1 files changed, 36 insertions, 42 deletions

diff --git a/keystore2/legacykeystore/lib.rs b/keystore2/legacykeystore/lib.rs
index db3eff63..b173da83 100644
--- a/keystore2/legacykeystore/lib.rs
+++ b/keystore2/legacykeystore/lib.rs
@@ -134,6 +134,7 @@ impl DB {
     }
 
     fn get(&mut self, caller_uid: u32, alias: &str) -> Result<Option<Vec<u8>>> {
+        ensure_keystore_get_is_enabled()?;
         self.with_transaction(TransactionBehavior::Deferred, |tx| {
             tx.query_row(
                 "SELECT profile FROM profiles WHERE owner = ? AND alias = ?;",
@@ -210,41 +211,22 @@ impl Error {
     }
 }
 
-/// This function should be used by legacykeystore service calls to translate error conditions
-/// into service specific exceptions.
+/// Translate an error into a service specific exception, logging along the way.
 ///
-/// All error conditions get logged by this function, except for ERROR_ENTRY_NOT_FOUND error.
-///
-/// `Error::Error(x)` variants get mapped onto a service specific error code of `x`.
-///
-/// All non `Error` error conditions get mapped onto `ERROR_SYSTEM_ERROR`.
-///
-/// `handle_ok` will be called if `result` is `Ok(value)` where `value` will be passed
-/// as argument to `handle_ok`. `handle_ok` must generate a `BinderResult<T>`, but it
-/// typically returns Ok(value).
-fn map_or_log_err<T, U, F>(result: Result<U>, handle_ok: F) -> BinderResult<T>
-where
-    F: FnOnce(U) -> BinderResult<T>,
-{
-    result.map_or_else(
-        |e| {
-            let root_cause = e.root_cause();
-            let (rc, log_error) = match root_cause.downcast_ref::<Error>() {
-                // Make the entry not found errors silent.
-                Some(Error::Error(ERROR_ENTRY_NOT_FOUND)) => (ERROR_ENTRY_NOT_FOUND, false),
-                Some(Error::Error(e)) => (*e, true),
-                Some(Error::Binder(_, _)) | None => (ERROR_SYSTEM_ERROR, true),
-            };
-            if log_error {
-                log::error!("{:?}", e);
-            }
-            Err(BinderStatus::new_service_specific_error(
-                rc,
-                anyhow_error_to_cstring(&e).as_deref(),
-            ))
-        },
-        handle_ok,
-    )
+/// `Error::Error(x)` variants get mapped onto a service specific error code of `x`, other errors
+/// are mapped to `ERROR_SYSTEM_ERROR`.
+fn into_logged_binder(e: anyhow::Error) -> BinderStatus {
+    let root_cause = e.root_cause();
+    let (rc, log_error) = match root_cause.downcast_ref::<Error>() {
+        // Make the entry not found errors silent.
+        Some(Error::Error(ERROR_ENTRY_NOT_FOUND)) => (ERROR_ENTRY_NOT_FOUND, false),
+        Some(Error::Error(e)) => (*e, true),
+        Some(Error::Binder(_, _)) | None => (ERROR_SYSTEM_ERROR, true),
+    };
+    if log_error {
+        log::error!("{:?}", e);
+    }
+    BinderStatus::new_service_specific_error(rc, anyhow_error_to_cstring(&e).as_deref())
 }
 
 fn ensure_keystore_put_is_enabled() -> Result<()> {
@@ -258,6 +240,17 @@ fn ensure_keystore_put_is_enabled() -> Result<()> {
     }
 }
 
+fn ensure_keystore_get_is_enabled() -> Result<()> {
+    if keystore2_flags::disable_legacy_keystore_get() {
+        Err(Error::deprecated()).context(concat!(
+            "Retrieving from Keystore's legacy database is ",
+            "no longer supported, store in an app-specific database instead"
+        ))
+    } else {
+        Ok(())
+    }
+}
+
 struct LegacyKeystoreDeleteListener {
     legacy_keystore: Arc<LegacyKeystore>,
 }
@@ -332,6 +325,7 @@ impl LegacyKeystore {
     }
 
     fn get(&self, alias: &str, uid: i32) -> Result<Vec<u8>> {
+        ensure_keystore_get_is_enabled()?;
         let mut db = self.open_db().context("In get.")?;
         let uid = Self::get_effective_uid(uid).context("In get.")?;
 
@@ -551,20 +545,20 @@ impl binder::Interface for LegacyKeystoreService {}
 
 impl ILegacyKeystore for LegacyKeystoreService {
     fn get(&self, alias: &str, uid: i32) -> BinderResult<Vec<u8>> {
-        let _wp = wd::watch_millis("ILegacyKeystore::get", 500);
-        map_or_log_err(self.legacy_keystore.get(alias, uid), Ok)
+        let _wp = wd::watch("ILegacyKeystore::get");
+        self.legacy_keystore.get(alias, uid).map_err(into_logged_binder)
     }
     fn put(&self, alias: &str, uid: i32, entry: &[u8]) -> BinderResult<()> {
-        let _wp = wd::watch_millis("ILegacyKeystore::put", 500);
-        map_or_log_err(self.legacy_keystore.put(alias, uid, entry), Ok)
+        let _wp = wd::watch("ILegacyKeystore::put");
+        self.legacy_keystore.put(alias, uid, entry).map_err(into_logged_binder)
     }
     fn remove(&self, alias: &str, uid: i32) -> BinderResult<()> {
-        let _wp = wd::watch_millis("ILegacyKeystore::remove", 500);
-        map_or_log_err(self.legacy_keystore.remove(alias, uid), Ok)
+        let _wp = wd::watch("ILegacyKeystore::remove");
+        self.legacy_keystore.remove(alias, uid).map_err(into_logged_binder)
     }
     fn list(&self, prefix: &str, uid: i32) -> BinderResult<Vec<String>> {
-        let _wp = wd::watch_millis("ILegacyKeystore::list", 500);
-        map_or_log_err(self.legacy_keystore.list(prefix, uid), Ok)
+        let _wp = wd::watch("ILegacyKeystore::list");
+        self.legacy_keystore.list(prefix, uid).map_err(into_logged_binder)
     }
 }