diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2020-06-24 01:35:32 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-06-24 01:35:32 +0000 |
commit | 9b27845c3ddd71c7aa5958fc43c9c1277a6e9401 (patch) | |
tree | 28307610b432e0c4abd4caf7b313a56c465829f3 | |
parent | 839f56c12d157e50e2da495892ef1e2e0e6242db (diff) | |
parent | 4775213f5bf6502660bc86bcfbe3bd740e37f394 (diff) | |
download | security-9b27845c3ddd71c7aa5958fc43c9c1277a6e9401.tar.gz |
Snap for 6621766 from 9d2bd25cbd7a810afaafce6af86728799227826f to rvc-release am: 4775213f5b
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/11978969
Change-Id: Iac73f4b7c92a5af345169ff5722e1eb2931a3579
-rw-r--r-- | keystore/Android.bp | 1 | ||||
-rw-r--r-- | keystore/key_attestation_log_handler.cpp | 25 | ||||
-rw-r--r-- | keystore/key_attestation_log_handler.h | 26 | ||||
-rw-r--r-- | keystore/key_store_service.cpp | 18 |
4 files changed, 67 insertions, 3 deletions
diff --git a/keystore/Android.bp b/keystore/Android.bp index eb0009fb..45b721b6 100644 --- a/keystore/Android.bp +++ b/keystore/Android.bp @@ -36,6 +36,7 @@ cc_binary { "grant_store.cpp", "key_creation_log_handler.cpp", "key_operation_log_handler.cpp", + "key_attestation_log_handler.cpp", "key_store_service.cpp", "keyblob_utils.cpp", "keymaster_enforcement.cpp", diff --git a/keystore/key_attestation_log_handler.cpp b/keystore/key_attestation_log_handler.cpp new file mode 100644 index 00000000..34c76a34 --- /dev/null +++ b/keystore/key_attestation_log_handler.cpp @@ -0,0 +1,25 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include <statslog.h> +namespace keystore { + +void logKeystoreKeyAttestationEvent(bool wasSuccessful, int32_t errorCode) { + android::util::stats_write(android::util::KEYSTORE_KEY_EVENT_REPORTED, + android::util::KEYSTORE_KEY_EVENT_REPORTED__TYPE__KEY_ATTESTATION, + wasSuccessful, errorCode); +} + +} // namespace keystore
\ No newline at end of file diff --git a/keystore/key_attestation_log_handler.h b/keystore/key_attestation_log_handler.h new file mode 100644 index 00000000..a418bfa3 --- /dev/null +++ b/keystore/key_attestation_log_handler.h @@ -0,0 +1,26 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _KEY_ATTESTATION_LOG_HANDLER_H_ +#define _KEY_ATTESTATION_LOG_HANDLER_H_ + +namespace keystore { + +void logKeystoreKeyAttestationEvent(bool wasSuccessful, int32_t errorCode); + +} + +#endif //_KEY_ATTESTATION_LOG_HANDLER_H_ diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp index 85eed25a..1b386431 100644 --- a/keystore/key_store_service.cpp +++ b/keystore/key_store_service.cpp @@ -41,6 +41,7 @@ #include <keymasterV4_0/keymaster_utils.h> #include "defaults.h" +#include "key_attestation_log_handler.h" #include "keystore_keymaster_enforcement.h" #include "keystore_utils.h" #include <keystore/keystore_attestation_id.h> @@ -1036,6 +1037,10 @@ Status KeyStoreService::attestKey( AuthorizationSet mutableParams = params.getParameters(); KeyStoreServiceReturnCode rc = updateParamsForAttestation(callingUid, &mutableParams); + + auto logErrorOnReturn = android::base::make_scope_guard( + [&] { logKeystoreKeyAttestationEvent(false /*wasSuccessful*/, rc.getErrorCode()); }); + if (!rc.isOk()) { return AIDL_RETURN(rc); } @@ -1052,6 +1057,8 @@ Status KeyStoreService::attestKey( return AIDL_RETURN(rc); } + logErrorOnReturn.Disable(); + auto dev = mKeyStore->getDevice(keyBlob); auto hidlKey = blob2hidlVec(keyBlob); dev->attestKey( @@ -1060,13 +1067,18 @@ Status KeyStoreService::attestKey( std::tuple<ErrorCode, hidl_vec<hidl_vec<uint8_t>>>&& hidlResult) { auto& [ret, certChain] = hidlResult; if (!rc.isOk()) { + logKeystoreKeyAttestationEvent(false /*wasSuccessful*/, + static_cast<int32_t>(ResponseCode::SYSTEM_ERROR)); cb->onFinished(KeyStoreServiceReturnCode(ResponseCode::SYSTEM_ERROR), {}); } else if (ret != ErrorCode::OK) { + KeyStoreServiceReturnCode ksrc(ret); + logKeystoreKeyAttestationEvent(false /*wasSuccessful*/, ksrc.getErrorCode()); dev->logIfKeymasterVendorError(ret); - cb->onFinished(KeyStoreServiceReturnCode(ret), {}); + cb->onFinished(ksrc, {}); } else { - cb->onFinished(KeyStoreServiceReturnCode(ret), - KeymasterCertificateChain(std::move(certChain))); + KeyStoreServiceReturnCode ksrc(ret); + logKeystoreKeyAttestationEvent(true /*wasSuccessful*/, ksrc.getErrorCode()); + cb->onFinished(ksrc, KeymasterCertificateChain(std::move(certChain))); } }); |