package com.microsoft.intune.mam.client.app;

import android.content.Context;
import android.content.Intent;
import android.content.pm.ResolveInfo;
import android.os.Binder;
import android.os.IBinder;
import com.microsoft.intune.mam.IntentMarshal;
import com.microsoft.intune.mam.SDKCapabilityChecker;
import com.microsoft.intune.mam.client.MAMInfo;
import com.microsoft.intune.mam.client.MAMSDKCapability;
import com.microsoft.intune.mam.client.app.AccessRestriction;
import com.microsoft.intune.mam.client.content.MAMContext;
import com.microsoft.intune.mam.client.content.pm.PackageManagerCompat;
import com.microsoft.intune.mam.client.database.MultiIdentityServiceTable;
import com.microsoft.intune.mam.client.identity.IdentitySwitchResultWaiter;
import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.client.identity.MAMIdentityManager;
import com.microsoft.intune.mam.client.identity.ThreadIdentityStack;
import com.microsoft.intune.mam.client.ipcclient.MAMClientImpl;
import com.microsoft.intune.mam.client.ipcclient.MAMClientSingletonImpl;
import com.microsoft.intune.mam.client.os.BinderBehaviorImpl;
import com.microsoft.intune.mam.client.os.BinderProxy;
import com.microsoft.intune.mam.client.telemetry.TelemetryLoggerImpl;
import com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence;
import com.microsoft.intune.mam.client.util.PackageUtils;
import com.microsoft.intune.mam.log.MAMLogPIIFactory;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import kotlin.setForceRefresh;

/* loaded from: classes4.dex */
public class ServiceBehaviorImpl implements ServiceBehavior {
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger(ServiceBehaviorImpl.class);
    protected final AccessRestriction mAccessRestriction;
    private final SDKCapabilityChecker mCapChecker;
    protected final MAMClientImpl mClient;

    @setForceRefresh
    Context mContext;
    protected final ServiceFailureNotification mFailureNotification;
    private final IntentIdentityManager mIntentIdentityManager;
    private final IntentMarshal mIntentMarshal;
    protected final MAMIdentityManager mMAMIdentityManager;
    protected final MAMLogPIIFactory mMAMLogPIIFactory;
    protected final MultiIdentityServiceTable mMultiIdentityServiceTable;
    private Context mProxyContext;
    HookedService mService;
    protected final MAMClientSingletonImpl mSingleton;
    protected final TelemetryLoggerImpl mTelemetryLogger;

    /* renamed from: com.microsoft.intune.mam.client.app.ServiceBehaviorImpl$1, reason: invalid class name */
    /* loaded from: classes4.dex */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$microsoft$intune$mam$client$app$ServiceBehaviorImpl$IdentityChange;

        static {
            int[] iArr = new int[IdentityChange.values().length];
            $SwitchMap$com$microsoft$intune$mam$client$app$ServiceBehaviorImpl$IdentityChange = iArr;
            try {
                iArr[IdentityChange.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$client$app$ServiceBehaviorImpl$IdentityChange[IdentityChange.SUCCESS.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$microsoft$intune$mam$client$app$ServiceBehaviorImpl$IdentityChange[IdentityChange.FAILURE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public enum IdentityChange {
        NONE,
        SUCCESS,
        FAILURE
    }

    @setForceRefresh
    public ServiceBehaviorImpl(Context context, MAMClientImpl mAMClientImpl, MAMClientSingletonImpl mAMClientSingletonImpl, AccessRestriction accessRestriction, ServiceFailureNotification serviceFailureNotification, MultiIdentityServiceTable multiIdentityServiceTable, MAMIdentityManager mAMIdentityManager, MAMLogPIIFactory mAMLogPIIFactory, TelemetryLoggerImpl telemetryLoggerImpl, IntentMarshal intentMarshal, IntentIdentityManager intentIdentityManager, SDKCapabilityChecker sDKCapabilityChecker) {
        this.mContext = context;
        this.mClient = mAMClientImpl;
        this.mSingleton = mAMClientSingletonImpl;
        this.mAccessRestriction = accessRestriction;
        this.mFailureNotification = serviceFailureNotification;
        this.mMultiIdentityServiceTable = multiIdentityServiceTable;
        this.mMAMIdentityManager = mAMIdentityManager;
        this.mMAMLogPIIFactory = mAMLogPIIFactory;
        this.mTelemetryLogger = telemetryLoggerImpl;
        this.mIntentMarshal = intentMarshal;
        this.mIntentIdentityManager = intentIdentityManager;
        this.mCapChecker = sDKCapabilityChecker;
    }

    private boolean checkLaunchBlock(Intent intent) {
        if (intent == null || !this.mAccessRestriction.isServiceLaunchBlocked(this.mService.asService(), intent)) {
            return false;
        }
        this.mFailureNotification.show();
        return true;
    }

    private AccessRestriction.AccessOverride determineSystemAccessPermission() {
        if (!isAccountAuthenticator() && !isJobService()) {
            return AccessRestriction.AccessOverride.DEFAULT;
        }
        return AccessRestriction.AccessOverride.ALLOWLISTED;
    }

    private boolean isAccountAuthenticator() {
        try {
            for (ResolveInfo resolveInfo : PackageManagerCompat.queryIntentServices(this.mContext.getPackageManager(), new Intent("android.accounts.AccountAuthenticator"), 0L)) {
                if (resolveInfo.serviceInfo != null && this.mService.asService().getClass().getName().equals(resolveInfo.serviceInfo.name)) {
                    return true;
                }
            }
            return false;
        } catch (RuntimeException e) {
            LOGGER.warning("Assuming service is not an account authenticator as queryIntentServices threw", e);
            return false;
        }
    }

    private boolean isJobService() {
        return this.mService instanceof HookedJobIntentService;
    }

    private IdentityChange switchIdentityIfNecessary(Intent intent) {
        MAMIdentity taggedIdentity;
        if (!MAMInfo.isMultiIdentityEnabled()) {
            return IdentityChange.NONE;
        }
        if (intent == null) {
            String serviceIdentity = this.mMultiIdentityServiceTable.getServiceIdentity(this.mService.asService().getClass().getCanonicalName());
            taggedIdentity = serviceIdentity != null ? this.mMAMIdentityManager.fromString(serviceIdentity) : null;
        } else {
            taggedIdentity = this.mIntentIdentityManager.getTaggedIdentity(intent);
        }
        if (taggedIdentity == null) {
            return IdentityChange.NONE;
        }
        IdentitySwitchResultWaiter identitySwitchResultWaiter = new IdentitySwitchResultWaiter();
        if (this.mCapChecker.hasCapability(MAMSDKCapability.NEW_IDENTITY_API)) {
            this.mService.onMAMIdentitySwitchRequired(taggedIdentity.rawUPN(), MAMIdentity.isValid(taggedIdentity) ? taggedIdentity.aadId() : "", identitySwitchResultWaiter);
        } else {
            this.mService.onMAMIdentitySwitchRequired(taggedIdentity.rawUPN(), identitySwitchResultWaiter);
        }
        if (identitySwitchResultWaiter.waitForResult() != AppIdentitySwitchResult.SUCCESS) {
            LOGGER.warning("Identity switch failed switching to {0}", this.mMAMLogPIIFactory.getPIIUPN(taggedIdentity));
            return IdentityChange.FAILURE;
        }
        ThreadIdentityStack.get().push(taggedIdentity);
        return IdentityChange.SUCCESS;
    }

    private Binder wrapBinder(IBinder iBinder, AccessRestriction.AccessOverride accessOverride) {
        if (iBinder == null) {
            return null;
        }
        return BinderBehaviorImpl.isMAMBinder(iBinder) ? (Binder) iBinder : BinderProxy.create(MAMContext.unwrap(this.mProxyContext), iBinder, this.mAccessRestriction, this.mService.asService().getClass().getName(), accessOverride, this.mMAMIdentityManager);
    }

    @Override // com.microsoft.intune.mam.client.app.ServiceBehavior
    public void attachBaseContext(HookedService hookedService, Context context) {
        this.mService = hookedService;
        Context createProxy = MAMContext.createProxy(context);
        this.mProxyContext = createProxy;
        hookedService.attachBaseContextReal(createProxy);
    }

    @Override // com.microsoft.intune.mam.client.app.ServiceBehavior
    public IBinder onBind(Intent intent) {
        Intent prepareClone = this.mIntentMarshal.prepareClone(intent);
        IdentityChange switchIdentityIfNecessary = switchIdentityIfNecessary(prepareClone);
        if (switchIdentityIfNecessary == IdentityChange.FAILURE) {
            LOGGER.warning("service onBind failed to switch identity", new Object[0]);
            return null;
        }
        if (prepareClone != null) {
            try {
                if (prepareClone.getStringExtra("com.microsoft.intune.mam.appclient.PackageName") != null && this.mAccessRestriction.isServiceLaunchBlocked(this.mContext, prepareClone)) {
                    LOGGER.info("Service launch blocked by MAM policy from intent {0}. Returning null from onBind.", this.mMAMLogPIIFactory.getPIIIntent(prepareClone));
                    this.mTelemetryLogger.logTrackedOccurrence(TrackedOccurrence.SERVICE_ON_BIND_BLOCKED, String.valueOf(this.mMAMLogPIIFactory.getPIIIntent(prepareClone)));
                    return null;
                }
            } finally {
                if (switchIdentityIfNecessary == IdentityChange.SUCCESS) {
                    ThreadIdentityStack.get().pop();
                }
            }
        }
        IBinder onMAMBind = this.mService.onMAMBind(prepareClone);
        if (!PackageUtils.isServiceExported(this.mContext, this.mService.asService())) {
            if (switchIdentityIfNecessary == IdentityChange.SUCCESS) {
                ThreadIdentityStack.get().pop();
            }
            return onMAMBind;
        }
        Binder wrapBinder = wrapBinder(onMAMBind);
        if (switchIdentityIfNecessary == IdentityChange.SUCCESS) {
            ThreadIdentityStack.get().pop();
        }
        return wrapBinder;
    }

    @Override // com.microsoft.intune.mam.client.app.ServiceBehavior
    public void onMAMStart(Intent intent, int i) {
        this.mService.onStartReal(intent, i);
    }

    @Override // com.microsoft.intune.mam.client.app.ServiceBehavior
    public int onMAMStartCommand(Intent intent, int i, int i2) {
        return this.mService.onStartCommandReal(intent, i, i2);
    }

    @Override // com.microsoft.intune.mam.client.app.ServiceBehavior
    public void onStart(Intent intent, int i) {
        Intent prepareClone = this.mIntentMarshal.prepareClone(intent);
        if (checkLaunchBlock(prepareClone)) {
            return;
        }
        int i2 = AnonymousClass1.$SwitchMap$com$microsoft$intune$mam$client$app$ServiceBehaviorImpl$IdentityChange[switchIdentityIfNecessary(prepareClone).ordinal()];
        if (i2 == 1) {
            this.mService.onMAMStart(prepareClone, i);
        } else {
            if (i2 != 2) {
                return;
            }
            try {
                this.mService.onMAMStart(prepareClone, i);
            } finally {
                ThreadIdentityStack.get().pop();
            }
        }
    }

    @Override // com.microsoft.intune.mam.client.app.ServiceBehavior
    public int onStartCommand(Intent intent, int i, int i2) {
        Intent prepareClone = this.mIntentMarshal.prepareClone(intent);
        if (checkLaunchBlock(prepareClone)) {
            return 2;
        }
        int i3 = AnonymousClass1.$SwitchMap$com$microsoft$intune$mam$client$app$ServiceBehaviorImpl$IdentityChange[switchIdentityIfNecessary(prepareClone).ordinal()];
        if (i3 == 1) {
            return this.mService.onMAMStartCommand(prepareClone, i, i2);
        }
        if (i3 != 2) {
            return 2;
        }
        try {
            int onMAMStartCommand = this.mService.onMAMStartCommand(prepareClone, i, i2);
            if (onMAMStartCommand == 1 && prepareClone != null) {
                MAMIdentity taggedIdentity = this.mIntentIdentityManager.getTaggedIdentity(prepareClone);
                this.mMultiIdentityServiceTable.setServiceIdentity(this.mService.asService().getClass().getCanonicalName(), taggedIdentity != null ? taggedIdentity.toString() : null);
            }
            return onMAMStartCommand;
        } finally {
            ThreadIdentityStack.get().pop();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Binder wrapBinder(IBinder iBinder) {
        return wrapBinder(iBinder, determineSystemAccessPermission());
    }
}
