFail failed to notify caller", e);
            }
        }

        @Override // android.hardware.biometrics.IAuthService
        public void cancelAuthentication(IBinder iBinder, String str) throws RemoteException {
            AuthService.this.checkPermission();
            if (iBinder == null || str == null) {
                Slog.e(AuthService.TAG, "Unable to cancel authentication, one or more null arguments");
                return;
            }
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                AuthService.this.mBiometricService.cancelAuthentication(iBinder, str);
                Binder.restoreCallingIdentity(clearCallingIdentity);
            } catch (Throwable th) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        }

        @Override // android.hardware.biometrics.IAuthService
        public int canAuthenticate(String str, int i, @BiometricManager.Authenticators.Types int i2) throws RemoteException {
            int callingUserId = UserHandle.getCallingUserId();
            if (i != callingUserId) {
                AuthService.this.checkInternalPermission();
            } else {
                AuthService.this.checkPermission();
            }
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                int canAuthenticate = AuthService.this.mBiometricService.canAuthenticate(str, i, callingUserId, i2);
                Slog.d(AuthService.TAG, "canAuthenticate, userId: " + i + ", callingUserId: " + callingUserId + ", authenticators: " + i2 + ", result: " + canAuthenticate);
                Binder.restoreCallingIdentity(clearCallingIdentity);
                return canAuthenticate;
            } catch (Throwable th) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        }

        @Override // android.hardware.biometrics.IAuthService
        public boolean hasEnrolledBiometrics(int i, String str) throws RemoteException {
            AuthService.this.checkInternalPermission();
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                boolean hasEnrolledBiometrics = AuthService.this.mBiometricService.hasEnrolledBiometrics(i, str);
                Binder.restoreCallingIdentity(clearCallingIdentity);
                return hasEnrolledBiometrics;
            } catch (Throwable th) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        }

        @Override // android.hardware.biometrics.IAuthService
        public void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback iBiometricEnabledOnKeyguardCallback) throws RemoteException {
            AuthService.this.checkInternalPermission();
            int callingUserId = UserHandle.getCallingUserId();
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                AuthService.this.mBiometricService.registerEnabledOnKeyguardCallback(iBiometricEnabledOnKeyguardCallback, callingUserId);
                Binder.restoreCallingIdentity(clearCallingIdentity);
            } catch (Throwable th) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        }

        @Override // android.hardware.biometrics.IAuthService
        public void invalidateAuthenticatorIds(int i, int i2, IInvalidationCallback iInvalidationCallback) throws RemoteException {
            AuthService.this.checkInternalPermission();
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                AuthService.this.mBiometricService.invalidateAuthenticatorIds(i, i2, iInvalidationCallback);
                Binder.restoreCallingIdentity(clearCallingIdentity);
            } catch (Throwable th) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        }

        @Override // android.hardware.biometrics.IAuthService
        public long[] getAuthenticatorIds(int i) throws RemoteException {
            if (i != UserHandle.getCallingUserId()) {
                AuthService.this.getContext().enforceCallingOrSelfPermission(Manifest.permission.USE_BIOMETRIC_INTERNAL, "Must have android.permission.USE_BIOMETRIC_INTERNAL permission.");
            }
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                long[] authenticatorIds = AuthService.this.mBiometricService.getAuthenticatorIds(i);
                Binder.restoreCallingIdentity(clearCallingIdentity);
                return authenticatorIds;
            } catch (Throwable th) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        }

        @Override // android.hardware.biometrics.IAuthService
        public void resetLockoutTimeBound(IBinder iBinder, String str, int i, int i2, byte[] bArr) throws RemoteException {
            AuthService.this.checkInternalPermission();
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                AuthService.this.mBiometricService.resetLockoutTimeBound(iBinder, str, i, i2, bArr);
                Binder.restoreCallingIdentity(clearCallingIdentity);
            } catch (Throwable th) {
                Binder.restoreCallingIdentity(clearCallingIdentity);
                throw th;
            }
        }

        @Override // android.hardware.biometrics.IAuthService
        public CharSequence getButtonLabel(int i, String str, @BiometricManager.Authenticators.Types int i2) throws RemoteException {
            String string;
            int callingUserId = UserHandle.getCallingUserId();
            if (i != callingUserId) {
                AuthService.this.checkInternalPermission();
            } else {
                AuthService.this.checkPermission();
            }
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                switch (AuthService.getCredentialBackupModality(AuthService.this.mBiometricService.getCurrentModality(str, i, callingUserId, i2))) {
                    case 0:
                        string = null;
                        break;
                    case 1:
                        string = AuthService.this.getContext().getString(R.string.screen_lock_app_setting_name);
                        break;
                    case 2:
                        string = AuthService.this.getContext().getString(R.string.fingerprint_app_setting_name);
                        break;
                    case 3:
                    case 4:
                    case 5:
                    case 6:
                    case 7:
                    default:
                        string = AuthService.this.getContext().getString(R.string.biometric_app_setting_name);
                        break;
                    case 8:
                        string = AuthService.this.getContext().getString(R.string.face_app_setting_name);
                        break;
                }
                return string;
            } finally {
                Binder.restoreCallingIdentity(clearCallingIdentity);
            }
        }

        @Override // android.hardware.biometrics.IAuthService
        public CharSequence getPromptMessage(int i, String str, @BiometricManager.Authenticators.Types int i2) throws RemoteException {
            String string;
            int callingUserId = UserHandle.getCallingUserId();
            if (i != callingUserId) {
                AuthService.this.checkInternalPermission();
            } else {
                AuthService.this.checkPermission();
            }
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                int currentModality = AuthService.this.mBiometricService.getCurrentModality(str, i, callingUserId, i2);
                boolean isCredentialRequested = Utils.isCredentialRequested(i2);
                switch (AuthService.getCredentialBackupModality(currentModality)) {
                    case 0:
                        string = null;
                        break;
                    case 1:
                        string = AuthService.this.getContext().getString(R.string.screen_lock_dialog_default_subtitle);
                        break;
                    case 2:
                        if (!isCredentialRequested) {
                            string = AuthService.this.getContext().getString(R.string.fingerprint_dialog_default_subtitle);
                            break;
                        } else {
                            string = AuthService.this.getContext().getString(R.string.fingerprint_or_screen_lock_dialog_default_subtitle);
                            break;
                        }
                    case 3:
                    case 4:
                    case 5:
                    case 6:
                    case 7:
                    default:
                        if (!isCredentialRequested) {
                            string = AuthService.this.getContext().getString(R.string.biometric_dialog_default_subtitle);
                            break;
                        } else {
                            string = AuthService.this.getContext().getString(R.string.biometric_or_screen_lock_dialog_default_subtitle);
                            break;
                        }
                    case 8:
                        if (!isCredentialRequested) {
                            string = AuthService.this.getContext().getString(R.string.face_dialog_default_subtitle);
                            break;
                        } else {
                            string = AuthService.this.getContext().getString(R.string.face_or_screen_lock_dialog_default_subtitle);
                            break;
                        }
                }
                return string;
            } finally {
                Binder.restoreCallingIdentity(clearCallingIdentity);
            }
        }

        @Override // android.hardware.biometrics.IAuthService
        public CharSequence getSettingName(int i, String str, @BiometricManager.Authenticators.Types int i2) throws RemoteException {
            String string;
            if (i != UserHandle.getCallingUserId()) {
                AuthService.this.checkInternalPermission();
            } else {
                AuthService.this.checkPermission();
            }
            long clearCallingIdentity = Binder.clearCallingIdentity();
            try {
                int supportedModalities = AuthService.this.mBiometricService.getSupportedModalities(i2);
                switch (supportedModalities) {
                    case 0:
                        string = null;
                        break;
                    case 1:
                        string = AuthService.this.getContext().getString(R.string.screen_lock_app_setting_name);
                        break;
                    case 2:
                        string = AuthService.this.getContext().getString(R.string.fingerprint_app_setting_name);
                        break;
                    case 3:
                    case 5:
                    case 6:
                    case 7:
                    default:
                        if ((supportedModalities & 1) != 0) {
                            int i3 = supportedModalities & (-2);
                            if (i3 != 2) {
                                if (i3 != 8) {
                                    string = AuthService.this.getContext().getString(R.string.biometric_or_screen_lock_app_setting_name);
                                    break;
                                } else {
                                    string = AuthService.this.getContext().getString(R.string.face_or_screen_lock_app_setting_name);
                                    break;
                                }
                            } else {
                                string = AuthService.this.getContext().getString(R.string.fingerprint_or_screen_lock_app_setting_name);
                                break;
                            }
                        } else {
                            string = AuthService.this.getContext().getString(R.string.biometric_app_setting_name);
                            break;
                        }
                    case 4:
                        string = AuthService.this.getContext().getString(R.string.biometric_app_setting_name);
                        break;
                    case 8:
                        string = AuthService.this.getContext().getString(R.string.face_app_setting_name);
                        break;
                }
                return string;
            } finally {
                Binder.restoreCallingIdentity(clearCallingIdentity);
            }
        }
    }

    @VisibleForTesting
    /* loaded from: input_file:com/android/server/biometrics/AuthService$Injector.class */
    public static class Injector {
        @VisibleForTesting
        public IBiometricService getBiometricService() {
            return IBiometricService.Stub.asInterface(ServiceManager.getService(Context.BIOMETRIC_SERVICE));
        }

        @VisibleForTesting
        public void publishBinderService(AuthService authService, IAuthService.Stub stub) {
            authService.publishBinderService(Context.AUTH_SERVICE, stub);
        }

        @VisibleForTesting
        public String[] getConfiguration(Context context) {
            return context.getResources().getStringArray(R.array.config_biometric_sensors);
        }

        @VisibleForTesting
        public IFingerprintService getFingerprintService() {
            return IFingerprintService.Stub.asInterface(ServiceManager.getService(Context.FINGERPRINT_SERVICE));
        }

        @VisibleForTesting
        public IFaceService getFaceService() {
            return IFaceService.Stub.asInterface(ServiceManager.getService(Context.FACE_SERVICE));
        }

        @VisibleForTesting
        public IIrisService getIrisService() {
            return IIrisService.Stub.asInterface(ServiceManager.getService(Context.IRIS_SERVICE));
        }

        @VisibleForTesting
        public AppOpsManager getAppOps(Context context) {
            return (AppOpsManager) context.getSystemService(AppOpsManager.class);
        }

        @VisibleForTesting
        public boolean isHidlDisabled(Context context) {
            return (Build.IS_ENG || Build.IS_USERDEBUG) && Settings.Secure.getIntForUser(context.getContentResolver(), AuthService.SETTING_HIDL_DISABLED, 0, -2) == 1;
        }
    }

    public AuthService(Context context) {
        this(context, new Injector());
    }

    public AuthService(Context context, Injector injector) {
        super(context);
        this.mInjector = injector;
        this.mImpl = new AuthServiceImpl();
    }

    @Override // com.android.server.SystemService
    public void onStart() {
        SensorConfig[] sensorConfigArr;
        this.mBiometricService = this.mInjector.getBiometricService();
        if (this.mInjector.isHidlDisabled(getContext())) {
            sensorConfigArr = null;
        } else {
            String[] configuration = this.mInjector.getConfiguration(getContext());
            sensorConfigArr = new SensorConfig[configuration.length];
            for (int i = 0; i < configuration.length; i++) {
                sensorConfigArr[i] = new SensorConfig(configuration[i]);
            }
        }
        registerAuthenticators(sensorConfigArr);
        this.mInjector.publishBinderService(this, this.mImpl);
    }

    private void registerAuthenticators(SensorConfig[] sensorConfigArr) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        if (sensorConfigArr != null) {
            for (SensorConfig sensorConfig : sensorConfigArr) {
                Slog.d(TAG, "Registering HIDL ID: " + sensorConfig.id + " Modality: " + sensorConfig.modality + " Strength: " + sensorConfig.strength);
                switch (sensorConfig.modality) {
                    case 2:
                        arrayList.add(getHidlFingerprintSensorProps(sensorConfig.id, sensorConfig.strength));
                        break;
                    case 4:
                        arrayList3.add(getHidlIrisSensorProps(sensorConfig.id, sensorConfig.strength));
                        break;
                    case 8:
                        arrayList2.add(getHidlFaceSensorProps(sensorConfig.id, sensorConfig.strength));
                        break;
                    default:
                        Slog.e(TAG, "Unknown modality: " + sensorConfig.modality);
                        break;
                }
            }
        }
        IFingerprintService fingerprintService = this.mInjector.getFingerprintService();
        if (fingerprintService != null) {
            try {
                fingerprintService.registerAuthenticators(arrayList);
            } catch (RemoteException e) {
                Slog.e(TAG, "RemoteException when registering fingerprint authenticators", e);
            }
        } else if (arrayList.size() > 0) {
            Slog.e(TAG, "HIDL fingerprint configuration exists, but FingerprintService is null.");
        }
        IFaceService faceService = this.mInjector.getFaceService();
        if (faceService != null) {
            try {
                faceService.registerAuthenticators(arrayList2);
            } catch (RemoteException e2) {
                Slog.e(TAG, "RemoteException when registering face authenticators", e2);
            }
        } else if (arrayList2.size() > 0) {
            Slog.e(TAG, "HIDL face configuration exists, but FaceService is null.");
        }
        IIrisService irisService = this.mInjector.getIrisService();
        if (irisService == null) {
            if (arrayList3.size() > 0) {
                Slog.e(TAG, "HIDL iris configuration exists, but IrisService is null.");
            }
        } else {
            try {
                irisService.registerAuthenticators(arrayList3);
            } catch (RemoteException e3) {
                Slog.e(TAG, "RemoteException when registering iris authenticators", e3);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkInternalPermission() {
        getContext().enforceCallingOrSelfPermission(Manifest.permission.USE_BIOMETRIC_INTERNAL, "Must have USE_BIOMETRIC_INTERNAL permission");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkPermission() {
        if (getContext().checkCallingOrSelfPermission(Manifest.permission.USE_FINGERPRINT) != 0) {
            getContext().enforceCallingOrSelfPermission(Manifest.permission.USE_BIOMETRIC, "Must have USE_BIOMETRIC permission");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean checkAppOps(int i, String str, String str2) {
        return this.mInjector.getAppOps(getContext()).noteOp(78, i, str, (String) null, str2) == 0;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int getCredentialBackupModality(int i) {
        return i == 1 ? i : i & (-2);
    }

    private FingerprintSensorPropertiesInternal getHidlFingerprintSensorProps(int i, @BiometricManager.Authenticators.Types int i2) {
        int[] intArray = getContext().getResources().getIntArray(R.array.config_udfps_sensor_props);
        boolean z = !ArrayUtils.isEmpty(intArray);
        int i3 = z ? 3 : getContext().getResources().getBoolean(R.bool.config_is_powerbutton_fps) ? 4 : 1;
        int integer = getContext().getResources().getInteger(R.integer.config_fingerprintMaxTemplatesPerUser);
        ArrayList arrayList = new ArrayList();
        return (z && intArray.length == 3) ? new FingerprintSensorPropertiesInternal(i, Utils.authenticatorStrengthToPropertyStrength(i2), integer, arrayList, i3, false, intArray[0], intArray[1], intArray[2]) : new FingerprintSensorPropertiesInternal(i, Utils.authenticatorStrengthToPropertyStrength(i2), integer, arrayList, i3, false);
    }

    private FaceSensorPropertiesInternal getHidlFaceSensorProps(int i, @BiometricManager.Authenticators.Types int i2) {
        boolean z = getContext().getResources().getBoolean(R.bool.config_faceAuthSupportsSelfIllumination);
        return new FaceSensorPropertiesInternal(i, Utils.authenticatorStrengthToPropertyStrength(i2), getContext().getResources().getInteger(R.integer.config_faceMaxTemplatesPerUser), new ArrayList(), 0, false, z, true);
    }

    private SensorPropertiesInternal getHidlIrisSensorProps(int i, @BiometricManager.Authenticators.Types int i2) {
        return new SensorPropertiesInternal(i, Utils.authenticatorStrengthToPropertyStrength(i2), 1, new ArrayList(), false, false);
    }
}
