diff options
author | Hasini Gunasinghe <hasinitg@google.com> | 2021-12-10 21:38:46 +0000 |
---|---|---|
committer | Hasini Gunasinghe <hasinitg@google.com> | 2021-12-14 00:48:03 +0000 |
commit | 026868e35dfca441af535f8a4f011a50a9e8a851 (patch) | |
tree | f28975cbd9b8534cbf671b3e0a8f3c59025c64ed | |
parent | 7bf6e0a053307a0918965da9be6560e77d6cfe59 (diff) | |
download | security-026868e35dfca441af535f8a4f011a50a9e8a851.tar.gz |
Set expired_by to be three days from now, when querying rkp_pool_state.
When collecting metrics about RKP pool status, we currently query
the remote_provisioning module by setting expired_by = now.
But inside remote_provisioning module, all expired keys by now are
deleted before returning the pool status.
Therefore, in the metrics, we do not see the number of expiring keys
since it is always zero.
Test: statsd TestDrive script
Bug: 210162269
Ignore-AOSP-First: This will be merged to AOSP manually.
Change-Id: I7f7026b1297f297ce208b828b647f1056485128e
-rw-r--r-- | keystore2/src/metrics_store.rs | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/keystore2/src/metrics_store.rs b/keystore2/src/metrics_store.rs index 32067b95..a064f657 100644 --- a/keystore2/src/metrics_store.rs +++ b/keystore2/src/metrics_store.rs @@ -17,7 +17,7 @@ //! stores them in an in-memory store. //! 2. Returns the collected metrics when requested by the statsd proxy. -use crate::error::get_error_code; +use crate::error::{get_error_code, Error}; use crate::globals::DB; use crate::key_parameter::KeyParameterValue as KsKeyParamValue; use crate::operation::Outcome; @@ -44,6 +44,7 @@ use android_security_metrics::aidl::android::security::metrics::{ RkpPoolStats::RkpPoolStats, SecurityLevel::SecurityLevel as MetricsSecurityLevel, Storage::Storage as MetricsStorage, }; +use android_system_keystore2::aidl::android::system::keystore2::ResponseCode::ResponseCode; use anyhow::{Context, Result}; use keystore2_system_property::{write, PropertyWatcher, PropertyWatcherError}; use lazy_static::lazy_static; @@ -560,10 +561,14 @@ fn pull_storage_stats() -> Result<Vec<KeystoreAtom>> { fn pull_attestation_pool_stats() -> Result<Vec<KeystoreAtom>> { let mut atoms = Vec::<KeystoreAtom>::new(); for sec_level in &[SecurityLevel::TRUSTED_ENVIRONMENT, SecurityLevel::STRONGBOX] { + // set the expired_by date to be three days from now let expired_by = SystemTime::now() + .checked_add(Duration::from_secs(60 * 60 * 24 * 3)) + .ok_or(Error::Rc(ResponseCode::SYSTEM_ERROR)) + .context("In pull_attestation_pool_stats: Failed to compute expired by system time.")? .duration_since(UNIX_EPOCH) - .unwrap_or_else(|_| Duration::new(0, 0)) - .as_secs() as i64; + .context("In pull_attestation_pool_stats: Failed to compute expired by duration.")? + .as_millis() as i64; let result = get_pool_status(expired_by, *sec_level); |