diff --git a/keystore2/legacykeystore/lib.rs b/keystore2/legacykeystore/lib.rs index db3eff63..d4074165 100644 --- a/keystore2/legacykeystore/lib.rs +++ b/keystore2/legacykeystore/lib.rs @@ -551,19 +551,19 @@ impl binder::Interface for LegacyKeystoreService {} impl ILegacyKeystore for LegacyKeystoreService { fn get(&self, alias: &str, uid: i32) -> BinderResult> { - let _wp = wd::watch_millis("ILegacyKeystore::get", 500); + let _wp = wd::watch("ILegacyKeystore::get"); map_or_log_err(self.legacy_keystore.get(alias, uid), Ok) } fn put(&self, alias: &str, uid: i32, entry: &[u8]) -> BinderResult<()> { - let _wp = wd::watch_millis("ILegacyKeystore::put", 500); + let _wp = wd::watch("ILegacyKeystore::put"); map_or_log_err(self.legacy_keystore.put(alias, uid, entry), Ok) } fn remove(&self, alias: &str, uid: i32) -> BinderResult<()> { - let _wp = wd::watch_millis("ILegacyKeystore::remove", 500); + let _wp = wd::watch("ILegacyKeystore::remove"); map_or_log_err(self.legacy_keystore.remove(alias, uid), Ok) } fn list(&self, prefix: &str, uid: i32) -> BinderResult> { - let _wp = wd::watch_millis("ILegacyKeystore::list", 500); + let _wp = wd::watch("ILegacyKeystore::list"); map_or_log_err(self.legacy_keystore.list(prefix, uid), Ok) } } diff --git a/keystore2/src/apc.rs b/keystore2/src/apc.rs index 6abe8492..bdde5ae4 100644 --- a/keystore2/src/apc.rs +++ b/keystore2/src/apc.rs @@ -363,11 +363,11 @@ impl IProtectedConfirmation for ApcManager { &self, listener: &binder::Strong, ) -> BinderResult<()> { - let _wp = wd::watch_millis("IProtectedConfirmation::cancelPrompt", 500); + let _wp = wd::watch("IProtectedConfirmation::cancelPrompt"); map_or_log_err(self.cancel_prompt(listener), Ok) } fn isSupported(&self) -> BinderResult { - let _wp = wd::watch_millis("IProtectedConfirmation::isSupported", 500); + let _wp = wd::watch("IProtectedConfirmation::isSupported"); map_or_log_err(Self::is_supported(), Ok) } } diff --git a/keystore2/src/authorization.rs b/keystore2/src/authorization.rs index 243abf13..5810c353 100644 --- a/keystore2/src/authorization.rs +++ b/keystore2/src/authorization.rs @@ -271,12 +271,12 @@ impl Interface for AuthorizationManager {} impl IKeystoreAuthorization for AuthorizationManager { fn addAuthToken(&self, auth_token: &HardwareAuthToken) -> BinderResult<()> { - let _wp = wd::watch_millis("IKeystoreAuthorization::addAuthToken", 500); + let _wp = wd::watch("IKeystoreAuthorization::addAuthToken"); map_or_log_err(self.add_auth_token(auth_token), Ok) } fn onDeviceUnlocked(&self, user_id: i32, password: Option<&[u8]>) -> BinderResult<()> { - let _wp = wd::watch_millis("IKeystoreAuthorization::onDeviceUnlocked", 500); + let _wp = wd::watch("IKeystoreAuthorization::onDeviceUnlocked"); map_or_log_err(self.on_device_unlocked(user_id, password.map(|pw| pw.into())), Ok) } @@ -286,17 +286,17 @@ impl IKeystoreAuthorization for AuthorizationManager { unlocking_sids: &[i64], weak_unlock_enabled: bool, ) -> BinderResult<()> { - let _wp = wd::watch_millis("IKeystoreAuthorization::onDeviceLocked", 500); + let _wp = wd::watch("IKeystoreAuthorization::onDeviceLocked"); map_or_log_err(self.on_device_locked(user_id, unlocking_sids, weak_unlock_enabled), Ok) } fn onWeakUnlockMethodsExpired(&self, user_id: i32) -> BinderResult<()> { - let _wp = wd::watch_millis("IKeystoreAuthorization::onWeakUnlockMethodsExpired", 500); + let _wp = wd::watch("IKeystoreAuthorization::onWeakUnlockMethodsExpired"); map_or_log_err(self.on_weak_unlock_methods_expired(user_id), Ok) } fn onNonLskfUnlockMethodsExpired(&self, user_id: i32) -> BinderResult<()> { - let _wp = wd::watch_millis("IKeystoreAuthorization::onNonLskfUnlockMethodsExpired", 500); + let _wp = wd::watch("IKeystoreAuthorization::onNonLskfUnlockMethodsExpired"); map_or_log_err(self.on_non_lskf_unlock_methods_expired(user_id), Ok) } @@ -306,7 +306,7 @@ impl IKeystoreAuthorization for AuthorizationManager { secure_user_id: i64, auth_token_max_age_millis: i64, ) -> binder::Result { - let _wp = wd::watch_millis("IKeystoreAuthorization::getAuthTokensForCredStore", 500); + let _wp = wd::watch("IKeystoreAuthorization::getAuthTokensForCredStore"); map_or_log_err( self.get_auth_tokens_for_credstore( challenge, diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs index ee9d2462..8f14cb0c 100644 --- a/keystore2/src/database.rs +++ b/keystore2/src/database.rs @@ -857,7 +857,7 @@ impl KeystoreDB { /// KeystoreDB cannot be used by multiple threads. /// Each thread should open their own connection using `thread_local!`. pub fn new(db_root: &Path, gc: Option>) -> Result { - let _wp = wd::watch_millis("KeystoreDB::new", 500); + let _wp = wd::watch("KeystoreDB::new"); let persistent_path = Self::make_persistent_path(db_root)?; let conn = Self::make_connection(&persistent_path)?; @@ -1092,7 +1092,7 @@ impl KeystoreDB { /// types that map to a table, information about the table's storage is /// returned. Requests for storage types that are not DB tables return None. pub fn get_storage_stat(&mut self, storage_type: MetricsStorage) -> Result { - let _wp = wd::watch_millis("KeystoreDB::get_storage_stat", 500); + let _wp = wd::watch("KeystoreDB::get_storage_stat"); match storage_type { MetricsStorage::DATABASE => self.get_total_size(), @@ -1155,7 +1155,7 @@ impl KeystoreDB { blob_ids_to_delete: &[i64], max_blobs: usize, ) -> Result, BlobMetaData)>> { - let _wp = wd::watch_millis("KeystoreDB::handle_next_superseded_blob", 500); + let _wp = wd::watch("KeystoreDB::handle_next_superseded_blob"); self.with_transaction(TransactionBehavior::Immediate, |tx| { // Delete the given blobs. for blob_id in blob_ids_to_delete { @@ -1243,7 +1243,7 @@ impl KeystoreDB { /// Unlike with `mark_unreferenced`, we don't need to purge grants, because only keys that made /// it to `KeyLifeCycle::Live` may have grants. pub fn cleanup_leftovers(&mut self) -> Result { - let _wp = wd::watch_millis("KeystoreDB::cleanup_leftovers", 500); + let _wp = wd::watch("KeystoreDB::cleanup_leftovers"); self.with_transaction(TransactionBehavior::Immediate, |tx| { tx.execute( @@ -1264,7 +1264,7 @@ impl KeystoreDB { alias: &str, key_type: KeyType, ) -> Result { - let _wp = wd::watch_millis("KeystoreDB::key_exists", 500); + let _wp = wd::watch("KeystoreDB::key_exists"); self.with_transaction(TransactionBehavior::Immediate, |tx| { let key_descriptor = @@ -1291,7 +1291,7 @@ impl KeystoreDB { blob_metadata: &BlobMetaData, key_metadata: &KeyMetaData, ) -> Result { - let _wp = wd::watch_millis("KeystoreDB::store_super_key", 500); + let _wp = wd::watch("KeystoreDB::store_super_key"); self.with_transaction(TransactionBehavior::Immediate, |tx| { let key_id = Self::insert_with_retry(|id| { @@ -1336,7 +1336,7 @@ impl KeystoreDB { key_type: &SuperKeyType, user_id: u32, ) -> Result> { - let _wp = wd::watch_millis("KeystoreDB::load_super_key", 500); + let _wp = wd::watch("KeystoreDB::load_super_key"); self.with_transaction(TransactionBehavior::Immediate, |tx| { let key_descriptor = KeyDescriptor { @@ -1470,7 +1470,7 @@ impl KeystoreDB { blob: Option<&[u8]>, blob_metadata: Option<&BlobMetaData>, ) -> Result<()> { - let _wp = wd::watch_millis("KeystoreDB::set_blob", 500); + let _wp = wd::watch("KeystoreDB::set_blob"); self.with_transaction(TransactionBehavior::Immediate, |tx| { Self::set_blob_internal(tx, key_id.0, sc_type, blob, blob_metadata).need_gc() @@ -1483,7 +1483,7 @@ impl KeystoreDB { /// We use this to insert key blobs into the database which can then be garbage collected /// lazily by the key garbage collector. pub fn set_deleted_blob(&mut self, blob: &[u8], blob_metadata: &BlobMetaData) -> Result<()> { - let _wp = wd::watch_millis("KeystoreDB::set_deleted_blob", 500); + let _wp = wd::watch("KeystoreDB::set_deleted_blob"); self.with_transaction(TransactionBehavior::Immediate, |tx| { Self::set_blob_internal( @@ -1645,7 +1645,7 @@ impl KeystoreDB { caller_uid: u32, check_permission: impl Fn(&KeyDescriptor) -> Result<()>, ) -> Result<()> { - let _wp = wd::watch_millis("KeystoreDB::migrate_key_namespace", 500); + let _wp = wd::watch("KeystoreDB::migrate_key_namespace"); let destination = match destination.domain { Domain::APP => KeyDescriptor { nspace: caller_uid as i64, ..(*destination).clone() }, @@ -1716,7 +1716,7 @@ impl KeystoreDB { metadata: &KeyMetaData, km_uuid: &Uuid, ) -> Result { - let _wp = wd::watch_millis("KeystoreDB::store_new_key", 500); + let _wp = wd::watch("KeystoreDB::store_new_key"); let (alias, domain, namespace) = match key { KeyDescriptor { alias: Some(alias), domain: Domain::APP, nspace, blob: None } @@ -1795,7 +1795,7 @@ impl KeystoreDB { cert: &[u8], km_uuid: &Uuid, ) -> Result { - let _wp = wd::watch_millis("KeystoreDB::store_new_certificate", 500); + let _wp = wd::watch("KeystoreDB::store_new_certificate"); let (alias, domain, namespace) = match key { KeyDescriptor { alias: Some(alias), domain: Domain::APP, nspace, blob: None } @@ -2075,7 +2075,7 @@ impl KeystoreDB { /// zero, the key also gets marked unreferenced and scheduled for deletion. /// Returns Ok(true) if the key was marked unreferenced as a hint to the garbage collector. pub fn check_and_update_key_usage_count(&mut self, key_id: i64) -> Result<()> { - let _wp = wd::watch_millis("KeystoreDB::check_and_update_key_usage_count", 500); + let _wp = wd::watch("KeystoreDB::check_and_update_key_usage_count"); self.with_transaction(TransactionBehavior::Immediate, |tx| { let limit: Option = tx @@ -2123,7 +2123,7 @@ impl KeystoreDB { caller_uid: u32, check_permission: impl Fn(&KeyDescriptor, Option) -> Result<()>, ) -> Result<(KeyIdGuard, KeyEntry)> { - let _wp = wd::watch_millis("KeystoreDB::load_key_entry", 500); + let _wp = wd::watch("KeystoreDB::load_key_entry"); let start = std::time::Instant::now(); loop { @@ -2253,7 +2253,7 @@ impl KeystoreDB { caller_uid: u32, check_permission: impl Fn(&KeyDescriptor, Option) -> Result<()>, ) -> Result<()> { - let _wp = wd::watch_millis("KeystoreDB::unbind_key", 500); + let _wp = wd::watch("KeystoreDB::unbind_key"); self.with_transaction(TransactionBehavior::Immediate, |tx| { let (key_id, access_key_descriptor, access_vector) = @@ -2284,7 +2284,7 @@ impl KeystoreDB { /// Delete all artifacts belonging to the namespace given by the domain-namespace tuple. /// This leaves all of the blob entries orphaned for subsequent garbage collection. pub fn unbind_keys_for_namespace(&mut self, domain: Domain, namespace: i64) -> Result<()> { - let _wp = wd::watch_millis("KeystoreDB::unbind_keys_for_namespace", 500); + let _wp = wd::watch("KeystoreDB::unbind_keys_for_namespace"); if !(domain == Domain::APP || domain == Domain::SELINUX) { return Err(KsError::Rc(ResponseCode::INVALID_ARGUMENT)).context(ks_err!()); @@ -2329,7 +2329,7 @@ impl KeystoreDB { } fn cleanup_unreferenced(tx: &Transaction) -> Result<()> { - let _wp = wd::watch_millis("KeystoreDB::cleanup_unreferenced", 500); + let _wp = wd::watch("KeystoreDB::cleanup_unreferenced"); { tx.execute( "DELETE FROM persistent.keymetadata @@ -2378,7 +2378,7 @@ impl KeystoreDB { user_id: u32, keep_non_super_encrypted_keys: bool, ) -> Result<()> { - let _wp = wd::watch_millis("KeystoreDB::unbind_keys_for_user", 500); + let _wp = wd::watch("KeystoreDB::unbind_keys_for_user"); self.with_transaction(TransactionBehavior::Immediate, |tx| { let mut stmt = tx @@ -2455,7 +2455,7 @@ impl KeystoreDB { /// be unlocked should remain usable when the lock screen is set to Swipe or None, as the device /// is always considered "unlocked" in that case. pub fn unbind_auth_bound_keys_for_user(&mut self, user_id: u32) -> Result<()> { - let _wp = wd::watch_millis("KeystoreDB::unbind_auth_bound_keys_for_user", 500); + let _wp = wd::watch("KeystoreDB::unbind_auth_bound_keys_for_user"); self.with_transaction(TransactionBehavior::Immediate, |tx| { let mut stmt = tx @@ -2550,7 +2550,7 @@ impl KeystoreDB { key_type: KeyType, start_past_alias: Option<&str>, ) -> Result> { - let _wp = wd::watch_millis("KeystoreDB::list_past_alias", 500); + let _wp = wd::watch("KeystoreDB::list_past_alias"); let query = format!( "SELECT DISTINCT alias FROM persistent.keyentry @@ -2605,7 +2605,7 @@ impl KeystoreDB { namespace: i64, key_type: KeyType, ) -> Result { - let _wp = wd::watch_millis("KeystoreDB::countKeys", 500); + let _wp = wd::watch("KeystoreDB::countKeys"); let num_keys = self.with_transaction(TransactionBehavior::Deferred, |tx| { tx.query_row( @@ -2638,7 +2638,7 @@ impl KeystoreDB { access_vector: KeyPermSet, check_permission: impl Fn(&KeyDescriptor, &KeyPermSet) -> Result<()>, ) -> Result { - let _wp = wd::watch_millis("KeystoreDB::grant", 500); + let _wp = wd::watch("KeystoreDB::grant"); self.with_transaction(TransactionBehavior::Immediate, |tx| { // Load the key_id and complete the access control tuple. @@ -2704,7 +2704,7 @@ impl KeystoreDB { grantee_uid: u32, check_permission: impl Fn(&KeyDescriptor) -> Result<()>, ) -> Result<()> { - let _wp = wd::watch_millis("KeystoreDB::ungrant", 500); + let _wp = wd::watch("KeystoreDB::ungrant"); self.with_transaction(TransactionBehavior::Immediate, |tx| { // Load the key_id and complete the access control tuple. @@ -2770,7 +2770,7 @@ impl KeystoreDB { /// Load descriptor of a key by key id pub fn load_key_descriptor(&mut self, key_id: i64) -> Result> { - let _wp = wd::watch_millis("KeystoreDB::load_key_descriptor", 500); + let _wp = wd::watch("KeystoreDB::load_key_descriptor"); self.with_transaction(TransactionBehavior::Deferred, |tx| { tx.query_row( @@ -2801,7 +2801,7 @@ impl KeystoreDB { user_id: i32, secure_user_id: i64, ) -> Result> { - let _wp = wd::watch_millis("KeystoreDB::get_app_uids_affected_by_sid", 500); + let _wp = wd::watch("KeystoreDB::get_app_uids_affected_by_sid"); let key_ids_and_app_uids = self.with_transaction(TransactionBehavior::Immediate, |tx| { let mut stmt = tx diff --git a/keystore2/src/globals.rs b/keystore2/src/globals.rs index 7ac1038d..2d5c20a7 100644 --- a/keystore2/src/globals.rs +++ b/keystore2/src/globals.rs @@ -165,7 +165,7 @@ lazy_static! { ( Box::new(|uuid, blob| { let km_dev = get_keymint_dev_by_uuid(uuid).map(|(dev, _)| dev)?; - let _wp = wd::watch_millis("In invalidate key closure: calling deleteKey", 500); + let _wp = wd::watch("In invalidate key closure: calling deleteKey"); map_km_error(km_dev.deleteKey(blob)) .context(ks_err!("Trying to invalidate key blob.")) }), @@ -306,7 +306,7 @@ fn connect_keymint( } }; - let wp = wd::watch_millis("In connect_keymint: calling getHardwareInfo()", 500); + let wp = wd::watch("In connect_keymint: calling getHardwareInfo()"); let mut hw_info = map_km_error(keymint.getHardwareInfo()).context(ks_err!("Failed to get hardware info."))?; drop(wp); diff --git a/keystore2/src/legacy_importer.rs b/keystore2/src/legacy_importer.rs index 7dcb98d6..f64af0b5 100644 --- a/keystore2/src/legacy_importer.rs +++ b/keystore2/src/legacy_importer.rs @@ -202,7 +202,7 @@ impl LegacyImporter { /// List all aliases for uid in the legacy database. pub fn list_uid(&self, domain: Domain, namespace: i64) -> Result> { - let _wp = wd::watch_millis("LegacyImporter::list_uid", 500); + let _wp = wd::watch("LegacyImporter::list_uid"); let uid = match (domain, namespace) { (Domain::APP, namespace) => namespace as u32, @@ -299,7 +299,7 @@ impl LegacyImporter { where F: Fn() -> Result, { - let _wp = wd::watch_millis("LegacyImporter::with_try_import", 500); + let _wp = wd::watch("LegacyImporter::with_try_import"); // Access the key and return on success. match key_accessor() { @@ -355,7 +355,7 @@ impl LegacyImporter { where F: FnMut() -> Result>, { - let _wp = wd::watch_millis("LegacyImporter::with_try_import_super_key", 500); + let _wp = wd::watch("LegacyImporter::with_try_import_super_key"); match key_accessor() { Ok(Some(result)) => return Ok(Some(result)), @@ -379,7 +379,7 @@ impl LegacyImporter { /// Deletes all keys belonging to the given namespace, importing them into the database /// for subsequent garbage collection if necessary. pub fn bulk_delete_uid(&self, domain: Domain, nspace: i64) -> Result<()> { - let _wp = wd::watch_millis("LegacyImporter::bulk_delete_uid", 500); + let _wp = wd::watch("LegacyImporter::bulk_delete_uid"); let uid = match (domain, nspace) { (Domain::APP, nspace) => nspace as u32, @@ -402,7 +402,7 @@ impl LegacyImporter { user_id: u32, keep_non_super_encrypted_keys: bool, ) -> Result<()> { - let _wp = wd::watch_millis("LegacyImporter::bulk_delete_user", 500); + let _wp = wd::watch("LegacyImporter::bulk_delete_user"); let result = self.do_serialized(move |importer_state| { importer_state @@ -923,7 +923,7 @@ fn get_key_characteristics_without_app_data( blob, &[], |blob| { - let _wd = wd::watch_millis("Calling GetKeyCharacteristics.", 500); + let _wd = wd::watch("Calling GetKeyCharacteristics."); map_km_error(km_dev.getKeyCharacteristics(blob, &[], &[])) }, |_| Ok(()), diff --git a/keystore2/src/maintenance.rs b/keystore2/src/maintenance.rs index 8780e9e9..644e7e5e 100644 --- a/keystore2/src/maintenance.rs +++ b/keystore2/src/maintenance.rs @@ -302,13 +302,13 @@ impl IKeystoreMaintenance for Maintenance { user_id, password.is_some() ); - let _wp = wd::watch_millis("IKeystoreMaintenance::onUserPasswordChanged", 500); + let _wp = wd::watch("IKeystoreMaintenance::onUserPasswordChanged"); map_or_log_err(Self::on_user_password_changed(user_id, password.map(|pw| pw.into())), Ok) } fn onUserAdded(&self, user_id: i32) -> BinderResult<()> { log::info!("onUserAdded(user={user_id})"); - let _wp = wd::watch_millis("IKeystoreMaintenance::onUserAdded", 500); + let _wp = wd::watch("IKeystoreMaintenance::onUserAdded"); map_or_log_err(self.add_or_remove_user(user_id), Ok) } @@ -319,31 +319,31 @@ impl IKeystoreMaintenance for Maintenance { allow_existing: bool, ) -> BinderResult<()> { log::info!("initUserSuperKeys(user={user_id}, allow_existing={allow_existing})"); - let _wp = wd::watch_millis("IKeystoreMaintenance::initUserSuperKeys", 500); + let _wp = wd::watch("IKeystoreMaintenance::initUserSuperKeys"); map_or_log_err(self.init_user_super_keys(user_id, password.into(), allow_existing), Ok) } fn onUserRemoved(&self, user_id: i32) -> BinderResult<()> { log::info!("onUserRemoved(user={user_id})"); - let _wp = wd::watch_millis("IKeystoreMaintenance::onUserRemoved", 500); + let _wp = wd::watch("IKeystoreMaintenance::onUserRemoved"); map_or_log_err(self.add_or_remove_user(user_id), Ok) } fn onUserLskfRemoved(&self, user_id: i32) -> BinderResult<()> { log::info!("onUserLskfRemoved(user={user_id})"); - let _wp = wd::watch_millis("IKeystoreMaintenance::onUserLskfRemoved", 500); + let _wp = wd::watch("IKeystoreMaintenance::onUserLskfRemoved"); map_or_log_err(Self::on_user_lskf_removed(user_id), Ok) } fn clearNamespace(&self, domain: Domain, nspace: i64) -> BinderResult<()> { log::info!("clearNamespace({domain:?}, nspace={nspace})"); - let _wp = wd::watch_millis("IKeystoreMaintenance::clearNamespace", 500); + let _wp = wd::watch("IKeystoreMaintenance::clearNamespace"); map_or_log_err(self.clear_namespace(domain, nspace), Ok) } fn earlyBootEnded(&self) -> BinderResult<()> { log::info!("earlyBootEnded()"); - let _wp = wd::watch_millis("IKeystoreMaintenance::earlyBootEnded", 500); + let _wp = wd::watch("IKeystoreMaintenance::earlyBootEnded"); map_or_log_err(Self::early_boot_ended(), Ok) } @@ -353,13 +353,13 @@ impl IKeystoreMaintenance for Maintenance { destination: &KeyDescriptor, ) -> BinderResult<()> { log::info!("migrateKeyNamespace(src={source:?}, dest={destination:?})"); - let _wp = wd::watch_millis("IKeystoreMaintenance::migrateKeyNamespace", 500); + let _wp = wd::watch("IKeystoreMaintenance::migrateKeyNamespace"); map_or_log_err(Self::migrate_key_namespace(source, destination), Ok) } fn deleteAllKeys(&self) -> BinderResult<()> { log::warn!("deleteAllKeys()"); - let _wp = wd::watch_millis("IKeystoreMaintenance::deleteAllKeys", 500); + let _wp = wd::watch("IKeystoreMaintenance::deleteAllKeys"); map_or_log_err(Self::delete_all_keys(), Ok) } @@ -369,7 +369,7 @@ impl IKeystoreMaintenance for Maintenance { secure_user_id: i64, ) -> BinderResult> { log::info!("getAppUidsAffectedBySid(secure_user_id={secure_user_id:?})"); - let _wp = wd::watch_millis("IKeystoreMaintenance::getAppUidsAffectedBySid", 500); + let _wp = wd::watch("IKeystoreMaintenance::getAppUidsAffectedBySid"); map_or_log_err(Self::get_app_uids_affected_by_sid(user_id, secure_user_id), Ok) } } diff --git a/keystore2/src/metrics.rs b/keystore2/src/metrics.rs index cd1cd75d..c114c8ba 100644 --- a/keystore2/src/metrics.rs +++ b/keystore2/src/metrics.rs @@ -51,7 +51,7 @@ impl Interface for Metrics {} impl IKeystoreMetrics for Metrics { fn pullMetrics(&self, atom_id: AtomID) -> BinderResult> { - let _wp = wd::watch_millis("IKeystoreMetrics::pullMetrics", 500); + let _wp = wd::watch("IKeystoreMetrics::pullMetrics"); map_or_log_err(self.pull_metrics(atom_id), Ok) } } diff --git a/keystore2/src/operation.rs b/keystore2/src/operation.rs index 11eaf17a..290bc74a 100644 --- a/keystore2/src/operation.rs +++ b/keystore2/src/operation.rs @@ -286,7 +286,7 @@ impl Operation { } *locked_outcome = Outcome::Pruned; - let _wp = wd::watch_millis("In Operation::prune: calling abort()", 500); + let _wp = wd::watch("In Operation::prune: calling abort()"); // We abort the operation. If there was an error we log it but ignore it. if let Err(e) = map_km_error(self.km_op.abort()) { @@ -362,7 +362,7 @@ impl Operation { .context(ks_err!("Trying to get auth tokens."))?; self.update_outcome(&mut outcome, { - let _wp = wd::watch_millis("Operation::update_aad: calling updateAad", 500); + let _wp = wd::watch("Operation::update_aad: calling updateAad"); map_km_error(self.km_op.updateAad(aad_input, hat.as_ref(), tst.as_ref())) }) .context(ks_err!("Update failed."))?; @@ -386,7 +386,7 @@ impl Operation { let output = self .update_outcome(&mut outcome, { - let _wp = wd::watch_millis("Operation::update: calling update", 500); + let _wp = wd::watch("Operation::update: calling update"); map_km_error(self.km_op.update(input, hat.as_ref(), tst.as_ref())) }) .context(ks_err!("Update failed."))?; @@ -416,7 +416,7 @@ impl Operation { let output = self .update_outcome(&mut outcome, { - let _wp = wd::watch_millis("Operation::finish: calling finish", 500); + let _wp = wd::watch("Operation::finish: calling finish"); map_km_error(self.km_op.finish( input, signature, @@ -447,7 +447,7 @@ impl Operation { *locked_outcome = outcome; { - let _wp = wd::watch_millis("Operation::abort: calling abort", 500); + let _wp = wd::watch("Operation::abort: calling abort"); map_km_error(self.km_op.abort()).context(ks_err!("KeyMint::abort failed.")) } } @@ -821,7 +821,7 @@ impl binder::Interface for KeystoreOperation {} impl IKeystoreOperation for KeystoreOperation { fn updateAad(&self, aad_input: &[u8]) -> binder::Result<()> { - let _wp = wd::watch_millis("IKeystoreOperation::updateAad", 500); + let _wp = wd::watch("IKeystoreOperation::updateAad"); map_or_log_err( self.with_locked_operation( |op| op.update_aad(aad_input).context(ks_err!("KeystoreOperation::updateAad")), @@ -832,7 +832,7 @@ impl IKeystoreOperation for KeystoreOperation { } fn update(&self, input: &[u8]) -> binder::Result>> { - let _wp = wd::watch_millis("IKeystoreOperation::update", 500); + let _wp = wd::watch("IKeystoreOperation::update"); map_or_log_err( self.with_locked_operation( |op| op.update(input).context(ks_err!("KeystoreOperation::update")), @@ -846,7 +846,7 @@ impl IKeystoreOperation for KeystoreOperation { input: Option<&[u8]>, signature: Option<&[u8]>, ) -> binder::Result>> { - let _wp = wd::watch_millis("IKeystoreOperation::finish", 500); + let _wp = wd::watch("IKeystoreOperation::finish"); map_or_log_err( self.with_locked_operation( |op| op.finish(input, signature).context(ks_err!("KeystoreOperation::finish")), @@ -857,7 +857,7 @@ impl IKeystoreOperation for KeystoreOperation { } fn abort(&self) -> binder::Result<()> { - let _wp = wd::watch_millis("IKeystoreOperation::abort", 500); + let _wp = wd::watch("IKeystoreOperation::abort"); map_err_with( self.with_locked_operation( |op| op.abort(Outcome::Abort).context(ks_err!("KeystoreOperation::abort")), diff --git a/keystore2/src/raw_device.rs b/keystore2/src/raw_device.rs index 44d805c3..a8a88d25 100644 --- a/keystore2/src/raw_device.rs +++ b/keystore2/src/raw_device.rs @@ -211,13 +211,10 @@ impl KeyMintDevice { KeyBlob::NonSensitive(key_blob_vec), |key_blob| { map_km_error({ - let _wp = wd::watch_millis( - concat!( - "In KeyMintDevice::lookup_or_generate_key: ", - "calling getKeyCharacteristics." - ), - 500, - ); + let _wp = wd::watch(concat!( + "In KeyMintDevice::lookup_or_generate_key: ", + "calling getKeyCharacteristics." + )); self.km_dev.getKeyCharacteristics(key_blob, &[], &[]) }) }, @@ -308,7 +305,7 @@ impl KeyMintDevice { let (begin_result, _) = self .upgrade_keyblob_if_required_with(db, key_id_guard, key_blob, |blob| { map_km_error({ - let _wp = wd::watch_millis("In use_key_in_one_step: calling: begin", 500); + let _wp = wd::watch("In use_key_in_one_step: calling: begin"); self.km_dev.begin(purpose, blob, operation_parameters, auth_token) }) }) @@ -316,7 +313,7 @@ impl KeyMintDevice { let operation: Strong = begin_result.operation.ok_or_else(Error::sys).context(ks_err!("Operation missing"))?; map_km_error({ - let _wp = wd::watch_millis("In use_key_in_one_step: calling: finish", 500); + let _wp = wd::watch("In use_key_in_one_step: calling: finish"); operation.finish(Some(input), None, None, None, None) }) .context(ks_err!("Failed to finish operation.")) diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs index d70fe22e..cda93b3f 100644 --- a/keystore2/src/remote_provisioning.rs +++ b/keystore2/src/remote_provisioning.rs @@ -129,6 +129,6 @@ fn get_rkpd_attestation_key( // by the calling function and allow for natural fallback to the factory key. let rpc_name = get_remotely_provisioned_component_name(security_level) .context(ks_err!("Trying to get IRPC name."))?; - let _wd = wd::watch_millis("Calling get_rkpd_attestation_key()", 500); + let _wd = wd::watch("Calling get_rkpd_attestation_key()"); rkpd_client::get_rkpd_attestation_key(&rpc_name, caller_uid) } diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs index cd155270..59f23151 100644 --- a/keystore2/src/security_level.rs +++ b/keystore2/src/security_level.rs @@ -112,6 +112,13 @@ impl KeystoreSecurityLevel { wd::watch_millis_with(id, millis, move || format!("SecurityLevel {:?}", sec_level)) } + fn watch(&self, id: &'static str) -> Option { + let sec_level = self.security_level; + wd::watch_millis_with(id, wd::DEFAULT_TIMEOUT_MS, move || { + format!("SecurityLevel {:?}", sec_level) + }) + } + fn store_new_key( &self, key: KeyDescriptor, @@ -323,10 +330,8 @@ impl KeystoreSecurityLevel { operation_parameters, |blob| loop { match map_km_error({ - let _wp = self.watch_millis( - "In KeystoreSecurityLevel::create_operation: calling begin", - 500, - ); + let _wp = + self.watch("In KeystoreSecurityLevel::create_operation: calling begin"); self.keymint.begin( purpose, blob, @@ -440,10 +445,8 @@ impl KeystoreSecurityLevel { // If there is an attestation challenge we need to get an application id. if params.iter().any(|kp| kp.tag == Tag::ATTESTATION_CHALLENGE) { let aaid = { - let _wp = self.watch_millis( - "In KeystoreSecurityLevel::add_required_parameters calling: get_aaid", - 500, - ); + let _wp = self + .watch("In KeystoreSecurityLevel::add_required_parameters calling: get_aaid"); keystore2_aaid::get_aaid(uid) .map_err(|e| anyhow!(ks_err!("get_aaid returned status {}.", e))) }?; @@ -675,8 +678,7 @@ impl KeystoreSecurityLevel { let km_dev = &self.keymint; let creation_result = map_km_error({ - let _wp = - self.watch_millis("In KeystoreSecurityLevel::import_key: calling importKey.", 500); + let _wp = self.watch("In KeystoreSecurityLevel::import_key: calling importKey."); km_dev.importKey(¶ms, format, key_data, None /* attestKey */) }) .context(ks_err!("Trying to call importKey"))?; @@ -789,9 +791,8 @@ impl KeystoreSecurityLevel { wrapping_blob_metadata.km_uuid().copied(), &[], |wrapping_blob| { - let _wp = self.watch_millis( + let _wp = self.watch( "In KeystoreSecurityLevel::import_wrapped_key: calling importWrappedKey.", - 500, ); let creation_result = map_km_error(self.keymint.importWrappedKey( wrapped_data, @@ -897,7 +898,7 @@ impl KeystoreSecurityLevel { params, f, |upgraded_blob| { - let _wp = wd::watch_millis("Calling store_rkpd_attestation_key()", 500); + let _wp = wd::watch("Calling store_rkpd_attestation_key()"); if let Err(e) = store_rkpd_attestation_key(&rpc_name, key_blob, upgraded_blob) { Err(wrapped_rkpd_error_to_ks_error(&e)).context(format!("{e:?}")) } else { @@ -928,13 +929,10 @@ impl KeystoreSecurityLevel { let km_dev = &self.keymint; let res = { - let _wp = self.watch_millis( - concat!( - "In IKeystoreSecurityLevel::convert_storage_key_to_ephemeral: ", - "calling convertStorageKeyToEphemeral (1)" - ), - 500, - ); + let _wp = self.watch(concat!( + "In IKeystoreSecurityLevel::convert_storage_key_to_ephemeral: ", + "calling convertStorageKeyToEphemeral (1)" + )); map_km_error(km_dev.convertStorageKeyToEphemeral(key_blob)) }; match res { @@ -943,17 +941,13 @@ impl KeystoreSecurityLevel { } Err(error::Error::Km(ErrorCode::KEY_REQUIRES_UPGRADE)) => { let upgraded_blob = { - let _wp = self.watch_millis( - "In convert_storage_key_to_ephemeral: calling upgradeKey", - 500, - ); + let _wp = self.watch("In convert_storage_key_to_ephemeral: calling upgradeKey"); map_km_error(km_dev.upgradeKey(key_blob, &[])) } .context(ks_err!("Failed to upgrade key blob."))?; let ephemeral_key = { - let _wp = self.watch_millis( + let _wp = self.watch( "In convert_storage_key_to_ephemeral: calling convertStorageKeyToEphemeral (2)", - 500, ); map_km_error(km_dev.convertStorageKeyToEphemeral(&upgraded_blob)) } @@ -986,8 +980,7 @@ impl KeystoreSecurityLevel { let km_dev = &self.keymint; { - let _wp = - self.watch_millis("In KeystoreSecuritylevel::delete_key: calling deleteKey", 500); + let _wp = self.watch("In KeystoreSecuritylevel::delete_key: calling deleteKey"); map_km_error(km_dev.deleteKey(key_blob)).context(ks_err!("keymint device deleteKey")) } } @@ -1002,7 +995,7 @@ impl IKeystoreSecurityLevel for KeystoreSecurityLevel { operation_parameters: &[KeyParameter], forced: bool, ) -> binder::Result { - let _wp = self.watch_millis("IKeystoreSecurityLevel::createOperation", 500); + let _wp = self.watch("IKeystoreSecurityLevel::createOperation"); map_or_log_err(self.create_operation(key, operation_parameters, forced), Ok) } fn generateKey( @@ -1029,7 +1022,7 @@ impl IKeystoreSecurityLevel for KeystoreSecurityLevel { flags: i32, key_data: &[u8], ) -> binder::Result { - let _wp = self.watch_millis("IKeystoreSecurityLevel::importKey", 500); + let _wp = self.watch("IKeystoreSecurityLevel::importKey"); let result = self.import_key(key, attestation_key, params, flags, key_data); log_key_creation_event_stats(self.security_level, params, &result); log_key_imported(key, ThreadState::get_calling_uid(), result.is_ok()); @@ -1043,7 +1036,7 @@ impl IKeystoreSecurityLevel for KeystoreSecurityLevel { params: &[KeyParameter], authenticators: &[AuthenticatorSpec], ) -> binder::Result { - let _wp = self.watch_millis("IKeystoreSecurityLevel::importWrappedKey", 500); + let _wp = self.watch("IKeystoreSecurityLevel::importWrappedKey"); let result = self.import_wrapped_key(key, wrapping_key, masking_key, params, authenticators); log_key_creation_event_stats(self.security_level, params, &result); @@ -1054,11 +1047,11 @@ impl IKeystoreSecurityLevel for KeystoreSecurityLevel { &self, storage_key: &KeyDescriptor, ) -> binder::Result { - let _wp = self.watch_millis("IKeystoreSecurityLevel::convertStorageKeyToEphemeral", 500); + let _wp = self.watch("IKeystoreSecurityLevel::convertStorageKeyToEphemeral"); map_or_log_err(self.convert_storage_key_to_ephemeral(storage_key), Ok) } fn deleteKey(&self, key: &KeyDescriptor) -> binder::Result<()> { - let _wp = self.watch_millis("IKeystoreSecurityLevel::deleteKey", 500); + let _wp = self.watch("IKeystoreSecurityLevel::deleteKey"); let result = self.delete_key(key); log_key_deleted(key, ThreadState::get_calling_uid(), result.is_ok()); map_or_log_err(result, Ok) @@ -1130,7 +1123,7 @@ mod tests { |new_blob| { // This handler is only executed if a key upgrade was performed. key_upgraded = true; - let _wp = wd::watch_millis("Calling store_rkpd_attestation_key()", 500); + let _wp = wd::watch("Calling store_rkpd_attestation_key()"); store_rkpd_attestation_key(&rpc_name, &key.keyBlob, new_blob).unwrap(); Ok(()) }, diff --git a/keystore2/src/service.rs b/keystore2/src/service.rs index 1459254e..1eab8a83 100644 --- a/keystore2/src/service.rs +++ b/keystore2/src/service.rs @@ -387,7 +387,7 @@ impl IKeystoreService for KeystoreService { map_or_log_err(self.get_security_level(security_level), Ok) } fn getKeyEntry(&self, key: &KeyDescriptor) -> binder::Result { - let _wp = wd::watch_millis("IKeystoreService::get_key_entry", 500); + let _wp = wd::watch("IKeystoreService::get_key_entry"); map_or_log_err(self.get_key_entry(key), Ok) } fn updateSubcomponent( @@ -396,15 +396,15 @@ impl IKeystoreService for KeystoreService { public_cert: Option<&[u8]>, certificate_chain: Option<&[u8]>, ) -> binder::Result<()> { - let _wp = wd::watch_millis("IKeystoreService::updateSubcomponent", 500); + let _wp = wd::watch("IKeystoreService::updateSubcomponent"); map_or_log_err(self.update_subcomponent(key, public_cert, certificate_chain), Ok) } fn listEntries(&self, domain: Domain, namespace: i64) -> binder::Result> { - let _wp = wd::watch_millis("IKeystoreService::listEntries", 500); + let _wp = wd::watch("IKeystoreService::listEntries"); map_or_log_err(self.list_entries(domain, namespace), Ok) } fn deleteKey(&self, key: &KeyDescriptor) -> binder::Result<()> { - let _wp = wd::watch_millis("IKeystoreService::deleteKey", 500); + let _wp = wd::watch("IKeystoreService::deleteKey"); let result = self.delete_key(key); log_key_deleted(key, ThreadState::get_calling_uid(), result.is_ok()); map_or_log_err(result, Ok) @@ -415,11 +415,11 @@ impl IKeystoreService for KeystoreService { grantee_uid: i32, access_vector: i32, ) -> binder::Result { - let _wp = wd::watch_millis("IKeystoreService::grant", 500); + let _wp = wd::watch("IKeystoreService::grant"); map_or_log_err(self.grant(key, grantee_uid, access_vector.into()), Ok) } fn ungrant(&self, key: &KeyDescriptor, grantee_uid: i32) -> binder::Result<()> { - let _wp = wd::watch_millis("IKeystoreService::ungrant", 500); + let _wp = wd::watch("IKeystoreService::ungrant"); map_or_log_err(self.ungrant(key, grantee_uid), Ok) } fn listEntriesBatched( @@ -428,12 +428,12 @@ impl IKeystoreService for KeystoreService { namespace: i64, start_past_alias: Option<&str>, ) -> binder::Result> { - let _wp = wd::watch_millis("IKeystoreService::listEntriesBatched", 500); + let _wp = wd::watch("IKeystoreService::listEntriesBatched"); map_or_log_err(self.list_entries_batched(domain, namespace, start_past_alias), Ok) } fn getNumberOfEntries(&self, domain: Domain, namespace: i64) -> binder::Result { - let _wp = wd::watch_millis("IKeystoreService::getNumberOfEntries", 500); + let _wp = wd::watch("IKeystoreService::getNumberOfEntries"); map_or_log_err(self.count_num_entries(domain, namespace), Ok) } } diff --git a/keystore2/src/super_key.rs b/keystore2/src/super_key.rs index 11ab734f..1f9f5f89 100644 --- a/keystore2/src/super_key.rs +++ b/keystore2/src/super_key.rs @@ -919,10 +919,8 @@ impl SuperKeyManager { &key_desc, KeyType::Client, /* TODO Should be Super b/189470584 */ |dev| { - let _wp = wd::watch_millis( - "In lock_unlocked_device_required_keys: calling importKey.", - 500, - ); + let _wp = + wd::watch("In lock_unlocked_device_required_keys: calling importKey."); dev.importKey(key_params.as_slice(), KeyFormat::RAW, &encrypting_key, None) }, )?; diff --git a/keystore2/src/utils.rs b/keystore2/src/utils.rs index a3fd8824..196cac55 100644 --- a/keystore2/src/utils.rs +++ b/keystore2/src/utils.rs @@ -143,10 +143,8 @@ fn check_android_permission(permission: &str) -> anyhow::Result<()> { binder::get_interface("permission")?; let binder_result = { - let _wp = watchdog::watch_millis( - "In check_device_attestation_permissions: calling checkPermission.", - 500, - ); + let _wp = + watchdog::watch("In check_device_attestation_permissions: calling checkPermission."); permission_controller.checkPermission( permission, ThreadState::get_calling_pid(), @@ -263,10 +261,7 @@ where log::debug!("import parameters={import_params:?}"); let creation_result = { - let _wp = watchdog::watch_millis( - "In utils::import_keyblob_and_perform_op: calling importKey.", - 500, - ); + let _wp = watchdog::watch("In utils::import_keyblob_and_perform_op: calling importKey."); map_km_error(km_dev.importKey(&import_params, format, &key_material, None)) } .context(ks_err!("Upgrade failed."))?; @@ -306,10 +301,7 @@ where NewBlobHandler: FnOnce(&[u8]) -> Result<()>, { let upgraded_blob = { - let _wp = watchdog::watch_millis( - "In utils::upgrade_keyblob_and_perform_op: calling upgradeKey.", - 500, - ); + let _wp = watchdog::watch("In utils::upgrade_keyblob_and_perform_op: calling upgradeKey."); map_km_error(km_dev.upgradeKey(key_blob, upgrade_params)) } .context(ks_err!("Upgrade failed."))?; diff --git a/keystore2/src/watchdog_helper.rs b/keystore2/src/watchdog_helper.rs index 92a0abc1..03c77400 100644 --- a/keystore2/src/watchdog_helper.rs +++ b/keystore2/src/watchdog_helper.rs @@ -23,6 +23,11 @@ pub mod watchdog { pub use watchdog_rs::WatchPoint; use watchdog_rs::Watchdog; + /// Default timeout interval, in milliseconds. + pub const DEFAULT_TIMEOUT_MS: u64 = 500; + + const DEFAULT_TIMEOUT: Duration = Duration::from_millis(DEFAULT_TIMEOUT_MS); + lazy_static! { /// A Watchdog thread, that can be used to create watch points. static ref WD: Arc = Watchdog::new(Duration::from_secs(10)); @@ -33,6 +38,11 @@ pub mod watchdog { Watchdog::watch(&WD, id, Duration::from_millis(millis)) } + /// Sets a watch point with `id` and a default timeout of [`DEFAULT_TIMEOUT_MS`] milliseconds. + pub fn watch(id: &'static str) -> Option { + Watchdog::watch(&WD, id, DEFAULT_TIMEOUT) + } + /// Like `watch_millis` but with a callback that is called every time a report /// is printed about this watch point. pub fn watch_millis_with( @@ -53,6 +63,10 @@ pub mod watchdog { fn watch_millis(_: &'static str, _: u64) -> Option { None } + /// Sets a Noop watch point. + fn watch(_: &'static str) -> Option { + None + } pub fn watch_millis_with( _: &'static str,