Keystore 2.0: Add more watch points. This patch adds watch points on all calls into keymint, on get_aaid, and calls to the permission controller. Test: N/A Change-Id: If5b85fd1ad5c33e08ba9fd25f5cb0c76be747d3e

commit: 2ee014b9c7aa4f0ca0ec6524e49d2e2cfab39e31 [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Wed May 05 14:29:08 2021 -0700
committer: Janis Danisevskis <jdanis@google.com> Thu May 06 09:26:14 2021 -0700
tree: d8984f474849ffa83e1d0eb556aad18a9535a6a4
parent: 850d4869ef87480658854da080d3eeff1012eaca [diff] [blame]
diff --git a/keystore2/src/utils.rs b/keystore2/src/utils.rs
index 982d8f5..9852aad 100644
--- a/keystore2/src/utils.rs
+++ b/keystore2/src/utils.rs

@@ -107,11 +107,17 @@
     let permission_controller: binder::Strong<dyn IPermissionController::IPermissionController> =
         binder::get_interface("permission")?;
 
-    let binder_result = permission_controller.checkPermission(
-        "android.permission.READ_PRIVILEGED_PHONE_STATE",
-        ThreadState::get_calling_pid(),
-        ThreadState::get_calling_uid() as i32,
-    );
+    let binder_result = {
+        let _wp = watchdog::watch_millis(
+            "In check_device_attestation_permissions: calling checkPermission.",
+            500,
+        );
+        permission_controller.checkPermission(
+            "android.permission.READ_PRIVILEGED_PHONE_STATE",
+            ThreadState::get_calling_pid(),
+            ThreadState::get_calling_uid() as i32,
+        )
+    };
     let has_permissions = map_binder_status(binder_result)
         .context("In check_device_attestation_permissions: checkPermission failed")?;
     match has_permissions {
commit	2ee014b9c7aa4f0ca0ec6524e49d2e2cfab39e31	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Wed May 05 14:29:08 2021 -0700
committer	Janis Danisevskis <jdanis@google.com>	Thu May 06 09:26:14 2021 -0700
tree	d8984f474849ffa83e1d0eb556aad18a9535a6a4
parent	850d4869ef87480658854da080d3eeff1012eaca [diff] [blame]