Merge "[rkpd] Move watchdog calls from rkpd_client to keystore2" into main
diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs
index 1e33ef1..3f7833e 100644
--- a/keystore2/src/remote_provisioning.rs
+++ b/keystore2/src/remote_provisioning.rs
@@ -35,6 +35,7 @@
use crate::ks_err;
use crate::metrics_store::log_rkp_error_stats;
use crate::rkpd_client::get_rkpd_attestation_key;
+use crate::watchdog_helper::watchdog as wd;
use android_security_metrics::aidl::android::security::metrics::RkpError::RkpError as MetricsRkpError;
/// Contains helper functions to check if remote provisioning is enabled on the system and, if so,
@@ -96,6 +97,7 @@
} else {
let rpc_name = get_remotely_provisioned_component_name(&self.security_level)
.context(ks_err!("Trying to get IRPC name."))?;
+ let _wd = wd::watch_millis("Calling get_rkpd_attestation_key()", 500);
match get_rkpd_attestation_key(&rpc_name, caller_uid) {
Err(e) => {
if self.is_rkp_only() {
diff --git a/keystore2/src/rkpd_client.rs b/keystore2/src/rkpd_client.rs
index 9317824..fe64150 100644
--- a/keystore2/src/rkpd_client.rs
+++ b/keystore2/src/rkpd_client.rs
@@ -15,7 +15,6 @@
//! Helper wrapper around RKPD interface.
use crate::error::{map_binder_status_code, Error, ResponseCode};
-use crate::watchdog_helper::watchdog as wd;
use android_security_rkp_aidl::aidl::android::security::rkp::{
IGetKeyCallback::BnGetKeyCallback, IGetKeyCallback::ErrorCode::ErrorCode as GetKeyErrorCode,
IGetKeyCallback::IGetKeyCallback, IGetRegistrationCallback::BnGetRegistrationCallback,
@@ -82,12 +81,10 @@
impl IGetRegistrationCallback for GetRegistrationCallback {
fn onSuccess(&self, registration: &Strong<dyn IRegistration>) -> binder::Result<()> {
- let _wp = wd::watch_millis("IGetRegistrationCallback::onSuccess", 500);
self.registration_tx.send(Ok(registration.clone()));
Ok(())
}
fn onCancel(&self) -> binder::Result<()> {
- let _wp = wd::watch_millis("IGetRegistrationCallback::onCancel", 500);
log::warn!("IGetRegistrationCallback cancelled");
self.registration_tx.send(
Err(Error::Rc(ResponseCode::OUT_OF_KEYS_TRANSIENT_ERROR))
@@ -96,7 +93,6 @@
Ok(())
}
fn onError(&self, description: &str) -> binder::Result<()> {
- let _wp = wd::watch_millis("IGetRegistrationCallback::onError", 500);
log::error!("IGetRegistrationCallback failed: '{description}'");
self.registration_tx
.send(Err(Error::Rc(ResponseCode::OUT_OF_KEYS_TRANSIENT_ERROR)).context(
@@ -143,7 +139,6 @@
impl IGetKeyCallback for GetKeyCallback {
fn onSuccess(&self, key: &RemotelyProvisionedKey) -> binder::Result<()> {
- let _wp = wd::watch_millis("IGetKeyCallback::onSuccess", 500);
self.key_tx.send(Ok(RemotelyProvisionedKey {
keyBlob: key.keyBlob.clone(),
encodedCertChain: key.encodedCertChain.clone(),
@@ -151,7 +146,6 @@
Ok(())
}
fn onCancel(&self) -> binder::Result<()> {
- let _wp = wd::watch_millis("IGetKeyCallback::onCancel", 500);
log::warn!("IGetKeyCallback cancelled");
self.key_tx.send(
Err(Error::Rc(ResponseCode::OUT_OF_KEYS_TRANSIENT_ERROR))
@@ -160,7 +154,6 @@
Ok(())
}
fn onError(&self, error: GetKeyErrorCode, description: &str) -> binder::Result<()> {
- let _wp = wd::watch_millis("IGetKeyCallback::onError", 500);
log::error!("IGetKeyCallback failed: {description}");
let rc = match error {
GetKeyErrorCode::ERROR_UNKNOWN => ResponseCode::OUT_OF_KEYS_TRANSIENT_ERROR,
@@ -236,13 +229,11 @@
impl IStoreUpgradedKeyCallback for StoreUpgradedKeyCallback {
fn onSuccess(&self) -> binder::Result<()> {
- let _wp = wd::watch_millis("IGetRegistrationCallback::onSuccess", 500);
self.completer.send(Ok(()));
Ok(())
}
fn onError(&self, error: &str) -> binder::Result<()> {
- let _wp = wd::watch_millis("IGetRegistrationCallback::onError", 500);
log::error!("IGetRegistrationCallback failed: {error}");
self.completer.send(
Err(Error::Rc(ResponseCode::SYSTEM_ERROR))
@@ -284,7 +275,6 @@
/// Get attestation key from RKPD.
pub fn get_rkpd_attestation_key(rpc_name: &str, caller_uid: u32) -> Result<RemotelyProvisionedKey> {
- let _wp = wd::watch_millis("Calling get_rkpd_attestation_key()", 500);
tokio_rt().block_on(get_rkpd_attestation_key_async(rpc_name, caller_uid))
}
@@ -294,7 +284,6 @@
key_blob: &[u8],
upgraded_blob: &[u8],
) -> Result<()> {
- let _wp = wd::watch_millis("Calling store_rkpd_attestation_key()", 500);
tokio_rt().block_on(store_rkpd_attestation_key_async(rpc_name, key_blob, upgraded_blob))
}
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index 50ada74..830fbe1 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -899,6 +899,7 @@
params,
f,
|upgraded_blob| {
+ let _wp = wd::watch_millis("Calling store_rkpd_attestation_key()", 500);
store_rkpd_attestation_key(&rpc_name, key_blob, upgraded_blob)
.context(ks_err!("Failed store_rkpd_attestation_key()."))
},
@@ -1127,6 +1128,7 @@
|new_blob| {
// This handler is only executed if a key upgrade was performed.
key_upgraded = true;
+ let _wp = wd::watch_millis("Calling store_rkpd_attestation_key()", 500);
store_rkpd_attestation_key(&rpc_name, &key.keyBlob, new_blob).unwrap();
Ok(())
},