diff options
13 files changed, 84 insertions, 2 deletions
diff --git a/keystore/java/android/security/AndroidKeyStoreMaintenance.java b/keystore/java/android/security/AndroidKeyStoreMaintenance.java index 919a93b8f107..0f3488bbe8d1 100644 --- a/keystore/java/android/security/AndroidKeyStoreMaintenance.java +++ b/keystore/java/android/security/AndroidKeyStoreMaintenance.java @@ -20,6 +20,7 @@ import android.annotation.NonNull; import android.annotation.Nullable; import android.os.ServiceManager; import android.os.ServiceSpecificException; +import android.os.StrictMode; import android.security.maintenance.IKeystoreMaintenance; import android.system.keystore2.Domain; import android.system.keystore2.KeyDescriptor; @@ -51,6 +52,7 @@ public class AndroidKeyStoreMaintenance { * @hide */ public static int onUserAdded(@NonNull int userId) { + StrictMode.noteDiskWrite(); try { getService().onUserAdded(userId); return 0; @@ -71,6 +73,7 @@ public class AndroidKeyStoreMaintenance { * @hide */ public static int onUserRemoved(int userId) { + StrictMode.noteDiskWrite(); try { getService().onUserRemoved(userId); return 0; @@ -93,6 +96,7 @@ public class AndroidKeyStoreMaintenance { * @hide */ public static int onUserPasswordChanged(int userId, @Nullable byte[] password) { + StrictMode.noteDiskWrite(); try { getService().onUserPasswordChanged(userId, password); return 0; @@ -110,6 +114,7 @@ public class AndroidKeyStoreMaintenance { * be cleared. */ public static int clearNamespace(@Domain int domain, long namespace) { + StrictMode.noteDiskWrite(); try { getService().clearNamespace(domain, namespace); return 0; @@ -129,6 +134,7 @@ public class AndroidKeyStoreMaintenance { * @return UserState enum variant as integer if successful or an error */ public static int getState(int userId) { + StrictMode.noteDiskRead(); try { return getService().getState(userId); } catch (ServiceSpecificException e) { @@ -144,6 +150,7 @@ public class AndroidKeyStoreMaintenance { * Informs Keystore 2.0 that an off body event was detected. */ public static void onDeviceOffBody() { + StrictMode.noteDiskWrite(); try { getService().onDeviceOffBody(); } catch (Exception e) { @@ -172,6 +179,7 @@ public class AndroidKeyStoreMaintenance { * * SYSTEM_ERROR if an unexpected error occurred. */ public static int migrateKeyNamespace(KeyDescriptor source, KeyDescriptor destination) { + StrictMode.noteDiskWrite(); try { getService().migrateKeyNamespace(source, destination); return 0; diff --git a/keystore/java/android/security/Authorization.java b/keystore/java/android/security/Authorization.java index 00219e7f28ac..2d2dd24763c4 100644 --- a/keystore/java/android/security/Authorization.java +++ b/keystore/java/android/security/Authorization.java @@ -22,6 +22,7 @@ import android.hardware.security.keymint.HardwareAuthToken; import android.os.RemoteException; import android.os.ServiceManager; import android.os.ServiceSpecificException; +import android.os.StrictMode; import android.security.authorization.IKeystoreAuthorization; import android.security.authorization.LockScreenEvent; import android.system.keystore2.ResponseCode; @@ -48,6 +49,7 @@ public class Authorization { * @return 0 if successful or {@code ResponseCode.SYSTEM_ERROR}. */ public static int addAuthToken(@NonNull HardwareAuthToken authToken) { + StrictMode.noteSlowCall("addAuthToken"); try { getService().addAuthToken(authToken); return 0; @@ -81,6 +83,7 @@ public class Authorization { */ public static int onLockScreenEvent(@NonNull boolean locked, @NonNull int userId, @Nullable byte[] syntheticPassword, @Nullable long[] unlockingSids) { + StrictMode.noteDiskWrite(); try { if (locked) { getService().onLockScreenEvent(LockScreenEvent.LOCK, userId, null, unlockingSids); diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 8811a7fec932..8045f55f6b4c 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -18,6 +18,7 @@ package android.security; import android.compat.annotation.UnsupportedAppUsage; import android.os.Build; +import android.os.StrictMode; import android.os.UserHandle; import android.security.maintenance.UserState; @@ -126,6 +127,8 @@ public class KeyStore { * a {@code KeymasterDefs.KM_ERROR_} value or {@code KeyStore} ResponseCode. */ public int addAuthToken(byte[] authToken) { + StrictMode.noteDiskWrite(); + return Authorization.addAuthToken(authToken); } diff --git a/keystore/java/android/security/KeyStore2.java b/keystore/java/android/security/KeyStore2.java index 74597c5cd874..2661b616b583 100644 --- a/keystore/java/android/security/KeyStore2.java +++ b/keystore/java/android/security/KeyStore2.java @@ -23,6 +23,7 @@ import android.os.Binder; import android.os.RemoteException; import android.os.ServiceManager; import android.os.ServiceSpecificException; +import android.os.StrictMode; import android.security.keymaster.KeymasterDefs; import android.system.keystore2.Domain; import android.system.keystore2.IKeystoreService; @@ -147,6 +148,8 @@ public class KeyStore2 { } void delete(KeyDescriptor descriptor) throws KeyStoreException { + StrictMode.noteDiskWrite(); + handleRemoteExceptionWithRetry((service) -> { service.deleteKey(descriptor); return 0; @@ -157,6 +160,8 @@ public class KeyStore2 { * List all entries in the keystore for in the given namespace. */ public KeyDescriptor[] list(int domain, long namespace) throws KeyStoreException { + StrictMode.noteDiskRead(); + return handleRemoteExceptionWithRetry((service) -> service.listEntries(domain, namespace)); } @@ -165,6 +170,8 @@ public class KeyStore2 { */ public KeyDescriptor[] listBatch(int domain, long namespace, String startPastAlias) throws KeyStoreException { + StrictMode.noteDiskRead(); + return handleRemoteExceptionWithRetry( (service) -> service.listEntriesBatched(domain, namespace, startPastAlias)); } @@ -227,6 +234,8 @@ public class KeyStore2 { */ public KeyDescriptor grant(KeyDescriptor descriptor, int granteeUid, int accessVector) throws KeyStoreException { + StrictMode.noteDiskWrite(); + return handleRemoteExceptionWithRetry( (service) -> service.grant(descriptor, granteeUid, accessVector) ); @@ -242,6 +251,8 @@ public class KeyStore2 { */ public void ungrant(KeyDescriptor descriptor, int granteeUid) throws KeyStoreException { + StrictMode.noteDiskWrite(); + handleRemoteExceptionWithRetry((service) -> { service.ungrant(descriptor, granteeUid); return 0; @@ -258,6 +269,8 @@ public class KeyStore2 { */ public KeyEntryResponse getKeyEntry(@NonNull KeyDescriptor descriptor) throws KeyStoreException { + StrictMode.noteDiskRead(); + return handleRemoteExceptionWithRetry((service) -> service.getKeyEntry(descriptor)); } @@ -289,6 +302,8 @@ public class KeyStore2 { */ public void updateSubcomponents(@NonNull KeyDescriptor key, byte[] publicCert, byte[] publicCertChain) throws KeyStoreException { + StrictMode.noteDiskWrite(); + handleRemoteExceptionWithRetry((service) -> { service.updateSubcomponent(key, publicCert, publicCertChain); return 0; @@ -304,6 +319,8 @@ public class KeyStore2 { */ public void deleteKey(@NonNull KeyDescriptor descriptor) throws KeyStoreException { + StrictMode.noteDiskWrite(); + handleRemoteExceptionWithRetry((service) -> { service.deleteKey(descriptor); return 0; @@ -314,6 +331,8 @@ public class KeyStore2 { * Returns the number of Keystore entries for a given domain and namespace. */ public int getNumberOfEntries(int domain, long namespace) throws KeyStoreException { + StrictMode.noteDiskRead(); + return handleRemoteExceptionWithRetry((service) -> service.getNumberOfEntries(domain, namespace)); } diff --git a/keystore/java/android/security/KeyStoreOperation.java b/keystore/java/android/security/KeyStoreOperation.java index 737ff2b4822f..7c9b8eb06764 100644 --- a/keystore/java/android/security/KeyStoreOperation.java +++ b/keystore/java/android/security/KeyStoreOperation.java @@ -21,6 +21,7 @@ import android.hardware.security.keymint.KeyParameter; import android.os.Binder; import android.os.RemoteException; import android.os.ServiceSpecificException; +import android.os.StrictMode; import android.security.keymaster.KeymasterDefs; import android.system.keystore2.IKeystoreOperation; import android.system.keystore2.ResponseCode; @@ -97,6 +98,7 @@ public class KeyStoreOperation { * @throws KeyStoreException */ public void updateAad(@NonNull byte[] input) throws KeyStoreException { + StrictMode.noteSlowCall("updateAad"); handleExceptions(() -> { mOperation.updateAad(input); return 0; @@ -112,6 +114,7 @@ public class KeyStoreOperation { * @hide */ public byte[] update(@NonNull byte[] input) throws KeyStoreException { + StrictMode.noteSlowCall("update"); return handleExceptions(() -> mOperation.update(input)); } @@ -125,6 +128,7 @@ public class KeyStoreOperation { * @hide */ public byte[] finish(byte[] input, byte[] signature) throws KeyStoreException { + StrictMode.noteSlowCall("finish"); return handleExceptions(() -> mOperation.finish(input, signature)); } @@ -135,6 +139,7 @@ public class KeyStoreOperation { * @hide */ public void abort() throws KeyStoreException { + StrictMode.noteSlowCall("abort"); handleExceptions(() -> { mOperation.abort(); return 0; diff --git a/keystore/java/android/security/KeyStoreSecurityLevel.java b/keystore/java/android/security/KeyStoreSecurityLevel.java index 9c0b46c8e87b..6ab148a8b4ea 100644 --- a/keystore/java/android/security/KeyStoreSecurityLevel.java +++ b/keystore/java/android/security/KeyStoreSecurityLevel.java @@ -22,6 +22,7 @@ import android.hardware.security.keymint.KeyParameter; import android.os.Binder; import android.os.RemoteException; import android.os.ServiceSpecificException; +import android.os.StrictMode; import android.security.keystore.BackendBusyException; import android.security.keystore.KeyStoreConnectException; import android.system.keystore2.AuthenticatorSpec; @@ -75,6 +76,7 @@ public class KeyStoreSecurityLevel { */ public KeyStoreOperation createOperation(@NonNull KeyDescriptor keyDescriptor, Collection<KeyParameter> args) throws KeyStoreException { + StrictMode.noteDiskWrite(); while (true) { try { CreateOperationResponse createOperationResponse = @@ -142,6 +144,8 @@ public class KeyStoreSecurityLevel { public KeyMetadata generateKey(@NonNull KeyDescriptor descriptor, KeyDescriptor attestationKey, Collection<KeyParameter> args, int flags, byte[] entropy) throws KeyStoreException { + StrictMode.noteDiskWrite(); + return handleExceptions(() -> mSecurityLevel.generateKey( descriptor, attestationKey, args.toArray(new KeyParameter[args.size()]), flags, entropy)); @@ -163,6 +167,8 @@ public class KeyStoreSecurityLevel { public KeyMetadata importKey(KeyDescriptor descriptor, KeyDescriptor attestationKey, Collection<KeyParameter> args, int flags, byte[] keyData) throws KeyStoreException { + StrictMode.noteDiskWrite(); + return handleExceptions(() -> mSecurityLevel.importKey(descriptor, attestationKey, args.toArray(new KeyParameter[args.size()]), flags, keyData)); } @@ -186,6 +192,7 @@ public class KeyStoreSecurityLevel { @NonNull byte[] wrappedKey, byte[] maskingKey, Collection<KeyParameter> args, @NonNull AuthenticatorSpec[] authenticatorSpecs) throws KeyStoreException { + StrictMode.noteDiskWrite(); KeyDescriptor keyDescriptor = new KeyDescriptor(); keyDescriptor.alias = wrappedKeyDescriptor.alias; keyDescriptor.nspace = wrappedKeyDescriptor.nspace; diff --git a/keystore/java/android/security/LegacyVpnProfileStore.java b/keystore/java/android/security/LegacyVpnProfileStore.java index c85b6b1efd9a..0cc4dfab12f8 100644 --- a/keystore/java/android/security/LegacyVpnProfileStore.java +++ b/keystore/java/android/security/LegacyVpnProfileStore.java @@ -19,6 +19,7 @@ package android.security; import android.annotation.NonNull; import android.os.ServiceManager; import android.os.ServiceSpecificException; +import android.os.StrictMode; import android.security.legacykeystore.ILegacyKeystore; import android.util.Log; @@ -51,6 +52,7 @@ public class LegacyVpnProfileStore { * @hide */ public static boolean put(@NonNull String alias, @NonNull byte[] profile) { + StrictMode.noteDiskWrite(); try { getService().put(alias, ILegacyKeystore.UID_SELF, profile); return true; @@ -70,6 +72,7 @@ public class LegacyVpnProfileStore { * @hide */ public static byte[] get(@NonNull String alias) { + StrictMode.noteDiskRead(); try { return getService().get(alias, ILegacyKeystore.UID_SELF); } catch (ServiceSpecificException e) { @@ -89,6 +92,7 @@ public class LegacyVpnProfileStore { * @hide */ public static boolean remove(@NonNull String alias) { + StrictMode.noteDiskWrite(); try { getService().remove(alias, ILegacyKeystore.UID_SELF); return true; @@ -109,6 +113,7 @@ public class LegacyVpnProfileStore { * @hide */ public static @NonNull String[] list(@NonNull String prefix) { + StrictMode.noteDiskRead(); try { final String[] aliases = getService().list(prefix, ILegacyKeystore.UID_SELF); for (int i = 0; i < aliases.length; ++i) { diff --git a/keystore/java/android/security/SystemKeyStore.java b/keystore/java/android/security/SystemKeyStore.java index e07eaa2e32ed..d481a078ab00 100644 --- a/keystore/java/android/security/SystemKeyStore.java +++ b/keystore/java/android/security/SystemKeyStore.java @@ -18,6 +18,9 @@ package android.security; import android.os.Environment; import android.os.FileUtils; +import android.os.StrictMode; + +import libcore.io.IoUtils; import java.io.File; import java.io.FileOutputStream; @@ -28,8 +31,6 @@ import java.security.SecureRandom; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; -import libcore.io.IoUtils; - /** *@hide */ @@ -69,6 +70,7 @@ public class SystemKeyStore { public byte[] generateNewKey(int numBits, String algName, String keyName) throws NoSuchAlgorithmException { + StrictMode.noteDiskWrite(); // Check if key with similar name exists. If so, return null. File keyFile = getKeyFile(keyName); @@ -103,6 +105,7 @@ public class SystemKeyStore { } private File getKeyFile(String keyName) { + StrictMode.noteDiskWrite(); File sysKeystoreDir = new File(Environment.getDataDirectory(), SYSTEM_KEYSTORE_DIRECTORY); File keyFile = new File(sysKeystoreDir, keyName + KEY_FILE_EXTENSION); @@ -114,6 +117,7 @@ public class SystemKeyStore { } public byte[] retrieveKey(String keyName) throws IOException { + StrictMode.noteDiskRead(); File keyFile = getKeyFile(keyName); if (!keyFile.exists()) { return null; @@ -122,6 +126,7 @@ public class SystemKeyStore { } public void deleteKey(String keyName) { + StrictMode.noteDiskWrite(); // Get the file first. File keyFile = getKeyFile(keyName); diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java index d12989187281..9ac0f6d304f6 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java @@ -20,6 +20,7 @@ import android.annotation.CallSuper; import android.annotation.NonNull; import android.annotation.Nullable; import android.hardware.security.keymint.KeyParameter; +import android.os.StrictMode; import android.security.KeyStoreException; import android.security.KeyStoreOperation; import android.security.keymaster.KeymasterDefs; @@ -137,6 +138,7 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor if (!(key instanceof AndroidKeyStorePrivateKey) && (key instanceof PrivateKey || key instanceof PublicKey)) { try { + StrictMode.noteSlowCall("engineInit"); mCipher = Cipher.getInstance(getTransform()); String transform = getTransform(); @@ -203,6 +205,7 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor if (!(key instanceof AndroidKeyStorePrivateKey) && (key instanceof PrivateKey || key instanceof PublicKey)) { try { + StrictMode.noteSlowCall("engineInit"); mCipher = Cipher.getInstance(getTransform()); mCipher.init(opmode, key, params, random); return; @@ -233,6 +236,7 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor if (!(key instanceof AndroidKeyStorePrivateKey) && (key instanceof PrivateKey || key instanceof PublicKey)) { try { + StrictMode.noteSlowCall("engineInit"); mCipher = Cipher.getInstance(getTransform()); mCipher.init(opmode, key, params, random); return; @@ -346,6 +350,7 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor parameters.add(KeyStore2ParameterUtils.makeEnum(KeymasterDefs.KM_TAG_PURPOSE, purpose)); try { + StrictMode.noteDiskRead(); mOperation = mKey.getSecurityLevel().createOperation( mKey.getKeyIdDescriptor(), parameters @@ -521,6 +526,7 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor @Override protected final void engineUpdateAAD(byte[] input, int inputOffset, int inputLen) { if (mCipher != null) { + StrictMode.noteSlowCall("engineUpdateAAD"); mCipher.updateAAD(input, inputOffset, inputLen); return; } @@ -562,6 +568,7 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor @Override protected final void engineUpdateAAD(ByteBuffer src) { if (mCipher != null) { + StrictMode.noteSlowCall("engineUpdateAAD"); mCipher.updateAAD(src); return; } @@ -715,6 +722,7 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor throw new NullPointerException("key == null"); } byte[] encoded = null; + StrictMode.noteSlowCall("engineWrap"); if (key instanceof SecretKey) { if ("RAW".equalsIgnoreCase(key.getFormat())) { encoded = key.getEncoded(); @@ -807,6 +815,7 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor throw new InvalidKeyException("Failed to unwrap key", e); } + StrictMode.noteSlowCall("engineUnwrap"); switch (wrappedKeyType) { case Cipher.SECRET_KEY: { diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyAgreementSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyAgreementSpi.java index 7292cd3c5fb1..66e9f71a1f7b 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyAgreementSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyAgreementSpi.java @@ -20,6 +20,7 @@ import android.hardware.security.keymint.Algorithm; import android.hardware.security.keymint.KeyParameter; import android.hardware.security.keymint.KeyPurpose; import android.hardware.security.keymint.Tag; +import android.os.StrictMode; import android.security.KeyStoreException; import android.security.KeyStoreOperation; import android.security.keystore.KeyStoreCryptoOperation; @@ -174,6 +175,7 @@ public class AndroidKeyStoreKeyAgreementSpi extends KeyAgreementSpi } byte[] otherPartyKeyEncoded = mOtherPartyKey.getEncoded(); + StrictMode.noteSlowCall("engineGenerateSecret"); try { return mOperation.finish(otherPartyKeyEncoded, null); } catch (KeyStoreException e) { @@ -245,6 +247,7 @@ public class AndroidKeyStoreKeyAgreementSpi extends KeyAgreementSpi Tag.PURPOSE, KeyPurpose.AGREE_KEY )); + StrictMode.noteDiskWrite(); try { mOperation = mKey.getSecurityLevel().createOperation(mKey.getKeyIdDescriptor(), parameters); diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyGeneratorSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyGeneratorSpi.java index f1681ec1f7d2..d283b05a85e1 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyGeneratorSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyGeneratorSpi.java @@ -18,6 +18,7 @@ package android.security.keystore2; import android.hardware.security.keymint.KeyParameter; import android.hardware.security.keymint.SecurityLevel; +import android.os.StrictMode; import android.security.KeyStore2; import android.security.KeyStoreSecurityLevel; import android.security.keymaster.KeymasterDefs; @@ -281,6 +282,7 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { @Override protected SecretKey engineGenerateKey() { + StrictMode.noteSlowCall("engineGenerateKey"); KeyGenParameterSpec spec = mSpec; if (spec == null) { throw new IllegalStateException("Not initialized"); diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java index 474b7ea56be9..1398da3f5ef2 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java @@ -27,6 +27,7 @@ import android.hardware.security.keymint.KeyPurpose; import android.hardware.security.keymint.SecurityLevel; import android.hardware.security.keymint.Tag; import android.os.Build; +import android.os.StrictMode; import android.security.KeyPairGeneratorSpec; import android.security.KeyStore2; import android.security.KeyStoreException; @@ -617,6 +618,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato @Override public KeyPair generateKeyPair() { + StrictMode.noteSlowCall("generateKeyPair"); if (mKeyStore == null || mSpec == null) { throw new IllegalStateException("Not initialized"); } diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java index ced58a2f72fa..eef817902ade 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java @@ -24,6 +24,7 @@ import android.hardware.security.keymint.EcCurve; import android.hardware.security.keymint.HardwareAuthenticatorType; import android.hardware.security.keymint.KeyParameter; import android.hardware.security.keymint.SecurityLevel; +import android.os.StrictMode; import android.security.GateKeeper; import android.security.KeyStore2; import android.security.KeyStoreParameter; @@ -164,6 +165,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { KeyDescriptor descriptor = makeKeyDescriptor(alias); try { + StrictMode.noteDiskRead(); return mKeyStore.getKeyEntry(descriptor); } catch (android.security.KeyStoreException e) { if (e.getErrorCode() != ResponseCode.KEY_NOT_FOUND) { @@ -447,6 +449,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { assertCanReplace(alias, targetDomain, mNamespace, descriptor); try { + StrictMode.noteDiskWrite(); mKeyStore.updateSubcomponents( ((AndroidKeyStorePrivateKey) key).getKeyIdDescriptor(), userCertBytes, chainBytes); @@ -597,6 +600,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { importArgs, flags, pkcs8EncodedPrivateKeyBytes); try { + StrictMode.noteDiskWrite(); mKeyStore.updateSubcomponents(metadata.key, userCertBytes, chainBytes); } catch (android.security.KeyStoreException e) { mKeyStore.deleteKey(metadata.key); @@ -932,6 +936,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { KeyEntryResponse response = null; try { + StrictMode.noteDiskRead(); response = mKeyStore.getKeyEntry(wrappingkey); } catch (android.security.KeyStoreException e) { throw new KeyStoreException("Failed to import wrapped key. Keystore error code: " @@ -988,6 +993,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { } try { + StrictMode.noteDiskWrite(); securityLevel.importWrappedKey( wrappedKey, wrappingkey, entry.getWrappedKeyBytes(), @@ -1048,6 +1054,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { } try { + StrictMode.noteDiskWrite(); mKeyStore.updateSubcomponents(makeKeyDescriptor(alias), null /* publicCert - unused when used as pure certificate store. */, encoded); @@ -1060,6 +1067,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { public void engineDeleteEntry(String alias) throws KeyStoreException { KeyDescriptor descriptor = makeKeyDescriptor(alias); try { + StrictMode.noteDiskWrite(); mKeyStore.deleteKey(descriptor); } catch (android.security.KeyStoreException e) { if (e.getErrorCode() != ResponseCode.KEY_NOT_FOUND) { @@ -1070,6 +1078,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { private KeyDescriptor[] getAliasesBatch(String startPastAlias) { try { + StrictMode.noteDiskRead(); return mKeyStore.listBatch( getTargetDomain(), mNamespace, @@ -1097,6 +1106,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { @Override public int engineSize() { try { + StrictMode.noteDiskRead(); return mKeyStore.getNumberOfEntries( getTargetDomain(), mNamespace @@ -1160,6 +1170,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { KeyDescriptor[] keyDescriptors = null; try { + StrictMode.noteDiskRead(); keyDescriptors = mKeyStore.list( getTargetDomain(), mNamespace |