Log SecurityLevel with RkpErrorStats.
Bug: 230750270
Test: Local testing with statsd TestDrive script
Merged-In: I8490e31df4a111ff6787ea67dd8a170b410566df
Change-Id: I8490e31df4a111ff6787ea67dd8a170b410566df
diff --git a/keystore2/aidl/android/security/metrics/RkpErrorStats.aidl b/keystore2/aidl/android/security/metrics/RkpErrorStats.aidl
index 616d129..dcd5122 100644
--- a/keystore2/aidl/android/security/metrics/RkpErrorStats.aidl
+++ b/keystore2/aidl/android/security/metrics/RkpErrorStats.aidl
@@ -17,6 +17,7 @@
package android.security.metrics;
import android.security.metrics.RkpError;
+import android.security.metrics.SecurityLevel;
/**
* Atom that encapsulates error information in remote key provisioning events.
* @hide
@@ -24,4 +25,5 @@
@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true)
parcelable RkpErrorStats {
RkpError rkpError;
+ SecurityLevel security_level;
}
\ No newline at end of file
diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs
index 7713618..6b74e3c 100644
--- a/keystore2/src/database.rs
+++ b/keystore2/src/database.rs
@@ -46,6 +46,7 @@
mod versioning;
use crate::gc::Gc;
+use crate::globals::get_keymint_dev_by_uuid;
use crate::impl_metadata; // This is in db_utils.rs
use crate::key_parameter::{KeyParameter, Tag};
use crate::metrics_store::log_rkp_error_stats;
@@ -1863,7 +1864,9 @@
)
.context("Failed to assign attestation key")?;
if result == 0 {
- log_rkp_error_stats(MetricsRkpError::OUT_OF_KEYS);
+ let (_, hw_info) = get_keymint_dev_by_uuid(km_uuid)
+ .context("Error in retrieving keymint device by UUID.")?;
+ log_rkp_error_stats(MetricsRkpError::OUT_OF_KEYS, &hw_info.securityLevel);
return Err(KsError::Rc(ResponseCode::OUT_OF_KEYS)).context("Out of keys.");
} else if result > 1 {
return Err(KsError::sys())
diff --git a/keystore2/src/metrics_store.rs b/keystore2/src/metrics_store.rs
index b6f1343..5e88052 100644
--- a/keystore2/src/metrics_store.rs
+++ b/keystore2/src/metrics_store.rs
@@ -599,8 +599,11 @@
}
/// Log error events related to Remote Key Provisioning (RKP).
-pub fn log_rkp_error_stats(rkp_error: MetricsRkpError) {
- let rkp_error_stats = KeystoreAtomPayload::RkpErrorStats(RkpErrorStats { rkpError: rkp_error });
+pub fn log_rkp_error_stats(rkp_error: MetricsRkpError, sec_level: &SecurityLevel) {
+ let rkp_error_stats = KeystoreAtomPayload::RkpErrorStats(RkpErrorStats {
+ rkpError: rkp_error,
+ security_level: process_security_level(*sec_level),
+ });
METRICS_STORE.insert_atom(AtomID::RKP_ERROR_STATS, rkp_error_stats);
}
diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs
index b47b373..8ed2be4 100644
--- a/keystore2/src/remote_provisioning.rs
+++ b/keystore2/src/remote_provisioning.rs
@@ -159,7 +159,10 @@
if self.is_rkp_only() {
return Err(e);
}
- log_rkp_error_stats(MetricsRkpError::FALL_BACK_DURING_HYBRID);
+ log_rkp_error_stats(
+ MetricsRkpError::FALL_BACK_DURING_HYBRID,
+ &self.security_level,
+ );
Ok(None)
}
Ok(v) => match v {