package com.android.tools.rendering.security;

import com.android.SdkConstants;
import com.android.tools.rendering.RenderService;
import com.android.utils.ILogger;
import com.intellij.platform.workspace.jps.serialization.impl.LibraryNameGenerator;
import io.opentelemetry.semconv.SemanticAttributes;
import java.io.File;
import java.io.FileDescriptor;
import java.io.FilePermission;
import java.io.IOException;
import java.net.InetAddress;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.Permission;
import java.util.Arrays;
import java.util.PropertyPermission;
import java.util.concurrent.Callable;
import java.util.function.Supplier;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:com/android/tools/rendering/security/RenderSecurityManager.class */
public class RenderSecurityManager extends SecurityManager {
    public static final String ENABLED_PROPERTY = "android.render.sandbox";
    public static boolean sEnabled;
    private static Object sCredential;
    private static String sLastFailedPath;
    private final String[] mAllowedPaths;
    private boolean mAllowSetSecurityManager;
    private boolean mDisabled;
    private final String mSdkPath;
    private final String mProjectPath;
    private final String mTempDir = System.getProperty("java.io.tmpdir");
    private final String mNormalizedTempDir = new File(this.mTempDir).getPath();
    private String mCanonicalTempDir;
    private String mAppTempDir;
    private SecurityManager myPreviousSecurityManager;
    private ILogger mLogger;
    private boolean isRestrictReads;
    private final Supplier<Boolean> isRenderThread;
    static final /* synthetic */ boolean $assertionsDisabled;

    public static RenderSecurityManager getCurrent() {
        SecurityManager securityManager = System.getSecurityManager();
        if (!(securityManager instanceof RenderSecurityManager)) {
            return null;
        }
        RenderSecurityManager renderSecurityManager = (RenderSecurityManager) securityManager;
        if (renderSecurityManager.isRelevant()) {
            return renderSecurityManager;
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RenderSecurityManager(String str, String str2, boolean z, @NotNull String[] strArr, @NotNull Supplier<Boolean> supplier) {
        this.mSdkPath = str;
        this.mProjectPath = str2;
        this.mAllowedPaths = strArr;
        sLastFailedPath = null;
        this.isRestrictReads = z;
        this.isRenderThread = supplier;
    }

    @NotNull
    static RenderSecurityManager createForTests(String str, String str2, boolean z, @NotNull Supplier<Boolean> supplier) {
        return new RenderSecurityManager(str, str2, z, RenderSecurityManagerDefaults.getDefaultAllowedPaths(), supplier);
    }

    @NotNull
    public static RenderSecurityManager create(String str, String str2, boolean z, @NotNull String[] strArr) {
        return new RenderSecurityManager(str, str2, z, strArr, RenderService::isRenderThread);
    }

    public RenderSecurityManager setLogger(ILogger iLogger) {
        this.mLogger = iLogger;
        return this;
    }

    public RenderSecurityManager setAppTempDir(String str) {
        this.mAppTempDir = str;
        return this;
    }

    public void setActive(boolean z, Object obj) {
        SecurityManager securityManager = System.getSecurityManager();
        if (z == (securityManager == this)) {
            return;
        }
        if (z) {
            if (!$assertionsDisabled && (securityManager instanceof RenderSecurityManager)) {
                throw new AssertionError();
            }
            this.myPreviousSecurityManager = securityManager;
            this.mDisabled = false;
            System.setSecurityManager(this);
            sCredential = obj;
            return;
        }
        if (obj != sCredential) {
            throw RenderSecurityException.create("Invalid credential");
        }
        this.mAllowSetSecurityManager = true;
        try {
            if (securityManager instanceof RenderSecurityManager) {
                System.setSecurityManager(this.myPreviousSecurityManager);
            } else if (this.mLogger != null) {
                this.mLogger.warning("Security manager was changed behind the scenes: ", securityManager);
            }
        } finally {
            this.mDisabled = true;
            this.mAllowSetSecurityManager = false;
        }
    }

    protected boolean isRelevant() {
        return sEnabled && !this.mDisabled && this.isRenderThread.get().booleanValue();
    }

    public void dispose(Object obj) {
        setActive(false, obj);
    }

    public static boolean enterSafeRegion(Object obj) {
        boolean z = sEnabled;
        if (obj == sCredential) {
            sEnabled = false;
        }
        return z;
    }

    public static void exitSafeRegion(boolean z) {
        sEnabled = z;
    }

    public static void runInSafeRegion(Object obj, @NotNull Runnable runnable) {
        boolean enterSafeRegion = enterSafeRegion(obj);
        try {
            runnable.run();
        } finally {
            exitSafeRegion(enterSafeRegion);
        }
    }

    public static <T> T runInSafeRegion(Object obj, @NotNull Callable<T> callable) throws Exception {
        boolean enterSafeRegion = enterSafeRegion(obj);
        try {
            T call = callable.call();
            exitSafeRegion(enterSafeRegion);
            return call;
        } catch (Throwable th) {
            exitSafeRegion(enterSafeRegion);
            throw th;
        }
    }

    public static String getLastFailedPath() {
        return sLastFailedPath;
    }

    @Override // java.lang.SecurityManager
    public void checkPackageAccess(String str) {
    }

    @Override // java.lang.SecurityManager
    public void checkPropertyAccess(String str) {
    }

    @Override // java.lang.SecurityManager
    public void checkPropertiesAccess() {
        if (isRelevant() && !RenderPropertiesAccessUtil.isPropertyAccessAllowed() && !Arrays.stream(getClassContext()).anyMatch(cls -> {
            return "Logger".equals(cls.getSimpleName()) && "com.intellij.openapi.diagnostic.Logger".equals(cls.getCanonicalName());
        })) {
            throw RenderSecurityException.create("Property", null);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkCreateClassLoader() {
    }

    @Override // java.lang.SecurityManager
    public void checkRead(String str) {
        if (this.isRestrictReads && isRelevant() && !isReadingAllowed(str)) {
            throw RenderSecurityException.create(SemanticAttributes.DbCosmosdbOperationTypeValues.READ, str);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkRead(String str, Object obj) {
        if (this.isRestrictReads && isRelevant() && !isReadingAllowed(str)) {
            throw RenderSecurityException.create(SemanticAttributes.DbCosmosdbOperationTypeValues.READ, str);
        }
    }

    private boolean isReadingAllowed(String str) {
        if (!this.isRestrictReads) {
            return true;
        }
        try {
            String canonicalize = canonicalize(str);
            if (this.mSdkPath != null && canonicalize.startsWith(this.mSdkPath)) {
                return true;
            }
            if (this.mProjectPath != null && canonicalize.startsWith(this.mProjectPath)) {
                return true;
            }
            if ((canonicalize.startsWith(LibraryNameGenerator.UNNAMED_LIBRARY_NAME_PREFIX) && canonicalize.indexOf(File.separatorChar) == -1) || canonicalize.endsWith(".class") || canonicalize.endsWith(SdkConstants.DOT_JAR) || isTempDirPath(canonicalize)) {
                return true;
            }
            String property = System.getProperty("java.home");
            if (canonicalize.startsWith(property)) {
                return true;
            }
            return property.endsWith("/Contents/Home") && canonicalize.regionMatches(0, property, 0, property.length() - "Contents/Home".length());
        } catch (IOException e) {
            return false;
        }
    }

    private static String canonicalize(@NotNull String str) throws IOException {
        return Paths.get(str, new String[0]).normalize().toFile().getCanonicalPath();
    }

    private boolean isInAllowedPath(@NotNull String str) {
        for (int i = 0; i < this.mAllowedPaths.length; i++) {
            if (str.startsWith(this.mAllowedPaths[i])) {
                return true;
            }
        }
        return false;
    }

    private boolean isWritingAllowed(String str) {
        try {
            String canonicalize = canonicalize(str);
            if (Files.isSymbolicLink(Paths.get(canonicalize, new String[0]))) {
                return false;
            }
            return isTempDirPath(canonicalize) || isInAllowedPath(canonicalize);
        } catch (IOException e) {
            return false;
        }
    }

    private boolean isTempDirPath(String str) {
        if (str.startsWith(this.mTempDir) || str.startsWith(this.mNormalizedTempDir)) {
            return true;
        }
        if (this.mAppTempDir != null && str.startsWith(this.mAppTempDir)) {
            return true;
        }
        try {
            if (this.mCanonicalTempDir == null) {
                this.mCanonicalTempDir = canonicalize(this.mNormalizedTempDir);
            }
        } catch (IOException e) {
        }
        if (str.startsWith(this.mCanonicalTempDir)) {
            return true;
        }
        if (canonicalize(str).startsWith(this.mCanonicalTempDir)) {
            return true;
        }
        sLastFailedPath = str;
        return false;
    }

    private static boolean isPropertyWriteAllowed(String str) {
        return str.equals("sun.font.fontmanager") || str.startsWith("sun.awt.") || str.startsWith("apple.awt.") || str.equals("user.timezone");
    }

    @Override // java.lang.SecurityManager
    public void checkExit(int i) {
        if (isRelevant()) {
            throw RenderSecurityException.create("Exit", String.valueOf(i));
        }
        super.checkExit(i);
    }

    @Override // java.lang.SecurityManager
    public void checkPackageDefinition(String str) {
        if (isRelevant()) {
            throw RenderSecurityException.create("Package", str);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkExec(String str) {
        if (isRelevant()) {
            throw RenderSecurityException.create("Exec", str);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkConnect(String str, int i) {
        if (isRelevant()) {
            throw RenderSecurityException.create("Socket", str + ":" + i);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkConnect(String str, int i, Object obj) {
        if (isRelevant()) {
            throw RenderSecurityException.create("Socket", str + ":" + i);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkListen(int i) {
        if (isRelevant()) {
            throw RenderSecurityException.create("Socket", "port " + i);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkAccept(String str, int i) {
        if (isRelevant()) {
            throw RenderSecurityException.create("Socket", str + ":" + i);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkSetFactory() {
        if (isRelevant()) {
            throw RenderSecurityException.create("Socket", null);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkMulticast(InetAddress inetAddress) {
        if (isRelevant()) {
            throw RenderSecurityException.create("Socket", inetAddress.getCanonicalHostName());
        }
    }

    @Override // java.lang.SecurityManager
    public void checkMulticast(InetAddress inetAddress, byte b) {
        if (isRelevant()) {
            throw RenderSecurityException.create("Socket", inetAddress.getCanonicalHostName());
        }
    }

    @Override // java.lang.SecurityManager
    public void checkDelete(String str) {
        if (isRelevant() && !isWritingAllowed(str)) {
            throw RenderSecurityException.create(SemanticAttributes.DbCosmosdbOperationTypeValues.DELETE, str);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkWrite(FileDescriptor fileDescriptor) {
        if (isRelevant()) {
            throw RenderSecurityException.create("Write", fileDescriptor.toString());
        }
    }

    @Override // java.lang.SecurityManager
    public void checkWrite(String str) {
        if (isRelevant() && !isWritingAllowed(str)) {
            throw RenderSecurityException.create("Write", str);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPrintJobAccess() {
        if (isRelevant()) {
            throw RenderSecurityException.create("Print", null);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkAccess(Thread thread) {
    }

    @Override // java.lang.SecurityManager
    public void checkAccess(ThreadGroup threadGroup) {
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission) {
        String name = permission.getName();
        if ("setSecurityManager".equals(name)) {
            if (isRelevant()) {
                if (!this.mAllowSetSecurityManager) {
                    throw RenderSecurityException.create("Security", null);
                }
                return;
            } else {
                if (this.mLogger != null) {
                    this.mLogger.warning("RenderSecurityManager being replaced by another thread", new Object[0]);
                    return;
                }
                return;
            }
        }
        if ("accessEventQueue".equals(name)) {
            if (isRelevant()) {
                throw RenderSecurityException.create("Event", null);
            }
            return;
        }
        if ("accessClipboard".equals(name)) {
            if (isRelevant()) {
                throw RenderSecurityException.create("Clipboard", null);
            }
            return;
        }
        if ("showWindowWithoutWarningBanner".equals(name)) {
            if (isRelevant()) {
                throw RenderSecurityException.create("Window", null);
            }
            return;
        }
        if ("symbolic".equals(name)) {
            if (isRelevant()) {
                throw RenderSecurityException.create("SymbolicLinks", null);
            }
            return;
        }
        if (isRelevant()) {
            String actions = permission.getActions();
            if (this.isRestrictReads && SemanticAttributes.SystemDiskDirectionValues.READ.equals(actions)) {
                if (!isReadingAllowed(name)) {
                    throw RenderSecurityException.create(SemanticAttributes.DbCosmosdbOperationTypeValues.READ, name);
                }
            } else {
                if (actions.isEmpty() || actions.equals(SemanticAttributes.SystemDiskDirectionValues.READ)) {
                    return;
                }
                if ((permission instanceof FilePermission) && isWritingAllowed(name)) {
                    return;
                }
                if (!(permission instanceof PropertyPermission) || !isPropertyWriteAllowed(name)) {
                    throw RenderSecurityException.create("Write", name);
                }
            }
        }
    }

    static {
        $assertionsDisabled = !RenderSecurityManager.class.desiredAssertionStatus();
        sEnabled = !"false".equals(System.getProperty(ENABLED_PROPERTY));
    }
}
