package com.android.server.devicepolicy;

import android.app.admin.DeviceAdminReceiver;
import android.app.admin.IAuditLogEventsCallback;
import android.app.admin.SecurityLog;
import android.app.admin.flags.Flags;
import android.os.Handler;
import android.os.IBinder;
import android.os.Process;
import android.os.RemoteException;
import android.os.SystemClock;
import android.util.Log;
import android.util.Slog;
import android.util.SparseArray;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
import com.android.server.utils.Slogf;
import java.io.IOException;
import java.util.ArrayDeque;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.Semaphore;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/android/server/devicepolicy/SecurityLogMonitor.class */
public class SecurityLogMonitor implements Runnable {
    private final DevicePolicyManagerService mService;
    private int mEnabledUser;
    private static final boolean DEBUG = false;
    private static final String TAG = "SecurityLogMonitor";

    @VisibleForTesting
    static final int BUFFER_ENTRIES_NOTIFICATION_LEVEL = 1024;
    private static final int BUFFER_ENTRIES_MAXIMUM_LEVEL = 10240;
    private static final int BUFFER_ENTRIES_CRITICAL_LEVEL = 9216;
    private boolean mLegacyLogEnabled;
    private boolean mAuditLogEnabled;

    @GuardedBy({"mForceSemaphore"})
    private long mLastForceNanos;
    private final Handler mHandler;
    private static final int MAX_AUDIT_LOG_EVENTS = 10000;
    private static final long RATE_LIMIT_INTERVAL_MS = TimeUnit.HOURS.toMillis(2);
    private static final long BROADCAST_RETRY_INTERVAL_MS = TimeUnit.MINUTES.toMillis(30);
    private static final long POLLING_INTERVAL_MS = TimeUnit.MINUTES.toMillis(1);
    private static final long OVERLAP_NS = TimeUnit.SECONDS.toNanos(3);
    private static final long FORCE_FETCH_THROTTLE_NS = TimeUnit.SECONDS.toNanos(10);
    private static final long MAX_AUDIT_LOG_EVENT_AGE_NS = TimeUnit.HOURS.toNanos(8);
    private final Lock mLock = new ReentrantLock();

    @GuardedBy({"mLock"})
    private Thread mMonitorThread = null;

    @GuardedBy({"mLock"})
    private ArrayList<SecurityLog.SecurityEvent> mPendingLogs = new ArrayList<>();

    @GuardedBy({"mLock"})
    private boolean mAllowedToRetrieve = false;

    @GuardedBy({"mLock"})
    private boolean mCriticalLevelLogged = false;
    private final ArrayList<SecurityLog.SecurityEvent> mLastEvents = new ArrayList<>();
    private long mLastEventNanos = -1;

    @GuardedBy({"mLock"})
    private long mNextAllowedRetrievalTimeMillis = -1;

    @GuardedBy({"mLock"})
    private boolean mPaused = false;
    private final Semaphore mForceSemaphore = new Semaphore(0);

    @GuardedBy({"mLock"})
    private final SparseArray<IAuditLogEventsCallback> mAuditLogCallbacks = new SparseArray<>();

    @GuardedBy({"mLock"})
    private final ArrayDeque<SecurityLog.SecurityEvent> mAuditLogEventBuffer = new ArrayDeque<>();

    @GuardedBy({"mLock"})
    private long mId = 0;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityLogMonitor(DevicePolicyManagerService devicePolicyManagerService, Handler handler) {
        this.mLastForceNanos = 0L;
        this.mService = devicePolicyManagerService;
        this.mLastForceNanos = System.nanoTime();
        this.mHandler = handler;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void start(int i) {
        Slog.i(TAG, "Starting security logging for user " + i);
        this.mEnabledUser = i;
        this.mLock.lock();
        try {
            if (this.mMonitorThread == null) {
                resetLegacyBufferLocked();
                startMonitorThreadLocked();
            } else {
                Slog.i(TAG, "Security log monitor thread is already running");
            }
        } finally {
            this.mLock.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void stop() {
        Slog.i(TAG, "Stopping security logging.");
        this.mLock.lock();
        try {
            if (this.mMonitorThread != null) {
                stopMonitorThreadLocked();
                resetLegacyBufferLocked();
            }
        } finally {
            this.mLock.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setLoggingParams(int i, boolean z, boolean z2) {
        Slogf.i(TAG, "Setting logging params, user = %d -> %d, legacy: %b -> %b, audit %b -> %b", Integer.valueOf(this.mEnabledUser), Integer.valueOf(i), Boolean.valueOf(this.mLegacyLogEnabled), Boolean.valueOf(z), Boolean.valueOf(this.mAuditLogEnabled), Boolean.valueOf(z2));
        this.mLock.lock();
        try {
            this.mEnabledUser = i;
            if (this.mMonitorThread == null && (z || z2)) {
                startMonitorThreadLocked();
            } else if (this.mMonitorThread != null && !z && !z2) {
                stopMonitorThreadLocked();
            }
            if (this.mLegacyLogEnabled != z) {
                resetLegacyBufferLocked();
                this.mLegacyLogEnabled = z;
            }
            if (this.mAuditLogEnabled != z2) {
                resetAuditBufferLocked();
                this.mAuditLogEnabled = z2;
            }
        } finally {
            this.mLock.unlock();
        }
    }

    @GuardedBy({"mLock"})
    private void startMonitorThreadLocked() {
        this.mId = 0L;
        this.mPaused = false;
        this.mMonitorThread = new Thread(this);
        this.mMonitorThread.start();
        SecurityLog.writeEvent(210011, new Object[0]);
        Slog.i(TAG, "Security log monitor thread started");
    }

    @GuardedBy({"mLock"})
    private void stopMonitorThreadLocked() {
        this.mMonitorThread.interrupt();
        try {
            this.mMonitorThread.join(TimeUnit.SECONDS.toMillis(5L));
        } catch (InterruptedException e) {
            Log.e(TAG, "Interrupted while waiting for thread to stop", e);
        }
        this.mMonitorThread = null;
        SecurityLog.writeEvent(210012, new Object[0]);
    }

    @GuardedBy({"mLock"})
    private void resetLegacyBufferLocked() {
        this.mPendingLogs = new ArrayList<>();
        this.mCriticalLevelLogged = false;
        this.mAllowedToRetrieve = false;
        this.mNextAllowedRetrievalTimeMillis = -1L;
        Slog.i(TAG, "Legacy buffer reset.");
    }

    @GuardedBy({"mLock"})
    private void resetAuditBufferLocked() {
        this.mAuditLogEventBuffer.clear();
        this.mAuditLogCallbacks.clear();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void pause() {
        Slog.i(TAG, "Paused.");
        this.mLock.lock();
        this.mPaused = true;
        this.mAllowedToRetrieve = false;
        this.mLock.unlock();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void resume() {
        this.mLock.lock();
        try {
            if (!this.mPaused) {
                Log.d(TAG, "Attempted to resume, but logging is not paused.");
                return;
            }
            this.mPaused = false;
            this.mAllowedToRetrieve = false;
            Slog.i(TAG, "Resumed.");
            try {
                notifyDeviceOwnerOrProfileOwnerIfNeeded(false);
            } catch (InterruptedException e) {
                Log.w(TAG, "Thread interrupted.", e);
            }
        } finally {
            this.mLock.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void discardLogs() {
        this.mLock.lock();
        this.mAllowedToRetrieve = false;
        this.mPendingLogs = new ArrayList<>();
        this.mCriticalLevelLogged = false;
        this.mLock.unlock();
        Slog.i(TAG, "Discarded all logs.");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<SecurityLog.SecurityEvent> retrieveLogs() {
        this.mLock.lock();
        try {
            if (!this.mAllowedToRetrieve) {
                return null;
            }
            this.mAllowedToRetrieve = false;
            this.mNextAllowedRetrievalTimeMillis = SystemClock.elapsedRealtime() + RATE_LIMIT_INTERVAL_MS;
            ArrayList<SecurityLog.SecurityEvent> arrayList = this.mPendingLogs;
            this.mPendingLogs = new ArrayList<>();
            this.mCriticalLevelLogged = false;
            return arrayList;
        } finally {
            this.mLock.unlock();
        }
    }

    private void getNextBatch(ArrayList<SecurityLog.SecurityEvent> arrayList) throws IOException {
        if (this.mLastEventNanos < 0) {
            SecurityLog.readEvents(arrayList);
        } else {
            SecurityLog.readEventsSince(this.mLastEvents.isEmpty() ? this.mLastEventNanos : Math.max(0L, this.mLastEventNanos - OVERLAP_NS), arrayList);
        }
        int i = 0;
        while (true) {
            if (i >= arrayList.size() - 1) {
                break;
            }
            if (arrayList.get(i).getTimeNanos() > arrayList.get(i + 1).getTimeNanos()) {
                arrayList.sort((securityEvent, securityEvent2) -> {
                    return Long.signum(securityEvent.getTimeNanos() - securityEvent2.getTimeNanos());
                });
                break;
            }
            i++;
        }
        SecurityLog.redactEvents(arrayList, this.mEnabledUser);
    }

    private void saveLastEvents(ArrayList<SecurityLog.SecurityEvent> arrayList) {
        this.mLastEvents.clear();
        if (arrayList.isEmpty()) {
            return;
        }
        this.mLastEventNanos = arrayList.get(arrayList.size() - 1).getTimeNanos();
        int size = arrayList.size() - 2;
        while (size >= 0 && this.mLastEventNanos - arrayList.get(size).getTimeNanos() < OVERLAP_NS) {
            size--;
        }
        this.mLastEvents.addAll(arrayList.subList(size + 1, arrayList.size()));
    }

    @GuardedBy({"mLock"})
    private void mergeBatchLocked(ArrayList<SecurityLog.SecurityEvent> arrayList) {
        ArrayList arrayList2 = new ArrayList();
        int i = 0;
        int i2 = 0;
        while (i2 < this.mLastEvents.size() && i < arrayList.size()) {
            SecurityLog.SecurityEvent securityEvent = arrayList.get(i);
            long timeNanos = securityEvent.getTimeNanos();
            if (timeNanos > this.mLastEventNanos) {
                break;
            }
            SecurityLog.SecurityEvent securityEvent2 = this.mLastEvents.get(i2);
            long timeNanos2 = securityEvent2.getTimeNanos();
            if (timeNanos2 > timeNanos) {
                arrayList2.add(securityEvent);
                i++;
            } else if (timeNanos2 < timeNanos) {
                i2++;
            } else {
                if (!securityEvent2.eventEquals(securityEvent)) {
                    arrayList2.add(securityEvent);
                }
                i2++;
                i++;
            }
        }
        arrayList2.addAll(arrayList.subList(i, arrayList.size()));
        Iterator<SecurityLog.SecurityEvent> it = arrayList2.iterator();
        while (it.hasNext()) {
            assignLogId(it.next());
        }
        if (!Flags.securityLogV2Enabled() || this.mLegacyLogEnabled) {
            addToLegacyBufferLocked(arrayList2);
        }
        if (Flags.securityLogV2Enabled() && this.mAuditLogEnabled) {
            addAuditLogEventsLocked(arrayList2);
        }
    }

    @GuardedBy({"mLock"})
    private void addToLegacyBufferLocked(List<SecurityLog.SecurityEvent> list) {
        this.mPendingLogs.addAll(list);
        checkCriticalLevel();
        if (this.mPendingLogs.size() > 10240) {
            this.mPendingLogs = new ArrayList<>(this.mPendingLogs.subList(this.mPendingLogs.size() - 5120, this.mPendingLogs.size()));
            this.mCriticalLevelLogged = false;
            Slog.i(TAG, "Pending logs buffer full. Discarding old logs.");
        }
    }

    @GuardedBy({"mLock"})
    private void checkCriticalLevel() {
        if (SecurityLog.isLoggingEnabled() && this.mPendingLogs.size() >= BUFFER_ENTRIES_CRITICAL_LEVEL && !this.mCriticalLevelLogged) {
            this.mCriticalLevelLogged = true;
            SecurityLog.writeEvent(210015, new Object[0]);
        }
    }

    @GuardedBy({"mLock"})
    private void assignLogId(SecurityLog.SecurityEvent securityEvent) {
        securityEvent.setId(this.mId);
        if (this.mId != Long.MAX_VALUE) {
            this.mId++;
        } else {
            Slog.i(TAG, "Reached maximum id value; wrapping around.");
            this.mId = 0L;
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        Process.setThreadPriority(10);
        ArrayList<SecurityLog.SecurityEvent> arrayList = new ArrayList<>();
        while (!Thread.currentThread().isInterrupted()) {
            try {
                boolean tryAcquire = this.mForceSemaphore.tryAcquire(POLLING_INTERVAL_MS, TimeUnit.MILLISECONDS);
                getNextBatch(arrayList);
                this.mLock.lockInterruptibly();
                try {
                    mergeBatchLocked(arrayList);
                    this.mLock.unlock();
                    saveLastEvents(arrayList);
                    arrayList.clear();
                    if (!Flags.securityLogV2Enabled() || this.mLegacyLogEnabled) {
                        notifyDeviceOwnerOrProfileOwnerIfNeeded(tryAcquire);
                    }
                } catch (Throwable th) {
                    this.mLock.unlock();
                    throw th;
                    break;
                }
            } catch (IOException e) {
                Log.e(TAG, "Failed to read security log", e);
            } catch (InterruptedException e2) {
                Log.i(TAG, "Thread interrupted, exiting.", e2);
            }
        }
        this.mLastEvents.clear();
        if (this.mLastEventNanos != -1) {
            this.mLastEventNanos++;
        }
        Slog.i(TAG, "MonitorThread exit.");
    }

    private void notifyDeviceOwnerOrProfileOwnerIfNeeded(boolean z) throws InterruptedException {
        boolean z2 = false;
        this.mLock.lockInterruptibly();
        try {
            if (this.mPaused) {
                return;
            }
            int size = this.mPendingLogs.size();
            if ((size >= 1024 || (z && size > 0)) && !this.mAllowedToRetrieve) {
                z2 = true;
            }
            if (size > 0 && SystemClock.elapsedRealtime() >= this.mNextAllowedRetrievalTimeMillis) {
                z2 = true;
            }
            if (z2) {
                this.mAllowedToRetrieve = true;
                this.mNextAllowedRetrievalTimeMillis = SystemClock.elapsedRealtime() + BROADCAST_RETRY_INTERVAL_MS;
            }
            this.mLock.unlock();
            if (z2) {
                Slog.i(TAG, "notify DO or PO");
                this.mService.sendDeviceOwnerOrProfileOwnerCommand(DeviceAdminReceiver.ACTION_SECURITY_LOGS_AVAILABLE, null, this.mEnabledUser);
            }
        } finally {
            this.mLock.unlock();
        }
    }

    public long forceLogs() {
        long nanoTime = System.nanoTime();
        synchronized (this.mForceSemaphore) {
            long j = (this.mLastForceNanos + FORCE_FETCH_THROTTLE_NS) - nanoTime;
            if (j > 0) {
                return TimeUnit.NANOSECONDS.toMillis(j) + 1;
            }
            this.mLastForceNanos = nanoTime;
            if (this.mForceSemaphore.availablePermits() == 0) {
                this.mForceSemaphore.release();
            }
            return 0L;
        }
    }

    public void setAuditLogEventsCallback(int i, IAuditLogEventsCallback iAuditLogEventsCallback) {
        this.mLock.lock();
        try {
            if (iAuditLogEventsCallback == null) {
                this.mAuditLogCallbacks.remove(i);
                Slogf.i(TAG, "Cleared audit log callback for UID %d", Integer.valueOf(i));
                this.mLock.unlock();
            } else {
                scheduleSendAuditLogs(i, iAuditLogEventsCallback, new ArrayList(this.mAuditLogEventBuffer));
                this.mAuditLogCallbacks.append(i, iAuditLogEventsCallback);
                this.mLock.unlock();
                Slogf.i(TAG, "Set audit log callback for UID %d", Integer.valueOf(i));
            }
        } catch (Throwable th) {
            this.mLock.unlock();
            throw th;
        }
    }

    @GuardedBy({"mLock"})
    private void addAuditLogEventsLocked(List<SecurityLog.SecurityEvent> list) {
        if (this.mPaused) {
            return;
        }
        if (!list.isEmpty()) {
            for (int i = 0; i < this.mAuditLogCallbacks.size(); i++) {
                scheduleSendAuditLogs(this.mAuditLogCallbacks.keyAt(i), this.mAuditLogCallbacks.valueAt(i), list);
            }
        }
        this.mAuditLogEventBuffer.addAll(list);
        trimAuditLogBufferLocked();
    }

    @GuardedBy({"mLock"})
    private void trimAuditLogBufferLocked() {
        long nanos = TimeUnit.MILLISECONDS.toNanos(System.currentTimeMillis());
        Iterator<SecurityLog.SecurityEvent> it = this.mAuditLogEventBuffer.iterator();
        while (it.hasNext()) {
            SecurityLog.SecurityEvent next = it.next();
            if (this.mAuditLogEventBuffer.size() <= 10000 && nanos - next.getTimeNanos() <= MAX_AUDIT_LOG_EVENT_AGE_NS) {
                return;
            } else {
                it.remove();
            }
        }
    }

    private void scheduleSendAuditLogs(int i, IAuditLogEventsCallback iAuditLogEventsCallback, List<SecurityLog.SecurityEvent> list) {
        this.mHandler.post(() -> {
            sendAuditLogs(i, iAuditLogEventsCallback, list);
        });
    }

    private void sendAuditLogs(int i, IAuditLogEventsCallback iAuditLogEventsCallback, List<SecurityLog.SecurityEvent> list) {
        try {
            list.size();
            iAuditLogEventsCallback.onNewAuditLogEvents(list);
        } catch (RemoteException e) {
            Slogf.e(TAG, e, "Failed to invoke audit log callback for UID %d", Integer.valueOf(i));
            removeAuditLogEventsCallbackIfDead(i, iAuditLogEventsCallback);
        }
    }

    private void removeAuditLogEventsCallbackIfDead(int i, IAuditLogEventsCallback iAuditLogEventsCallback) {
        IBinder asBinder = iAuditLogEventsCallback.asBinder();
        if (asBinder.isBinderAlive()) {
            Slog.i(TAG, "Callback binder is still alive, not removing.");
            return;
        }
        this.mLock.lock();
        try {
            int indexOfKey = this.mAuditLogCallbacks.indexOfKey(i);
            if (indexOfKey < 0) {
                Slogf.i(TAG, "Callback not registered for UID %d, nothing to remove", Integer.valueOf(i));
                this.mLock.unlock();
            } else if (!this.mAuditLogCallbacks.valueAt(indexOfKey).asBinder().equals(asBinder)) {
                Slogf.i(TAG, "Callback is already replaced for UID %d, not removing", Integer.valueOf(i));
                this.mLock.unlock();
            } else {
                Slogf.i(TAG, "Removing callback for UID %d", Integer.valueOf(i));
                this.mAuditLogCallbacks.removeAt(indexOfKey);
                this.mLock.unlock();
            }
        } catch (Throwable th) {
            this.mLock.unlock();
            throw th;
        }
    }
}
