package com.microsoft.intune.mam.client.content;

import android.annotation.TargetApi;
import android.content.ContentProvider;
import android.content.Context;
import android.net.Uri;
import android.os.Binder;
import android.os.Build;
import com.microsoft.intune.mam.client.app.AccessRestriction;
import com.microsoft.intune.mam.client.ipcclient.MAMClientImpl;
import com.microsoft.intune.mam.client.ipcclient.ReceiveActionUriTracker;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import com.microsoft.intune.mam.log.PIIFile;
import java.util.List;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class ContentProviderCommon {
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger((Class<?>) ContentProviderCommon.class);
    protected final AccessRestriction mAccessRestriction;
    protected final MAMClientImpl mClient;
    private ContentProvider mContentProvider;
    private HookedContentProvider mHookedContentProvider;
    private ThreadLocal<PermissionCheckCache> mPermissionChecked = new ThreadLocal<PermissionCheckCache>() { // from class: com.microsoft.intune.mam.client.content.ContentProviderCommon.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public PermissionCheckCache initialValue() {
            return new PermissionCheckCache();
        }
    };
    private Context mProxyContext;
    protected final ReceiveActionUriTracker mReceiveActionUriTracker;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class PermissionCheckCache {
        private boolean mEnabled;
        private AccessRestriction.Permission mPerm;
        private Uri mUri;

        private PermissionCheckCache() {
            this.mEnabled = false;
            this.mPerm = null;
            this.mUri = null;
        }

        public void enable() {
            this.mEnabled = true;
        }

        public boolean hasCheckAlreadyPassed(AccessRestriction.Permission permission, Uri uri) {
            if (!this.mEnabled || this.mPerm == null || !this.mPerm.equals(permission)) {
                return false;
            }
            if (uri == this.mUri) {
                return true;
            }
            if (uri == null || this.mUri == null) {
                return false;
            }
            return this.mUri.equals(uri);
        }

        public void reset() {
            this.mEnabled = false;
            this.mPerm = null;
            this.mUri = null;
        }

        public void setCheckPassed(AccessRestriction.Permission permission, Uri uri) {
            if (this.mEnabled) {
                this.mPerm = permission;
                this.mUri = uri;
            }
        }
    }

    public ContentProviderCommon(MAMClientImpl mAMClientImpl, AccessRestriction accessRestriction, ReceiveActionUriTracker receiveActionUriTracker) {
        this.mClient = mAMClientImpl;
        this.mAccessRestriction = accessRestriction;
        this.mReceiveActionUriTracker = receiveActionUriTracker;
    }

    private boolean attemptUnblockViaDelete(AccessRestriction.Permission permission, Uri uri) {
        if (uri == null || permission != AccessRestriction.Permission.READ_WRITE || !this.mReceiveActionUriTracker.contains(uri) || isContentProviderAccessBlocked(AccessRestriction.Permission.WRITE_ONLY, uri)) {
            return false;
        }
        LOGGER.info("Deleting URI {0} for receive action ", new PIIFile(uri.toString()));
        this.mHookedContentProvider.deleteMAM(uri, null, null);
        this.mReceiveActionUriTracker.markReadable(uri);
        return true;
    }

    public static AccessRestriction.Permission fromFileMode(String str) {
        if (str == null) {
            throw new ContentAccessDeniedException();
        }
        return str.contains("w") ? str.contains("r") ? AccessRestriction.Permission.READ_WRITE : AccessRestriction.Permission.WRITE_ONLY : AccessRestriction.Permission.READ_ONLY;
    }

    @TargetApi(19)
    private String getCallingPackage() {
        String callingPackage = this.mContentProvider.getCallingPackage();
        return callingPackage == null ? this.mContentProvider.getContext().getPackageName() : callingPackage;
    }

    private static int getCallingUid() {
        return Binder.getCallingUid();
    }

    private String getName() {
        return this.mContentProvider.getClass().getName();
    }

    private boolean isContentProviderAccessBlocked(AccessRestriction.Permission permission, Uri uri) {
        return (isKitKatOrAbove() ? this.mAccessRestriction.isContentProviderAccessBlocked(this.mProxyContext, permission, getCallingPackage(), uri) : this.mAccessRestriction.isContentProviderAccessBlocked(this.mProxyContext, permission, getCallingUid(), uri)) && !attemptUnblockViaDelete(permission, uri);
    }

    public Context attachContext(Context context) {
        this.mProxyContext = this.mClient.createContextProxyIfNecessary(context);
        return this.mProxyContext;
    }

    public void checkCallerPermission(AccessRestriction.Permission permission) {
        checkCallerPermission(permission, null);
    }

    public void checkCallerPermission(AccessRestriction.Permission permission, Uri uri) {
        if (this.mPermissionChecked.get().hasCheckAlreadyPassed(permission, uri)) {
            return;
        }
        if (!isContentProviderAccessBlocked(permission, uri)) {
            this.mPermissionChecked.get().setCheckPassed(permission, uri);
            return;
        }
        LOGGER.info("Provider " + getName() + " denying access to content.");
        throw new ContentAccessDeniedException();
    }

    public boolean isCallerManaged() {
        List<String> managedPackageList = this.mClient.getAppPolicy(this.mClient.getPrimaryIdentity()).getManagedPackageList();
        if (managedPackageList == null) {
            return false;
        }
        if (isKitKatOrAbove()) {
            return isCallerManagedKitKat(managedPackageList);
        }
        String[] packagesForUid = this.mContentProvider.getContext().getPackageManager().getPackagesForUid(getCallingUid());
        if (packagesForUid == null) {
            return false;
        }
        for (String str : packagesForUid) {
            if (managedPackageList.contains(str)) {
                return true;
            }
        }
        return false;
    }

    @TargetApi(19)
    public boolean isCallerManagedKitKat(List<String> list) {
        return list.contains(this.mContentProvider.getCallingPackage());
    }

    protected boolean isKitKatOrAbove() {
        return Build.VERSION.SDK_INT >= 19;
    }

    public void popCaller() {
        this.mPermissionChecked.get().reset();
    }

    public void pushCaller() {
        this.mPermissionChecked.get().enable();
    }

    public void setContentProvider(HookedContentProvider hookedContentProvider) {
        this.mHookedContentProvider = hookedContentProvider;
        this.mContentProvider = hookedContentProvider.asContentProvider();
    }
}
