package com.android.server.pm;

import android.content.pm.PackageParser;
import android.content.pm.Signature;
import android.os.Environment;
import android.provider.Telephony;
import android.util.Slog;
import android.util.Xml;
import com.android.internal.telephony.PhoneConstants;
import com.android.internal.util.XmlUtils;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import libcore.io.IoUtils;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;

/* loaded from: input_file:com/android/server/pm/SELinuxMMAC.class */
public final class SELinuxMMAC {
    private static final String TAG = "SELinuxMMAC";
    private static final boolean DEBUG_POLICY = false;
    private static final boolean DEBUG_POLICY_INSTALL = false;
    private static final String BASE_VERSION_FILE = "/selinux_version";
    private static final String MAC_PERMISSIONS;
    private static final String DATA_SEAPP_CONTEXTS;
    private static final String BASE_SEAPP_CONTEXTS = "/seapp_contexts";
    private static final String SEAPP_CONTEXTS;
    private static final String SEAPP_HASH_FILE;
    private static HashMap<Signature, Policy> sSigSeinfo = new HashMap<>();
    private static String sDefaultSeinfo = null;
    private static final String DATA_VERSION_FILE = Environment.getDataDirectory() + "/security/current/selinux_version";
    private static final boolean USE_OVERRIDE_POLICY = useOverridePolicy();
    private static final String DATA_MAC_PERMISSIONS = Environment.getDataDirectory() + "/security/current/mac_permissions.xml";
    private static final String BASE_MAC_PERMISSIONS = Environment.getRootDirectory() + "/etc/security/mac_permissions.xml";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/android/server/pm/SELinuxMMAC$Policy.class */
    public static class Policy {
        private String seinfo = null;
        private final HashMap<String, String> pkgMap = new HashMap<>();

        Policy() {
        }

        void putSeinfo(String str) {
            this.seinfo = str;
        }

        void putPkg(String str, String str2) {
            this.pkgMap.put(str, str2);
        }

        boolean isValid() {
            return (this.seinfo == null && this.pkgMap.isEmpty()) ? false : true;
        }

        String checkPolicy(String str) {
            String str2 = this.pkgMap.get(str);
            return str2 != null ? str2 : this.seinfo;
        }
    }

    private static void flushInstallPolicy() {
        sSigSeinfo.clear();
        sDefaultSeinfo = null;
    }

    public static boolean readInstallPolicy() {
        HashMap<Signature, Policy> hashMap = new HashMap<>();
        String str = null;
        FileReader fileReader = null;
        try {
            try {
                fileReader = new FileReader(MAC_PERMISSIONS);
                Slog.d(TAG, "Using policy file " + MAC_PERMISSIONS);
                XmlPullParser newPullParser = Xml.newPullParser();
                newPullParser.setInput(fileReader);
                XmlUtils.beginDocument(newPullParser, "policy");
                while (true) {
                    XmlUtils.nextElement(newPullParser);
                    if (newPullParser.getEventType() == 1) {
                        IoUtils.closeQuietly(fileReader);
                        flushInstallPolicy();
                        sSigSeinfo = hashMap;
                        sDefaultSeinfo = str;
                        return true;
                    }
                    String name = newPullParser.getName();
                    if ("signer".equals(name)) {
                        String attributeValue = newPullParser.getAttributeValue(null, "signature");
                        if (attributeValue == null) {
                            Slog.w(TAG, "<signer> without signature at " + newPullParser.getPositionDescription());
                            XmlUtils.skipCurrentTag(newPullParser);
                        } else {
                            try {
                                Signature signature = new Signature(attributeValue);
                                Policy readPolicyTags = readPolicyTags(newPullParser);
                                if (readPolicyTags.isValid()) {
                                    hashMap.put(signature, readPolicyTags);
                                }
                            } catch (IllegalArgumentException e) {
                                Slog.w(TAG, "<signer> with bad signature at " + newPullParser.getPositionDescription(), e);
                                XmlUtils.skipCurrentTag(newPullParser);
                            }
                        }
                    } else if (PhoneConstants.APN_TYPE_DEFAULT.equals(name)) {
                        str = readSeinfoTag(newPullParser);
                    } else {
                        XmlUtils.skipCurrentTag(newPullParser);
                    }
                }
            } catch (Throwable th) {
                IoUtils.closeQuietly(fileReader);
                throw th;
            }
        } catch (IOException e2) {
            Slog.w(TAG, "Got exception parsing " + MAC_PERMISSIONS, e2);
            IoUtils.closeQuietly(fileReader);
            return false;
        } catch (XmlPullParserException e3) {
            Slog.w(TAG, "Got exception parsing " + MAC_PERMISSIONS, e3);
            IoUtils.closeQuietly(fileReader);
            return false;
        }
    }

    private static Policy readPolicyTags(XmlPullParser xmlPullParser) throws IOException, XmlPullParserException {
        int depth = xmlPullParser.getDepth();
        Policy policy = new Policy();
        while (true) {
            int next = xmlPullParser.next();
            if (next == 1 || (next == 3 && xmlPullParser.getDepth() <= depth)) {
                break;
            }
            if (next != 3 && next != 4) {
                String name = xmlPullParser.getName();
                if ("seinfo".equals(name)) {
                    String parseSeinfo = parseSeinfo(xmlPullParser);
                    if (parseSeinfo != null) {
                        policy.putSeinfo(parseSeinfo);
                    }
                    XmlUtils.skipCurrentTag(xmlPullParser);
                } else if (Telephony.Sms.Intents.EXTRA_PACKAGE_NAME.equals(name)) {
                    String attributeValue = xmlPullParser.getAttributeValue(null, "name");
                    if (validatePackageName(attributeValue)) {
                        String readSeinfoTag = readSeinfoTag(xmlPullParser);
                        if (readSeinfoTag != null) {
                            policy.putPkg(attributeValue, readSeinfoTag);
                        }
                    } else {
                        Slog.w(TAG, "<package> without valid name at " + xmlPullParser.getPositionDescription());
                        XmlUtils.skipCurrentTag(xmlPullParser);
                    }
                } else {
                    XmlUtils.skipCurrentTag(xmlPullParser);
                }
            }
        }
        return policy;
    }

    private static String readSeinfoTag(XmlPullParser xmlPullParser) throws IOException, XmlPullParserException {
        int depth = xmlPullParser.getDepth();
        String str = null;
        while (true) {
            int next = xmlPullParser.next();
            if (next == 1 || (next == 3 && xmlPullParser.getDepth() <= depth)) {
                break;
            }
            if (next != 3 && next != 4) {
                if ("seinfo".equals(xmlPullParser.getName())) {
                    str = parseSeinfo(xmlPullParser);
                }
                XmlUtils.skipCurrentTag(xmlPullParser);
            }
        }
        return str;
    }

    private static String parseSeinfo(XmlPullParser xmlPullParser) {
        String attributeValue = xmlPullParser.getAttributeValue(null, "value");
        if (!validateValue(attributeValue)) {
            Slog.w(TAG, "<seinfo> without valid value at " + xmlPullParser.getPositionDescription());
            attributeValue = null;
        }
        return attributeValue;
    }

    private static boolean validatePackageName(String str) {
        if (str == null) {
            return false;
        }
        int length = str.length();
        boolean z = false;
        boolean z2 = true;
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            if ((charAt >= 'a' && charAt <= 'z') || (charAt >= 'A' && charAt <= 'Z')) {
                z2 = false;
            } else if (z2 || ((charAt < '0' || charAt > '9') && charAt != '_')) {
                if (charAt != '.') {
                    return false;
                }
                z = true;
                z2 = true;
            }
        }
        return z;
    }

    private static boolean validateValue(String str) {
        int length;
        if (str == null || (length = str.length()) == 0) {
            return false;
        }
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            if ((charAt < 'a' || charAt > 'z') && ((charAt < 'A' || charAt > 'Z') && charAt != '_')) {
                return false;
            }
        }
        return true;
    }

    public static boolean assignSeinfoValue(PackageParser.Package r3) {
        Policy policy;
        String checkPolicy;
        for (Signature signature : r3.mSignatures) {
            if (signature != null && (policy = sSigSeinfo.get(signature)) != null && (checkPolicy = policy.checkPolicy(r3.packageName)) != null) {
                r3.applicationInfo.seinfo = checkPolicy;
                return true;
            }
        }
        r3.applicationInfo.seinfo = sDefaultSeinfo;
        return sDefaultSeinfo != null;
    }

    public static boolean shouldRestorecon() {
        try {
            byte[] returnHash = returnHash(SEAPP_CONTEXTS);
            byte[] bArr = null;
            try {
                bArr = IoUtils.readFileAsByteArray(SEAPP_HASH_FILE);
            } catch (IOException e) {
                Slog.w(TAG, "Error opening " + SEAPP_HASH_FILE + ". Assuming first boot.");
            }
            return bArr == null || !MessageDigest.isEqual(bArr, returnHash);
        } catch (IOException e2) {
            Slog.e(TAG, "Error with hashing seapp_contexts.", e2);
            return false;
        }
    }

    public static void setRestoreconDone() {
        try {
            dumpHash(new File(SEAPP_HASH_FILE), returnHash(SEAPP_CONTEXTS));
        } catch (IOException e) {
            Slog.e(TAG, "Error with saving hash to " + SEAPP_HASH_FILE, e);
        }
    }

    private static void dumpHash(File file, byte[] bArr) throws IOException {
        FileOutputStream fileOutputStream = null;
        File file2 = null;
        try {
            file2 = File.createTempFile("seapp_hash", ".journal", file.getParentFile());
            file2.setReadable(true);
            fileOutputStream = new FileOutputStream(file2);
            fileOutputStream.write(bArr);
            fileOutputStream.getFD().sync();
            if (!file2.renameTo(file)) {
                throw new IOException("Failure renaming " + file.getCanonicalPath());
            }
            if (file2 != null) {
                file2.delete();
            }
            IoUtils.closeQuietly(fileOutputStream);
        } catch (Throwable th) {
            if (file2 != null) {
                file2.delete();
            }
            IoUtils.closeQuietly(fileOutputStream);
            throw th;
        }
    }

    private static byte[] returnHash(String str) throws IOException {
        try {
            return MessageDigest.getInstance("SHA-1").digest(IoUtils.readFileAsByteArray(str));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private static boolean useOverridePolicy() {
        try {
            String readFileAsString = IoUtils.readFileAsString(DATA_VERSION_FILE);
            String readFileAsString2 = IoUtils.readFileAsString(BASE_VERSION_FILE);
            if (readFileAsString.equals(readFileAsString2)) {
                return true;
            }
            Slog.e(TAG, "Override policy version '" + readFileAsString + "' doesn't match base version '" + readFileAsString2 + "'. Skipping override policy files.");
            return false;
        } catch (FileNotFoundException e) {
            return false;
        } catch (IOException e2) {
            Slog.w(TAG, "Skipping override policy files.", e2);
            return false;
        }
    }

    static {
        MAC_PERMISSIONS = USE_OVERRIDE_POLICY ? DATA_MAC_PERMISSIONS : BASE_MAC_PERMISSIONS;
        DATA_SEAPP_CONTEXTS = Environment.getDataDirectory() + "/security/current/seapp_contexts";
        SEAPP_CONTEXTS = USE_OVERRIDE_POLICY ? DATA_SEAPP_CONTEXTS : BASE_SEAPP_CONTEXTS;
        SEAPP_HASH_FILE = Environment.getDataDirectory().toString() + "/system/seapp_hash";
    }
}
