diff options
| author | Markus Vill <vill@google.com> | 2024-01-31 15:57:04 +0100 |
|---|---|---|
| committer | Markus Vill <vill@google.com> | 2024-03-07 16:56:22 +0000 |
| commit | fdf431762f605367a2434653d3650f4862763de2 (patch) | |
| tree | 9d9fbcf4362d0ea084988f12cc92b2fb9abf345f | |
| parent | 90eadc655f26e61d977019c77ee2be27c11b67a2 (diff) | |
| download | security-fdf431762f605367a2434653d3650f4862763de2.tar.gz | |
Migrate structured logging for audit logging to the Rust macro.
This uses the new macro for structured logging that simplifies the usage
of structured logging.
Bug: 290589708
Test: Run keystore client and checked the log
Change-Id: I4d941d8b03c09d0541cf1159c38f4eba60e07292
| -rw-r--r-- | keystore2/Android.bp | 2 | ||||
| -rw-r--r-- | keystore2/src/audit_log.rs | 37 |
2 files changed, 14 insertions, 25 deletions
diff --git a/keystore2/Android.bp b/keystore2/Android.bp index 7cb7c37a..ed9cd880 100644 --- a/keystore2/Android.bp +++ b/keystore2/Android.bp @@ -28,6 +28,7 @@ rust_defaults { defaults: [ "keymint_use_latest_hal_aidl_rust", "keystore2_use_latest_aidl_rust", + "structured_log_rust_defaults", ], rustlibs: [ @@ -54,7 +55,6 @@ rust_defaults { "libkeystore2_selinux", "liblazy_static", "liblibc", - "liblog_event_list", "liblog_rust", "libmessage_macro", "librand", diff --git a/keystore2/src/audit_log.rs b/keystore2/src/audit_log.rs index 0e5dfeb6..8d9735e2 100644 --- a/keystore2/src/audit_log.rs +++ b/keystore2/src/audit_log.rs @@ -20,7 +20,7 @@ use android_system_keystore2::aidl::android::system::keystore2::{ Domain::Domain, KeyDescriptor::KeyDescriptor, }; use libc::uid_t; -use log_event_list::{LogContext, LogContextError, LogIdSecurity}; +use structured_log::{structured_log, LOG_ID_SECURITY}; const TAG_KEY_GENERATED: u32 = 210024; const TAG_KEY_IMPORTED: u32 = 210025; @@ -58,30 +58,19 @@ pub fn log_key_deleted(key: &KeyDescriptor, calling_app: uid_t, success: bool) { /// Logs key integrity violation to NIAP audit log. pub fn log_key_integrity_violation(key: &KeyDescriptor) { - with_log_context(TAG_KEY_INTEGRITY_VIOLATION, |ctx| { - let owner = key_owner(key.domain, key.nspace, key.nspace as i32); - ctx.append_str(key.alias.as_ref().map_or("none", String::as_str))?.append_i32(owner) - }) + let owner = key_owner(key.domain, key.nspace, key.nspace as i32); + let alias = String::from(key.alias.as_ref().map_or("none", String::as_str)); + LOGS_HANDLER.queue_lo(move |_| { + let _result = + structured_log!(log_id: LOG_ID_SECURITY, TAG_KEY_INTEGRITY_VIOLATION, alias, owner); + }); } fn log_key_event(tag: u32, key: &KeyDescriptor, calling_app: uid_t, success: bool) { - with_log_context(tag, |ctx| { - let owner = key_owner(key.domain, key.nspace, calling_app as i32); - ctx.append_i32(i32::from(success))? - .append_str(key.alias.as_ref().map_or("none", String::as_str))? - .append_i32(owner) - }) -} - -fn with_log_context<F>(tag: u32, f: F) -where - F: Fn(LogContext) -> Result<LogContext, LogContextError>, -{ - if let Some(ctx) = LogContext::new(LogIdSecurity, tag) { - if let Ok(event) = f(ctx) { - LOGS_HANDLER.queue_lo(move |_| { - let _result = event.write(); - }); - } - } + let owner = key_owner(key.domain, key.nspace, calling_app as i32); + let alias = String::from(key.alias.as_ref().map_or("none", String::as_str)); + LOGS_HANDLER.queue_lo(move |_| { + let _result = + structured_log!(log_id: LOG_ID_SECURITY, tag, i32::from(success), alias, owner); + }); } |