package io.grpc.binder;

import android.app.admin.DevicePolicyManager;
import android.content.Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.os.Build;
import android.os.Process;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.UnmodifiableIterator;
import com.google.common.hash.Hashing;
import com.google.errorprone.annotations.CheckReturnValue;
import io.grpc.Status;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;

@CheckReturnValue
/* loaded from: classes3.dex */
public final class SecurityPolicies {
    private static final int MY_UID = Process.myUid();
    private static final int SHA_256_BYTES_LENGTH = 32;

    private SecurityPolicies() {
    }

    public static SecurityPolicy allOf(SecurityPolicy... securityPolicyArr) {
        Preconditions.checkNotNull(securityPolicyArr, "securityPolicies");
        Preconditions.checkArgument(securityPolicyArr.length > 0, "securityPolicies must not be empty");
        return allOfSecurityPolicy(securityPolicyArr);
    }

    private static SecurityPolicy allOfSecurityPolicy(final SecurityPolicy... securityPolicyArr) {
        return new SecurityPolicy() { // from class: io.grpc.binder.SecurityPolicies.5
            @Override // io.grpc.binder.SecurityPolicy
            public Status checkAuthorization(int i) {
                for (SecurityPolicy securityPolicy : securityPolicyArr) {
                    Status checkAuthorization = securityPolicy.checkAuthorization(i);
                    if (!checkAuthorization.isOk()) {
                        return checkAuthorization;
                    }
                }
                return Status.OK;
            }
        };
    }

    public static SecurityPolicy anyOf(SecurityPolicy... securityPolicyArr) {
        Preconditions.checkNotNull(securityPolicyArr, "securityPolicies");
        Preconditions.checkArgument(securityPolicyArr.length > 0, "securityPolicies must not be empty");
        return anyOfSecurityPolicy(securityPolicyArr);
    }

    private static SecurityPolicy anyOfSecurityPolicy(final SecurityPolicy... securityPolicyArr) {
        return new SecurityPolicy() { // from class: io.grpc.binder.SecurityPolicies.6
            @Override // io.grpc.binder.SecurityPolicy
            public Status checkAuthorization(int i) {
                ArrayList arrayList = new ArrayList();
                for (SecurityPolicy securityPolicy : securityPolicyArr) {
                    Status checkAuthorization = securityPolicy.checkAuthorization(i);
                    if (checkAuthorization.isOk()) {
                        return checkAuthorization;
                    }
                    arrayList.add(checkAuthorization);
                }
                Iterator it = arrayList.iterator();
                Status status = (Status) it.next();
                while (it.hasNext()) {
                    Status status2 = (Status) it.next();
                    status = status.augmentDescription(status2.getDescription());
                    if (status2.getCause() != null) {
                        if (status.getCause() != null) {
                            status.getCause().addSuppressed(status2.getCause());
                        } else {
                            status = status.withCause(status2.getCause());
                        }
                    }
                }
                return status;
            }
        };
    }

    private static SecurityPolicy anyPackageWithUidSatisfies(final Context context, final Predicate<String> predicate, final String str, final String str2) {
        return new SecurityPolicy() { // from class: io.grpc.binder.SecurityPolicies.8
            @Override // io.grpc.binder.SecurityPolicy
            public Status checkAuthorization(int i) {
                String[] packagesForUid = context.getPackageManager().getPackagesForUid(i);
                if (packagesForUid == null || packagesForUid.length == 0) {
                    return Status.UNAUTHENTICATED.withDescription(str);
                }
                for (String str3 : packagesForUid) {
                    if (predicate.apply(str3)) {
                        return Status.OK;
                    }
                }
                return Status.PERMISSION_DENIED.withDescription(str2);
            }
        };
    }

    private static boolean checkPackageSignature(PackageManager packageManager, String str, Predicate<Signature> predicate) {
        PackageInfo packageInfo;
        try {
            packageInfo = packageManager.getPackageInfo(str, 134217728);
        } catch (PackageManager.NameNotFoundException unused) {
        }
        if (packageInfo.signingInfo == null) {
            return false;
        }
        for (Signature signature : packageInfo.signingInfo.hasMultipleSigners() ? packageInfo.signingInfo.getApkContentsSigners() : packageInfo.signingInfo.getSigningCertificateHistory()) {
            if (predicate.apply(signature)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Status checkPermissions(int i, PackageManager packageManager, ImmutableSet<String> immutableSet) {
        String[] packagesForUid = packageManager.getPackagesForUid(i);
        if (packagesForUid == null || packagesForUid.length == 0) {
            return Status.UNAUTHENTICATED.withDescription("Rejected by permission check security policy. No packages found for uid");
        }
        for (String str : packagesForUid) {
            UnmodifiableIterator<String> it = immutableSet.iterator();
            while (it.hasNext()) {
                String next = it.next();
                if (packageManager.checkPermission(next, str) != 0) {
                    return Status.PERMISSION_DENIED.withDescription("Rejected by permission check security policy. " + str + " does not have permission " + next);
                }
            }
        }
        return Status.OK;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean checkSignatureSha256HashesMatch(Signature signature, List<byte[]> list) {
        byte[] sha256Hash = getSha256Hash(signature);
        Iterator<byte[]> it = list.iterator();
        while (it.hasNext()) {
            if (Arrays.equals(it.next(), sha256Hash)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Status checkUidSha256Signature(PackageManager packageManager, int i, String str, final ImmutableList<byte[]> immutableList) {
        String[] packagesForUid = packageManager.getPackagesForUid(i);
        if (packagesForUid == null) {
            return Status.UNAUTHENTICATED.withDescription("Rejected by (SHA-256 hash signature check) security policy");
        }
        boolean z = false;
        for (String str2 : packagesForUid) {
            if (str.equals(str2)) {
                if (checkPackageSignature(packageManager, str2, new Predicate() { // from class: io.grpc.binder.SecurityPolicies$$ExternalSyntheticLambda2
                    @Override // com.google.common.base.Predicate
                    public final boolean apply(Object obj) {
                        boolean checkSignatureSha256HashesMatch;
                        checkSignatureSha256HashesMatch = SecurityPolicies.checkSignatureSha256HashesMatch((Signature) obj, ImmutableList.this);
                        return checkSignatureSha256HashesMatch;
                    }
                })) {
                    return Status.OK;
                }
                z = true;
            }
        }
        return Status.PERMISSION_DENIED.withDescription("Rejected by (SHA-256 hash signature check) security policy. Package name matched: " + z);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Status checkUidSignature(PackageManager packageManager, int i, String str, final ImmutableList<Signature> immutableList) {
        String[] packagesForUid = packageManager.getPackagesForUid(i);
        if (packagesForUid == null) {
            return Status.UNAUTHENTICATED.withDescription("Rejected by signature check security policy");
        }
        boolean z = false;
        for (String str2 : packagesForUid) {
            if (str.equals(str2)) {
                immutableList.getClass();
                if (checkPackageSignature(packageManager, str2, new Predicate() { // from class: io.grpc.binder.SecurityPolicies$$ExternalSyntheticLambda3
                    @Override // com.google.common.base.Predicate
                    public final boolean apply(Object obj) {
                        boolean contains;
                        contains = ImmutableList.this.contains((Signature) obj);
                        return contains;
                    }
                })) {
                    return Status.OK;
                }
                z = true;
            }
        }
        return Status.PERMISSION_DENIED.withDescription("Rejected by signature check security policy. Package name matched: " + z);
    }

    private static byte[] getSha256Hash(Signature signature) {
        return Hashing.sha256().hashBytes(signature.toByteArray()).asBytes();
    }

    public static SecurityPolicy hasPermissions(final PackageManager packageManager, final ImmutableSet<String> immutableSet) {
        Preconditions.checkNotNull(packageManager, "packageManager");
        Preconditions.checkNotNull(immutableSet, "permissions");
        Preconditions.checkArgument(!immutableSet.isEmpty(), "permissions");
        return new SecurityPolicy() { // from class: io.grpc.binder.SecurityPolicies.7
            @Override // io.grpc.binder.SecurityPolicy
            public Status checkAuthorization(int i) {
                return SecurityPolicies.checkPermissions(i, packageManager, immutableSet);
            }
        };
    }

    public static SecurityPolicy hasSignature(PackageManager packageManager, String str, Signature signature) {
        return oneOfSignatures(packageManager, str, ImmutableList.of(signature));
    }

    public static SecurityPolicy hasSignatureSha256Hash(PackageManager packageManager, String str, byte[] bArr) {
        return oneOfSignatureSha256Hash(packageManager, str, ImmutableList.of(bArr));
    }

    public static SecurityPolicy internalOnly() {
        return new SecurityPolicy() { // from class: io.grpc.binder.SecurityPolicies.1
            @Override // io.grpc.binder.SecurityPolicy
            public Status checkAuthorization(int i) {
                return i == SecurityPolicies.MY_UID ? Status.OK : Status.PERMISSION_DENIED.withDescription("Rejected by (internal-only) security policy");
            }
        };
    }

    public static SecurityPolicy isDeviceOwner(Context context) {
        final DevicePolicyManager devicePolicyManager = (DevicePolicyManager) context.getSystemService("device_policy");
        return anyPackageWithUidSatisfies(context, new Predicate() { // from class: io.grpc.binder.SecurityPolicies$$ExternalSyntheticLambda1
            @Override // com.google.common.base.Predicate
            public final boolean apply(Object obj) {
                boolean isDeviceOwnerApp;
                isDeviceOwnerApp = devicePolicyManager.isDeviceOwnerApp((String) obj);
                return isDeviceOwnerApp;
            }
        }, "Rejected by device owner policy. No packages found for UID.", "Rejected by device owner policy");
    }

    public static SecurityPolicy isProfileOwner(Context context) {
        final DevicePolicyManager devicePolicyManager = (DevicePolicyManager) context.getSystemService("device_policy");
        return anyPackageWithUidSatisfies(context, new Predicate() { // from class: io.grpc.binder.SecurityPolicies$$ExternalSyntheticLambda4
            @Override // com.google.common.base.Predicate
            public final boolean apply(Object obj) {
                boolean isProfileOwnerApp;
                isProfileOwnerApp = devicePolicyManager.isProfileOwnerApp((String) obj);
                return isProfileOwnerApp;
            }
        }, "Rejected by profile owner policy. No packages found for UID.", "Rejected by profile owner policy");
    }

    public static SecurityPolicy isProfileOwnerOnOrganizationOwnedDevice(Context context) {
        final DevicePolicyManager devicePolicyManager = (DevicePolicyManager) context.getSystemService("device_policy");
        return anyPackageWithUidSatisfies(context, new Predicate() { // from class: io.grpc.binder.SecurityPolicies$$ExternalSyntheticLambda0
            @Override // com.google.common.base.Predicate
            public final boolean apply(Object obj) {
                return SecurityPolicies.lambda$isProfileOwnerOnOrganizationOwnedDevice$2(devicePolicyManager, (String) obj);
            }
        }, "Rejected by profile owner on organization-owned device policy. No packages found for UID.", "Rejected by profile owner on organization-owned device policy");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ boolean lambda$isProfileOwnerOnOrganizationOwnedDevice$2(DevicePolicyManager devicePolicyManager, String str) {
        return Build.VERSION.SDK_INT >= 30 && devicePolicyManager.isProfileOwnerApp(str) && devicePolicyManager.isOrganizationOwnedDeviceWithManagedProfile();
    }

    public static SecurityPolicy oneOfSignatureSha256Hash(final PackageManager packageManager, final String str, List<byte[]> list) {
        Preconditions.checkNotNull(packageManager);
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(list);
        Preconditions.checkArgument(!list.isEmpty());
        ImmutableList.Builder builder = ImmutableList.builder();
        for (byte[] bArr : list) {
            Preconditions.checkNotNull(bArr);
            Preconditions.checkArgument(bArr.length == 32);
            builder.add((ImmutableList.Builder) Arrays.copyOf(bArr, bArr.length));
        }
        final ImmutableList build = builder.build();
        return new SecurityPolicy() { // from class: io.grpc.binder.SecurityPolicies.4
            @Override // io.grpc.binder.SecurityPolicy
            public Status checkAuthorization(int i) {
                return SecurityPolicies.checkUidSha256Signature(packageManager, i, str, build);
            }
        };
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static SecurityPolicy oneOfSignatures(final PackageManager packageManager, final String str, Collection<Signature> collection) {
        Preconditions.checkNotNull(packageManager, "packageManager");
        Preconditions.checkNotNull(str, "packageName");
        Preconditions.checkNotNull(collection, "requiredSignatures");
        Preconditions.checkArgument(!collection.isEmpty(), "requiredSignatures");
        final ImmutableList copyOf = ImmutableList.copyOf((Collection) collection);
        UnmodifiableIterator it = copyOf.iterator();
        while (it.hasNext()) {
            Preconditions.checkNotNull((Signature) it.next());
        }
        return new SecurityPolicy() { // from class: io.grpc.binder.SecurityPolicies.3
            @Override // io.grpc.binder.SecurityPolicy
            public Status checkAuthorization(int i) {
                return SecurityPolicies.checkUidSignature(packageManager, i, str, copyOf);
            }
        };
    }

    public static SecurityPolicy permissionDenied(String str) {
        final Status withDescription = Status.PERMISSION_DENIED.withDescription(str);
        return new SecurityPolicy() { // from class: io.grpc.binder.SecurityPolicies.2
            @Override // io.grpc.binder.SecurityPolicy
            public Status checkAuthorization(int i) {
                return Status.this;
            }
        };
    }

    public static ServerSecurityPolicy serverInternalOnly() {
        return new ServerSecurityPolicy();
    }
}
