package com.microsoft.intune.mam.client.content;

import android.content.ContentProvider;
import android.content.Context;
import android.net.Uri;
import com.microsoft.intune.mam.client.app.AccessRestriction;
import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.client.ipcclient.ReceiveActionUriTracker;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import com.microsoft.intune.mam.log.PIIFile;
import com.microsoft.intune.mam.policy.MAMUserInfoInternal;
import com.microsoft.intune.mam.policy.PolicyResolver;
import java.util.List;
import java.util.Objects;
import javax.inject.Inject;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class ContentProviderCommon {
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger((Class<?>) ContentProviderCommon.class);
    protected final AccessRestriction mAccessRestriction;
    private ContentProvider mContentProvider;
    private HookedContentProvider mHookedContentProvider;
    private ThreadLocal<PermissionCheckCache> mPermissionChecked = new ThreadLocal<PermissionCheckCache>() { // from class: com.microsoft.intune.mam.client.content.ContentProviderCommon.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public PermissionCheckCache initialValue() {
            return new PermissionCheckCache();
        }
    };
    private final PolicyResolver mPolicyResolver;
    private Context mProxyContext;
    protected final ReceiveActionUriTracker mReceiveActionUriTracker;
    protected final MAMUserInfoInternal mUserInfo;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class PermissionCheckCache {
        private String mCallingPackage;
        private boolean mEnabled;
        private AccessRestriction.Permission mPerm;
        private Uri mUri;

        private PermissionCheckCache() {
            this.mEnabled = false;
            this.mPerm = null;
            this.mUri = null;
        }

        public void enable() {
            this.mEnabled = true;
        }

        public boolean hasCheckAlreadyPassed(AccessRestriction.Permission permission, Uri uri, String str) {
            AccessRestriction.Permission permission2;
            if (this.mEnabled && (permission2 = this.mPerm) != null && permission2.equals(permission) && Objects.equals(uri, this.mUri)) {
                return Objects.equals(str, this.mCallingPackage);
            }
            return false;
        }

        public void reset() {
            this.mEnabled = false;
            this.mPerm = null;
            this.mUri = null;
            this.mCallingPackage = null;
        }

        public void setCheckPassed(AccessRestriction.Permission permission, Uri uri, String str) {
            if (this.mEnabled) {
                this.mPerm = permission;
                this.mUri = uri;
                this.mCallingPackage = str;
            }
        }
    }

    @Inject
    public ContentProviderCommon(MAMUserInfoInternal mAMUserInfoInternal, AccessRestriction accessRestriction, ReceiveActionUriTracker receiveActionUriTracker, PolicyResolver policyResolver) {
        this.mUserInfo = mAMUserInfoInternal;
        this.mAccessRestriction = accessRestriction;
        this.mReceiveActionUriTracker = receiveActionUriTracker;
        this.mPolicyResolver = policyResolver;
    }

    private boolean attemptUnblockViaDelete(AccessRestriction.Permission permission, Uri uri, String str) {
        if (uri == null || permission != AccessRestriction.Permission.READ_WRITE || !this.mReceiveActionUriTracker.contains(uri) || isContentProviderAccessBlocked(AccessRestriction.Permission.WRITE_ONLY, uri, str, null)) {
            return false;
        }
        LOGGER.info("Deleting URI {0} for receive action ", new PIIFile(uri.toString()));
        this.mHookedContentProvider.deleteMAM(uri, null, null);
        this.mReceiveActionUriTracker.markReadable(uri);
        return true;
    }

    private void checkCallerPermission(AccessRestriction.Permission permission, Uri uri, boolean z, MAMIdentity mAMIdentity) {
        String callingPackage = getCallingPackage();
        if (z && this.mPermissionChecked.get().hasCheckAlreadyPassed(permission, uri, callingPackage)) {
            return;
        }
        if (!isContentProviderAccessBlocked(permission, uri, callingPackage, mAMIdentity)) {
            this.mPermissionChecked.get().setCheckPassed(permission, uri, callingPackage);
            return;
        }
        LOGGER.info("Provider " + getName() + " denying access to content.");
        throw new ContentAccessDeniedException();
    }

    public static AccessRestriction.Permission fromFileMode(String str) {
        if (str != null) {
            return str.contains("w") ? str.contains("r") ? AccessRestriction.Permission.READ_WRITE : AccessRestriction.Permission.WRITE_ONLY : AccessRestriction.Permission.READ_ONLY;
        }
        throw new ContentAccessDeniedException();
    }

    private String getCallingPackage() {
        String callingPackage = this.mContentProvider.getCallingPackage();
        return callingPackage == null ? this.mContentProvider.getContext().getPackageName() : callingPackage;
    }

    private String getName() {
        return this.mContentProvider.getClass().getName();
    }

    private boolean isContentProviderAccessBlocked(AccessRestriction.Permission permission, Uri uri, String str, MAMIdentity mAMIdentity) {
        return this.mAccessRestriction.isContentProviderAccessBlocked(this.mProxyContext, permission, str, uri, mAMIdentity) && !attemptUnblockViaDelete(permission, uri, str);
    }

    public Context attachContext(Context context) {
        ContentProvider contentProvider = this.mContentProvider;
        if (contentProvider != null && contentProvider.getClass().getName().equals("com.microsoft.appcenter.loader.AppCenterLoader") && context.getPackageName().equals("com.microsoft.ramobile")) {
            LOGGER.info("Skipping rewrapping for AppCenterLoader");
            Context createProxyIfNecessary = MAMContext.createProxyIfNecessary(context);
            this.mProxyContext = createProxyIfNecessary;
            return createProxyIfNecessary;
        }
        MAMContext unwrap = MAMContext.unwrap(context);
        if (unwrap != null) {
            context = unwrap.getRealContext();
        }
        Context createProxy = MAMContext.createProxy(context);
        this.mProxyContext = createProxy;
        return createProxy;
    }

    public void checkCallerPermission(AccessRestriction.Permission permission) {
        checkCallerPermission(permission, null);
    }

    public void checkCallerPermission(AccessRestriction.Permission permission, Uri uri) {
        checkCallerPermission(permission, uri, true, null);
    }

    public void checkCallerPermission(AccessRestriction.Permission permission, boolean z, MAMIdentity mAMIdentity) {
        checkCallerPermission(permission, null, z, mAMIdentity);
    }

    public boolean isCallerManaged() {
        List<String> managedPackageList = this.mPolicyResolver.getAppPolicy(this.mUserInfo.getPrimaryIdentity()).getManagedPackageList();
        if (managedPackageList == null) {
            return false;
        }
        return managedPackageList.contains(this.mContentProvider.getCallingPackage());
    }

    public void popCaller() {
        this.mPermissionChecked.get().reset();
    }

    public void pushCaller() {
        this.mPermissionChecked.get().enable();
    }

    public void setContentProvider(HookedContentProvider hookedContentProvider) {
        this.mHookedContentProvider = hookedContentProvider;
        this.mContentProvider = hookedContentProvider.asContentProvider();
    }
}
