package com.microsoft.intune.mam.policy;

import android.content.Intent;
import android.content.pm.PackageManager;
import android.content.pm.ProviderInfo;
import android.net.Uri;
import com.google.firebase.analytics.FirebaseAnalytics;
import com.microsoft.intune.mam.client.MAMInfo;
import com.microsoft.intune.mam.client.content.pm.MAMPackageManager;
import com.microsoft.intune.mam.client.content.pm.PackageManagerFactory;
import com.microsoft.intune.mam.client.content.pm.PackageManagerPolicy;
import com.microsoft.intune.mam.client.content.pm.PolicyPackageManager;
import com.microsoft.intune.mam.client.identity.FileProtectionManagerBehavior;
import com.microsoft.intune.mam.client.identity.MAMFileProtectionInfo;
import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.client.identity.MAMIdentityManager;
import com.microsoft.intune.mam.client.ipc.AppPolicyEndpoint;
import com.microsoft.intune.mam.client.ipcclient.MAMClientImpl;
import com.microsoft.intune.mam.client.strict.MAMStrictEnforcement;
import com.microsoft.intune.mam.client.util.ActivityUtils;
import com.microsoft.intune.mam.client.util.FileUtils;
import com.microsoft.intune.mam.log.MAMLogPIIFactory;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import com.microsoft.intune.mam.policy.SecureBrowserPolicy;
import java.io.File;
import java.io.IOException;
import java.util.List;

/* loaded from: classes3.dex */
public class ExternalAppPolicy implements AppPolicy, SecureBrowserPolicy {
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger((Class<?>) ExternalAppPolicy.class);
    private static boolean sAppRequestedNotificationRestriction = false;
    private final AppPolicyEndpoint mAppPolicyEndpoint;
    private final MAMClientImpl mClient;
    private final FileProtectionManagerBehavior mFileProtectionManager;
    private final MAMIdentity mIdentity;
    private final MAMIdentityManager mMAMIdentityManager;
    private final MAMLogPIIFactory mMAMLogPIIFactory;
    private final PackageManagerPolicy mPkgPolicy;
    private final InternalAppPolicy mPolicy;
    private final PolicyResolver mPolicyResolver;
    private final MAMStrictEnforcement mStrict;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.microsoft.intune.mam.policy.ExternalAppPolicy$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$microsoft$intune$mam$policy$OpenLocation = new int[OpenLocation.values().length];

        static {
            try {
                $SwitchMap$com$microsoft$intune$mam$policy$OpenLocation[OpenLocation.ACCOUNT_DOCUMENT.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$policy$OpenLocation[OpenLocation.ONEDRIVE_FOR_BUSINESS.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$policy$OpenLocation[OpenLocation.SHAREPOINT.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    public ExternalAppPolicy(MAMIdentity mAMIdentity, PolicyResolver policyResolver, MAMClientImpl mAMClientImpl, MAMIdentityManager mAMIdentityManager, PackageManagerPolicy packageManagerPolicy, MAMLogPIIFactory mAMLogPIIFactory, MAMStrictEnforcement mAMStrictEnforcement, AppPolicyEndpoint appPolicyEndpoint, FileProtectionManagerBehavior fileProtectionManagerBehavior) {
        this.mIdentity = mAMIdentity;
        this.mPolicyResolver = policyResolver;
        this.mPolicy = this.mPolicyResolver.getAppPolicy(this.mIdentity);
        this.mClient = mAMClientImpl;
        this.mMAMIdentityManager = mAMIdentityManager;
        this.mMAMLogPIIFactory = mAMLogPIIFactory;
        this.mPkgPolicy = packageManagerPolicy;
        this.mStrict = mAMStrictEnforcement;
        this.mAppPolicyEndpoint = appPolicyEndpoint;
        this.mFileProtectionManager = fileProtectionManagerBehavior;
    }

    private boolean getIsSaveToPersonalAllowed(MAMIdentity mAMIdentity) {
        return this.mPolicyResolver.getAppPolicy(mAMIdentity).getIsSaveToPersonalAllowed();
    }

    private MAMPackageManager getMAMPackageManager() {
        return PackageManagerFactory.createForPolicy(this.mPkgPolicy, getRealPackageManager(), this.mClient.getRealApplicationContext());
    }

    private PackageManager getRealPackageManager() {
        return this.mClient.getRealApplicationContext().getPackageManager();
    }

    public static boolean hasAppRequestedNotificationRestriction() {
        return sAppRequestedNotificationRestriction;
    }

    private boolean isURITransferAllowed(Uri uri, SharingLevel sharingLevel, DataSharingAction dataSharingAction) {
        if (!uri.getScheme().equals(FirebaseAnalytics.Param.CONTENT) || sharingLevel == SharingLevel.UNRESTRICTED) {
            return true;
        }
        String authority = uri.getAuthority();
        ProviderInfo resolveContentProvider = getMAMPackageManager().resolveContentProvider(authority, 0);
        if (resolveContentProvider == null && ActivityUtils.isPackageVisibilityRestrictedByAPI(this.mClient.getRealApplicationContext())) {
            resolveContentProvider = this.mAppPolicyEndpoint.resolveContentProvider(authority, 0);
        }
        if (resolveContentProvider == null) {
            return true;
        }
        return this.mPkgPolicy.isPackageAllowed(resolveContentProvider.packageName, dataSharingAction);
    }

    private boolean isUsernameExpected(OpenLocation openLocation) {
        int i = AnonymousClass1.$SwitchMap$com$microsoft$intune$mam$policy$OpenLocation[openLocation.ordinal()];
        return i == 1 || i == 2 || i == 3;
    }

    private boolean isUsernameRelevant(OpenLocation openLocation) {
        return isUsernameExpected(openLocation) || openLocation == OpenLocation.LOCAL;
    }

    @Override // com.microsoft.intune.mam.policy.AppPolicy
    public boolean areIntentActivitiesAllowed(Intent intent) {
        if (intent == null) {
            LOGGER.warning("intent should not be null");
            return true;
        }
        if (getMAMPackageManager().queryIntentActivities(intent, 0, PolicyPackageManager.IntentResolveMode.RAW, PolicyPackageManager.PackageVisibilityRestrictions.QUERY_ALL_PACKAGES).isEmpty()) {
            return ActivityUtils.isPackageVisibilityRestrictedByAPI(this.mClient.getRealApplicationContext()) ? this.mAppPolicyEndpoint.queryIntentActivities(intent, 0).isEmpty() : getRealPackageManager().queryIntentActivities(intent, 0).isEmpty();
        }
        return true;
    }

    @Override // com.microsoft.intune.mam.policy.AppPolicy
    public boolean diagnosticHasOpenRestriction() {
        return !this.mPolicy.getIsOpenFromPersonalAllowed();
    }

    @Override // com.microsoft.intune.mam.policy.AppPolicy
    public boolean diagnosticHasSaveRestriction() {
        return !this.mPolicy.getIsSaveToPersonalAllowed();
    }

    @Override // com.microsoft.intune.mam.policy.AppPolicy
    public boolean diagnosticIsFileEncryptionInUse() {
        return this.mPolicy.getRequiresFileEncryption();
    }

    @Override // com.microsoft.intune.mam.policy.AppPolicy
    public boolean getIsContactSyncAllowed() {
        return this.mPolicy.getIsContactSyncAllowed();
    }

    @Override // com.microsoft.intune.mam.policy.AppPolicy
    public boolean getIsManagedBrowserRequired() {
        return this.mPolicy.getAllowedBrowserType() == AllowedBrowserType.MANAGED;
    }

    @Override // com.microsoft.intune.mam.policy.AppPolicy
    public boolean getIsOpenFromContentUriAllowed(Uri uri) {
        if (uri == null) {
            LOGGER.severe("Location URI for SDK check `getIsOpenFromLocationAllowed` may not be null.");
            return false;
        }
        boolean isURITransferAllowed = isURITransferAllowed(uri, this.mPolicy.getAppReceiveSharingLevel(), DataSharingAction.RECEIVE_ONLY);
        LOGGER.info("Informing app that open from allowed is {0} for uri {1}", new Object[]{Boolean.valueOf(isURITransferAllowed), this.mMAMLogPIIFactory.getPIIFilePath(uri.toString())});
        return isURITransferAllowed;
    }

    @Override // com.microsoft.intune.mam.policy.AppPolicy
    public boolean getIsOpenFromLocalStorageAllowed(File file) {
        if (FileUtils.isFileUnderAppData(file, this.mClient.getRealApplicationContext())) {
            return true;
        }
        try {
            MAMFileProtectionInfo protectionInfo = this.mFileProtectionManager.getProtectionInfo(file);
            return getIsOpenFromLocationAllowed(OpenLocation.LOCAL, protectionInfo == null ? null : protectionInfo.getIdentity());
        } catch (IOException unused) {
            LOGGER.severe("Failed to read file to determine protection info. Not allowing open for location {0}.", new Object[]{OpenLocation.LOCAL.toString()});
            return false;
        }
    }

    @Override // com.microsoft.intune.mam.policy.AppPolicy
    public boolean getIsOpenFromLocationAllowed(OpenLocation openLocation, String str) {
        LOGGER.info("Checking `getIsOpenFromLocationAllowed` for location {0} and user {1}", new Object[]{openLocation.toString(), this.mMAMLogPIIFactory.getPIIUPN(str)});
        if (openLocation == null) {
            LOGGER.severe("Location for SDK check `getIsOpenFromLocationAllowed` may not be null.");
            return false;
        }
        this.mStrict.checkOpenFromLocation(openLocation, str);
        MAMIdentity fromString = this.mMAMIdentityManager.fromString(str);
        if (this.mPolicy.getIsOpenFromPersonalAllowed()) {
            if (fromString == null || !isUsernameRelevant(openLocation) || this.mIdentity.equals(fromString)) {
                LOGGER.info("Informing app that `getIsOpenFromLocationAllowed` is true for location {0} and user {1}", new Object[]{openLocation.toString(), this.mMAMLogPIIFactory.getPIIUPN(str)});
                return true;
            }
            boolean isSaveToPersonalAllowed = getIsSaveToPersonalAllowed(fromString);
            LOGGER.info("Informing app that `getIsOpenFromLocationAllowed` is {0} for location {1} and user {2} based on the result of `getIsSaveToPersonalAllowed`.", new Object[]{Boolean.valueOf(isSaveToPersonalAllowed), openLocation.toString(), this.mMAMLogPIIFactory.getPIIUPN(str)});
            return isSaveToPersonalAllowed;
        }
        if (OpenLocation.OTHER.equals(openLocation)) {
            LOGGER.info("Informing app that `getIsOpenFromLocationAllowed` is false for location {0} and user {1}. This location will never be allowed.", new Object[]{openLocation.toString(), this.mMAMLogPIIFactory.getPIIUPN(str)});
            return false;
        }
        if (isUsernameExpected(openLocation) && fromString != null && !this.mIdentity.equals(fromString)) {
            LOGGER.info("Informing app that `getIsOpenFromLocationAllowed` is false for location {0} and user {1}. This location expects that the passed in username matches the identity for the policy.", new Object[]{openLocation.toString(), this.mMAMLogPIIFactory.getPIIUPN(str)});
            return false;
        }
        if (OpenLocation.ACCOUNT_DOCUMENT.equals(openLocation) && this.mIdentity.equals(fromString)) {
            LOGGER.info("Informing app that `getIsOpenFromLocationAllowed` is true for location {0} and user {1}.", new Object[]{openLocation.toString(), this.mMAMLogPIIFactory.getPIIUPN(str)});
            return true;
        }
        if (fromString == null && MAMInfo.isMultiIdentityEnabled() && isUsernameExpected(openLocation)) {
            LOGGER.severe("Informing app that `getIsOpenFromLocationAllowed` is false for location {0} and user {1}. A multi-identity app is trying to open from {0} without an associated username.", new Object[]{openLocation.toString(), this.mMAMLogPIIFactory.getPIIUPN(str)});
            return false;
        }
        if (OpenLocation.LOCAL.equals(openLocation) && fromString != null && !this.mIdentity.equals(fromString) && !getIsSaveToPersonalAllowed(fromString)) {
            LOGGER.info("Informing app that `getIsOpenFromLocationAllowed` is false for location {0} and user {1} based on the result of `getIsSaveToPersonalAllowed`.", new Object[]{openLocation.toString(), this.mMAMLogPIIFactory.getPIIUPN(str)});
            return false;
        }
        boolean isLocationAllowed = this.mPolicy.getManagedOpenLocations().isLocationAllowed(openLocation);
        LOGGER.info("Informing app that `getIsOpenFromLocationAllowed` is {0} for location {1} and user {2}", new Object[]{Boolean.valueOf(isLocationAllowed), openLocation.toString(), this.mMAMLogPIIFactory.getPIIUPN(str)});
        return isLocationAllowed;
    }

    @Override // com.microsoft.intune.mam.policy.AppPolicy
    public boolean getIsPinRequired() {
        return this.mPolicy.getIsPinRequired();
    }

    @Override // com.microsoft.intune.mam.policy.AppPolicy
    public boolean getIsSaveToLocationAllowed(Uri uri) {
        if (uri == null) {
            LOGGER.severe("Location URI for SDK check `getIsSaveToLocationAllowed` may not be null.");
            return false;
        }
        boolean isURITransferAllowed = isURITransferAllowed(uri, this.mPolicy.getAppTransferSharingLevel(), DataSharingAction.TRANSFER_ONLY);
        LOGGER.info("Informing app that save to personal is {0} for uri {1}", new Object[]{Boolean.valueOf(isURITransferAllowed), this.mMAMLogPIIFactory.getPIIFilePath(uri.toString())});
        return isURITransferAllowed;
    }

    @Override // com.microsoft.intune.mam.policy.AppPolicy
    public boolean getIsSaveToLocationAllowed(SaveLocation saveLocation, String str) {
        if (saveLocation == null) {
            LOGGER.severe("Location for SDK check `getIsSaveToLocationAllowed` may not be null.");
            return false;
        }
        this.mStrict.checkSaveToLocation(saveLocation, str);
        boolean isSaveToLocationAllowed = this.mClient.getIsSaveToLocationAllowed(saveLocation, this.mIdentity, str, this.mPolicy, this.mPolicyResolver);
        LOGGER.info("Informing app that save to personal is {0} for uri {1} and user {2}", new Object[]{Boolean.valueOf(isSaveToLocationAllowed), this.mMAMLogPIIFactory.getPIIFilePath(saveLocation.toString()), this.mMAMLogPIIFactory.getPIIUPN(str)});
        return isSaveToLocationAllowed;
    }

    @Override // com.microsoft.intune.mam.policy.AppPolicy
    @Deprecated
    public boolean getIsSaveToPersonalAllowed() {
        this.mStrict.checkDeprecatedApi("getIsSaveToPersonalAllowed");
        boolean isSaveToPersonalAllowed = this.mPolicy.getIsSaveToPersonalAllowed();
        LOGGER.info("Informing app that save to personal is " + isSaveToPersonalAllowed);
        return isSaveToPersonalAllowed;
    }

    @Override // com.microsoft.intune.mam.policy.AppPolicy
    public boolean getIsScreenCaptureAllowed() {
        return !this.mPolicy.getRestrictScreenshots();
    }

    @Override // com.microsoft.intune.mam.policy.AppPolicy
    public NotificationRestriction getNotificationRestriction() {
        sAppRequestedNotificationRestriction = true;
        return this.mPolicy.getNotificationRestriction();
    }

    @Override // com.microsoft.intune.mam.policy.SecureBrowserPolicy
    public List<String> getSecureBrowserUrlList() {
        return this.mPolicy.getSecureBrowserUrlList();
    }

    @Override // com.microsoft.intune.mam.policy.SecureBrowserPolicy
    public SecureBrowserPolicy.SecureBrowserUrlListMode getSecureBrowserUrlListMode() {
        return this.mPolicy.getSecureBrowserUrlListMode();
    }

    @Override // com.microsoft.intune.mam.policy.AppPolicy
    public String toString() {
        return new BundleAppPolicy(this.mPolicy).toString();
    }
}
