package com.microsoft.intune.mam.client.fileencryption;

import android.app.ActivityManager;
import android.content.ComponentCallbacks2;
import android.content.Context;
import android.content.res.Configuration;
import android.os.Build;
import android.os.ParcelFileDescriptor;
import com.microsoft.intune.mam.DeviceBuildUtils;
import com.microsoft.intune.mam.client.MAMException;
import com.microsoft.intune.mam.client.MAMInfo;
import com.microsoft.intune.mam.client.app.AppUtils;
import com.microsoft.intune.mam.client.app.LocalSettings;
import com.microsoft.intune.mam.client.database.FileEncryptionStateTable;
import com.microsoft.intune.mam.client.database.IntuneMAMOpenHelper;
import com.microsoft.intune.mam.client.database.MultiIdentityInfoTable;
import com.microsoft.intune.mam.client.database.PendingFileEncryptionOperationsTable;
import com.microsoft.intune.mam.client.fileencryption.CipherUtils;
import com.microsoft.intune.mam.client.fileencryption.FileEncryptionServiceBehavior;
import com.microsoft.intune.mam.client.fileencryption.NativeFileIO;
import com.microsoft.intune.mam.client.identity.FileIdentityMetadataAgent;
import com.microsoft.intune.mam.client.identity.IdentityResolutionInfo;
import com.microsoft.intune.mam.client.identity.IdentityResolver;
import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.client.identity.MAMIdentityManager;
import com.microsoft.intune.mam.client.identity.MultiIdentityTransitionMode;
import com.microsoft.intune.mam.client.ipcclient.AppPolicyServiceWrapper;
import com.microsoft.intune.mam.client.ipcclient.HmacManager;
import com.microsoft.intune.mam.client.ipcclient.HmacManagerImpl;
import com.microsoft.intune.mam.client.ipcclient.MAMFeatureFlag;
import com.microsoft.intune.mam.client.notification.MAMNotificationReceiver;
import com.microsoft.intune.mam.client.notification.MAMNotificationReceiverRegistry;
import com.microsoft.intune.mam.client.telemetry.OnlineTelemetryLogger;
import com.microsoft.intune.mam.client.telemetry.events.MAMInternalError;
import com.microsoft.intune.mam.client.telemetry.events.MAMNativeError;
import com.microsoft.intune.mam.client.telemetry.events.ScenarioEvent;
import com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence;
import com.microsoft.intune.mam.client.util.FileUtils;
import com.microsoft.intune.mam.client.util.IOUtils;
import com.microsoft.intune.mam.client.util.PackageUtils;
import com.microsoft.intune.mam.client.util.ProcessUtils;
import com.microsoft.intune.mam.client.util.WellKnownPaths;
import com.microsoft.intune.mam.libs.HoudiniHelper;
import com.microsoft.intune.mam.libs.MAMLibraryException;
import com.microsoft.intune.mam.libs.NativeLibLoaderClient;
import com.microsoft.intune.mam.log.MAMLogDisabler;
import com.microsoft.intune.mam.log.MAMLogManagerImpl;
import com.microsoft.intune.mam.log.MAMLogPIIFactory;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import com.microsoft.intune.mam.log.MAMSubOpTrace;
import com.microsoft.intune.mam.log.MAMTrace;
import com.microsoft.intune.mam.log.PIIObj;
import com.microsoft.intune.mam.policy.FileEncryptionKeyLength;
import com.microsoft.intune.mam.policy.MAMUserInfoInternal;
import com.microsoft.intune.mam.policy.PolicyResolver;
import com.microsoft.intune.mam.policy.notification.MAMNotification;
import com.microsoft.intune.mam.policy.notification.MAMNotificationType;
import com.microsoft.intune.mam.policy.notification.MAMUserNotification;
import java.io.File;
import java.io.FileDescriptor;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Locale;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.Executor;
import kotlin.FeedbackInfo;
import kotlin.SM4CMAC;
import kotlin.pointWise;
import org.bouncycastle.tls.CipherSuite;

@SM4CMAC
/* loaded from: classes4.dex */
public class FileEncryptionManager implements MAMNotificationReceiver, ComponentCallbacks2 {
    private static final int DEFAULT_KEYLENGTH = 256;
    private static final String ENCRYPTION_DATE_KEY_BASE = "EncryptionDate";
    private static final int KEY_ID_LENGTH = 16;
    static final int MAX_KEY_RETRIEVAL_FAILURES = 3;
    private static final String MULTIDEX_SUPPORT_CODE_CACHE_DIR_NAME = "code_cache";
    private static final int NATIVE_FLAG_APP_ON_SDCARD = 64;
    private static final int NATIVE_FLAG_AVOID_PTRACE = 128;
    private static final int NATIVE_FLAG_AVOID_SIGUSR2 = 4096;
    private static final int NATIVE_FLAG_CHANGE_PC_IN_STOP_THREAD_HANDLER_PTRACELESS_HOOKING = 65536;
    private static final int NATIVE_FLAG_CRM_PACKAGE = 16;
    private static final int NATIVE_FLAG_EDGE_PACKAGE = 512;
    private static final int NATIVE_FLAG_ENABLE_CACHE = 1024;
    private static final int NATIVE_FLAG_ENABLE_UNLINKFS = 256;
    private static final int NATIVE_FLAG_HOUDINI = 2;
    private static final int NATIVE_FLAG_HOUDINI_PRESENT = 4;
    private static final int NATIVE_FLAG_IDENTITY_METADATA_DIRECT = 2048;
    private static final int NATIVE_FLAG_IS_FUNCTIONAL_TEST = 32;
    private static final int NATIVE_FLAG_OFFICE_PACKAGE = 1;
    private static final int NATIVE_FLAG_POWERBI_PACKAGE = 8;
    private static final int NATIVE_FLAG_TEST_APP_PACKAGE = 8192;
    private static final int NATIVE_FLAG_USE_MALLOC_FREE_MEMORY_ALLOCATOR_V2 = 16384;
    private static final int NATIVE_FLAG_USE_TRYLOCK_IN_FORK_PREPARE = 32768;
    static final long POST_INIT_SCHEDULING_DELAY_MS = 1000;
    static final long POST_INIT_WAIT_MS = 4000;
    private static final String SHARED_PREFS_NAME = "com.microsoft.intune.mam.appclient.fileencryption.pref";
    private EncryptionAlgorithm mAlgorithm;
    private String mAppDataDir;
    private String mAppFilesDir;
    private final Executor mAsyncExecutor;
    private boolean mCacheEnabled;
    private String mCodeCacheDir;
    private Context mContext;
    protected FileEncryptionServiceBehavior mEncryptionService;
    Map<MAMIdentity, EncryptionRequirement> mEncryptionSetting;
    FeedbackInfo<FileEncryptionServiceBehavior> mFileEncryptionServiceBehaviorProvider;
    FileEncryptionStateTable mFileEncryptionStateTable;
    HmacManager mHmacManager;
    private long mHookInstallRC;
    private final IdentityResolver mIdentityResolver;
    private boolean mIsPureMultiIdentity;
    FileEncryptionKeyCache mKeyCache;
    private int mKeyLength;
    private NativeLibLoaderClient mLibs;
    private LocalSettings mLocalSettings;
    private MAMLogManagerImpl mLogManager;
    MAMIdentityManager mMAMIdentityManager;
    MAMLogPIIFactory mMAMLogPIIFactory;
    private MultiIdentityInfoTable mMultiIdentityInfoTable;
    MAMNotificationReceiverRegistry mNotificationReceiverRegistry;
    private FileEncryptionPendingOperations mOperations;
    FeedbackInfo<FileEncryptionPendingOperations> mOperationsProvider;
    private WellKnownPaths mPaths;
    PendingFileEncryptionOperationsTable mPendingEncryptionOperationsTable;
    private PolicyResolver mPolicyResolver;
    private AppPolicyServiceWrapper mProvider;
    private OnlineTelemetryLogger mTelemetryLogger;
    MAMUserInfoInternal mUserInfo;
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger(FileEncryptionManager.class);
    private static final byte[] FILE_HEADER_IDENT = {0, 77, 83, 77, 65, 77, 65, 82, 80, 67, 82, 89, 80, 84, 0};
    private static final Object USES_MASTER_KEY_SENTINEL = new Object();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.microsoft.intune.mam.client.fileencryption.FileEncryptionManager$1, reason: invalid class name */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$microsoft$intune$mam$client$fileencryption$EncryptionRequirement;

        static {
            int[] iArr = new int[EncryptionRequirement.values().length];
            $SwitchMap$com$microsoft$intune$mam$client$fileencryption$EncryptionRequirement = iArr;
            try {
                iArr[EncryptionRequirement.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$client$fileencryption$EncryptionRequirement[EncryptionRequirement.FULL.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$client$fileencryption$EncryptionRequirement[EncryptionRequirement.PARTIAL.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* loaded from: classes4.dex */
    public enum CompletionRequirement {
        SYNCHRONOUS,
        ASYNCHRONOUS
    }

    /* loaded from: classes4.dex */
    public enum EncryptionOperationResult {
        SUCCESS,
        PENDING,
        FAILED
    }

    protected FileEncryptionManager(AppPolicyServiceWrapper appPolicyServiceWrapper, Context context, IdentityResolver identityResolver, FileEncryptionKeyCache fileEncryptionKeyCache, Executor executor, NativeLibLoaderClient nativeLibLoaderClient, MAMLogManagerImpl mAMLogManagerImpl, WellKnownPaths wellKnownPaths, LocalSettings localSettings, PolicyResolver policyResolver) {
        this.mEncryptionSetting = new ConcurrentHashMap();
        this.mHookInstallRC = 0L;
        this.mAlgorithm = EncryptionAlgorithm.AES_CBC_PKCS5;
        this.mCacheEnabled = false;
        this.mKeyLength = 256;
        this.mProvider = appPolicyServiceWrapper;
        this.mContext = context;
        this.mIdentityResolver = identityResolver;
        this.mKeyCache = fileEncryptionKeyCache;
        this.mAsyncExecutor = executor;
        this.mLibs = nativeLibLoaderClient;
        this.mLogManager = mAMLogManagerImpl;
        this.mPaths = wellKnownPaths;
        this.mLocalSettings = localSettings;
        this.mPolicyResolver = policyResolver;
    }

    @pointWise
    public FileEncryptionManager(AppPolicyServiceWrapper appPolicyServiceWrapper, NativeLibLoaderClient nativeLibLoaderClient, Context context, MAMLogManagerImpl mAMLogManagerImpl, FeedbackInfo<FileEncryptionServiceBehavior> feedbackInfo, PendingFileEncryptionOperationsTable pendingFileEncryptionOperationsTable, FileEncryptionStateTable fileEncryptionStateTable, FeedbackInfo<FileEncryptionPendingOperations> feedbackInfo2, MAMLogPIIFactory mAMLogPIIFactory, MAMIdentityManager mAMIdentityManager, MAMNotificationReceiverRegistry mAMNotificationReceiverRegistry, IdentityResolver identityResolver, MultiIdentityInfoTable multiIdentityInfoTable, OnlineTelemetryLogger onlineTelemetryLogger, FileEncryptionKeyCache fileEncryptionKeyCache, HmacManagerImpl hmacManagerImpl, WellKnownPaths wellKnownPaths, MAMUserInfoInternal mAMUserInfoInternal, LocalSettings localSettings, Executor executor, PolicyResolver policyResolver) {
        this(appPolicyServiceWrapper, context, identityResolver, fileEncryptionKeyCache, executor, nativeLibLoaderClient, mAMLogManagerImpl, wellKnownPaths, localSettings, policyResolver);
        this.mFileEncryptionServiceBehaviorProvider = feedbackInfo;
        this.mPendingEncryptionOperationsTable = pendingFileEncryptionOperationsTable;
        this.mFileEncryptionStateTable = fileEncryptionStateTable;
        this.mOperationsProvider = feedbackInfo2;
        this.mMAMLogPIIFactory = mAMLogPIIFactory;
        this.mMAMIdentityManager = mAMIdentityManager;
        this.mNotificationReceiverRegistry = mAMNotificationReceiverRegistry;
        this.mMultiIdentityInfoTable = multiIdentityInfoTable;
        this.mTelemetryLogger = onlineTelemetryLogger;
        this.mHmacManager = hmacManagerImpl;
        this.mUserInfo = mAMUserInfoInternal;
        this.mKeyCache.startKeyFetchAsync();
        this.mAppDataDir = FileUtils.addTrailingSlash(wellKnownPaths.getAppDataCanonicalPath());
        this.mAppFilesDir = FileUtils.addTrailingSlash(wellKnownPaths.getAppFilesCanonicalPath());
        this.mCodeCacheDir = FileUtils.addTrailingSlash(wellKnownPaths.getCodeCacheDirCanonicalPath());
        setIsPureMultiIdentity(this.mMultiIdentityInfoTable.getMultiIdentityTransitionMode());
    }

    public static boolean areEncryptedBytesVisible(File file) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            int available = fileInputStream.available();
            byte[] bArr = FILE_HEADER_IDENT;
            if (available < bArr.length) {
                IOUtils.safeCloseAndLog(fileInputStream);
                return false;
            }
            byte[] bArr2 = new byte[bArr.length];
            fileInputStream.read(bArr2);
            return Arrays.equals(bArr2, bArr);
        } finally {
            IOUtils.safeCloseAndLog(fileInputStream);
        }
    }

    private static native long attachIfNecessaryNative(int i);

    private static native long changeFileEncryptionNative(int i, int i2);

    private static native void clearFblockCache();

    public static native void forceUnlockFileEncryptionState(int i);

    private String getEncryptionDateKey(MAMIdentity mAMIdentity) {
        return mAMIdentity.canonicalUPN() + "_" + ENCRYPTION_DATE_KEY_BASE;
    }

    private native long getFileTrackerData();

    private String getMAMDBCanonicalPath(Context context) {
        try {
            try {
                return context.getDatabasePath(IntuneMAMOpenHelper.NAME).getCanonicalPath();
            } catch (IOException unused) {
                return context.getDatabasePath(IntuneMAMOpenHelper.NAME).getAbsolutePath();
            }
        } catch (IOException unused2) {
            return context.getDatabasePath(IntuneMAMOpenHelper.NAME).getParentFile().getCanonicalPath();
        }
    }

    public static native boolean isCanonicalPathIgnored(String str);

    public static native boolean isFileEncrypted(int i);

    public static boolean isFileEncrypted(File file) throws FileNotFoundException {
        if (file.canRead()) {
            return isFileEncryptedNative(file.getAbsolutePath());
        }
        throw new FileNotFoundException();
    }

    public static boolean isFileEncrypted(FileDescriptor fileDescriptor) throws IOException {
        ParcelFileDescriptor dup = ParcelFileDescriptor.dup(fileDescriptor);
        try {
            return isFileEncrypted(dup.getFd());
        } finally {
            dup.close();
        }
    }

    public static native boolean isFileEncryptedNative(String str);

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$initialize$0() {
        try {
            Thread.sleep(POST_INIT_SCHEDULING_DELAY_MS);
        } catch (InterruptedException e) {
            LOGGER.info("post-init scheduling delay was interrupted", e);
        }
        this.mEncryptionService.schedule(FileEncryptionServiceBehavior.Operation.POST_INIT, POST_INIT_WAIT_MS);
    }

    private static native void limitFblockCacheSize(long j);

    public static native void lockFileEncryptionState(int i);

    public static void setAppendMode(int i) throws IOException {
        long appendModeNative = setAppendModeNative(i);
        if (appendModeNative != 0) {
            throw new IOException(String.format("Failed to set append mode with error 0x%x", Long.valueOf(appendModeNative)));
        }
    }

    private static native long setAppendModeNative(int i);

    private static native void setDefaultKeyLengthNative(int i);

    private boolean shouldAvoidPtrace() {
        int i;
        if (DeviceBuildUtils.isHuaweiDevice() || DeviceBuildUtils.isRedmiDevice()) {
            return true;
        }
        if (DeviceBuildUtils.isSamsungDevice()) {
            int i2 = Build.VERSION.SDK_INT;
            if (i2 >= 30) {
                return true;
            }
            if (i2 == 28 || DeviceBuildUtils.SAFE_MODEL.startsWith("sm-a530f")) {
                LOGGER.info("Not doing ptraceless on A8", new Object[0]);
                return false;
            }
        }
        return (!DeviceBuildUtils.isX86Family() || (i = Build.VERSION.SDK_INT) == 26 || i == 27) ? false : true;
    }

    private boolean shouldChangePCInStopThreadHander() {
        if (PackageUtils.isFtestPackage(this.mContext) || PackageUtils.isMAMTestAppPackage(this.mContext)) {
            return true;
        }
        return this.mLocalSettings.isFeatureEnabled(MAMFeatureFlag.NATIVE_CHANGE_PC_IN_STOP_THREAD_HANDLER_IN_PTRACELESS_HOOKING);
    }

    private boolean shouldDirectlyAccessIdentityDatabase() {
        return !DeviceBuildUtils.isAndroidPOrHigher();
    }

    private boolean shouldEnableCache() {
        if (!PackageUtils.isOutlookPackage(this.mContext) || !this.mLocalSettings.isFeatureEnabled(MAMFeatureFlag.FILE_ENCRYPTION_CACHE)) {
            return false;
        }
        if (!ProcessUtils.getMemoryInfo(this.mContext).lowMemory) {
            return true;
        }
        LOGGER.warning("Not enabling encryption cache because of low-memory state", new Object[0]);
        return false;
    }

    private boolean shouldUseMemoryAllocatorWithoutMallocV2() {
        return this.mLocalSettings.isFeatureEnabled(MAMFeatureFlag.NATIVE_USE_MALLOC_FREE_MEMORY_ALLOCATOR_DURING_HOOKING_V2);
    }

    private boolean shouldUseTryLockInForkPrepare() {
        return this.mLocalSettings.isFeatureFlagEnabled(MAMFeatureFlag.NATIVE_USE_TRYLOCK_IN_FORK_PREPARE);
    }

    public static native void unlockFileEncryptionState(int i);

    private void updateEncryptionKeyLength(FileEncryptionKeyLength fileEncryptionKeyLength) {
        synchronized (this) {
            int keyLength = fileEncryptionKeyLength.getKeyLength();
            int i = this.mKeyLength;
            if (keyLength != i) {
                LOGGER.info(String.format("FileEncryptionKeyLength keylength change detected. Was: %s, now is: %s", Integer.valueOf(i), Integer.valueOf(keyLength)), new Object[0]);
                setDefaultKeyLength(fileEncryptionKeyLength.getKeyLength());
            }
        }
    }

    public void activityPaused() {
        if (isUnlinkfsNeeded()) {
            this.mAsyncExecutor.execute(new Runnable() { // from class: com.microsoft.intune.mam.client.fileencryption.FileEncryptionManager$$ExternalSyntheticLambda1
                @Override // java.lang.Runnable
                public final void run() {
                    FileEncryptionManager.this.webviewFinished();
                }
            });
        }
    }

    public void attachIfNecessary(int i) throws IOException {
        long attachIfNecessaryNative = attachIfNecessaryNative(i);
        if (attachIfNecessaryNative != 0) {
            throw new IOException(String.format("Failed to attach to content resolver fd with error 0x%x", Long.valueOf(attachIfNecessaryNative)));
        }
    }

    void changeAppEncryption(CompletionRequirement completionRequirement, MAMIdentity mAMIdentity, EncryptionRequirement encryptionRequirement) {
        FileEncryptionServiceBehavior.Operation operation;
        int i = AnonymousClass1.$SwitchMap$com$microsoft$intune$mam$client$fileencryption$EncryptionRequirement[encryptionRequirement.ordinal()];
        if (i == 1) {
            operation = FileEncryptionServiceBehavior.Operation.DECRYPT;
        } else if (i == 2) {
            operation = FileEncryptionServiceBehavior.Operation.ENCRYPT;
        } else {
            if (i != 3) {
                throw new AssertionError("Unknown encryption requirement " + encryptionRequirement);
            }
            operation = FileEncryptionServiceBehavior.Operation.ENCRYPT_PARTIAL;
        }
        if (completionRequirement == CompletionRequirement.ASYNCHRONOUS) {
            this.mEncryptionService.schedule(operation, 0L, mAMIdentity);
        } else {
            this.mOperations.pendEncryptionChangeForAppFiles(encryptionRequirement, mAMIdentity);
            this.mOperations.executePendingEncryptionOperations(null, this);
        }
    }

    public EncryptionOperationResult changeFileEncryption(int i, EncryptionOperation encryptionOperation) throws MAMException {
        long changeFileEncryptionNative = changeFileEncryptionNative(i, encryptionOperation.getValue());
        if (changeFileEncryptionNative == 0) {
            return EncryptionOperationResult.SUCCESS;
        }
        if (!NativeErrcodes.isSameError(changeFileEncryptionNative, NativeErrcodes.MDM_ERR_ENCRYPTION_CHANGE_UNSAFE)) {
            LOGGER.error(MAMNativeError.NATIVE_ENCRYPTION_OPERATION_FAILED.with(changeFileEncryptionNative), String.format(Locale.US, "Failed to encrypt or decrypt file descriptor {0} with MDM_RC  0x%x", Long.valueOf(changeFileEncryptionNative)), Integer.valueOf(i));
            throw new MAMException("Encrypting a file failed");
        }
        String openedPathForFileDescriptor = NativeFileIO.getOpenedPathForFileDescriptor(i);
        if (openedPathForFileDescriptor == null) {
            LOGGER.error(MAMInternalError.ENCRYPTION_FAILED_PATH_NOT_AVAILABLE, "Could not encrypt/decrypt a requested file right now. Because the path could not be retrieved, the operation will NOT be performed at a later time", new Object[0]);
            return EncryptionOperationResult.FAILED;
        }
        if (encryptionOperation == EncryptionOperation.DECRYPT) {
            this.mTelemetryLogger.logTrackedOccurrence(TrackedOccurrence.FILE_DECRYPT_FAILED_ERR_ENCRYPTION_CHANGE_UNSAFE, this.mPaths.getWellKnownPathPrefix(openedPathForFileDescriptor) + ", file extension: " + FileUtils.getFileExt(openedPathForFileDescriptor));
        }
        LOGGER.info("Could not encrypt/decrypt file {0} right now. The operation will be performed at a later time.", this.mMAMLogPIIFactory.getPIIFilePath(openedPathForFileDescriptor));
        this.mPendingEncryptionOperationsTable.addOperation(openedPathForFileDescriptor, encryptionOperation);
        this.mEncryptionService.schedule(FileEncryptionServiceBehavior.Operation.EXECUTE_PENDING_ENCRYPTION_OPERATIONS, FileEncryptionServiceBehavior.TRY_PENDING_OPERATIONS_INTERVAL_MS);
        return EncryptionOperationResult.PENDING;
    }

    public EncryptionOperationResult changeFileEncryption(File file, EncryptionOperation encryptionOperation) throws MAMException {
        boolean z;
        boolean z2;
        MAMLogger mAMLogger = LOGGER;
        mAMLogger.fine("Changing encryption for {0} to {1}", this.mMAMLogPIIFactory.getPIIFilePath(file), encryptionOperation.toString());
        try {
            z2 = true;
            if (file.canWrite()) {
                z = false;
            } else {
                file.setWritable(true);
                z = true;
            }
            try {
                if (file.canRead()) {
                    z2 = false;
                } else {
                    file.setReadable(true);
                }
                try {
                    int openRawFileDescriptor = NativeFileIO.openRawFileDescriptor(file.getAbsolutePath(), NativeFileIO.OpenAccess.READWRITE);
                    if (openRawFileDescriptor < 0) {
                        PIIObj pIIFilePath = this.mMAMLogPIIFactory.getPIIFilePath(file);
                        mAMLogger.warning("Could not open {0}", pIIFilePath);
                        throw new MAMException("Could not open " + pIIFilePath);
                    }
                    EncryptionOperationResult changeFileEncryption = changeFileEncryption(openRawFileDescriptor, encryptionOperation);
                    if (openRawFileDescriptor >= 0) {
                        NativeFileIO.closeRawFileDescriptor(openRawFileDescriptor);
                    }
                    if (z) {
                        file.setWritable(false);
                    }
                    if (z2) {
                        file.setReadable(false);
                    }
                    return changeFileEncryption;
                } catch (Throwable th) {
                    th = th;
                    if (-1 >= 0) {
                        NativeFileIO.closeRawFileDescriptor(-1);
                    }
                    if (z) {
                        file.setWritable(false);
                    }
                    if (z2) {
                        file.setReadable(false);
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                th = th2;
                z2 = false;
            }
        } catch (Throwable th3) {
            th = th3;
            z = false;
            z2 = false;
        }
    }

    public void checkForRequiredChanges() {
        for (MAMIdentity mAMIdentity : this.mFileEncryptionStateTable.getAllIdentities()) {
            FileEncryptionStateTable.EncryptionState encryptionState = this.mFileEncryptionStateTable.getEncryptionState(mAMIdentity);
            if (encryptionState != null && encryptionState.mStatus == FileEncryptionStateTable.Status.NOT_STARTED) {
                LOGGER.info("App was killed without meeting encryption requirements, restarting requirement " + encryptionState.mEncryptionRequired + " for identity ", this.mMAMLogPIIFactory.getPIIUPN(mAMIdentity));
                changeAppEncryption(CompletionRequirement.ASYNCHRONOUS, mAMIdentity, encryptionState.mEncryptionRequired);
            }
        }
    }

    public void clearCachedKeys() {
        FileEncryptionPendingOperations fileEncryptionPendingOperations = this.mOperations;
        if (fileEncryptionPendingOperations == null || !fileEncryptionPendingOperations.hasPendingOperations()) {
            this.mKeyCache.clearCachedKeys();
        } else {
            LOGGER.info("Not yet clearing cached keys because there are encryption operations still pending.", new Object[0]);
        }
    }

    public byte[] decryptData(byte[] bArr, byte[] bArr2) throws MAMException {
        return (byte[]) decryptDataAndGetMasterKeyInfo(bArr, bArr2)[0];
    }

    public Object[] decryptDataAndGetMasterKeyInfo(byte[] bArr, byte[] bArr2) throws MAMException {
        MAMLogDisabler mAMLogDisabler = new MAMLogDisabler();
        Object[] objArr = new Object[2];
        try {
            if (bArr.length < 16) {
                throw new MAMException("Cannot decrypt data. Buffer too short.");
            }
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            UUID uuid = new UUID(wrap.getLong(), wrap.getLong());
            Key retrieveKey = this.mKeyCache.retrieveKey(uuid);
            objArr[1] = uuid.equals(this.mKeyCache.getCurrentMasterKeyId()) ? USES_MASTER_KEY_SENTINEL : null;
            try {
                byte[] cryptData = CipherUtils.cryptData(this.mAlgorithm, CipherUtils.Mode.DECRYPT, retrieveKey.getEncoded(), bArr2, bArr, 16);
                objArr[0] = cryptData;
                if (cryptData != null) {
                    return objArr;
                }
                throw new MAMException("decryptData native failed");
            } catch (NoSuchAlgorithmException e) {
                LOGGER.error(MAMInternalError.ENCRYPTED_DATA_DECRYPT_FAILED, "Failed to decrypt data.", e);
                throw new MAMException("FileEncryptionManager failed to decrypt data.");
            }
        } finally {
            mAMLogDisabler.finish();
        }
    }

    public byte[] encryptData(byte[] bArr, byte[] bArr2) throws MAMException {
        MAMLogDisabler mAMLogDisabler = new MAMLogDisabler();
        try {
            UUID currentMasterKeyId = this.mKeyCache.getCurrentMasterKeyId();
            try {
                ByteBuffer allocate = ByteBuffer.allocate(this.mAlgorithm.getRequiredEncryptionBufferSize(bArr.length) + 16);
                allocate.putLong(currentMasterKeyId.getMostSignificantBits());
                allocate.putLong(currentMasterKeyId.getLeastSignificantBits());
                allocate.put(CipherUtils.cryptData(this.mAlgorithm, CipherUtils.Mode.ENCRYPT, this.mKeyCache.getCurrentMasterKey().getEncoded(), bArr2, bArr, 0));
                return allocate.array();
            } catch (NoSuchAlgorithmException e) {
                LOGGER.error(MAMInternalError.ENCRYPTED_DATA_ENCRYPT_FAILED, "Failed to encrypt data.", e);
                throw new MAMException("FileEncryptionManager failed to encrypt data.");
            }
        } finally {
            mAMLogDisabler.finish();
        }
    }

    protected String getActiveIdentity() {
        MAMLogDisabler mAMLogDisabler = new MAMLogDisabler();
        try {
            IdentityResolutionInfo currentIdentityInfo = this.mIdentityResolver.getCurrentIdentityInfo(null);
            MAMIdentity identity = currentIdentityInfo.getIdentity();
            if (identity == null) {
                return null;
            }
            if (!MAMInfo.isMultiIdentityEnabled() && MAMIdentity.isNullOrEmpty(identity) && currentIdentityInfo.getProvider() == IdentityResolutionInfo.Provider.DEFAULT) {
                return null;
            }
            return identity.rawUPN();
        } finally {
            mAMLogDisabler.finish();
        }
    }

    public int getDefaultKeyLength() {
        return this.mKeyLength;
    }

    public int getEncryptionRequirement(String str) {
        MAMLogDisabler mAMLogDisabler = new MAMLogDisabler();
        try {
            return getEncryptionRequirement(this.mMAMIdentityManager.fromString(str)).getValue();
        } finally {
            mAMLogDisabler.finish();
        }
    }

    public EncryptionRequirement getEncryptionRequirement(MAMIdentity mAMIdentity) {
        EncryptionRequirement encryptionRequirement = this.mEncryptionSetting.get(mAMIdentity);
        if (encryptionRequirement != null) {
            return encryptionRequirement;
        }
        EncryptionRequirement fileEncryptionRequirement = this.mProvider.getFileEncryptionRequirement(mAMIdentity);
        this.mEncryptionSetting.put(mAMIdentity, fileEncryptionRequirement);
        return fileEncryptionRequirement;
    }

    public long getHookingErrorCode() {
        return this.mHookInstallRC;
    }

    protected String getPrimaryIdentity() {
        MAMLogDisabler mAMLogDisabler = new MAMLogDisabler();
        try {
            MAMIdentity primaryIdentity = this.mUserInfo.getPrimaryIdentity();
            if (primaryIdentity != null && (!MAMIdentity.isNullOrEmpty(primaryIdentity) || MAMInfo.isMultiIdentityEnabled())) {
                return primaryIdentity.rawUPN();
            }
            mAMLogDisabler.finish();
            return null;
        } finally {
            mAMLogDisabler.finish();
        }
    }

    protected byte[] hmac(byte[] bArr, byte[] bArr2) throws MAMException {
        MAMLogDisabler mAMLogDisabler = new MAMLogDisabler();
        try {
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            return this.mHmacManager.hmac(new UUID(wrap.getLong(), wrap.getLong()), bArr2);
        } finally {
            mAMLogDisabler.finish();
        }
    }

    protected boolean initNativeStateAndInstallHooks() {
        int i;
        boolean z;
        try {
            this.mLibs.ensureLoaded();
            String mAMDBCanonicalPath = getMAMDBCanonicalPath(this.mContext);
            ArrayList arrayList = new ArrayList();
            if (PackageUtils.isWXPOfficePackage(this.mContext)) {
                LOGGER.info("Installing hooks for a WXP Office app.", new Object[0]);
                i = 1;
            } else if (PackageUtils.isPowerBIPackage(this.mContext)) {
                LOGGER.info("Installing hooks for a PowerBI app.", new Object[0]);
                i = 8;
            } else if (PackageUtils.isCRMPackage(this.mContext)) {
                LOGGER.info("Installing hooks for a CRM app.", new Object[0]);
                i = 16;
            } else if (PackageUtils.isEdgePackage(this.mContext)) {
                LOGGER.info("Installing hooks for a Microsoft Edge app.", new Object[0]);
                i = 512;
            } else if (PackageUtils.isMAMTestAppPackage(this.mContext)) {
                LOGGER.info("Installing hooks for a MAM test app.", new Object[0]);
                i = 8192;
            } else {
                i = 0;
            }
            if (PackageUtils.isInstalledToSDCard(this.mContext)) {
                i |= 64;
                LOGGER.info("App is installed to the SD card.", new Object[0]);
            }
            if (shouldEnableCache()) {
                i |= 1024;
                this.mCacheEnabled = true;
                LOGGER.info("Enabling cached encrypted IO", new Object[0]);
            } else {
                LOGGER.info("Not enabling encryption cache", new Object[0]);
            }
            if (shouldDirectlyAccessIdentityDatabase()) {
                i |= 2048;
            }
            int i2 = i;
            String addTrailingSlash = FileUtils.addTrailingSlash(FileUtils.safeGetCanonicalPath(this.mLogManager.getLogsDir()));
            String addTrailingSlash2 = FileUtils.addTrailingSlash(this.mPaths.getDeCodeCacheDirCanonicalPath());
            try {
                z = this.mLibs.isLibHoudiniInUse();
            } catch (MAMLibraryException e) {
                LOGGER.error(MAMInternalError.NATIVE_LIB_HOUDINI_CHECK_FAILED, "Unable to determine if houdini is in use", e);
                z = false;
            }
            if (z) {
                i2 |= CipherSuite.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA;
            }
            if (PackageUtils.isFtestPackage(this.mContext)) {
                i2 |= 32;
                LOGGER.info("Installing hooks for the FunctionalTestApp.", new Object[0]);
            }
            if (PackageUtils.isClientAgentHybridPackage(this.mContext)) {
                LOGGER.info("Excluding identity db directories for agent/client hybrid package.", new Object[0]);
                File file = new File(FileUtils.getNormalizedFilePath(this.mAppFilesDir));
                File file2 = new File(file, FileIdentityMetadataAgent.IDENTITY_STORAGE_ROOT);
                File file3 = new File(file, FileIdentityMetadataAgent.IDENTITY_STORAGE_ROOT2);
                arrayList.add(FileUtils.addTrailingSlash(FileUtils.safeGetCanonicalPath(file2)));
                arrayList.add(FileUtils.addTrailingSlash(FileUtils.safeGetCanonicalPath(file3)));
            }
            if (this.mLocalSettings.isFeatureEnabled(MAMFeatureFlag.PTRACELESS_HOOKING) || shouldAvoidPtrace()) {
                i2 |= 128;
            }
            if (this.mLocalSettings.isFeatureEnabled(MAMFeatureFlag.AVOID_SIGUSR2_FOR_ALL) || (Build.VERSION.SDK_INT < 30 && (DeviceBuildUtils.isSamsungDevice() || DeviceBuildUtils.isEmulator()))) {
                i2 |= 4096;
            }
            if (isUnlinkfsNeeded()) {
                i2 |= 256;
            }
            if (shouldUseTryLockInForkPrepare()) {
                i2 |= 32768;
            }
            if (shouldChangePCInStopThreadHander()) {
                i2 |= 65536;
            }
            if (shouldUseMemoryAllocatorWithoutMallocV2()) {
                i2 |= 16384;
            }
            int i3 = i2;
            String[] strArr = (String[]) arrayList.toArray(new String[0]);
            MAMLogger mAMLogger = LOGGER;
            mAMLogger.info("Beginning hook installation", new Object[0]);
            ScenarioEvent.Scenario scenario = ScenarioEvent.Scenario.ONLINE_APP_STARTUP;
            MAMSubOpTrace mAMSubOpTrace = MAMSubOpTrace.ENCRYPTION_MANAGER_INSTALL_NATIVE_HOOKS;
            MAMTrace.startSubOperation(scenario, mAMSubOpTrace);
            this.mLogManager.disableFileHandler();
            try {
                long installHooks = installHooks(mAMDBCanonicalPath, i3, DeviceBuildUtils.getCorrectedAPILevel(), this.mAppFilesDir, this.mCodeCacheDir, addTrailingSlash2, addTrailingSlash, this.mAppDataDir, strArr);
                this.mLogManager.enableFileHandler();
                if (installHooks != 0) {
                    mAMLogger.error(MAMNativeError.FILE_ENC_INIT_FAILED.with(installHooks), String.format("Failed to initialize file encryption with error code 0x%x", Long.valueOf(installHooks)), new Object[0]);
                    this.mHookInstallRC = installHooks;
                    return false;
                }
                mAMLogger.info("Hooks installed", new Object[0]);
                MAMTrace.endSubOperation(scenario, mAMSubOpTrace);
                if (!z || installHooks != 0) {
                    return true;
                }
                try {
                    HoudiniHelper ensureLoadedForHoudini = this.mLibs.ensureLoadedForHoudini();
                    mAMLogger.info("Installing additional hooks for houdini", new Object[0]);
                    long installHooks2 = ensureLoadedForHoudini.installHooks(this, mAMDBCanonicalPath, i3 | 2, this.mAppFilesDir, this.mCodeCacheDir, addTrailingSlash2, addTrailingSlash, this.mAppDataDir, strArr, getFileTrackerData());
                    if (installHooks2 == 0) {
                        mAMLogger.info("Installed hooks for houdini successfully", new Object[0]);
                        return true;
                    }
                    this.mHookInstallRC = installHooks2;
                    mAMLogger.error(MAMNativeError.FILE_ENC_HOUDINI_INIT_FAILED.with(installHooks2), String.format("Failed to initialize file encryption for houdini with error code 0x%x", Long.valueOf(installHooks2)), new Object[0]);
                    return false;
                } catch (MAMLibraryException e2) {
                    LOGGER.error(MAMInternalError.NATIVE_LIB_LOAD_HOUDINI_FAILED, "Houdini is in use but we can't load the libraries or initialize the classloader.", e2);
                    return false;
                }
            } catch (Throwable th) {
                this.mLogManager.enableFileHandler();
                throw th;
            }
        } catch (MAMLibraryException e3) {
            LOGGER.error(MAMInternalError.NATIVE_LIB_LOAD_FAILED, "There were errors when loading the native libraries, we are unable to continue", e3);
            return false;
        }
    }

    public boolean initialize() {
        ScenarioEvent.Scenario scenario = ScenarioEvent.Scenario.ONLINE_APP_STARTUP;
        MAMSubOpTrace mAMSubOpTrace = MAMSubOpTrace.ENCRYPTION_MANAGER_INIT;
        MAMTrace.startSubOperation(scenario, mAMSubOpTrace);
        if (!initNativeStateAndInstallHooks()) {
            return false;
        }
        this.mEncryptionService = this.mFileEncryptionServiceBehaviorProvider.get();
        this.mOperations = this.mOperationsProvider.get();
        if (AppUtils.isPrimaryProcess(this.mContext)) {
            this.mAsyncExecutor.execute(new Runnable() { // from class: com.microsoft.intune.mam.client.fileencryption.FileEncryptionManager$$ExternalSyntheticLambda0
                @Override // java.lang.Runnable
                public final void run() {
                    FileEncryptionManager.this.lambda$initialize$0();
                }
            });
        }
        this.mNotificationReceiverRegistry.registerReceiver(this, MAMNotificationType.MANAGEMENT_REMOVED);
        this.mEncryptionSetting.clear();
        MAMTrace.endSubOperation(scenario, mAMSubOpTrace);
        return true;
    }

    protected native long installHooks(String str, int i, int i2, String str2, String str3, String str4, String str5, String str6, String[] strArr);

    boolean isEncryptionRequirementAChange(MAMIdentity mAMIdentity, EncryptionRequirement encryptionRequirement) {
        EncryptionRequirement encryptionRequirement2;
        FileEncryptionStateTable.EncryptionState encryptionState = this.mFileEncryptionStateTable.getEncryptionState(mAMIdentity);
        if (encryptionState != null) {
            encryptionRequirement2 = encryptionState.mEncryptionRequired;
        } else {
            long j = this.mProvider.getAppPrivateSharedPreferences(SHARED_PREFS_NAME).getLong(getEncryptionDateKey(mAMIdentity), -1L);
            if (j == -1) {
                return true;
            }
            encryptionRequirement2 = j != 0 ? EncryptionRequirement.FULL : EncryptionRequirement.NONE;
        }
        return encryptionRequirement != encryptionRequirement2;
    }

    protected boolean isIdentityManaged(String str) {
        MAMLogDisabler mAMLogDisabler = new MAMLogDisabler();
        try {
            return this.mPolicyResolver.isIdentityManaged(this.mMAMIdentityManager.fromString(str));
        } finally {
            mAMLogDisabler.finish();
        }
    }

    protected boolean isPureMultiIdentity() {
        return this.mIsPureMultiIdentity;
    }

    protected boolean isUnlinkfsNeeded() {
        return true;
    }

    protected void nativeLogTrackedOccurrence(String str) {
        MAMLogDisabler mAMLogDisabler = new MAMLogDisabler();
        try {
            this.mTelemetryLogger.logTrackedOccurrence(TrackedOccurrence.valueOf(str));
        } finally {
            mAMLogDisabler.finish();
        }
    }

    public void onAppCreate() {
        if (this.mCacheEnabled) {
            this.mContext.registerComponentCallbacks(this);
            ActivityManager.MemoryInfo memoryInfo = ProcessUtils.getMemoryInfo(this.mContext);
            limitFblockCacheSize(memoryInfo.availMem - memoryInfo.threshold);
            LOGGER.info("cache is enabled", new Object[0]);
        }
    }

    @Override // android.content.ComponentCallbacks
    public void onConfigurationChanged(Configuration configuration) {
    }

    @Override // android.content.ComponentCallbacks
    public void onLowMemory() {
    }

    @Override // com.microsoft.intune.mam.client.notification.MAMNotificationReceiver
    public boolean onReceive(MAMNotification mAMNotification) {
        if (mAMNotification.getType() != MAMNotificationType.MANAGEMENT_REMOVED) {
            return true;
        }
        LOGGER.info("Decrypting all files for MANAGEMENT_REMOVED", new Object[0]);
        refreshAppEncryption(EncryptionRequirement.NONE, CompletionRequirement.SYNCHRONOUS, this.mMAMIdentityManager.fromString(((MAMUserNotification) mAMNotification).getUserIdentity()));
        return true;
    }

    public void onSelectiveWipeCompleted(MAMIdentity mAMIdentity, boolean z) {
        if (!MAMInfo.isMultiIdentityEnabled() && z) {
            MAMLogger mAMLogger = LOGGER;
            mAMLogger.info("Wipe was successful, decrypting app data files", new Object[0]);
            refreshAppEncryption(EncryptionRequirement.NONE, CompletionRequirement.SYNCHRONOUS, mAMIdentity);
            mAMLogger.info("Finished decrypting app data files", new Object[0]);
        }
        clearCachedKeys();
    }

    @Override // android.content.ComponentCallbacks2
    public void onTrimMemory(int i) {
        if (this.mCacheEnabled) {
            if (i != 5 && i != 10 && i != 15) {
                if (i != 40) {
                    if (i != 60) {
                        if (i != 80) {
                            return;
                        }
                    }
                }
                LOGGER.info("Clearing encrypted block cache in response to app background", new Object[0]);
                clearFblockCache();
                return;
            }
            LOGGER.info("Clearing encrypted block cache in response to memory pressure", new Object[0]);
            clearFblockCache();
        }
    }

    public void refreshAppEncryption(EncryptionRequirement encryptionRequirement, CompletionRequirement completionRequirement, MAMIdentity mAMIdentity) {
        if (mAMIdentity == null) {
            return;
        }
        MAMLogger mAMLogger = LOGGER;
        mAMLogger.info("refreshing app encryption", new Object[0]);
        this.mKeyCache.clearFailedKeys();
        updateEncryptionKeyLength(this.mProvider.getFileEncryptionKeyLength(mAMIdentity));
        if (isEncryptionRequirementAChange(mAMIdentity, encryptionRequirement)) {
            mAMLogger.info("Changing encryption requirement for {0} to {1}", this.mMAMLogPIIFactory.getPIIUPN(mAMIdentity), encryptionRequirement);
            this.mEncryptionSetting.put(mAMIdentity, encryptionRequirement);
            this.mFileEncryptionStateTable.setEncryptionState(mAMIdentity, encryptionRequirement, FileEncryptionStateTable.Status.NOT_STARTED);
            changeAppEncryption(completionRequirement, mAMIdentity, encryptionRequirement);
        }
    }

    public void refreshAppEncryption(MAMIdentity mAMIdentity) {
        refreshAppEncryption(this.mProvider.getFileEncryptionRequirement(mAMIdentity), CompletionRequirement.ASYNCHRONOUS, mAMIdentity);
    }

    void setDefaultKeyLength(int i) {
        this.mKeyLength = i;
        setDefaultKeyLengthNative(i);
    }

    public void setIsPureMultiIdentity(MultiIdentityTransitionMode multiIdentityTransitionMode) {
        this.mIsPureMultiIdentity = multiIdentityTransitionMode == MultiIdentityTransitionMode.MI_FROM_UNMANAGED;
    }

    public boolean shouldEncryptFile(MAMIdentity mAMIdentity, File file) {
        EncryptionRequirement encryptionRequirement = getEncryptionRequirement(mAMIdentity);
        if (encryptionRequirement == EncryptionRequirement.FULL) {
            return true;
        }
        if (encryptionRequirement == EncryptionRequirement.NONE) {
            return false;
        }
        return !FileUtils.isFileUnderAppData(file, this.mContext) || PackageUtils.isInstalledToSDCard(this.mContext);
    }

    public boolean shouldEncryptFileForCurrentIdentity(File file) {
        return shouldEncryptFile(this.mIdentityResolver.getCurrentIdentity(null), file);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public native void webviewFinished();
}
