package com.android.tools.lint.checks;

import com.android.SdkConstants;
import com.android.ddmlib.FileListingService;
import com.android.tools.lint.detector.api.Category;
import com.android.tools.lint.detector.api.ConstantEvaluator;
import com.android.tools.lint.detector.api.Detector;
import com.android.tools.lint.detector.api.Implementation;
import com.android.tools.lint.detector.api.Issue;
import com.android.tools.lint.detector.api.JavaContext;
import com.android.tools.lint.detector.api.LintUtils;
import com.android.tools.lint.detector.api.Scope;
import com.android.tools.lint.detector.api.Severity;
import com.android.tools.lint.detector.api.XmlContext;
import com.intellij.psi.JavaElementVisitor;
import com.intellij.psi.PsiElement;
import com.intellij.psi.PsiMethod;
import com.intellij.psi.PsiMethodCallExpression;
import com.intellij.psi.PsiReferenceExpression;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:patch-file.zip:lib/lint-checks-25.3.2.jar:com/android/tools/lint/checks/SecurityDetector.class */
public class SecurityDetector extends Detector implements Detector.XmlScanner, Detector.JavaPsiScanner {
    private static final Implementation IMPLEMENTATION_MANIFEST;
    private static final Implementation IMPLEMENTATION_JAVA;
    public static final Issue EXPORTED_SERVICE;
    public static final Issue EXPORTED_PROVIDER;
    public static final Issue EXPORTED_RECEIVER;
    public static final Issue OPEN_PROVIDER;
    public static final Issue SET_READABLE;
    public static final Issue SET_WRITABLE;
    public static final Issue WORLD_WRITEABLE;
    public static final Issue WORLD_READABLE;
    private static final String FILE_CLASS = "java.io.File";
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:patch-file.zip:lib/lint-checks-25.3.2.jar:com/android/tools/lint/checks/SecurityDetector$IdentifierVisitor.class */
    private static class IdentifierVisitor extends JavaElementVisitor {
        private final JavaContext mContext;

        public IdentifierVisitor(JavaContext javaContext) {
            this.mContext = javaContext;
        }

        public void visitReferenceExpression(PsiReferenceExpression psiReferenceExpression) {
            super.visitReferenceExpression(psiReferenceExpression);
            String referenceName = psiReferenceExpression.getReferenceName();
            if ("MODE_WORLD_WRITEABLE".equals(referenceName)) {
                this.mContext.report(SecurityDetector.WORLD_WRITEABLE, (PsiElement) psiReferenceExpression, this.mContext.getLocation((PsiElement) psiReferenceExpression), "Using `MODE_WORLD_WRITEABLE` when creating files can be risky, review carefully");
            } else if ("MODE_WORLD_READABLE".equals(referenceName)) {
                this.mContext.report(SecurityDetector.WORLD_READABLE, (PsiElement) psiReferenceExpression, this.mContext.getLocation((PsiElement) psiReferenceExpression), "Using `MODE_WORLD_READABLE` when creating files can be risky, review carefully");
            }
        }
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.Detector.XmlScanner
    public Collection<String> getApplicableElements() {
        return Arrays.asList("service", "grant-uri-permission", "provider", "activity", "receiver");
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.Detector.XmlScanner
    public void visitElement(XmlContext xmlContext, Element element) {
        String tagName = element.getTagName();
        if (tagName.equals("service")) {
            checkService(xmlContext, element);
            return;
        }
        if (tagName.equals("grant-uri-permission")) {
            checkGrantPermission(xmlContext, element);
        } else if (tagName.equals("provider")) {
            checkProvider(xmlContext, element);
        } else if (tagName.equals("receiver")) {
            checkReceiver(xmlContext, element);
        }
    }

    public static boolean getExported(Element element) {
        String attributeNS = element.getAttributeNS("http://schemas.android.com/apk/res/android", "exported");
        if (attributeNS != null && !attributeNS.isEmpty()) {
            return Boolean.valueOf(attributeNS).booleanValue();
        }
        Iterator<Element> it = LintUtils.getChildren(element).iterator();
        while (it.hasNext()) {
            if (it.next().getTagName().equals("intent-filter")) {
                return true;
            }
        }
        return false;
    }

    private static boolean isUnprotectedByPermission(Element element) {
        String attributeNS = element.getAttributeNS("http://schemas.android.com/apk/res/android", "permission");
        if (attributeNS != null && !attributeNS.isEmpty()) {
            return false;
        }
        Node parentNode = element.getParentNode();
        if (parentNode.getNodeType() != 1 || !parentNode.getNodeName().equals("application")) {
            return false;
        }
        String attributeNS2 = ((Element) parentNode).getAttributeNS("http://schemas.android.com/apk/res/android", "permission");
        return attributeNS2 == null || attributeNS2.isEmpty();
    }

    private static boolean isWearableListenerServiceAction(Element element) {
        for (Element element2 : LintUtils.getChildren(element)) {
            if (element2.getTagName().equals("intent-filter")) {
                for (Element element3 : LintUtils.getChildren(element2)) {
                    if (element3.getTagName().equals("action")) {
                        String attributeNS = element3.getAttributeNS("http://schemas.android.com/apk/res/android", "name");
                        if ("com.google.android.gms.wearable.BIND_LISTENER".equals(attributeNS) || "com.google.android.gms.wearable.DATA_CHANGED".equals(attributeNS) || "com.google.android.gms.wearable.MESSAGE_RECEIVED".equals(attributeNS) || "com.google.android.gms.wearable.CAPABILITY_CHANGED".equals(attributeNS) || "com.google.android.gms.wearable.CHANNEL_EVENT".equals(attributeNS)) {
                            return true;
                        }
                    }
                }
            }
        }
        return false;
    }

    private static boolean isStandardReceiver(Element element) {
        if ("com.google.android.gms.tagmanager.InstallReferrerReceiver".equals(element.getAttributeNS("http://schemas.android.com/apk/res/android", "name"))) {
            return true;
        }
        for (Element element2 : LintUtils.getChildren(element)) {
            if (element2.getTagName().equals("intent-filter")) {
                for (Element element3 : LintUtils.getChildren(element2)) {
                    if (element3.getTagName().equals("action")) {
                        return element3.getAttributeNS("http://schemas.android.com/apk/res/android", "name").startsWith(SdkConstants.ANDROID_PKG_PREFIX);
                    }
                }
            }
        }
        return false;
    }

    private static void checkReceiver(XmlContext xmlContext, Element element) {
        if (getExported(element) && isUnprotectedByPermission(element) && !isStandardReceiver(element)) {
            xmlContext.report(EXPORTED_RECEIVER, element, xmlContext.getLocation(element), "Exported receiver does not require permission");
        }
    }

    private static void checkService(XmlContext xmlContext, Element element) {
        if (getExported(element) && isUnprotectedByPermission(element) && !isWearableListenerServiceAction(element)) {
            xmlContext.report(EXPORTED_SERVICE, element, xmlContext.getLocation(element), "Exported service does not require permission");
        }
    }

    private static void checkGrantPermission(XmlContext xmlContext, Element element) {
        Attr attributeNodeNS = element.getAttributeNodeNS("http://schemas.android.com/apk/res/android", "path");
        Attr attributeNodeNS2 = element.getAttributeNodeNS("http://schemas.android.com/apk/res/android", SdkConstants.ATTR_PATH_PREFIX);
        Attr attributeNodeNS3 = element.getAttributeNodeNS("http://schemas.android.com/apk/res/android", SdkConstants.ATTR_PATH_PATTERN);
        if (attributeNodeNS != null && attributeNodeNS.getValue().equals(FileListingService.FILE_SEPARATOR)) {
            xmlContext.report(OPEN_PROVIDER, attributeNodeNS, xmlContext.getLocation(attributeNodeNS), "Content provider shares everything; this is potentially dangerous.");
        }
        if (attributeNodeNS2 != null && attributeNodeNS2.getValue().equals(FileListingService.FILE_SEPARATOR)) {
            xmlContext.report(OPEN_PROVIDER, attributeNodeNS2, xmlContext.getLocation(attributeNodeNS2), "Content provider shares everything; this is potentially dangerous.");
        }
        if (attributeNodeNS3 == null || !attributeNodeNS3.getValue().equals(FileListingService.FILE_SEPARATOR)) {
            return;
        }
        xmlContext.report(OPEN_PROVIDER, attributeNodeNS3, xmlContext.getLocation(attributeNodeNS3), "Content provider shares everything; this is potentially dangerous.");
    }

    private static void checkProvider(XmlContext xmlContext, Element element) {
        String attributeNS = element.getAttributeNS("http://schemas.android.com/apk/res/android", "exported");
        boolean z = true;
        if (attributeNS != null && !attributeNS.isEmpty()) {
            z = Boolean.valueOf(attributeNS).booleanValue();
        }
        if (z) {
            String attributeNS2 = element.getAttributeNS("http://schemas.android.com/apk/res/android", SdkConstants.ATTR_READ_PERMISSION);
            if (attributeNS2 == null || attributeNS2.isEmpty()) {
                String attributeNS3 = element.getAttributeNS("http://schemas.android.com/apk/res/android", SdkConstants.ATTR_WRITE_PERMISSION);
                if (attributeNS3 == null || attributeNS3.isEmpty()) {
                    String attributeNS4 = element.getAttributeNS("http://schemas.android.com/apk/res/android", "permission");
                    if (attributeNS4 == null || attributeNS4.isEmpty()) {
                        boolean z2 = false;
                        Iterator<Element> it = LintUtils.getChildren(element).iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            } else if (it.next().getTagName().equals("path-permission")) {
                                z2 = true;
                                break;
                            }
                        }
                        if (z2) {
                            return;
                        }
                        xmlContext.report(EXPORTED_PROVIDER, element, xmlContext.getLocation(element), "Exported content providers can provide access to potentially sensitive data");
                    }
                }
            }
        }
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.Detector.JavaPsiScanner
    public List<String> getApplicableMethodNames() {
        ArrayList arrayList = new ArrayList(3);
        arrayList.add("openFileOutput");
        arrayList.add("getSharedPreferences");
        arrayList.add("getDir");
        arrayList.add("setReadable");
        arrayList.add("setWritable");
        return arrayList;
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.Detector.JavaPsiScanner
    public void visitMethod(JavaContext javaContext, JavaElementVisitor javaElementVisitor, PsiMethodCallExpression psiMethodCallExpression, PsiMethod psiMethod) {
        PsiElement[] expressions = psiMethodCallExpression.getArgumentList().getExpressions();
        String referenceName = psiMethodCallExpression.getMethodExpression().getReferenceName();
        if (javaContext.getEvaluator().isMemberInSubClassOf(psiMethod, FILE_CLASS, false)) {
            if ("setReadable".equals(referenceName)) {
                if (expressions.length == 2 && Boolean.TRUE.equals(ConstantEvaluator.evaluate(javaContext, expressions[0])) && Boolean.FALSE.equals(ConstantEvaluator.evaluate(javaContext, expressions[1]))) {
                    javaContext.report(SET_READABLE, (PsiElement) psiMethodCallExpression, javaContext.getLocation((PsiElement) psiMethodCallExpression), "Setting file permissions to world-readable can be risky, review carefully");
                    return;
                }
                return;
            }
            if ("setWritable".equals(referenceName)) {
                if (expressions.length == 2 && Boolean.TRUE.equals(ConstantEvaluator.evaluate(javaContext, expressions[0])) && Boolean.FALSE.equals(ConstantEvaluator.evaluate(javaContext, expressions[1]))) {
                    javaContext.report(SET_WRITABLE, (PsiElement) psiMethodCallExpression, javaContext.getLocation((PsiElement) psiMethodCallExpression), "Setting file permissions to world-writable can be risky, review carefully");
                    return;
                }
                return;
            }
        }
        if (!$assertionsDisabled && javaElementVisitor == null) {
            throw new AssertionError();
        }
        for (PsiElement psiElement : expressions) {
            psiElement.accept(javaElementVisitor);
        }
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.Detector.JavaPsiScanner
    public JavaElementVisitor createPsiVisitor(JavaContext javaContext) {
        return new IdentifierVisitor(javaContext);
    }

    static {
        $assertionsDisabled = !SecurityDetector.class.desiredAssertionStatus();
        IMPLEMENTATION_MANIFEST = new Implementation(SecurityDetector.class, Scope.MANIFEST_SCOPE);
        IMPLEMENTATION_JAVA = new Implementation(SecurityDetector.class, Scope.JAVA_FILE_SCOPE);
        EXPORTED_SERVICE = Issue.create("ExportedService", "Exported service does not require permission", "Exported services (services which either set `exported=true` or contain an intent-filter and do not specify `exported=false`) should define a permission that an entity must have in order to launch the service or bind to it. Without this, any application can use this service.", Category.SECURITY, 5, Severity.WARNING, IMPLEMENTATION_MANIFEST);
        EXPORTED_PROVIDER = Issue.create("ExportedContentProvider", "Content provider does not require permission", "Content providers are exported by default and any application on the system can potentially use them to read and write data. If the content provider provides access to sensitive data, it should be protected by specifying `export=false` in the manifest or by protecting it with a permission that can be granted to other applications.", Category.SECURITY, 5, Severity.WARNING, IMPLEMENTATION_MANIFEST);
        EXPORTED_RECEIVER = Issue.create("ExportedReceiver", "Receiver does not require permission", "Exported receivers (receivers which either set `exported=true` or contain an intent-filter and do not specify `exported=false`) should define a permission that an entity must have in order to launch the receiver or bind to it. Without this, any application can use this receiver.", Category.SECURITY, 5, Severity.WARNING, IMPLEMENTATION_MANIFEST);
        OPEN_PROVIDER = Issue.create("GrantAllUris", "Content provider shares everything", "The `<grant-uri-permission>` element allows specific paths to be shared. This detector checks for a path URL of just '/' (everything), which is probably not what you want; you should limit access to a subset.", Category.SECURITY, 7, Severity.WARNING, IMPLEMENTATION_MANIFEST);
        SET_READABLE = Issue.create("SetWorldReadable", "`File.setReadable()` used to make file world-readable", "Setting files world-readable is very dangerous, and likely to cause security holes in applications. It is strongly discouraged; instead, applications should use more formal mechanisms for interactions such as `ContentProvider`, `BroadcastReceiver`, and `Service`.", Category.SECURITY, 6, Severity.WARNING, IMPLEMENTATION_JAVA);
        SET_WRITABLE = Issue.create("SetWorldWritable", "`File.setWritable()` used to make file world-writable", "Setting files world-writable is very dangerous, and likely to cause security holes in applications. It is strongly discouraged; instead, applications should use more formal mechanisms for interactions such as `ContentProvider`, `BroadcastReceiver`, and `Service`.", Category.SECURITY, 6, Severity.WARNING, IMPLEMENTATION_JAVA);
        WORLD_WRITEABLE = Issue.create("WorldWriteableFiles", "`openFileOutput()` or similar call passing `MODE_WORLD_WRITEABLE`", "There are cases where it is appropriate for an application to write world writeable files, but these should be reviewed carefully to ensure that they contain no private data, and that if the file is modified by a malicious application it does not trick or compromise your application.", Category.SECURITY, 4, Severity.WARNING, IMPLEMENTATION_JAVA);
        WORLD_READABLE = Issue.create("WorldReadableFiles", "`openFileOutput()` or similar call passing `MODE_WORLD_READABLE`", "There are cases where it is appropriate for an application to write world readable files, but these should be reviewed carefully to ensure that they contain no private data that is leaked to other applications.", Category.SECURITY, 4, Severity.WARNING, IMPLEMENTATION_JAVA);
    }
}
