1 files changed, 23 insertions, 28 deletions

diff --git a/keystore2/src/maintenance.rs b/keystore2/src/maintenance.rs
index 1fca5d96..5efb798d 100644
--- a/keystore2/src/maintenance.rs
+++ b/keystore2/src/maintenance.rs
@@ -20,6 +20,7 @@ use crate::error::map_or_log_err;
 use crate::error::Error;
 use crate::globals::get_keymint_device;
 use crate::globals::{DB, LEGACY_IMPORTER, SUPER_KEY};
+use crate::ks_err;
 use crate::permission::{KeyPerm, KeystorePerm};
 use crate::super_key::{SuperKeyManager, UserState};
 use crate::utils::{
@@ -71,8 +72,7 @@ impl Maintenance {
     fn on_user_password_changed(user_id: i32, password: Option<Password>) -> Result<()> {
         // Check permission. Function should return if this failed. Therefore having '?' at the end
         // is very important.
-        check_keystore_permission(KeystorePerm::ChangePassword)
-            .context("In on_user_password_changed.")?;
+        check_keystore_permission(KeystorePerm::ChangePassword).context(ks_err!())?;
 
         let mut skm = SUPER_KEY.write().unwrap();
 
@@ -80,7 +80,7 @@ impl Maintenance {
             DB.with(|db| {
                 skm.unlock_screen_lock_bound_key(&mut db.borrow_mut(), user_id as u32, pw)
             })
-            .context("In on_user_password_changed: unlock_screen_lock_bound_key failed")?;
+            .context(ks_err!("unlock_screen_lock_bound_key failed"))?;
         }
 
         match DB
@@ -92,12 +92,11 @@ impl Maintenance {
                     password.as_ref(),
                 )
             })
-            .context("In on_user_password_changed.")?
+            .context(ks_err!())?
         {
             UserState::LskfLocked => {
                 // Error - password can not be changed when the device is locked
-                Err(Error::Rc(ResponseCode::LOCKED))
-                    .context("In on_user_password_changed. Device is locked.")
+                Err(Error::Rc(ResponseCode::LOCKED)).context(ks_err!("Device is locked."))
             }
             _ => {
                 // LskfLocked is the only error case for password change
@@ -109,7 +108,7 @@ impl Maintenance {
     fn add_or_remove_user(&self, user_id: i32) -> Result<()> {
         // Check permission. Function should return if this failed. Therefore having '?' at the end
         // is very important.
-        check_keystore_permission(KeystorePerm::ChangeUser).context("In add_or_remove_user.")?;
+        check_keystore_permission(KeystorePerm::ChangeUser).context(ks_err!())?;
 
         DB.with(|db| {
             SUPER_KEY.write().unwrap().reset_user(
@@ -119,10 +118,10 @@ impl Maintenance {
                 false,
             )
         })
-        .context("In add_or_remove_user: Trying to delete keys from db.")?;
+        .context(ks_err!("Trying to delete keys from db."))?;
         self.delete_listener
             .delete_user(user_id as u32)
-            .context("In add_or_remove_user: While invoking the delete listener.")
+            .context(ks_err!("While invoking the delete listener."))
     }
 
     fn clear_namespace(&self, domain: Domain, nspace: i64) -> Result<()> {
@@ -131,12 +130,12 @@ impl Maintenance {
 
         LEGACY_IMPORTER
             .bulk_delete_uid(domain, nspace)
-            .context("In clear_namespace: Trying to delete legacy keys.")?;
+            .context(ks_err!("Trying to delete legacy keys."))?;
         DB.with(|db| db.borrow_mut().unbind_keys_for_namespace(domain, nspace))
-            .context("In clear_namespace: Trying to delete keys from db.")?;
+            .context(ks_err!("Trying to delete keys from db."))?;
         self.delete_listener
             .delete_namespace(domain, nspace)
-            .context("In clear_namespace: While invoking the delete listener.")
+            .context(ks_err!("While invoking the delete listener."))
     }
 
     fn get_state(user_id: i32) -> Result<AidlUserState> {
@@ -151,7 +150,7 @@ impl Maintenance {
                     user_id as u32,
                 )
             })
-            .context("In get_state. Trying to get UserState.")?;
+            .context(ks_err!("Trying to get UserState."))?;
 
         match state {
             UserState::Uninitialized => Ok(AidlUserState::UNINITIALIZED),
@@ -164,13 +163,13 @@ impl Maintenance {
     where
         F: Fn(Strong<dyn IKeyMintDevice>) -> binder::Result<()>,
     {
-        let (km_dev, _, _) = get_keymint_device(&sec_level)
-            .context("In call_with_watchdog: getting keymint device")?;
+        let (km_dev, _, _) =
+            get_keymint_device(&sec_level).context(ks_err!("getting keymint device"))?;
 
         let _wp = wd::watch_millis_with("In call_with_watchdog", 500, move || {
             format!("Seclevel: {:?} Op: {}", sec_level, name)
         });
-        map_km_error(op(km_dev)).with_context(|| format!("In keymint device: calling {}", name))?;
+        map_km_error(op(km_dev)).with_context(|| ks_err!("calling {}", name))?;
         Ok(())
     }
 
@@ -203,7 +202,7 @@ impl Maintenance {
 
     fn early_boot_ended() -> Result<()> {
         check_keystore_permission(KeystorePerm::EarlyBootEnded)
-            .context("In early_boot_ended. Checking permission")?;
+            .context(ks_err!("Checking permission"))?;
         log::info!("In early_boot_ended.");
 
         if let Err(e) =
@@ -216,7 +215,7 @@ impl Maintenance {
 
     fn on_device_off_body() -> Result<()> {
         // Security critical permission check. This statement must return on fail.
-        check_keystore_permission(KeystorePerm::ReportOffBody).context("In on_device_off_body.")?;
+        check_keystore_permission(KeystorePerm::ReportOffBody).context(ks_err!())?;
 
         DB.with(|db| db.borrow_mut().update_last_off_body(MonotonicRawTime::now()));
         Ok(())
@@ -228,20 +227,16 @@ impl Maintenance {
         match source.domain {
             Domain::SELINUX | Domain::KEY_ID | Domain::APP => (),
             _ => {
-                return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT)).context(
-                    "In migrate_key_namespace: \
-                     Source domain must be one of APP, SELINUX, or KEY_ID.",
-                )
+                return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT))
+                    .context(ks_err!("Source domain must be one of APP, SELINUX, or KEY_ID."));
             }
         };
 
         match destination.domain {
             Domain::SELINUX | Domain::APP => (),
             _ => {
-                return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT)).context(
-                    "In migrate_key_namespace: \
-                     Destination domain must be one of APP or SELINUX.",
-                )
+                return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT))
+                    .context(ks_err!("Destination domain must be one of APP or SELINUX."));
             }
         };
 
@@ -264,7 +259,7 @@ impl Maintenance {
                         },
                     )
                 })
-                .context("In migrate_key_namespace: Failed to load key blob.")?;
+                .context(ks_err!("Failed to load key blob."))?;
             {
                 db.borrow_mut().migrate_key_namespace(key_id_guard, destination, calling_uid, |k| {
                     check_key_permission(KeyPerm::Rebind, k, &None)
@@ -276,7 +271,7 @@ impl Maintenance {
     fn delete_all_keys() -> Result<()> {
         // Security critical permission check. This statement must return on fail.
         check_keystore_permission(KeystorePerm::DeleteAllKeys)
-            .context("In delete_all_keys. Checking permission")?;
+            .context(ks_err!("Checking permission"))?;
         log::info!("In delete_all_keys.");
 
         Maintenance::call_on_all_security_levels("deleteAllKeys", |dev| dev.deleteAllKeys())