package com.android.tools.lint.checks;

import com.android.tools.lint.detector.api.Category;
import com.android.tools.lint.detector.api.Context;
import com.android.tools.lint.detector.api.Detector;
import com.android.tools.lint.detector.api.Issue;
import com.android.tools.lint.detector.api.LintConstants;
import com.android.tools.lint.detector.api.LintUtils;
import com.android.tools.lint.detector.api.Scope;
import com.android.tools.lint.detector.api.Severity;
import com.android.tools.lint.detector.api.Speed;
import java.io.File;
import java.util.Arrays;
import java.util.Collection;
import java.util.EnumSet;
import java.util.Iterator;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:WEB-INF/lib/lint_checks-r16.jar:com/android/tools/lint/checks/SecurityDetector.class */
public class SecurityDetector extends Detector.XmlDetectorAdapter {
    public static final Issue EXPORTED_SERVICE = Issue.create("ExportedService", "Checks for exported services that do not require permissions", "Exported services (services which either set exported=true or contain an intent-filter and do not specify exported=false) should define a permission that an entity must have in order to launch the service or bind to it. Without this, any application can use this service.", Category.SECURITY, 5, Severity.WARNING, SecurityDetector.class, EnumSet.of(Scope.MANIFEST));
    public static final Issue OPEN_PROVIDER = Issue.create("GrantAllUris", "Checks for <grant-uri-permission> elements where everything is shared", "The <grant-uri-permission> element allows specific paths to be shared. This detector checks for a path URL of just '/' (everything), which is probably not what you want; you should limit access to a subset.", Category.SECURITY, 7, Severity.WARNING, SecurityDetector.class, EnumSet.of(Scope.MANIFEST));

    @Override // com.android.tools.lint.detector.api.Detector
    public Speed getSpeed() {
        return Speed.FAST;
    }

    @Override // com.android.tools.lint.detector.api.Detector.XmlDetectorAdapter, com.android.tools.lint.detector.api.Detector
    public boolean appliesTo(Context context, File file) {
        return file.getName().equals(LintConstants.ANDROID_MANIFEST_XML);
    }

    @Override // com.android.tools.lint.detector.api.Detector.XmlDetectorAdapter, com.android.tools.lint.detector.api.Detector.XmlScanner
    public Collection<String> getApplicableElements() {
        return Arrays.asList(LintConstants.TAG_SERVICE, LintConstants.TAG_GRANT_PERMISSION);
    }

    @Override // com.android.tools.lint.detector.api.Detector.XmlDetectorAdapter, com.android.tools.lint.detector.api.Detector.XmlScanner
    public void visitElement(Context context, Element element) {
        String tagName = element.getTagName();
        if (tagName.equals(LintConstants.TAG_SERVICE)) {
            checkService(context, element);
        } else if (tagName.equals(LintConstants.TAG_GRANT_PERMISSION)) {
            checkGrantPermission(context, element);
        }
    }

    private void checkService(Context context, Element element) {
        boolean z;
        String attributeNS = element.getAttributeNS(LintConstants.ANDROID_URI, LintConstants.ATTR_EXPORTED);
        if (attributeNS == null || attributeNS.length() <= 0) {
            boolean z2 = false;
            Iterator<Element> it = LintUtils.getChildren(element).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                } else if (it.next().getTagName().equals(LintConstants.TAG_INTENT_FILTER)) {
                    z2 = true;
                    break;
                }
            }
            z = z2;
        } else {
            z = Boolean.valueOf(attributeNS).booleanValue();
        }
        if (z) {
            String attributeNS2 = element.getAttributeNS(LintConstants.ANDROID_URI, LintConstants.ATTR_PERMISSION);
            if (attributeNS2 == null || attributeNS2.length() == 0) {
                Node parentNode = element.getParentNode();
                if (parentNode.getNodeType() == 1 && parentNode.getNodeName().equals(LintConstants.TAG_APPLICATION)) {
                    String attributeNS3 = ((Element) parentNode).getAttributeNS(LintConstants.ANDROID_URI, LintConstants.ATTR_PERMISSION);
                    if (attributeNS3 == null || attributeNS3.length() == 0) {
                        context.client.report(context, EXPORTED_SERVICE, context.getLocation(element), "Exported service does not require permission", null);
                    }
                }
            }
        }
    }

    private void checkGrantPermission(Context context, Element element) {
        Attr attributeNodeNS = element.getAttributeNodeNS(LintConstants.ANDROID_URI, LintConstants.ATTR_PATH);
        Attr attributeNodeNS2 = element.getAttributeNodeNS(LintConstants.ANDROID_URI, LintConstants.ATTR_PATH_PREFIX);
        Attr attributeNodeNS3 = element.getAttributeNodeNS(LintConstants.ANDROID_URI, LintConstants.ATTR_PATH_PATTERN);
        if (attributeNodeNS != null && attributeNodeNS.getValue().equals("/")) {
            context.client.report(context, OPEN_PROVIDER, context.getLocation(attributeNodeNS), "Content provider shares everything; this is potentially dangerous.", null);
        }
        if (attributeNodeNS2 != null && attributeNodeNS2.getValue().equals("/")) {
            context.client.report(context, OPEN_PROVIDER, context.getLocation(attributeNodeNS2), "Content provider shares everything; this is potentially dangerous.", null);
        }
        if (attributeNodeNS3 == null || !attributeNodeNS3.getValue().equals("/")) {
            return;
        }
        context.client.report(context, OPEN_PROVIDER, context.getLocation(attributeNodeNS3), "Content provider shares everything; this is potentially dangerous.", null);
    }
}
