diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-05-17 07:33:53 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-05-17 07:33:53 +0000 |
| commit | 2feb74998a4aaa22b191cf9084be9d8cd4ce2fe7 (patch) | |
| tree | a063cce66a64d87a9ffa555f3314aace3f5f7d9b | |
| parent | bdd1a45795224e9da4c8a143fe0a0c38424eadf5 (diff) | |
| parent | 174994c487e8af0bc46d3072ba736731c6d4bbe0 (diff) | |
| download | security-2feb74998a4aaa22b191cf9084be9d8cd4ce2fe7.tar.gz | |
Snap for 8603585 from 174994c487e8af0bc46d3072ba736731c6d4bbe0 to mainline-sdkext-release
Change-Id: I0f5ae1b95a890e1a46cdef7e21cabc297bd5d360
| -rw-r--r-- | keystore2/aidl/android/security/metrics/RkpErrorStats.aidl | 2 | ||||
| -rw-r--r-- | keystore2/src/database.rs | 5 | ||||
| -rw-r--r-- | keystore2/src/metrics_store.rs | 5 | ||||
| -rw-r--r-- | keystore2/src/remote_provisioning.rs | 3 |
4 files changed, 11 insertions, 4 deletions
diff --git a/keystore2/aidl/android/security/metrics/RkpErrorStats.aidl b/keystore2/aidl/android/security/metrics/RkpErrorStats.aidl index 616d129e..dcd51227 100644 --- a/keystore2/aidl/android/security/metrics/RkpErrorStats.aidl +++ b/keystore2/aidl/android/security/metrics/RkpErrorStats.aidl @@ -17,6 +17,7 @@ package android.security.metrics; import android.security.metrics.RkpError; +import android.security.metrics.SecurityLevel; /** * Atom that encapsulates error information in remote key provisioning events. * @hide @@ -24,4 +25,5 @@ import android.security.metrics.RkpError; @RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true) parcelable RkpErrorStats { RkpError rkpError; + SecurityLevel security_level; }
\ No newline at end of file diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs index 77136188..6b74e3c8 100644 --- a/keystore2/src/database.rs +++ b/keystore2/src/database.rs @@ -46,6 +46,7 @@ pub(crate) mod utils; mod versioning; use crate::gc::Gc; +use crate::globals::get_keymint_dev_by_uuid; use crate::impl_metadata; // This is in db_utils.rs use crate::key_parameter::{KeyParameter, Tag}; use crate::metrics_store::log_rkp_error_stats; @@ -1863,7 +1864,9 @@ impl KeystoreDB { ) .context("Failed to assign attestation key")?; if result == 0 { - log_rkp_error_stats(MetricsRkpError::OUT_OF_KEYS); + let (_, hw_info) = get_keymint_dev_by_uuid(km_uuid) + .context("Error in retrieving keymint device by UUID.")?; + log_rkp_error_stats(MetricsRkpError::OUT_OF_KEYS, &hw_info.securityLevel); return Err(KsError::Rc(ResponseCode::OUT_OF_KEYS)).context("Out of keys."); } else if result > 1 { return Err(KsError::sys()) diff --git a/keystore2/src/metrics_store.rs b/keystore2/src/metrics_store.rs index b6f13431..62a7d135 100644 --- a/keystore2/src/metrics_store.rs +++ b/keystore2/src/metrics_store.rs @@ -599,8 +599,9 @@ fn pull_attestation_pool_stats() -> Result<Vec<KeystoreAtom>> { } /// Log error events related to Remote Key Provisioning (RKP). -pub fn log_rkp_error_stats(rkp_error: MetricsRkpError) { - let rkp_error_stats = KeystoreAtomPayload::RkpErrorStats(RkpErrorStats { rkpError: rkp_error }); +pub fn log_rkp_error_stats(rkp_error: MetricsRkpError, sec_level: &SecurityLevel) { + let rkp_error_stats = KeystoreAtomPayload::RkpErrorStats( + RkpErrorStats { rkpError: rkp_error, security_level: process_security_level(*sec_level) }); METRICS_STORE.insert_atom(AtomID::RKP_ERROR_STATS, rkp_error_stats); } diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs index b47b3731..ea2698f0 100644 --- a/keystore2/src/remote_provisioning.rs +++ b/keystore2/src/remote_provisioning.rs @@ -159,7 +159,8 @@ impl RemProvState { if self.is_rkp_only() { return Err(e); } - log_rkp_error_stats(MetricsRkpError::FALL_BACK_DURING_HYBRID); + log_rkp_error_stats(MetricsRkpError::FALL_BACK_DURING_HYBRID, + &self.security_level); Ok(None) } Ok(v) => match v { |