Merge "Add/use watchdog with standard timeout" into main am: de2ac5cf7d
Original change: https://android-review.googlesource.com/c/platform/system/security/+/3099837 Change-Id: I4e500d63f23e924bc7b08a835490bdd175a01387 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
commit
f023c1593a
16 changed files with 127 additions and 133 deletions
|
@ -551,19 +551,19 @@ impl binder::Interface for LegacyKeystoreService {}
|
|||
|
||||
impl ILegacyKeystore for LegacyKeystoreService {
|
||||
fn get(&self, alias: &str, uid: i32) -> BinderResult<Vec<u8>> {
|
||||
let _wp = wd::watch_millis("ILegacyKeystore::get", 500);
|
||||
let _wp = wd::watch("ILegacyKeystore::get");
|
||||
map_or_log_err(self.legacy_keystore.get(alias, uid), Ok)
|
||||
}
|
||||
fn put(&self, alias: &str, uid: i32, entry: &[u8]) -> BinderResult<()> {
|
||||
let _wp = wd::watch_millis("ILegacyKeystore::put", 500);
|
||||
let _wp = wd::watch("ILegacyKeystore::put");
|
||||
map_or_log_err(self.legacy_keystore.put(alias, uid, entry), Ok)
|
||||
}
|
||||
fn remove(&self, alias: &str, uid: i32) -> BinderResult<()> {
|
||||
let _wp = wd::watch_millis("ILegacyKeystore::remove", 500);
|
||||
let _wp = wd::watch("ILegacyKeystore::remove");
|
||||
map_or_log_err(self.legacy_keystore.remove(alias, uid), Ok)
|
||||
}
|
||||
fn list(&self, prefix: &str, uid: i32) -> BinderResult<Vec<String>> {
|
||||
let _wp = wd::watch_millis("ILegacyKeystore::list", 500);
|
||||
let _wp = wd::watch("ILegacyKeystore::list");
|
||||
map_or_log_err(self.legacy_keystore.list(prefix, uid), Ok)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -363,11 +363,11 @@ impl IProtectedConfirmation for ApcManager {
|
|||
&self,
|
||||
listener: &binder::Strong<dyn IConfirmationCallback>,
|
||||
) -> BinderResult<()> {
|
||||
let _wp = wd::watch_millis("IProtectedConfirmation::cancelPrompt", 500);
|
||||
let _wp = wd::watch("IProtectedConfirmation::cancelPrompt");
|
||||
map_or_log_err(self.cancel_prompt(listener), Ok)
|
||||
}
|
||||
fn isSupported(&self) -> BinderResult<bool> {
|
||||
let _wp = wd::watch_millis("IProtectedConfirmation::isSupported", 500);
|
||||
let _wp = wd::watch("IProtectedConfirmation::isSupported");
|
||||
map_or_log_err(Self::is_supported(), Ok)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -271,12 +271,12 @@ impl Interface for AuthorizationManager {}
|
|||
|
||||
impl IKeystoreAuthorization for AuthorizationManager {
|
||||
fn addAuthToken(&self, auth_token: &HardwareAuthToken) -> BinderResult<()> {
|
||||
let _wp = wd::watch_millis("IKeystoreAuthorization::addAuthToken", 500);
|
||||
let _wp = wd::watch("IKeystoreAuthorization::addAuthToken");
|
||||
map_or_log_err(self.add_auth_token(auth_token), Ok)
|
||||
}
|
||||
|
||||
fn onDeviceUnlocked(&self, user_id: i32, password: Option<&[u8]>) -> BinderResult<()> {
|
||||
let _wp = wd::watch_millis("IKeystoreAuthorization::onDeviceUnlocked", 500);
|
||||
let _wp = wd::watch("IKeystoreAuthorization::onDeviceUnlocked");
|
||||
map_or_log_err(self.on_device_unlocked(user_id, password.map(|pw| pw.into())), Ok)
|
||||
}
|
||||
|
||||
|
@ -286,17 +286,17 @@ impl IKeystoreAuthorization for AuthorizationManager {
|
|||
unlocking_sids: &[i64],
|
||||
weak_unlock_enabled: bool,
|
||||
) -> BinderResult<()> {
|
||||
let _wp = wd::watch_millis("IKeystoreAuthorization::onDeviceLocked", 500);
|
||||
let _wp = wd::watch("IKeystoreAuthorization::onDeviceLocked");
|
||||
map_or_log_err(self.on_device_locked(user_id, unlocking_sids, weak_unlock_enabled), Ok)
|
||||
}
|
||||
|
||||
fn onWeakUnlockMethodsExpired(&self, user_id: i32) -> BinderResult<()> {
|
||||
let _wp = wd::watch_millis("IKeystoreAuthorization::onWeakUnlockMethodsExpired", 500);
|
||||
let _wp = wd::watch("IKeystoreAuthorization::onWeakUnlockMethodsExpired");
|
||||
map_or_log_err(self.on_weak_unlock_methods_expired(user_id), Ok)
|
||||
}
|
||||
|
||||
fn onNonLskfUnlockMethodsExpired(&self, user_id: i32) -> BinderResult<()> {
|
||||
let _wp = wd::watch_millis("IKeystoreAuthorization::onNonLskfUnlockMethodsExpired", 500);
|
||||
let _wp = wd::watch("IKeystoreAuthorization::onNonLskfUnlockMethodsExpired");
|
||||
map_or_log_err(self.on_non_lskf_unlock_methods_expired(user_id), Ok)
|
||||
}
|
||||
|
||||
|
@ -306,7 +306,7 @@ impl IKeystoreAuthorization for AuthorizationManager {
|
|||
secure_user_id: i64,
|
||||
auth_token_max_age_millis: i64,
|
||||
) -> binder::Result<AuthorizationTokens> {
|
||||
let _wp = wd::watch_millis("IKeystoreAuthorization::getAuthTokensForCredStore", 500);
|
||||
let _wp = wd::watch("IKeystoreAuthorization::getAuthTokensForCredStore");
|
||||
map_or_log_err(
|
||||
self.get_auth_tokens_for_credstore(
|
||||
challenge,
|
||||
|
|
|
@ -857,7 +857,7 @@ impl KeystoreDB {
|
|||
/// KeystoreDB cannot be used by multiple threads.
|
||||
/// Each thread should open their own connection using `thread_local!`.
|
||||
pub fn new(db_root: &Path, gc: Option<Arc<Gc>>) -> Result<Self> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::new", 500);
|
||||
let _wp = wd::watch("KeystoreDB::new");
|
||||
|
||||
let persistent_path = Self::make_persistent_path(db_root)?;
|
||||
let conn = Self::make_connection(&persistent_path)?;
|
||||
|
@ -1092,7 +1092,7 @@ impl KeystoreDB {
|
|||
/// types that map to a table, information about the table's storage is
|
||||
/// returned. Requests for storage types that are not DB tables return None.
|
||||
pub fn get_storage_stat(&mut self, storage_type: MetricsStorage) -> Result<StorageStats> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::get_storage_stat", 500);
|
||||
let _wp = wd::watch("KeystoreDB::get_storage_stat");
|
||||
|
||||
match storage_type {
|
||||
MetricsStorage::DATABASE => self.get_total_size(),
|
||||
|
@ -1155,7 +1155,7 @@ impl KeystoreDB {
|
|||
blob_ids_to_delete: &[i64],
|
||||
max_blobs: usize,
|
||||
) -> Result<Vec<(i64, Vec<u8>, BlobMetaData)>> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::handle_next_superseded_blob", 500);
|
||||
let _wp = wd::watch("KeystoreDB::handle_next_superseded_blob");
|
||||
self.with_transaction(TransactionBehavior::Immediate, |tx| {
|
||||
// Delete the given blobs.
|
||||
for blob_id in blob_ids_to_delete {
|
||||
|
@ -1243,7 +1243,7 @@ impl KeystoreDB {
|
|||
/// Unlike with `mark_unreferenced`, we don't need to purge grants, because only keys that made
|
||||
/// it to `KeyLifeCycle::Live` may have grants.
|
||||
pub fn cleanup_leftovers(&mut self) -> Result<usize> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::cleanup_leftovers", 500);
|
||||
let _wp = wd::watch("KeystoreDB::cleanup_leftovers");
|
||||
|
||||
self.with_transaction(TransactionBehavior::Immediate, |tx| {
|
||||
tx.execute(
|
||||
|
@ -1264,7 +1264,7 @@ impl KeystoreDB {
|
|||
alias: &str,
|
||||
key_type: KeyType,
|
||||
) -> Result<bool> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::key_exists", 500);
|
||||
let _wp = wd::watch("KeystoreDB::key_exists");
|
||||
|
||||
self.with_transaction(TransactionBehavior::Immediate, |tx| {
|
||||
let key_descriptor =
|
||||
|
@ -1291,7 +1291,7 @@ impl KeystoreDB {
|
|||
blob_metadata: &BlobMetaData,
|
||||
key_metadata: &KeyMetaData,
|
||||
) -> Result<KeyEntry> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::store_super_key", 500);
|
||||
let _wp = wd::watch("KeystoreDB::store_super_key");
|
||||
|
||||
self.with_transaction(TransactionBehavior::Immediate, |tx| {
|
||||
let key_id = Self::insert_with_retry(|id| {
|
||||
|
@ -1336,7 +1336,7 @@ impl KeystoreDB {
|
|||
key_type: &SuperKeyType,
|
||||
user_id: u32,
|
||||
) -> Result<Option<(KeyIdGuard, KeyEntry)>> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::load_super_key", 500);
|
||||
let _wp = wd::watch("KeystoreDB::load_super_key");
|
||||
|
||||
self.with_transaction(TransactionBehavior::Immediate, |tx| {
|
||||
let key_descriptor = KeyDescriptor {
|
||||
|
@ -1470,7 +1470,7 @@ impl KeystoreDB {
|
|||
blob: Option<&[u8]>,
|
||||
blob_metadata: Option<&BlobMetaData>,
|
||||
) -> Result<()> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::set_blob", 500);
|
||||
let _wp = wd::watch("KeystoreDB::set_blob");
|
||||
|
||||
self.with_transaction(TransactionBehavior::Immediate, |tx| {
|
||||
Self::set_blob_internal(tx, key_id.0, sc_type, blob, blob_metadata).need_gc()
|
||||
|
@ -1483,7 +1483,7 @@ impl KeystoreDB {
|
|||
/// We use this to insert key blobs into the database which can then be garbage collected
|
||||
/// lazily by the key garbage collector.
|
||||
pub fn set_deleted_blob(&mut self, blob: &[u8], blob_metadata: &BlobMetaData) -> Result<()> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::set_deleted_blob", 500);
|
||||
let _wp = wd::watch("KeystoreDB::set_deleted_blob");
|
||||
|
||||
self.with_transaction(TransactionBehavior::Immediate, |tx| {
|
||||
Self::set_blob_internal(
|
||||
|
@ -1645,7 +1645,7 @@ impl KeystoreDB {
|
|||
caller_uid: u32,
|
||||
check_permission: impl Fn(&KeyDescriptor) -> Result<()>,
|
||||
) -> Result<()> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::migrate_key_namespace", 500);
|
||||
let _wp = wd::watch("KeystoreDB::migrate_key_namespace");
|
||||
|
||||
let destination = match destination.domain {
|
||||
Domain::APP => KeyDescriptor { nspace: caller_uid as i64, ..(*destination).clone() },
|
||||
|
@ -1716,7 +1716,7 @@ impl KeystoreDB {
|
|||
metadata: &KeyMetaData,
|
||||
km_uuid: &Uuid,
|
||||
) -> Result<KeyIdGuard> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::store_new_key", 500);
|
||||
let _wp = wd::watch("KeystoreDB::store_new_key");
|
||||
|
||||
let (alias, domain, namespace) = match key {
|
||||
KeyDescriptor { alias: Some(alias), domain: Domain::APP, nspace, blob: None }
|
||||
|
@ -1795,7 +1795,7 @@ impl KeystoreDB {
|
|||
cert: &[u8],
|
||||
km_uuid: &Uuid,
|
||||
) -> Result<KeyIdGuard> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::store_new_certificate", 500);
|
||||
let _wp = wd::watch("KeystoreDB::store_new_certificate");
|
||||
|
||||
let (alias, domain, namespace) = match key {
|
||||
KeyDescriptor { alias: Some(alias), domain: Domain::APP, nspace, blob: None }
|
||||
|
@ -2075,7 +2075,7 @@ impl KeystoreDB {
|
|||
/// zero, the key also gets marked unreferenced and scheduled for deletion.
|
||||
/// Returns Ok(true) if the key was marked unreferenced as a hint to the garbage collector.
|
||||
pub fn check_and_update_key_usage_count(&mut self, key_id: i64) -> Result<()> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::check_and_update_key_usage_count", 500);
|
||||
let _wp = wd::watch("KeystoreDB::check_and_update_key_usage_count");
|
||||
|
||||
self.with_transaction(TransactionBehavior::Immediate, |tx| {
|
||||
let limit: Option<i32> = tx
|
||||
|
@ -2123,7 +2123,7 @@ impl KeystoreDB {
|
|||
caller_uid: u32,
|
||||
check_permission: impl Fn(&KeyDescriptor, Option<KeyPermSet>) -> Result<()>,
|
||||
) -> Result<(KeyIdGuard, KeyEntry)> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::load_key_entry", 500);
|
||||
let _wp = wd::watch("KeystoreDB::load_key_entry");
|
||||
let start = std::time::Instant::now();
|
||||
|
||||
loop {
|
||||
|
@ -2253,7 +2253,7 @@ impl KeystoreDB {
|
|||
caller_uid: u32,
|
||||
check_permission: impl Fn(&KeyDescriptor, Option<KeyPermSet>) -> Result<()>,
|
||||
) -> Result<()> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::unbind_key", 500);
|
||||
let _wp = wd::watch("KeystoreDB::unbind_key");
|
||||
|
||||
self.with_transaction(TransactionBehavior::Immediate, |tx| {
|
||||
let (key_id, access_key_descriptor, access_vector) =
|
||||
|
@ -2284,7 +2284,7 @@ impl KeystoreDB {
|
|||
/// Delete all artifacts belonging to the namespace given by the domain-namespace tuple.
|
||||
/// This leaves all of the blob entries orphaned for subsequent garbage collection.
|
||||
pub fn unbind_keys_for_namespace(&mut self, domain: Domain, namespace: i64) -> Result<()> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::unbind_keys_for_namespace", 500);
|
||||
let _wp = wd::watch("KeystoreDB::unbind_keys_for_namespace");
|
||||
|
||||
if !(domain == Domain::APP || domain == Domain::SELINUX) {
|
||||
return Err(KsError::Rc(ResponseCode::INVALID_ARGUMENT)).context(ks_err!());
|
||||
|
@ -2329,7 +2329,7 @@ impl KeystoreDB {
|
|||
}
|
||||
|
||||
fn cleanup_unreferenced(tx: &Transaction) -> Result<()> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::cleanup_unreferenced", 500);
|
||||
let _wp = wd::watch("KeystoreDB::cleanup_unreferenced");
|
||||
{
|
||||
tx.execute(
|
||||
"DELETE FROM persistent.keymetadata
|
||||
|
@ -2378,7 +2378,7 @@ impl KeystoreDB {
|
|||
user_id: u32,
|
||||
keep_non_super_encrypted_keys: bool,
|
||||
) -> Result<()> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::unbind_keys_for_user", 500);
|
||||
let _wp = wd::watch("KeystoreDB::unbind_keys_for_user");
|
||||
|
||||
self.with_transaction(TransactionBehavior::Immediate, |tx| {
|
||||
let mut stmt = tx
|
||||
|
@ -2455,7 +2455,7 @@ impl KeystoreDB {
|
|||
/// be unlocked should remain usable when the lock screen is set to Swipe or None, as the device
|
||||
/// is always considered "unlocked" in that case.
|
||||
pub fn unbind_auth_bound_keys_for_user(&mut self, user_id: u32) -> Result<()> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::unbind_auth_bound_keys_for_user", 500);
|
||||
let _wp = wd::watch("KeystoreDB::unbind_auth_bound_keys_for_user");
|
||||
|
||||
self.with_transaction(TransactionBehavior::Immediate, |tx| {
|
||||
let mut stmt = tx
|
||||
|
@ -2550,7 +2550,7 @@ impl KeystoreDB {
|
|||
key_type: KeyType,
|
||||
start_past_alias: Option<&str>,
|
||||
) -> Result<Vec<KeyDescriptor>> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::list_past_alias", 500);
|
||||
let _wp = wd::watch("KeystoreDB::list_past_alias");
|
||||
|
||||
let query = format!(
|
||||
"SELECT DISTINCT alias FROM persistent.keyentry
|
||||
|
@ -2605,7 +2605,7 @@ impl KeystoreDB {
|
|||
namespace: i64,
|
||||
key_type: KeyType,
|
||||
) -> Result<usize> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::countKeys", 500);
|
||||
let _wp = wd::watch("KeystoreDB::countKeys");
|
||||
|
||||
let num_keys = self.with_transaction(TransactionBehavior::Deferred, |tx| {
|
||||
tx.query_row(
|
||||
|
@ -2638,7 +2638,7 @@ impl KeystoreDB {
|
|||
access_vector: KeyPermSet,
|
||||
check_permission: impl Fn(&KeyDescriptor, &KeyPermSet) -> Result<()>,
|
||||
) -> Result<KeyDescriptor> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::grant", 500);
|
||||
let _wp = wd::watch("KeystoreDB::grant");
|
||||
|
||||
self.with_transaction(TransactionBehavior::Immediate, |tx| {
|
||||
// Load the key_id and complete the access control tuple.
|
||||
|
@ -2704,7 +2704,7 @@ impl KeystoreDB {
|
|||
grantee_uid: u32,
|
||||
check_permission: impl Fn(&KeyDescriptor) -> Result<()>,
|
||||
) -> Result<()> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::ungrant", 500);
|
||||
let _wp = wd::watch("KeystoreDB::ungrant");
|
||||
|
||||
self.with_transaction(TransactionBehavior::Immediate, |tx| {
|
||||
// Load the key_id and complete the access control tuple.
|
||||
|
@ -2770,7 +2770,7 @@ impl KeystoreDB {
|
|||
|
||||
/// Load descriptor of a key by key id
|
||||
pub fn load_key_descriptor(&mut self, key_id: i64) -> Result<Option<KeyDescriptor>> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::load_key_descriptor", 500);
|
||||
let _wp = wd::watch("KeystoreDB::load_key_descriptor");
|
||||
|
||||
self.with_transaction(TransactionBehavior::Deferred, |tx| {
|
||||
tx.query_row(
|
||||
|
@ -2801,7 +2801,7 @@ impl KeystoreDB {
|
|||
user_id: i32,
|
||||
secure_user_id: i64,
|
||||
) -> Result<Vec<i64>> {
|
||||
let _wp = wd::watch_millis("KeystoreDB::get_app_uids_affected_by_sid", 500);
|
||||
let _wp = wd::watch("KeystoreDB::get_app_uids_affected_by_sid");
|
||||
|
||||
let key_ids_and_app_uids = self.with_transaction(TransactionBehavior::Immediate, |tx| {
|
||||
let mut stmt = tx
|
||||
|
|
|
@ -165,7 +165,7 @@ lazy_static! {
|
|||
(
|
||||
Box::new(|uuid, blob| {
|
||||
let km_dev = get_keymint_dev_by_uuid(uuid).map(|(dev, _)| dev)?;
|
||||
let _wp = wd::watch_millis("In invalidate key closure: calling deleteKey", 500);
|
||||
let _wp = wd::watch("In invalidate key closure: calling deleteKey");
|
||||
map_km_error(km_dev.deleteKey(blob))
|
||||
.context(ks_err!("Trying to invalidate key blob."))
|
||||
}),
|
||||
|
@ -306,7 +306,7 @@ fn connect_keymint(
|
|||
}
|
||||
};
|
||||
|
||||
let wp = wd::watch_millis("In connect_keymint: calling getHardwareInfo()", 500);
|
||||
let wp = wd::watch("In connect_keymint: calling getHardwareInfo()");
|
||||
let mut hw_info =
|
||||
map_km_error(keymint.getHardwareInfo()).context(ks_err!("Failed to get hardware info."))?;
|
||||
drop(wp);
|
||||
|
|
|
@ -202,7 +202,7 @@ impl LegacyImporter {
|
|||
|
||||
/// List all aliases for uid in the legacy database.
|
||||
pub fn list_uid(&self, domain: Domain, namespace: i64) -> Result<Vec<KeyDescriptor>> {
|
||||
let _wp = wd::watch_millis("LegacyImporter::list_uid", 500);
|
||||
let _wp = wd::watch("LegacyImporter::list_uid");
|
||||
|
||||
let uid = match (domain, namespace) {
|
||||
(Domain::APP, namespace) => namespace as u32,
|
||||
|
@ -299,7 +299,7 @@ impl LegacyImporter {
|
|||
where
|
||||
F: Fn() -> Result<T>,
|
||||
{
|
||||
let _wp = wd::watch_millis("LegacyImporter::with_try_import", 500);
|
||||
let _wp = wd::watch("LegacyImporter::with_try_import");
|
||||
|
||||
// Access the key and return on success.
|
||||
match key_accessor() {
|
||||
|
@ -355,7 +355,7 @@ impl LegacyImporter {
|
|||
where
|
||||
F: FnMut() -> Result<Option<T>>,
|
||||
{
|
||||
let _wp = wd::watch_millis("LegacyImporter::with_try_import_super_key", 500);
|
||||
let _wp = wd::watch("LegacyImporter::with_try_import_super_key");
|
||||
|
||||
match key_accessor() {
|
||||
Ok(Some(result)) => return Ok(Some(result)),
|
||||
|
@ -379,7 +379,7 @@ impl LegacyImporter {
|
|||
/// Deletes all keys belonging to the given namespace, importing them into the database
|
||||
/// for subsequent garbage collection if necessary.
|
||||
pub fn bulk_delete_uid(&self, domain: Domain, nspace: i64) -> Result<()> {
|
||||
let _wp = wd::watch_millis("LegacyImporter::bulk_delete_uid", 500);
|
||||
let _wp = wd::watch("LegacyImporter::bulk_delete_uid");
|
||||
|
||||
let uid = match (domain, nspace) {
|
||||
(Domain::APP, nspace) => nspace as u32,
|
||||
|
@ -402,7 +402,7 @@ impl LegacyImporter {
|
|||
user_id: u32,
|
||||
keep_non_super_encrypted_keys: bool,
|
||||
) -> Result<()> {
|
||||
let _wp = wd::watch_millis("LegacyImporter::bulk_delete_user", 500);
|
||||
let _wp = wd::watch("LegacyImporter::bulk_delete_user");
|
||||
|
||||
let result = self.do_serialized(move |importer_state| {
|
||||
importer_state
|
||||
|
@ -923,7 +923,7 @@ fn get_key_characteristics_without_app_data(
|
|||
blob,
|
||||
&[],
|
||||
|blob| {
|
||||
let _wd = wd::watch_millis("Calling GetKeyCharacteristics.", 500);
|
||||
let _wd = wd::watch("Calling GetKeyCharacteristics.");
|
||||
map_km_error(km_dev.getKeyCharacteristics(blob, &[], &[]))
|
||||
},
|
||||
|_| Ok(()),
|
||||
|
|
|
@ -302,13 +302,13 @@ impl IKeystoreMaintenance for Maintenance {
|
|||
user_id,
|
||||
password.is_some()
|
||||
);
|
||||
let _wp = wd::watch_millis("IKeystoreMaintenance::onUserPasswordChanged", 500);
|
||||
let _wp = wd::watch("IKeystoreMaintenance::onUserPasswordChanged");
|
||||
map_or_log_err(Self::on_user_password_changed(user_id, password.map(|pw| pw.into())), Ok)
|
||||
}
|
||||
|
||||
fn onUserAdded(&self, user_id: i32) -> BinderResult<()> {
|
||||
log::info!("onUserAdded(user={user_id})");
|
||||
let _wp = wd::watch_millis("IKeystoreMaintenance::onUserAdded", 500);
|
||||
let _wp = wd::watch("IKeystoreMaintenance::onUserAdded");
|
||||
map_or_log_err(self.add_or_remove_user(user_id), Ok)
|
||||
}
|
||||
|
||||
|
@ -319,31 +319,31 @@ impl IKeystoreMaintenance for Maintenance {
|
|||
allow_existing: bool,
|
||||
) -> BinderResult<()> {
|
||||
log::info!("initUserSuperKeys(user={user_id}, allow_existing={allow_existing})");
|
||||
let _wp = wd::watch_millis("IKeystoreMaintenance::initUserSuperKeys", 500);
|
||||
let _wp = wd::watch("IKeystoreMaintenance::initUserSuperKeys");
|
||||
map_or_log_err(self.init_user_super_keys(user_id, password.into(), allow_existing), Ok)
|
||||
}
|
||||
|
||||
fn onUserRemoved(&self, user_id: i32) -> BinderResult<()> {
|
||||
log::info!("onUserRemoved(user={user_id})");
|
||||
let _wp = wd::watch_millis("IKeystoreMaintenance::onUserRemoved", 500);
|
||||
let _wp = wd::watch("IKeystoreMaintenance::onUserRemoved");
|
||||
map_or_log_err(self.add_or_remove_user(user_id), Ok)
|
||||
}
|
||||
|
||||
fn onUserLskfRemoved(&self, user_id: i32) -> BinderResult<()> {
|
||||
log::info!("onUserLskfRemoved(user={user_id})");
|
||||
let _wp = wd::watch_millis("IKeystoreMaintenance::onUserLskfRemoved", 500);
|
||||
let _wp = wd::watch("IKeystoreMaintenance::onUserLskfRemoved");
|
||||
map_or_log_err(Self::on_user_lskf_removed(user_id), Ok)
|
||||
}
|
||||
|
||||
fn clearNamespace(&self, domain: Domain, nspace: i64) -> BinderResult<()> {
|
||||
log::info!("clearNamespace({domain:?}, nspace={nspace})");
|
||||
let _wp = wd::watch_millis("IKeystoreMaintenance::clearNamespace", 500);
|
||||
let _wp = wd::watch("IKeystoreMaintenance::clearNamespace");
|
||||
map_or_log_err(self.clear_namespace(domain, nspace), Ok)
|
||||
}
|
||||
|
||||
fn earlyBootEnded(&self) -> BinderResult<()> {
|
||||
log::info!("earlyBootEnded()");
|
||||
let _wp = wd::watch_millis("IKeystoreMaintenance::earlyBootEnded", 500);
|
||||
let _wp = wd::watch("IKeystoreMaintenance::earlyBootEnded");
|
||||
map_or_log_err(Self::early_boot_ended(), Ok)
|
||||
}
|
||||
|
||||
|
@ -353,13 +353,13 @@ impl IKeystoreMaintenance for Maintenance {
|
|||
destination: &KeyDescriptor,
|
||||
) -> BinderResult<()> {
|
||||
log::info!("migrateKeyNamespace(src={source:?}, dest={destination:?})");
|
||||
let _wp = wd::watch_millis("IKeystoreMaintenance::migrateKeyNamespace", 500);
|
||||
let _wp = wd::watch("IKeystoreMaintenance::migrateKeyNamespace");
|
||||
map_or_log_err(Self::migrate_key_namespace(source, destination), Ok)
|
||||
}
|
||||
|
||||
fn deleteAllKeys(&self) -> BinderResult<()> {
|
||||
log::warn!("deleteAllKeys()");
|
||||
let _wp = wd::watch_millis("IKeystoreMaintenance::deleteAllKeys", 500);
|
||||
let _wp = wd::watch("IKeystoreMaintenance::deleteAllKeys");
|
||||
map_or_log_err(Self::delete_all_keys(), Ok)
|
||||
}
|
||||
|
||||
|
@ -369,7 +369,7 @@ impl IKeystoreMaintenance for Maintenance {
|
|||
secure_user_id: i64,
|
||||
) -> BinderResult<std::vec::Vec<i64>> {
|
||||
log::info!("getAppUidsAffectedBySid(secure_user_id={secure_user_id:?})");
|
||||
let _wp = wd::watch_millis("IKeystoreMaintenance::getAppUidsAffectedBySid", 500);
|
||||
let _wp = wd::watch("IKeystoreMaintenance::getAppUidsAffectedBySid");
|
||||
map_or_log_err(Self::get_app_uids_affected_by_sid(user_id, secure_user_id), Ok)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -51,7 +51,7 @@ impl Interface for Metrics {}
|
|||
|
||||
impl IKeystoreMetrics for Metrics {
|
||||
fn pullMetrics(&self, atom_id: AtomID) -> BinderResult<Vec<KeystoreAtom>> {
|
||||
let _wp = wd::watch_millis("IKeystoreMetrics::pullMetrics", 500);
|
||||
let _wp = wd::watch("IKeystoreMetrics::pullMetrics");
|
||||
map_or_log_err(self.pull_metrics(atom_id), Ok)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -286,7 +286,7 @@ impl Operation {
|
|||
}
|
||||
*locked_outcome = Outcome::Pruned;
|
||||
|
||||
let _wp = wd::watch_millis("In Operation::prune: calling abort()", 500);
|
||||
let _wp = wd::watch("In Operation::prune: calling abort()");
|
||||
|
||||
// We abort the operation. If there was an error we log it but ignore it.
|
||||
if let Err(e) = map_km_error(self.km_op.abort()) {
|
||||
|
@ -362,7 +362,7 @@ impl Operation {
|
|||
.context(ks_err!("Trying to get auth tokens."))?;
|
||||
|
||||
self.update_outcome(&mut outcome, {
|
||||
let _wp = wd::watch_millis("Operation::update_aad: calling updateAad", 500);
|
||||
let _wp = wd::watch("Operation::update_aad: calling updateAad");
|
||||
map_km_error(self.km_op.updateAad(aad_input, hat.as_ref(), tst.as_ref()))
|
||||
})
|
||||
.context(ks_err!("Update failed."))?;
|
||||
|
@ -386,7 +386,7 @@ impl Operation {
|
|||
|
||||
let output = self
|
||||
.update_outcome(&mut outcome, {
|
||||
let _wp = wd::watch_millis("Operation::update: calling update", 500);
|
||||
let _wp = wd::watch("Operation::update: calling update");
|
||||
map_km_error(self.km_op.update(input, hat.as_ref(), tst.as_ref()))
|
||||
})
|
||||
.context(ks_err!("Update failed."))?;
|
||||
|
@ -416,7 +416,7 @@ impl Operation {
|
|||
|
||||
let output = self
|
||||
.update_outcome(&mut outcome, {
|
||||
let _wp = wd::watch_millis("Operation::finish: calling finish", 500);
|
||||
let _wp = wd::watch("Operation::finish: calling finish");
|
||||
map_km_error(self.km_op.finish(
|
||||
input,
|
||||
signature,
|
||||
|
@ -447,7 +447,7 @@ impl Operation {
|
|||
*locked_outcome = outcome;
|
||||
|
||||
{
|
||||
let _wp = wd::watch_millis("Operation::abort: calling abort", 500);
|
||||
let _wp = wd::watch("Operation::abort: calling abort");
|
||||
map_km_error(self.km_op.abort()).context(ks_err!("KeyMint::abort failed."))
|
||||
}
|
||||
}
|
||||
|
@ -821,7 +821,7 @@ impl binder::Interface for KeystoreOperation {}
|
|||
|
||||
impl IKeystoreOperation for KeystoreOperation {
|
||||
fn updateAad(&self, aad_input: &[u8]) -> binder::Result<()> {
|
||||
let _wp = wd::watch_millis("IKeystoreOperation::updateAad", 500);
|
||||
let _wp = wd::watch("IKeystoreOperation::updateAad");
|
||||
map_or_log_err(
|
||||
self.with_locked_operation(
|
||||
|op| op.update_aad(aad_input).context(ks_err!("KeystoreOperation::updateAad")),
|
||||
|
@ -832,7 +832,7 @@ impl IKeystoreOperation for KeystoreOperation {
|
|||
}
|
||||
|
||||
fn update(&self, input: &[u8]) -> binder::Result<Option<Vec<u8>>> {
|
||||
let _wp = wd::watch_millis("IKeystoreOperation::update", 500);
|
||||
let _wp = wd::watch("IKeystoreOperation::update");
|
||||
map_or_log_err(
|
||||
self.with_locked_operation(
|
||||
|op| op.update(input).context(ks_err!("KeystoreOperation::update")),
|
||||
|
@ -846,7 +846,7 @@ impl IKeystoreOperation for KeystoreOperation {
|
|||
input: Option<&[u8]>,
|
||||
signature: Option<&[u8]>,
|
||||
) -> binder::Result<Option<Vec<u8>>> {
|
||||
let _wp = wd::watch_millis("IKeystoreOperation::finish", 500);
|
||||
let _wp = wd::watch("IKeystoreOperation::finish");
|
||||
map_or_log_err(
|
||||
self.with_locked_operation(
|
||||
|op| op.finish(input, signature).context(ks_err!("KeystoreOperation::finish")),
|
||||
|
@ -857,7 +857,7 @@ impl IKeystoreOperation for KeystoreOperation {
|
|||
}
|
||||
|
||||
fn abort(&self) -> binder::Result<()> {
|
||||
let _wp = wd::watch_millis("IKeystoreOperation::abort", 500);
|
||||
let _wp = wd::watch("IKeystoreOperation::abort");
|
||||
map_err_with(
|
||||
self.with_locked_operation(
|
||||
|op| op.abort(Outcome::Abort).context(ks_err!("KeystoreOperation::abort")),
|
||||
|
|
|
@ -211,13 +211,10 @@ impl KeyMintDevice {
|
|||
KeyBlob::NonSensitive(key_blob_vec),
|
||||
|key_blob| {
|
||||
map_km_error({
|
||||
let _wp = wd::watch_millis(
|
||||
concat!(
|
||||
let _wp = wd::watch(concat!(
|
||||
"In KeyMintDevice::lookup_or_generate_key: ",
|
||||
"calling getKeyCharacteristics."
|
||||
),
|
||||
500,
|
||||
);
|
||||
));
|
||||
self.km_dev.getKeyCharacteristics(key_blob, &[], &[])
|
||||
})
|
||||
},
|
||||
|
@ -308,7 +305,7 @@ impl KeyMintDevice {
|
|||
let (begin_result, _) = self
|
||||
.upgrade_keyblob_if_required_with(db, key_id_guard, key_blob, |blob| {
|
||||
map_km_error({
|
||||
let _wp = wd::watch_millis("In use_key_in_one_step: calling: begin", 500);
|
||||
let _wp = wd::watch("In use_key_in_one_step: calling: begin");
|
||||
self.km_dev.begin(purpose, blob, operation_parameters, auth_token)
|
||||
})
|
||||
})
|
||||
|
@ -316,7 +313,7 @@ impl KeyMintDevice {
|
|||
let operation: Strong<dyn IKeyMintOperation> =
|
||||
begin_result.operation.ok_or_else(Error::sys).context(ks_err!("Operation missing"))?;
|
||||
map_km_error({
|
||||
let _wp = wd::watch_millis("In use_key_in_one_step: calling: finish", 500);
|
||||
let _wp = wd::watch("In use_key_in_one_step: calling: finish");
|
||||
operation.finish(Some(input), None, None, None, None)
|
||||
})
|
||||
.context(ks_err!("Failed to finish operation."))
|
||||
|
|
|
@ -129,6 +129,6 @@ fn get_rkpd_attestation_key(
|
|||
// by the calling function and allow for natural fallback to the factory key.
|
||||
let rpc_name = get_remotely_provisioned_component_name(security_level)
|
||||
.context(ks_err!("Trying to get IRPC name."))?;
|
||||
let _wd = wd::watch_millis("Calling get_rkpd_attestation_key()", 500);
|
||||
let _wd = wd::watch("Calling get_rkpd_attestation_key()");
|
||||
rkpd_client::get_rkpd_attestation_key(&rpc_name, caller_uid)
|
||||
}
|
||||
|
|
|
@ -112,6 +112,13 @@ impl KeystoreSecurityLevel {
|
|||
wd::watch_millis_with(id, millis, move || format!("SecurityLevel {:?}", sec_level))
|
||||
}
|
||||
|
||||
fn watch(&self, id: &'static str) -> Option<wd::WatchPoint> {
|
||||
let sec_level = self.security_level;
|
||||
wd::watch_millis_with(id, wd::DEFAULT_TIMEOUT_MS, move || {
|
||||
format!("SecurityLevel {:?}", sec_level)
|
||||
})
|
||||
}
|
||||
|
||||
fn store_new_key(
|
||||
&self,
|
||||
key: KeyDescriptor,
|
||||
|
@ -323,10 +330,8 @@ impl KeystoreSecurityLevel {
|
|||
operation_parameters,
|
||||
|blob| loop {
|
||||
match map_km_error({
|
||||
let _wp = self.watch_millis(
|
||||
"In KeystoreSecurityLevel::create_operation: calling begin",
|
||||
500,
|
||||
);
|
||||
let _wp =
|
||||
self.watch("In KeystoreSecurityLevel::create_operation: calling begin");
|
||||
self.keymint.begin(
|
||||
purpose,
|
||||
blob,
|
||||
|
@ -440,10 +445,8 @@ impl KeystoreSecurityLevel {
|
|||
// If there is an attestation challenge we need to get an application id.
|
||||
if params.iter().any(|kp| kp.tag == Tag::ATTESTATION_CHALLENGE) {
|
||||
let aaid = {
|
||||
let _wp = self.watch_millis(
|
||||
"In KeystoreSecurityLevel::add_required_parameters calling: get_aaid",
|
||||
500,
|
||||
);
|
||||
let _wp = self
|
||||
.watch("In KeystoreSecurityLevel::add_required_parameters calling: get_aaid");
|
||||
keystore2_aaid::get_aaid(uid)
|
||||
.map_err(|e| anyhow!(ks_err!("get_aaid returned status {}.", e)))
|
||||
}?;
|
||||
|
@ -675,8 +678,7 @@ impl KeystoreSecurityLevel {
|
|||
|
||||
let km_dev = &self.keymint;
|
||||
let creation_result = map_km_error({
|
||||
let _wp =
|
||||
self.watch_millis("In KeystoreSecurityLevel::import_key: calling importKey.", 500);
|
||||
let _wp = self.watch("In KeystoreSecurityLevel::import_key: calling importKey.");
|
||||
km_dev.importKey(¶ms, format, key_data, None /* attestKey */)
|
||||
})
|
||||
.context(ks_err!("Trying to call importKey"))?;
|
||||
|
@ -789,9 +791,8 @@ impl KeystoreSecurityLevel {
|
|||
wrapping_blob_metadata.km_uuid().copied(),
|
||||
&[],
|
||||
|wrapping_blob| {
|
||||
let _wp = self.watch_millis(
|
||||
let _wp = self.watch(
|
||||
"In KeystoreSecurityLevel::import_wrapped_key: calling importWrappedKey.",
|
||||
500,
|
||||
);
|
||||
let creation_result = map_km_error(self.keymint.importWrappedKey(
|
||||
wrapped_data,
|
||||
|
@ -897,7 +898,7 @@ impl KeystoreSecurityLevel {
|
|||
params,
|
||||
f,
|
||||
|upgraded_blob| {
|
||||
let _wp = wd::watch_millis("Calling store_rkpd_attestation_key()", 500);
|
||||
let _wp = wd::watch("Calling store_rkpd_attestation_key()");
|
||||
if let Err(e) = store_rkpd_attestation_key(&rpc_name, key_blob, upgraded_blob) {
|
||||
Err(wrapped_rkpd_error_to_ks_error(&e)).context(format!("{e:?}"))
|
||||
} else {
|
||||
|
@ -928,13 +929,10 @@ impl KeystoreSecurityLevel {
|
|||
|
||||
let km_dev = &self.keymint;
|
||||
let res = {
|
||||
let _wp = self.watch_millis(
|
||||
concat!(
|
||||
let _wp = self.watch(concat!(
|
||||
"In IKeystoreSecurityLevel::convert_storage_key_to_ephemeral: ",
|
||||
"calling convertStorageKeyToEphemeral (1)"
|
||||
),
|
||||
500,
|
||||
);
|
||||
));
|
||||
map_km_error(km_dev.convertStorageKeyToEphemeral(key_blob))
|
||||
};
|
||||
match res {
|
||||
|
@ -943,17 +941,13 @@ impl KeystoreSecurityLevel {
|
|||
}
|
||||
Err(error::Error::Km(ErrorCode::KEY_REQUIRES_UPGRADE)) => {
|
||||
let upgraded_blob = {
|
||||
let _wp = self.watch_millis(
|
||||
"In convert_storage_key_to_ephemeral: calling upgradeKey",
|
||||
500,
|
||||
);
|
||||
let _wp = self.watch("In convert_storage_key_to_ephemeral: calling upgradeKey");
|
||||
map_km_error(km_dev.upgradeKey(key_blob, &[]))
|
||||
}
|
||||
.context(ks_err!("Failed to upgrade key blob."))?;
|
||||
let ephemeral_key = {
|
||||
let _wp = self.watch_millis(
|
||||
let _wp = self.watch(
|
||||
"In convert_storage_key_to_ephemeral: calling convertStorageKeyToEphemeral (2)",
|
||||
500,
|
||||
);
|
||||
map_km_error(km_dev.convertStorageKeyToEphemeral(&upgraded_blob))
|
||||
}
|
||||
|
@ -986,8 +980,7 @@ impl KeystoreSecurityLevel {
|
|||
|
||||
let km_dev = &self.keymint;
|
||||
{
|
||||
let _wp =
|
||||
self.watch_millis("In KeystoreSecuritylevel::delete_key: calling deleteKey", 500);
|
||||
let _wp = self.watch("In KeystoreSecuritylevel::delete_key: calling deleteKey");
|
||||
map_km_error(km_dev.deleteKey(key_blob)).context(ks_err!("keymint device deleteKey"))
|
||||
}
|
||||
}
|
||||
|
@ -1002,7 +995,7 @@ impl IKeystoreSecurityLevel for KeystoreSecurityLevel {
|
|||
operation_parameters: &[KeyParameter],
|
||||
forced: bool,
|
||||
) -> binder::Result<CreateOperationResponse> {
|
||||
let _wp = self.watch_millis("IKeystoreSecurityLevel::createOperation", 500);
|
||||
let _wp = self.watch("IKeystoreSecurityLevel::createOperation");
|
||||
map_or_log_err(self.create_operation(key, operation_parameters, forced), Ok)
|
||||
}
|
||||
fn generateKey(
|
||||
|
@ -1029,7 +1022,7 @@ impl IKeystoreSecurityLevel for KeystoreSecurityLevel {
|
|||
flags: i32,
|
||||
key_data: &[u8],
|
||||
) -> binder::Result<KeyMetadata> {
|
||||
let _wp = self.watch_millis("IKeystoreSecurityLevel::importKey", 500);
|
||||
let _wp = self.watch("IKeystoreSecurityLevel::importKey");
|
||||
let result = self.import_key(key, attestation_key, params, flags, key_data);
|
||||
log_key_creation_event_stats(self.security_level, params, &result);
|
||||
log_key_imported(key, ThreadState::get_calling_uid(), result.is_ok());
|
||||
|
@ -1043,7 +1036,7 @@ impl IKeystoreSecurityLevel for KeystoreSecurityLevel {
|
|||
params: &[KeyParameter],
|
||||
authenticators: &[AuthenticatorSpec],
|
||||
) -> binder::Result<KeyMetadata> {
|
||||
let _wp = self.watch_millis("IKeystoreSecurityLevel::importWrappedKey", 500);
|
||||
let _wp = self.watch("IKeystoreSecurityLevel::importWrappedKey");
|
||||
let result =
|
||||
self.import_wrapped_key(key, wrapping_key, masking_key, params, authenticators);
|
||||
log_key_creation_event_stats(self.security_level, params, &result);
|
||||
|
@ -1054,11 +1047,11 @@ impl IKeystoreSecurityLevel for KeystoreSecurityLevel {
|
|||
&self,
|
||||
storage_key: &KeyDescriptor,
|
||||
) -> binder::Result<EphemeralStorageKeyResponse> {
|
||||
let _wp = self.watch_millis("IKeystoreSecurityLevel::convertStorageKeyToEphemeral", 500);
|
||||
let _wp = self.watch("IKeystoreSecurityLevel::convertStorageKeyToEphemeral");
|
||||
map_or_log_err(self.convert_storage_key_to_ephemeral(storage_key), Ok)
|
||||
}
|
||||
fn deleteKey(&self, key: &KeyDescriptor) -> binder::Result<()> {
|
||||
let _wp = self.watch_millis("IKeystoreSecurityLevel::deleteKey", 500);
|
||||
let _wp = self.watch("IKeystoreSecurityLevel::deleteKey");
|
||||
let result = self.delete_key(key);
|
||||
log_key_deleted(key, ThreadState::get_calling_uid(), result.is_ok());
|
||||
map_or_log_err(result, Ok)
|
||||
|
@ -1130,7 +1123,7 @@ mod tests {
|
|||
|new_blob| {
|
||||
// This handler is only executed if a key upgrade was performed.
|
||||
key_upgraded = true;
|
||||
let _wp = wd::watch_millis("Calling store_rkpd_attestation_key()", 500);
|
||||
let _wp = wd::watch("Calling store_rkpd_attestation_key()");
|
||||
store_rkpd_attestation_key(&rpc_name, &key.keyBlob, new_blob).unwrap();
|
||||
Ok(())
|
||||
},
|
||||
|
|
|
@ -387,7 +387,7 @@ impl IKeystoreService for KeystoreService {
|
|||
map_or_log_err(self.get_security_level(security_level), Ok)
|
||||
}
|
||||
fn getKeyEntry(&self, key: &KeyDescriptor) -> binder::Result<KeyEntryResponse> {
|
||||
let _wp = wd::watch_millis("IKeystoreService::get_key_entry", 500);
|
||||
let _wp = wd::watch("IKeystoreService::get_key_entry");
|
||||
map_or_log_err(self.get_key_entry(key), Ok)
|
||||
}
|
||||
fn updateSubcomponent(
|
||||
|
@ -396,15 +396,15 @@ impl IKeystoreService for KeystoreService {
|
|||
public_cert: Option<&[u8]>,
|
||||
certificate_chain: Option<&[u8]>,
|
||||
) -> binder::Result<()> {
|
||||
let _wp = wd::watch_millis("IKeystoreService::updateSubcomponent", 500);
|
||||
let _wp = wd::watch("IKeystoreService::updateSubcomponent");
|
||||
map_or_log_err(self.update_subcomponent(key, public_cert, certificate_chain), Ok)
|
||||
}
|
||||
fn listEntries(&self, domain: Domain, namespace: i64) -> binder::Result<Vec<KeyDescriptor>> {
|
||||
let _wp = wd::watch_millis("IKeystoreService::listEntries", 500);
|
||||
let _wp = wd::watch("IKeystoreService::listEntries");
|
||||
map_or_log_err(self.list_entries(domain, namespace), Ok)
|
||||
}
|
||||
fn deleteKey(&self, key: &KeyDescriptor) -> binder::Result<()> {
|
||||
let _wp = wd::watch_millis("IKeystoreService::deleteKey", 500);
|
||||
let _wp = wd::watch("IKeystoreService::deleteKey");
|
||||
let result = self.delete_key(key);
|
||||
log_key_deleted(key, ThreadState::get_calling_uid(), result.is_ok());
|
||||
map_or_log_err(result, Ok)
|
||||
|
@ -415,11 +415,11 @@ impl IKeystoreService for KeystoreService {
|
|||
grantee_uid: i32,
|
||||
access_vector: i32,
|
||||
) -> binder::Result<KeyDescriptor> {
|
||||
let _wp = wd::watch_millis("IKeystoreService::grant", 500);
|
||||
let _wp = wd::watch("IKeystoreService::grant");
|
||||
map_or_log_err(self.grant(key, grantee_uid, access_vector.into()), Ok)
|
||||
}
|
||||
fn ungrant(&self, key: &KeyDescriptor, grantee_uid: i32) -> binder::Result<()> {
|
||||
let _wp = wd::watch_millis("IKeystoreService::ungrant", 500);
|
||||
let _wp = wd::watch("IKeystoreService::ungrant");
|
||||
map_or_log_err(self.ungrant(key, grantee_uid), Ok)
|
||||
}
|
||||
fn listEntriesBatched(
|
||||
|
@ -428,12 +428,12 @@ impl IKeystoreService for KeystoreService {
|
|||
namespace: i64,
|
||||
start_past_alias: Option<&str>,
|
||||
) -> binder::Result<Vec<KeyDescriptor>> {
|
||||
let _wp = wd::watch_millis("IKeystoreService::listEntriesBatched", 500);
|
||||
let _wp = wd::watch("IKeystoreService::listEntriesBatched");
|
||||
map_or_log_err(self.list_entries_batched(domain, namespace, start_past_alias), Ok)
|
||||
}
|
||||
|
||||
fn getNumberOfEntries(&self, domain: Domain, namespace: i64) -> binder::Result<i32> {
|
||||
let _wp = wd::watch_millis("IKeystoreService::getNumberOfEntries", 500);
|
||||
let _wp = wd::watch("IKeystoreService::getNumberOfEntries");
|
||||
map_or_log_err(self.count_num_entries(domain, namespace), Ok)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -919,10 +919,8 @@ impl SuperKeyManager {
|
|||
&key_desc,
|
||||
KeyType::Client, /* TODO Should be Super b/189470584 */
|
||||
|dev| {
|
||||
let _wp = wd::watch_millis(
|
||||
"In lock_unlocked_device_required_keys: calling importKey.",
|
||||
500,
|
||||
);
|
||||
let _wp =
|
||||
wd::watch("In lock_unlocked_device_required_keys: calling importKey.");
|
||||
dev.importKey(key_params.as_slice(), KeyFormat::RAW, &encrypting_key, None)
|
||||
},
|
||||
)?;
|
||||
|
|
|
@ -143,10 +143,8 @@ fn check_android_permission(permission: &str) -> anyhow::Result<()> {
|
|||
binder::get_interface("permission")?;
|
||||
|
||||
let binder_result = {
|
||||
let _wp = watchdog::watch_millis(
|
||||
"In check_device_attestation_permissions: calling checkPermission.",
|
||||
500,
|
||||
);
|
||||
let _wp =
|
||||
watchdog::watch("In check_device_attestation_permissions: calling checkPermission.");
|
||||
permission_controller.checkPermission(
|
||||
permission,
|
||||
ThreadState::get_calling_pid(),
|
||||
|
@ -263,10 +261,7 @@ where
|
|||
log::debug!("import parameters={import_params:?}");
|
||||
|
||||
let creation_result = {
|
||||
let _wp = watchdog::watch_millis(
|
||||
"In utils::import_keyblob_and_perform_op: calling importKey.",
|
||||
500,
|
||||
);
|
||||
let _wp = watchdog::watch("In utils::import_keyblob_and_perform_op: calling importKey.");
|
||||
map_km_error(km_dev.importKey(&import_params, format, &key_material, None))
|
||||
}
|
||||
.context(ks_err!("Upgrade failed."))?;
|
||||
|
@ -306,10 +301,7 @@ where
|
|||
NewBlobHandler: FnOnce(&[u8]) -> Result<()>,
|
||||
{
|
||||
let upgraded_blob = {
|
||||
let _wp = watchdog::watch_millis(
|
||||
"In utils::upgrade_keyblob_and_perform_op: calling upgradeKey.",
|
||||
500,
|
||||
);
|
||||
let _wp = watchdog::watch("In utils::upgrade_keyblob_and_perform_op: calling upgradeKey.");
|
||||
map_km_error(km_dev.upgradeKey(key_blob, upgrade_params))
|
||||
}
|
||||
.context(ks_err!("Upgrade failed."))?;
|
||||
|
|
|
@ -23,6 +23,11 @@ pub mod watchdog {
|
|||
pub use watchdog_rs::WatchPoint;
|
||||
use watchdog_rs::Watchdog;
|
||||
|
||||
/// Default timeout interval, in milliseconds.
|
||||
pub const DEFAULT_TIMEOUT_MS: u64 = 500;
|
||||
|
||||
const DEFAULT_TIMEOUT: Duration = Duration::from_millis(DEFAULT_TIMEOUT_MS);
|
||||
|
||||
lazy_static! {
|
||||
/// A Watchdog thread, that can be used to create watch points.
|
||||
static ref WD: Arc<Watchdog> = Watchdog::new(Duration::from_secs(10));
|
||||
|
@ -33,6 +38,11 @@ pub mod watchdog {
|
|||
Watchdog::watch(&WD, id, Duration::from_millis(millis))
|
||||
}
|
||||
|
||||
/// Sets a watch point with `id` and a default timeout of [`DEFAULT_TIMEOUT_MS`] milliseconds.
|
||||
pub fn watch(id: &'static str) -> Option<WatchPoint> {
|
||||
Watchdog::watch(&WD, id, DEFAULT_TIMEOUT)
|
||||
}
|
||||
|
||||
/// Like `watch_millis` but with a callback that is called every time a report
|
||||
/// is printed about this watch point.
|
||||
pub fn watch_millis_with(
|
||||
|
@ -53,6 +63,10 @@ pub mod watchdog {
|
|||
fn watch_millis(_: &'static str, _: u64) -> Option<WatchPoint> {
|
||||
None
|
||||
}
|
||||
/// Sets a Noop watch point.
|
||||
fn watch(_: &'static str) -> Option<WatchPoint> {
|
||||
None
|
||||
}
|
||||
|
||||
pub fn watch_millis_with(
|
||||
_: &'static str,
|
||||
|
|
Loading…
Reference in a new issue