package com.android.tools.lint.checks;

import com.android.SdkConstants;
import com.android.tools.lint.client.api.JavaParser;
import com.android.tools.lint.detector.api.Category;
import com.android.tools.lint.detector.api.Context;
import com.android.tools.lint.detector.api.Detector;
import com.android.tools.lint.detector.api.Implementation;
import com.android.tools.lint.detector.api.Issue;
import com.android.tools.lint.detector.api.JavaContext;
import com.android.tools.lint.detector.api.LintUtils;
import com.android.tools.lint.detector.api.Location;
import com.android.tools.lint.detector.api.Project;
import com.android.tools.lint.detector.api.Scope;
import com.android.tools.lint.detector.api.Severity;
import com.android.tools.lint.detector.api.Speed;
import com.google.common.base.Ascii;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import lombok.ast.AstVisitor;
import lombok.ast.MethodInvocation;
import org.apache.commons.compress.archivers.tar.TarConstants;

/* loaded from: classes.dex */
public class UnsafeNativeCodeDetector extends Detector implements Detector.JavaScanner {
    private static final String RUNTIME_CLASS = "java.lang.Runtime";
    private static final String SYSTEM_CLASS = "java.lang.System";
    private static final Implementation IMPLEMENTATION = new Implementation(UnsafeNativeCodeDetector.class, Scope.JAVA_FILE_SCOPE);
    public static final Issue LOAD = Issue.create("UnsafeDynamicallyLoadedCode", "`load` used to dynamically load code", "Dynamically loading code from locations other than the application's library directory or the Android platform's built-in library directories is dangerous, as there is an increased risk that the code could have been tampered with. Applications should use `loadLibrary` when possible, which provides increased assurance that libraries are loaded from one of these safer locations. Application developers should use the features of their development environment to place application native libraries into the lib directory of their compiled APKs.", Category.SECURITY, 4, Severity.WARNING, IMPLEMENTATION);
    public static final Issue UNSAFE_NATIVE_CODE_LOCATION = Issue.create("UnsafeNativeCodeLocation", "Native code outside library directory", "In general, application native code should only be placed in the application's library directory, not in other locations such as the res or assets directories. Placing the code in the library directory provides increased assurance that the code will not be tampered with after application installation. Application developers should use the features of their development environment to place application native libraries into the lib directory of their compiled APKs. Embedding non-shared library native executables into applications should be avoided when possible.", Category.SECURITY, 4, Severity.WARNING, IMPLEMENTATION);
    private static final byte[] ELF_MAGIC_VALUE = {Ascii.DEL, 69, TarConstants.LF_GNUTYPE_LONGNAME, 70};

    private static void checkFile(Context context, File file) {
        if (isNativeCode(file)) {
            if (LintUtils.endsWith(file.getPath(), SdkConstants.DOT_NATIVE_LIBS)) {
                context.report(UNSAFE_NATIVE_CODE_LOCATION, Location.create(file), "Shared libraries should not be placed in the res or assets directories. Please use the features of your development environment to place shared libraries in the lib directory of the compiled APK.");
            } else {
                context.report(UNSAFE_NATIVE_CODE_LOCATION, Location.create(file), "Embedding non-shared library native executables into applications should be avoided when possible, as there is an increased risk that the executables could be tampered with after installation. Instead, native code should be placed in a shared library, and the features of the development environment should be used to place the shared library in the lib directory of the compiled APK.");
            }
        }
    }

    private static void checkResourceFolders(Context context, Project project) {
        File[] listFiles;
        if (context.getScope().contains(Scope.RESOURCE_FOLDER)) {
            Iterator<File> it = project.getResourceFolders().iterator();
            while (it.hasNext()) {
                File[] listFiles2 = it.next().listFiles();
                if (listFiles2 != null) {
                    for (File file : listFiles2) {
                        if (file.getName().startsWith("raw") && (listFiles = file.listFiles()) != null) {
                            for (File file2 : listFiles) {
                                checkFile(context, file2);
                            }
                        }
                    }
                }
            }
            Iterator<File> it2 = project.getAssetFolders().iterator();
            while (it2.hasNext()) {
                File[] listFiles3 = it2.next().listFiles();
                if (listFiles3 != null) {
                    for (File file3 : listFiles3) {
                        checkFile(context, file3);
                    }
                }
            }
        }
    }

    private static boolean isNativeCode(File file) {
        boolean z;
        if (!file.isFile()) {
            return false;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                byte[] bArr = new byte[4];
                if (fileInputStream.read(bArr) == 4) {
                    if (Arrays.equals(ELF_MAGIC_VALUE, bArr)) {
                        z = true;
                        return z;
                    }
                }
                z = false;
                return z;
            } finally {
                fileInputStream.close();
            }
        } catch (IOException unused) {
            return false;
        }
    }

    @Override // com.android.tools.lint.detector.api.Detector
    public void afterCheckLibraryProject(Context context) {
        if (context.getProject().getReportIssues()) {
            checkResourceFolders(context, context.getProject());
        }
    }

    @Override // com.android.tools.lint.detector.api.Detector
    public void afterCheckProject(Context context) {
        if (context.getProject().getReportIssues()) {
            checkResourceFolders(context, context.getProject());
        }
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.Detector.JavaScanner
    public List<String> getApplicableMethodNames() {
        return Collections.singletonList("load");
    }

    @Override // com.android.tools.lint.detector.api.Detector
    public Speed getSpeed() {
        return Speed.NORMAL;
    }

    @Override // com.android.tools.lint.detector.api.Detector, com.android.tools.lint.detector.api.Detector.JavaScanner
    public void visitMethod(JavaContext javaContext, AstVisitor astVisitor, MethodInvocation methodInvocation) {
        JavaParser.ResolvedNode resolve = javaContext.resolve(methodInvocation);
        if (resolve instanceof JavaParser.ResolvedMethod) {
            String astValue = methodInvocation.astName().astValue();
            JavaParser.ResolvedClass containingClass = ((JavaParser.ResolvedMethod) resolve).getContainingClass();
            if ((containingClass.isSubclassOf(RUNTIME_CLASS, false) || containingClass.matches(SYSTEM_CLASS)) && "load".equals(astValue)) {
                javaContext.report(LOAD, methodInvocation, javaContext.getLocation(methodInvocation), "Dynamically loading code using `load` is risky, please use `loadLibrary` instead when possible");
            }
        }
    }
}
