diff options
author | Hasini Gunasinghe <hasinitg@google.com> | 2022-05-12 21:49:11 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2022-05-12 21:49:11 +0000 |
commit | 174994c487e8af0bc46d3072ba736731c6d4bbe0 (patch) | |
tree | a063cce66a64d87a9ffa555f3314aace3f5f7d9b | |
parent | d95da2a5b65368932520d776b1cbeff69cb30024 (diff) | |
parent | adf6692b3e024ba997730474b3db0068209a97a4 (diff) | |
download | security-174994c487e8af0bc46d3072ba736731c6d4bbe0.tar.gz |
Log SecurityLevel with RkpErrorStats. am: adf6692b3e
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/18350667
Change-Id: I68def275f8a00d950b271a17f92c385164036d20
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | keystore2/aidl/android/security/metrics/RkpErrorStats.aidl | 2 | ||||
-rw-r--r-- | keystore2/src/database.rs | 5 | ||||
-rw-r--r-- | keystore2/src/metrics_store.rs | 5 | ||||
-rw-r--r-- | keystore2/src/remote_provisioning.rs | 3 |
4 files changed, 11 insertions, 4 deletions
diff --git a/keystore2/aidl/android/security/metrics/RkpErrorStats.aidl b/keystore2/aidl/android/security/metrics/RkpErrorStats.aidl index 616d129e..dcd51227 100644 --- a/keystore2/aidl/android/security/metrics/RkpErrorStats.aidl +++ b/keystore2/aidl/android/security/metrics/RkpErrorStats.aidl @@ -17,6 +17,7 @@ package android.security.metrics; import android.security.metrics.RkpError; +import android.security.metrics.SecurityLevel; /** * Atom that encapsulates error information in remote key provisioning events. * @hide @@ -24,4 +25,5 @@ import android.security.metrics.RkpError; @RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true) parcelable RkpErrorStats { RkpError rkpError; + SecurityLevel security_level; }
\ No newline at end of file diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs index 77136188..6b74e3c8 100644 --- a/keystore2/src/database.rs +++ b/keystore2/src/database.rs @@ -46,6 +46,7 @@ pub(crate) mod utils; mod versioning; use crate::gc::Gc; +use crate::globals::get_keymint_dev_by_uuid; use crate::impl_metadata; // This is in db_utils.rs use crate::key_parameter::{KeyParameter, Tag}; use crate::metrics_store::log_rkp_error_stats; @@ -1863,7 +1864,9 @@ impl KeystoreDB { ) .context("Failed to assign attestation key")?; if result == 0 { - log_rkp_error_stats(MetricsRkpError::OUT_OF_KEYS); + let (_, hw_info) = get_keymint_dev_by_uuid(km_uuid) + .context("Error in retrieving keymint device by UUID.")?; + log_rkp_error_stats(MetricsRkpError::OUT_OF_KEYS, &hw_info.securityLevel); return Err(KsError::Rc(ResponseCode::OUT_OF_KEYS)).context("Out of keys."); } else if result > 1 { return Err(KsError::sys()) diff --git a/keystore2/src/metrics_store.rs b/keystore2/src/metrics_store.rs index b6f13431..62a7d135 100644 --- a/keystore2/src/metrics_store.rs +++ b/keystore2/src/metrics_store.rs @@ -599,8 +599,9 @@ fn pull_attestation_pool_stats() -> Result<Vec<KeystoreAtom>> { } /// Log error events related to Remote Key Provisioning (RKP). -pub fn log_rkp_error_stats(rkp_error: MetricsRkpError) { - let rkp_error_stats = KeystoreAtomPayload::RkpErrorStats(RkpErrorStats { rkpError: rkp_error }); +pub fn log_rkp_error_stats(rkp_error: MetricsRkpError, sec_level: &SecurityLevel) { + let rkp_error_stats = KeystoreAtomPayload::RkpErrorStats( + RkpErrorStats { rkpError: rkp_error, security_level: process_security_level(*sec_level) }); METRICS_STORE.insert_atom(AtomID::RKP_ERROR_STATS, rkp_error_stats); } diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs index b47b3731..ea2698f0 100644 --- a/keystore2/src/remote_provisioning.rs +++ b/keystore2/src/remote_provisioning.rs @@ -159,7 +159,8 @@ impl RemProvState { if self.is_rkp_only() { return Err(e); } - log_rkp_error_stats(MetricsRkpError::FALL_BACK_DURING_HYBRID); + log_rkp_error_stats(MetricsRkpError::FALL_BACK_DURING_HYBRID, + &self.security_level); Ok(None) } Ok(v) => match v { |