Add/use watchdog with standard timeout
Almost all uses of the watchdog use the same 500ms timeout, so add a new
method that assumes that.
Test: CtsKeystoreTestCases
Change-Id: Idf7852400a58ba954e4a71e5e2282734a0960072
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index cd15527..59f2315 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -112,6 +112,13 @@
wd::watch_millis_with(id, millis, move || format!("SecurityLevel {:?}", sec_level))
}
+ fn watch(&self, id: &'static str) -> Option<wd::WatchPoint> {
+ let sec_level = self.security_level;
+ wd::watch_millis_with(id, wd::DEFAULT_TIMEOUT_MS, move || {
+ format!("SecurityLevel {:?}", sec_level)
+ })
+ }
+
fn store_new_key(
&self,
key: KeyDescriptor,
@@ -323,10 +330,8 @@
operation_parameters,
|blob| loop {
match map_km_error({
- let _wp = self.watch_millis(
- "In KeystoreSecurityLevel::create_operation: calling begin",
- 500,
- );
+ let _wp =
+ self.watch("In KeystoreSecurityLevel::create_operation: calling begin");
self.keymint.begin(
purpose,
blob,
@@ -440,10 +445,8 @@
// If there is an attestation challenge we need to get an application id.
if params.iter().any(|kp| kp.tag == Tag::ATTESTATION_CHALLENGE) {
let aaid = {
- let _wp = self.watch_millis(
- "In KeystoreSecurityLevel::add_required_parameters calling: get_aaid",
- 500,
- );
+ let _wp = self
+ .watch("In KeystoreSecurityLevel::add_required_parameters calling: get_aaid");
keystore2_aaid::get_aaid(uid)
.map_err(|e| anyhow!(ks_err!("get_aaid returned status {}.", e)))
}?;
@@ -675,8 +678,7 @@
let km_dev = &self.keymint;
let creation_result = map_km_error({
- let _wp =
- self.watch_millis("In KeystoreSecurityLevel::import_key: calling importKey.", 500);
+ let _wp = self.watch("In KeystoreSecurityLevel::import_key: calling importKey.");
km_dev.importKey(¶ms, format, key_data, None /* attestKey */)
})
.context(ks_err!("Trying to call importKey"))?;
@@ -789,9 +791,8 @@
wrapping_blob_metadata.km_uuid().copied(),
&[],
|wrapping_blob| {
- let _wp = self.watch_millis(
+ let _wp = self.watch(
"In KeystoreSecurityLevel::import_wrapped_key: calling importWrappedKey.",
- 500,
);
let creation_result = map_km_error(self.keymint.importWrappedKey(
wrapped_data,
@@ -897,7 +898,7 @@
params,
f,
|upgraded_blob| {
- let _wp = wd::watch_millis("Calling store_rkpd_attestation_key()", 500);
+ let _wp = wd::watch("Calling store_rkpd_attestation_key()");
if let Err(e) = store_rkpd_attestation_key(&rpc_name, key_blob, upgraded_blob) {
Err(wrapped_rkpd_error_to_ks_error(&e)).context(format!("{e:?}"))
} else {
@@ -928,13 +929,10 @@
let km_dev = &self.keymint;
let res = {
- let _wp = self.watch_millis(
- concat!(
- "In IKeystoreSecurityLevel::convert_storage_key_to_ephemeral: ",
- "calling convertStorageKeyToEphemeral (1)"
- ),
- 500,
- );
+ let _wp = self.watch(concat!(
+ "In IKeystoreSecurityLevel::convert_storage_key_to_ephemeral: ",
+ "calling convertStorageKeyToEphemeral (1)"
+ ));
map_km_error(km_dev.convertStorageKeyToEphemeral(key_blob))
};
match res {
@@ -943,17 +941,13 @@
}
Err(error::Error::Km(ErrorCode::KEY_REQUIRES_UPGRADE)) => {
let upgraded_blob = {
- let _wp = self.watch_millis(
- "In convert_storage_key_to_ephemeral: calling upgradeKey",
- 500,
- );
+ let _wp = self.watch("In convert_storage_key_to_ephemeral: calling upgradeKey");
map_km_error(km_dev.upgradeKey(key_blob, &[]))
}
.context(ks_err!("Failed to upgrade key blob."))?;
let ephemeral_key = {
- let _wp = self.watch_millis(
+ let _wp = self.watch(
"In convert_storage_key_to_ephemeral: calling convertStorageKeyToEphemeral (2)",
- 500,
);
map_km_error(km_dev.convertStorageKeyToEphemeral(&upgraded_blob))
}
@@ -986,8 +980,7 @@
let km_dev = &self.keymint;
{
- let _wp =
- self.watch_millis("In KeystoreSecuritylevel::delete_key: calling deleteKey", 500);
+ let _wp = self.watch("In KeystoreSecuritylevel::delete_key: calling deleteKey");
map_km_error(km_dev.deleteKey(key_blob)).context(ks_err!("keymint device deleteKey"))
}
}
@@ -1002,7 +995,7 @@
operation_parameters: &[KeyParameter],
forced: bool,
) -> binder::Result<CreateOperationResponse> {
- let _wp = self.watch_millis("IKeystoreSecurityLevel::createOperation", 500);
+ let _wp = self.watch("IKeystoreSecurityLevel::createOperation");
map_or_log_err(self.create_operation(key, operation_parameters, forced), Ok)
}
fn generateKey(
@@ -1029,7 +1022,7 @@
flags: i32,
key_data: &[u8],
) -> binder::Result<KeyMetadata> {
- let _wp = self.watch_millis("IKeystoreSecurityLevel::importKey", 500);
+ let _wp = self.watch("IKeystoreSecurityLevel::importKey");
let result = self.import_key(key, attestation_key, params, flags, key_data);
log_key_creation_event_stats(self.security_level, params, &result);
log_key_imported(key, ThreadState::get_calling_uid(), result.is_ok());
@@ -1043,7 +1036,7 @@
params: &[KeyParameter],
authenticators: &[AuthenticatorSpec],
) -> binder::Result<KeyMetadata> {
- let _wp = self.watch_millis("IKeystoreSecurityLevel::importWrappedKey", 500);
+ let _wp = self.watch("IKeystoreSecurityLevel::importWrappedKey");
let result =
self.import_wrapped_key(key, wrapping_key, masking_key, params, authenticators);
log_key_creation_event_stats(self.security_level, params, &result);
@@ -1054,11 +1047,11 @@
&self,
storage_key: &KeyDescriptor,
) -> binder::Result<EphemeralStorageKeyResponse> {
- let _wp = self.watch_millis("IKeystoreSecurityLevel::convertStorageKeyToEphemeral", 500);
+ let _wp = self.watch("IKeystoreSecurityLevel::convertStorageKeyToEphemeral");
map_or_log_err(self.convert_storage_key_to_ephemeral(storage_key), Ok)
}
fn deleteKey(&self, key: &KeyDescriptor) -> binder::Result<()> {
- let _wp = self.watch_millis("IKeystoreSecurityLevel::deleteKey", 500);
+ let _wp = self.watch("IKeystoreSecurityLevel::deleteKey");
let result = self.delete_key(key);
log_key_deleted(key, ThreadState::get_calling_uid(), result.is_ok());
map_or_log_err(result, Ok)
@@ -1130,7 +1123,7 @@
|new_blob| {
// This handler is only executed if a key upgrade was performed.
key_upgraded = true;
- let _wp = wd::watch_millis("Calling store_rkpd_attestation_key()", 500);
+ let _wp = wd::watch("Calling store_rkpd_attestation_key()");
store_rkpd_attestation_key(&rpc_name, &key.keyBlob, new_blob).unwrap();
Ok(())
},