Snap for 6621766 from 9d2bd25cbd7a810afaafce6af86728799227826f to rvc-release am: 4775213f5b

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/11978969

Change-Id: Iac73f4b7c92a5af345169ff5722e1eb2931a3579

4 files changed, 67 insertions, 3 deletions

diff --git a/keystore/Android.bp b/keystore/Android.bp
index eb0009fb..45b721b6 100644
--- a/keystore/Android.bp
+++ b/keystore/Android.bp
@@ -36,6 +36,7 @@ cc_binary {
         "grant_store.cpp",
         "key_creation_log_handler.cpp",
         "key_operation_log_handler.cpp",
+        "key_attestation_log_handler.cpp",
         "key_store_service.cpp",
         "keyblob_utils.cpp",
         "keymaster_enforcement.cpp",
diff --git a/keystore/key_attestation_log_handler.cpp b/keystore/key_attestation_log_handler.cpp
new file mode 100644
index 00000000..34c76a34
--- /dev/null
+++ b/keystore/key_attestation_log_handler.cpp
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <statslog.h>
+namespace keystore {
+
+void logKeystoreKeyAttestationEvent(bool wasSuccessful, int32_t errorCode) {
+    android::util::stats_write(android::util::KEYSTORE_KEY_EVENT_REPORTED,
+                               android::util::KEYSTORE_KEY_EVENT_REPORTED__TYPE__KEY_ATTESTATION,
+                               wasSuccessful, errorCode);
+}
+
+}  // namespace keystore
\ No newline at end of file
diff --git a/keystore/key_attestation_log_handler.h b/keystore/key_attestation_log_handler.h
new file mode 100644
index 00000000..a418bfa3
--- /dev/null
+++ b/keystore/key_attestation_log_handler.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _KEY_ATTESTATION_LOG_HANDLER_H_
+#define _KEY_ATTESTATION_LOG_HANDLER_H_
+
+namespace keystore {
+
+void logKeystoreKeyAttestationEvent(bool wasSuccessful, int32_t errorCode);
+
+}
+
+#endif  //_KEY_ATTESTATION_LOG_HANDLER_H_
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 85eed25a..1b386431 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -41,6 +41,7 @@
 #include <keymasterV4_0/keymaster_utils.h>
 
 #include "defaults.h"
+#include "key_attestation_log_handler.h"
 #include "keystore_keymaster_enforcement.h"
 #include "keystore_utils.h"
 #include <keystore/keystore_attestation_id.h>
@@ -1036,6 +1037,10 @@ Status KeyStoreService::attestKey(
 
     AuthorizationSet mutableParams = params.getParameters();
     KeyStoreServiceReturnCode rc = updateParamsForAttestation(callingUid, &mutableParams);
+
+    auto logErrorOnReturn = android::base::make_scope_guard(
+        [&] { logKeystoreKeyAttestationEvent(false /*wasSuccessful*/, rc.getErrorCode()); });
+
     if (!rc.isOk()) {
         return AIDL_RETURN(rc);
     }
@@ -1052,6 +1057,8 @@ Status KeyStoreService::attestKey(
         return AIDL_RETURN(rc);
     }
 
+    logErrorOnReturn.Disable();
+
     auto dev = mKeyStore->getDevice(keyBlob);
     auto hidlKey = blob2hidlVec(keyBlob);
     dev->attestKey(
@@ -1060,13 +1067,18 @@ Status KeyStoreService::attestKey(
                   std::tuple<ErrorCode, hidl_vec<hidl_vec<uint8_t>>>&& hidlResult) {
             auto& [ret, certChain] = hidlResult;
             if (!rc.isOk()) {
+                logKeystoreKeyAttestationEvent(false /*wasSuccessful*/,
+                                               static_cast<int32_t>(ResponseCode::SYSTEM_ERROR));
                 cb->onFinished(KeyStoreServiceReturnCode(ResponseCode::SYSTEM_ERROR), {});
             } else if (ret != ErrorCode::OK) {
+                KeyStoreServiceReturnCode ksrc(ret);
+                logKeystoreKeyAttestationEvent(false /*wasSuccessful*/, ksrc.getErrorCode());
                 dev->logIfKeymasterVendorError(ret);
-                cb->onFinished(KeyStoreServiceReturnCode(ret), {});
+                cb->onFinished(ksrc, {});
             } else {
-                cb->onFinished(KeyStoreServiceReturnCode(ret),
-                               KeymasterCertificateChain(std::move(certChain)));
+                KeyStoreServiceReturnCode ksrc(ret);
+                logKeystoreKeyAttestationEvent(true /*wasSuccessful*/, ksrc.getErrorCode());
+                cb->onFinished(ksrc, KeymasterCertificateChain(std::move(certChain)));
             }
         });