/*
 * Copyright (C) 2020 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package android.os;

import android.Manifest;
import android.annotation.FlaggedApi;
import android.annotation.NonNull;
import android.annotation.RequiresPermission;
import android.annotation.SystemApi;
import android.annotation.SystemService;
import android.content.ComponentName;
import android.content.Context;
import android.content.pm.SignedPackage;
import android.content.pm.SignedPackageParcel;
import android.util.ArraySet;
import android.util.Log;

import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;


/**
 * Allows apps outside the system process to access various bits of configuration defined in
 * /etc/sysconfig and its counterparts on OEM and vendor partitions.
 *
 * TODO: Intended for access by system mainline modules only. Marking as SystemApi until the
 * module-only API surface is available.
 * @hide
 */
@SystemApi
@SystemService(Context.SYSTEM_CONFIG_SERVICE)
public class SystemConfigManager {
    private static final String TAG = SystemConfigManager.class.getSimpleName();

    private final ISystemConfig mInterface;

    /** @hide **/
    public SystemConfigManager() {
        mInterface = ISystemConfig.Stub.asInterface(
                ServiceManager.getService(Context.SYSTEM_CONFIG_SERVICE));
    }

    /**
     * Returns a set of package names for carrier apps that are preinstalled on the device but
     * should be disabled until the matching carrier's SIM is inserted into the device.
     * @return A set of package names.
     */
    @RequiresPermission(Manifest.permission.READ_CARRIER_APP_INFO)
    public @NonNull Set<String> getDisabledUntilUsedPreinstalledCarrierApps() {
        try {
            List<String> apps = mInterface.getDisabledUntilUsedPreinstalledCarrierApps();
            return new ArraySet<>(apps);
        } catch (RemoteException e) {
            Log.e(TAG, "Caught remote exception");
            return Collections.emptySet();
        }
    }

    /**
     * Returns a map that describes helper apps associated with carrier apps that, like the apps
     * returned by {@link #getDisabledUntilUsedPreinstalledCarrierApps()}, should be disabled until
     * the correct SIM is inserted into the device.
     * @return A map with keys corresponding to package names returned by
     *         {@link #getDisabledUntilUsedPreinstalledCarrierApps()} and values as lists of package
     *         names of helper apps.
     */
    @RequiresPermission(Manifest.permission.READ_CARRIER_APP_INFO)
    public @NonNull Map<String, List<String>>
            getDisabledUntilUsedPreinstalledCarrierAssociatedApps() {
        try {
            return (Map<String, List<String>>)
                    mInterface.getDisabledUntilUsedPreinstalledCarrierAssociatedApps();
        } catch (RemoteException e) {
            Log.e(TAG, "Caught remote exception");
            return Collections.emptyMap();
        }
    }

    /**
     * Returns a map that describes helper apps associated with carrier apps that, like the apps
     * returned by {@link #getDisabledUntilUsedPreinstalledCarrierApps()}, should be disabled until
     * the correct SIM is inserted into the device.
     *
     * <p>TODO(b/159069037) expose this and get rid of the other method that omits SDK version.
     *
     * @return A map with keys corresponding to package names returned by
     *         {@link #getDisabledUntilUsedPreinstalledCarrierApps()} and values as lists of package
     *         names of helper apps and the SDK versions when they were first added.
     *
     * @hide
     */
    @RequiresPermission(Manifest.permission.READ_CARRIER_APP_INFO)
    public @NonNull Map<String, List<CarrierAssociatedAppEntry>>
            getDisabledUntilUsedPreinstalledCarrierAssociatedAppEntries() {
        try {
            return (Map<String, List<CarrierAssociatedAppEntry>>)
                    mInterface.getDisabledUntilUsedPreinstalledCarrierAssociatedAppEntries();
        } catch (RemoteException e) {
            Log.e(TAG, "Caught remote exception", e);
            return Collections.emptyMap();
        }
    }

    /**
     * Get uids which have been granted given permission in system configuration.
     *
     * The uids and assigning permissions are defined on data/etc/platform.xml
     *
     * @param permissionName The target permission.
     * @return The uids have been granted given permission in system configuration.
     */
    @RequiresPermission(Manifest.permission.GET_RUNTIME_PERMISSIONS)
    @NonNull
    public int[] getSystemPermissionUids(@NonNull String permissionName) {
        try {
            return mInterface.getSystemPermissionUids(permissionName);
        } catch (RemoteException e) {
            throw e.rethrowFromSystemServer();
        }
    }

    /**
     * Get enabled component for a specific package
     *
     * @param packageName The target package.
     * @return The enabled component
     * {@hide}
     */
    @SystemApi(client = SystemApi.Client.MODULE_LIBRARIES)
    @NonNull
    public List<ComponentName> getEnabledComponentOverrides(@NonNull String packageName) {
        try {
            return mInterface.getEnabledComponentOverrides(packageName);
        } catch (RemoteException e) {
            throw e.rethrowFromSystemServer();
        }
    }

    /**
     * Return the components that are enabled by default as VR mode listener services.
     * @hide
     */
    @RequiresPermission(android.Manifest.permission.QUERY_ALL_PACKAGES)
    public List<ComponentName> getDefaultVrComponents() {
        try {
            return mInterface.getDefaultVrComponents();
        } catch (RemoteException e) {
            e.rethrowFromSystemServer();
        }
        return Collections.emptyList();
    }

    /**
     * Return the packages that are prevented from being disabled, where if
     * disabled it would result in a non-functioning system or similar.
     * @hide
     */
    @NonNull
    public List<String> getPreventUserDisablePackages() {
        try {
            return mInterface.getPreventUserDisablePackages();
        } catch (RemoteException e) {
            throw e.rethrowFromSystemServer();
        }
    }


    /**
     * Returns a set of signed packages, represented as (packageName, certificateDigest) pairs, that
     * should be considered "trusted packages" by ECM (Enhanced Confirmation Mode).
     *
     * <p>"Trusted packages" are exempt from ECM (i.e., they will never be considered "restricted").
     *
     * <p>A package will be considered "trusted package" if and only if it *matches* least one of
     * the (*packageName*, *certificateDigest*) pairs in this set, where *matches* means satisfying
     * both of the following:
     *
     * <ol>
     *   <li>The package's name equals *packageName*
     *   <li>The package is, or was ever, signed by *certificateDigest*, according to the package's
     *       {@link android.content.pm.SigningDetails}
     * </ol>
     *
     * @hide
     */
    @SystemApi(client = SystemApi.Client.MODULE_LIBRARIES)
    @FlaggedApi(android.permission.flags.Flags.FLAG_ENHANCED_CONFIRMATION_MODE_APIS_ENABLED)
    @RequiresPermission(Manifest.permission.MANAGE_ENHANCED_CONFIRMATION_STATES)
    @NonNull
    public Set<SignedPackage> getEnhancedConfirmationTrustedPackages() {
        try {
            List<SignedPackageParcel> parcels = mInterface.getEnhancedConfirmationTrustedPackages();
            return parcels.stream().map(SignedPackage::new).collect(Collectors.toSet());
        } catch (RemoteException e) {
            throw e.rethrowFromSystemServer();
        }
    }

    /**
     * Returns a set of signed packages, represented as (packageName, certificateDigest) pairs, that
     * should be considered "trusted installers" by ECM (Enhanced Confirmation Mode).
     *
     * <p>"Trusted installers", and all apps installed by a trusted installer, are exempt from ECM
     * (i.e., they will never be considered "restricted").
     *
     * <p>A package will be considered a "trusted installer" if and only if it *matches* least one
     * of the (*packageName*, *certificateDigest*) pairs in this set, where *matches* means
     * satisfying both of the following:
     *
     * <ol>
     *   <li>The package's name equals *packageName*
     *   <li>The package is, or was ever, signed by *certificateDigest*, according to the package's
     *       {@link android.content.pm.SigningDetails}
     * </ol>
     *
     * @hide
     */
    @SystemApi(client = SystemApi.Client.MODULE_LIBRARIES)
    @FlaggedApi(android.permission.flags.Flags.FLAG_ENHANCED_CONFIRMATION_MODE_APIS_ENABLED)
    @RequiresPermission(Manifest.permission.MANAGE_ENHANCED_CONFIRMATION_STATES)
    @NonNull
    public Set<SignedPackage> getEnhancedConfirmationTrustedInstallers() {
        try {
            List<SignedPackageParcel> parcels =
                    mInterface.getEnhancedConfirmationTrustedInstallers();
            return parcels.stream().map(SignedPackage::new).collect(Collectors.toSet());
        } catch (RemoteException e) {
            throw e.rethrowFromSystemServer();
        }
    }
}