Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 19b3b0d89470c1c7a58c7c009435431bd1d6332c^! / . / keystore2 / src / enforcements.rs
commit19b3b0d89470c1c7a58c7c009435431bd1d6332c[log] [tgz]
authorEric Biggers <ebiggers@google.com>Wed Jan 31 22:46:47 2024 +0000
committerEric Biggers <ebiggers@google.com>Wed Jan 31 22:54:54 2024 +0000
tree1d0c41d93e93a91fab493db54f9c95cf5ce065db
parent53d2763a23872f63657d01b3d6df9777245e4d3c [diff] [blame]
keystore2: rename MonotonicRawTime to BootTime

Due to https://r.android.com/2822970 ("Use CLOCK_BOOTTIME for keystore2
auth token received time"), MonotonicRawTime now uses CLOCK_BOOTTIME
instead of CLOCK_MONOTONIC_RAW.  Therefore, rename it to BootTime.

Bug: 309686873
Test: atest -p --include-subdirs system/security/keystore2
Change-Id: If1fbbac2eccb03dc7360ae742d79e58f871fb80d

diff --git a/keystore2/src/enforcements.rs b/keystore2/src/enforcements.rs
index 04f26e9..55c9591 100644
--- a/keystore2/src/enforcements.rs
+++ b/keystore2/src/enforcements.rs

@@ -20,7 +20,7 @@
 use crate::key_parameter::{KeyParameter, KeyParameterValue};
 use crate::{authorization::Error as AuthzError, super_key::SuperEncryptionType};
 use crate::{
-    database::{AuthTokenEntry, MonotonicRawTime},
+    database::{AuthTokenEntry, BootTime},
     globals::SUPER_KEY,
 };
 use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
@@ -614,7 +614,7 @@
                     })
                     .ok_or(Error::Km(Ec::KEY_USER_NOT_AUTHENTICATED))
                     .context(ks_err!("No suitable auth token found."))?;
-                let now = MonotonicRawTime::now();
+                let now = BootTime::now();
                 let token_age = now
                     .checked_sub(&hat.time_received())
                     .ok_or_else(Error::sys)
@@ -680,7 +680,7 @@
         // Now check the validity of the auth token if the key is timeout bound.
         let hat = match (hat_and_last_off_body, key_time_out) {
             (Some((hat, last_off_body)), Some(key_time_out)) => {
-                let now = MonotonicRawTime::now();
+                let now = BootTime::now();
                 let token_age = now
                     .checked_sub(&hat.time_received())
                     .ok_or_else(Error::sys)
@@ -728,7 +728,7 @@
         })
     }
 
-    fn find_auth_token<F>(p: F) -> Option<(AuthTokenEntry, MonotonicRawTime)>
+    fn find_auth_token<F>(p: F) -> Option<(AuthTokenEntry, BootTime)>
     where
         F: Fn(&AuthTokenEntry) -> bool,
     {
@@ -853,7 +853,7 @@
         } else {
             // Filter the matching auth tokens by age.
             if auth_token_max_age_millis != 0 {
-                let now_in_millis = MonotonicRawTime::now();
+                let now_in_millis = BootTime::now();
                 let result = Self::find_auth_token(|auth_token_entry: &AuthTokenEntry| {
                     let token_valid = now_in_millis
                         .checked_sub(&auth_token_entry.time_received())
@@ -889,7 +889,7 @@
         &self,
         secure_user_id: i64,
         auth_type: HardwareAuthenticatorType,
-    ) -> Option<MonotonicRawTime> {
+    ) -> Option<BootTime> {
         let sids: Vec<i64> = vec![secure_user_id];
 
         let result =