package com.android.tools.lint.checks;

import com.android.tools.lint.client.api.JavaEvaluator;
import com.android.tools.lint.detector.api.Category;
import com.android.tools.lint.detector.api.Detector;
import com.android.tools.lint.detector.api.Implementation;
import com.android.tools.lint.detector.api.Issue;
import com.android.tools.lint.detector.api.JavaContext;
import com.android.tools.lint.detector.api.Lint;
import com.android.tools.lint.detector.api.Location;
import com.android.tools.lint.detector.api.Scope;
import com.android.tools.lint.detector.api.Severity;
import com.android.tools.lint.detector.api.SourceCodeScanner;
import com.android.tools.lint.detector.api.XmlContext;
import com.android.tools.lint.detector.api.XmlScanner;
import com.android.utils.XmlUtils;
import com.intellij.psi.PsiClass;
import com.intellij.psi.PsiMethod;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.jetbrains.uast.UClass;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:com/android/tools/lint/checks/PreferenceActivityDetector.class */
public class PreferenceActivityDetector extends Detector implements XmlScanner, SourceCodeScanner {
    public static final Implementation IMPLEMENTATION = new Implementation(PreferenceActivityDetector.class, EnumSet.of(Scope.MANIFEST, Scope.JAVA_FILE), Scope.MANIFEST_SCOPE, Scope.JAVA_FILE_SCOPE);
    public static final Issue ISSUE = Issue.create("ExportedPreferenceActivity", "PreferenceActivity should not be exported", "Fragment injection gives anyone who can send your PreferenceActivity an intent the ability to load any fragment, with any arguments, in your process.", Category.SECURITY, 8, Severity.WARNING, IMPLEMENTATION).addMoreInfo("http://securityintelligence.com/new-vulnerability-android-framework-fragment-injection");
    private static final String PREFERENCE_ACTIVITY = "android.preference.PreferenceActivity";
    private static final String IS_VALID_FRAGMENT = "isValidFragment";
    private final Map<String, Location.Handle> mExportedActivities = new HashMap();

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.XmlScanner
    public Collection<String> getApplicableElements() {
        return Collections.singletonList("activity");
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.XmlScanner
    public void visitElement(XmlContext xmlContext, Element element) {
        if (SecurityDetector.getExported(element)) {
            String resolveManifestName = Lint.resolveManifestName(element);
            if (resolveManifestName.equals(PREFERENCE_ACTIVITY) && !xmlContext.getDriver().isSuppressed(xmlContext, ISSUE, element)) {
                xmlContext.report(ISSUE, element, xmlContext.getLocation(element), "`PreferenceActivity` should not be exported");
            }
            this.mExportedActivities.put(resolveManifestName, xmlContext.createLocationHandle(element));
        }
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.SourceCodeScanner
    public List<String> applicableSuperClasses() {
        return Collections.singletonList(PREFERENCE_ACTIVITY);
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.SourceCodeScanner
    public void visitClass(JavaContext javaContext, UClass uClass) {
        Location nameLocation;
        if (javaContext.getProject().getReportIssues()) {
            JavaEvaluator evaluator = javaContext.getEvaluator();
            String qualifiedName = uClass.getQualifiedName();
            if (evaluator.extendsClass(uClass, PREFERENCE_ACTIVITY, false) && isExported(javaContext, qualifiedName)) {
                if (javaContext.getMainProject().getTargetSdk() < 19 || !overridesIsValidFragment(evaluator, uClass)) {
                    String format = String.format("`PreferenceActivity` subclass `%1$s` should not be exported", qualifiedName);
                    if (javaContext.getScope().contains(Scope.MANIFEST)) {
                        nameLocation = this.mExportedActivities.get(qualifiedName).resolve();
                    } else {
                        nameLocation = javaContext.getNameLocation(uClass);
                        format = format + " in the manifest";
                    }
                    javaContext.report(ISSUE, uClass, nameLocation, format);
                }
            }
        }
    }

    private boolean isExported(JavaContext javaContext, String str) {
        Element firstSubTagByName;
        if (str == null) {
            return false;
        }
        if (javaContext.getScope().contains(Scope.MANIFEST)) {
            return this.mExportedActivities.containsKey(str);
        }
        Document mergedManifest = javaContext.getMainProject().getMergedManifest();
        if (mergedManifest == null || mergedManifest.getDocumentElement() == null || (firstSubTagByName = XmlUtils.getFirstSubTagByName(mergedManifest.getDocumentElement(), "application")) == null) {
            return false;
        }
        for (Element element : XmlUtils.getSubTags(firstSubTagByName)) {
            if ("activity".equals(element.getTagName()) && str.endsWith(element.getAttributeNS("http://schemas.android.com/apk/res/android", "name")) && Lint.resolveManifestName(element).equals(str)) {
                return SecurityDetector.getExported(element);
            }
        }
        return false;
    }

    private static boolean overridesIsValidFragment(JavaEvaluator javaEvaluator, PsiClass psiClass) {
        for (PsiMethod psiMethod : psiClass.findMethodsByName(IS_VALID_FRAGMENT, false)) {
            if (javaEvaluator.parametersMatch(psiMethod, "java.lang.String")) {
                return true;
            }
        }
        return false;
    }
}
