package com.cisco.anyconnect.vpn.android.permissions;

import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Process;
import com.cisco.android.nchs.permissions.Prerequisites;
import com.cisco.anyconnect.vpn.android.process.ProcessUtils;
import com.cisco.anyconnect.vpn.android.util.AppLog;
import java.io.File;
import java.util.Arrays;

/* loaded from: classes.dex */
public final class PermissionAuditer {
    private static final String ENTITY_NAME = "PermissionAuditer";
    private static final int GID_NET_RAW = Process.getGidForName("net_raw");
    private static final int GID_NET_ADMIN = Process.getGidForName("net_admin");
    private static final int GID_VPN = Process.getGidForName("vpn");
    private static final String[] POSSIBLE_NET_ADMIN_PERMISSIONS = {"android.permission.NET_ADMIN", "android.permission.SAMSUNG_MODIFY_ROUTE", "cisco.permission.NET_ADMIN"};
    private static final String[] POSSIBLE_NET_RAW_PERMISSIONS = {"android.permission.NET_RAW", "android.permission.SAMSUNG_MODIFY_IPTABLES", "cisco.permission.NET_RAW"};
    private static final String[] POSSIBLE_TUN_PERMISSIONS = {"android.permission.VPN", "android.permission.SAMSUNG_TUNTAP", "cisco.permission.VPN"};
    private static final String[] POSSIBLE_COMBINED_PERMISSIONS = {"com.cisco.permission.CISCO_VPN_ACCESS"};

    /* loaded from: classes.dex */
    public static final class Audit {
        public final boolean devTunExists;
        public final int[] groups;
        public final boolean hasCheckedForRoot;
        public final boolean hasPermissionCombined;
        public final boolean hasPermissionNetAdmin;
        public final boolean hasPermissionNetRaw;
        public final boolean hasPermissionTun;
        public final boolean inGroupNetAdmin;
        public final boolean inGroupNetRaw;
        public final boolean inGroupTun;
        public final boolean isRooted;
        public final boolean isTunModuleLoaded;
        public final boolean isTunReadable;
        public final boolean isTunWritable;
        public final String userId;

        /* loaded from: classes.dex */
        public static final class Builder {
            private boolean mDevTunExists;
            private int[] mGroups = new int[0];
            private boolean mHasCheckedForRoot;
            private boolean mHasPermissionCombined;
            private boolean mHasPermissionNetAdmin;
            private boolean mHasPermissionNetRaw;
            private boolean mHasPermissionTun;
            private boolean mInGroupNetAdmin;
            private boolean mInGroupNetRaw;
            private boolean mInGroupTun;
            private boolean mIsRooted;
            private boolean mIsTunModuleLoaded;
            private boolean mIsTunReadable;
            private boolean mIsTunWritable;
            private String mUserId;

            public Audit build() {
                return new Audit(this);
            }

            public Builder checkedForRoot(boolean z) {
                this.mHasCheckedForRoot = z;
                return this;
            }

            public Builder groups(int[] iArr) {
                this.mGroups = iArr;
                return this;
            }

            public Builder hasPermissionCombined(boolean z) {
                this.mHasPermissionCombined = z;
                return this;
            }

            public Builder hasPermissionNetAdmin(boolean z) {
                this.mHasPermissionNetAdmin = z;
                return this;
            }

            public Builder hasPermissionNetRaw(boolean z) {
                this.mHasPermissionNetRaw = z;
                return this;
            }

            public Builder hasPermissionTun(boolean z) {
                this.mHasPermissionTun = z;
                return this;
            }

            public Builder hasTun(boolean z) {
                this.mDevTunExists = z;
                return this;
            }

            public Builder inGroupNetAdmin(Boolean bool) {
                this.mInGroupNetAdmin = bool.booleanValue();
                return this;
            }

            public Builder inGroupNetRaw(Boolean bool) {
                this.mInGroupNetRaw = bool.booleanValue();
                return this;
            }

            public Builder inGroupVpn(Boolean bool) {
                this.mInGroupTun = bool.booleanValue();
                return this;
            }

            public Builder isRooted(boolean z) {
                this.mIsRooted = z;
                return this;
            }

            public Builder isTunModuleLoaded(boolean z) {
                this.mIsTunModuleLoaded = z;
                return this;
            }

            public Builder isTunReadable(boolean z) {
                this.mIsTunReadable = z;
                return this;
            }

            public Builder isTunWritable(boolean z) {
                this.mIsTunWritable = z;
                return this;
            }

            public Builder userId(String str) {
                this.mUserId = str;
                return this;
            }
        }

        public Audit(Builder builder) {
            this.isRooted = builder.mIsRooted;
            this.userId = builder.mUserId;
            this.groups = builder.mGroups;
            this.inGroupNetRaw = builder.mInGroupNetRaw;
            this.inGroupTun = builder.mInGroupTun;
            this.inGroupNetAdmin = builder.mInGroupNetAdmin;
            this.devTunExists = builder.mDevTunExists;
            this.isTunModuleLoaded = builder.mIsTunModuleLoaded;
            this.isTunReadable = builder.mIsTunReadable;
            this.isTunWritable = builder.mIsTunWritable;
            this.hasPermissionNetRaw = builder.mHasPermissionNetRaw;
            this.hasPermissionNetAdmin = builder.mHasPermissionNetAdmin;
            this.hasPermissionTun = builder.mHasPermissionTun;
            this.hasPermissionCombined = builder.mHasPermissionCombined;
            this.hasCheckedForRoot = builder.mHasCheckedForRoot;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            if (this.hasCheckedForRoot) {
                sb.append("rooted: ");
                sb.append(this.isRooted);
            }
            sb.append("\nuser id: ");
            sb.append(this.userId);
            sb.append("\n\ngroup subscriptions:");
            sb.append("\nnet_raw: ");
            sb.append(this.inGroupNetRaw);
            sb.append("\nnet_admin: ");
            sb.append(this.inGroupNetAdmin);
            sb.append("\nvpn: ");
            sb.append(this.inGroupTun);
            sb.append("\nall: ");
            sb.append(Arrays.toString(this.groups));
            sb.append("\n\ngranted permissions:");
            sb.append("\nnet_raw: ");
            sb.append(this.hasPermissionNetRaw);
            sb.append("\nnet_admin: ");
            sb.append(this.hasPermissionNetAdmin);
            sb.append("\ntun: ");
            sb.append(this.hasPermissionTun);
            sb.append("\ncombined: ");
            sb.append(this.hasPermissionCombined);
            sb.append("\n\nTUN Driver:");
            sb.append("\n/dev/tun exists: ");
            sb.append(this.devTunExists);
            sb.append("\n/dev/tun readable: ");
            sb.append(this.isTunReadable);
            sb.append("\n/dev/tun writable: ");
            sb.append(this.isTunWritable);
            sb.append("\ntun.ko loaded: ");
            sb.append(this.isTunModuleLoaded);
            return sb.toString();
        }
    }

    public static Audit getAudit(Context context) {
        try {
            if (context == null) {
                throw new IllegalArgumentException("unexpected null input context");
            }
            Audit.Builder builder = new Audit.Builder();
            PackageManager packageManager = context.getPackageManager();
            builder.userId(packageManager.getNameForUid(Process.myUid()));
            int[] packageGids = packageManager.getPackageGids(context.getPackageName());
            builder.groups(packageGids);
            for (int i : packageGids) {
                if (GID_NET_ADMIN == i) {
                    builder.inGroupNetAdmin(true);
                } else if (GID_NET_RAW == i) {
                    builder.inGroupNetRaw(true);
                } else if (GID_VPN == i) {
                    builder.inGroupVpn(true);
                }
            }
            File file = new File("/dev/tun");
            boolean exists = file.exists();
            builder.hasTun(exists);
            if (exists) {
                builder.isTunReadable(file.canRead());
                builder.isTunWritable(file.canWrite());
            }
            builder.isTunModuleLoaded(isTunModuleLoaded());
            builder.hasPermissionNetAdmin(hasPermisionFromList(context, POSSIBLE_NET_ADMIN_PERMISSIONS));
            builder.hasPermissionNetRaw(hasPermisionFromList(context, POSSIBLE_NET_RAW_PERMISSIONS));
            builder.hasPermissionTun(hasPermisionFromList(context, POSSIBLE_TUN_PERMISSIONS));
            builder.hasPermissionCombined(hasPermisionFromList(context, POSSIBLE_COMBINED_PERMISSIONS));
            if (builder.mHasPermissionNetAdmin && builder.mHasPermissionNetRaw && builder.mHasPermissionTun) {
                builder.checkedForRoot(false);
            } else {
                builder.isRooted(Prerequisites.haveRootAccess());
                builder.checkedForRoot(true);
            }
            return new Audit(builder);
        } catch (Exception e) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "audit failed due to unexpected exception: ", e);
            return null;
        }
    }

    private static boolean hasPermisionFromList(Context context, String[] strArr) {
        PackageManager packageManager = context.getPackageManager();
        for (String str : strArr) {
            if (packageManager.checkPermission(str, context.getPackageName()) == 0) {
                return true;
            }
        }
        return false;
    }

    private static boolean isTunModuleLoaded() {
        try {
            StringBuilder sb = new StringBuilder();
            ProcessUtils.runCmd("lsmod", sb);
            return -1 != sb.indexOf("tun");
        } catch (Exception unused) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "lsmod failed; cannot determine if tun is loaded");
            return false;
        }
    }
}
