commit 6d18cb5a91cda756cedac4a8e5e0710b9ab9f07b
author David Drysdale <drysdale@google.com> Wed Jun 26 13:05:31 2024 +0000
committer David Drysdale <drysdale@google.com> Wed Jun 26 13:10:19 2024 +0000
tree 7710a520ebcf333628527d1d47e40733ca5aa0c7
parent 3fc63baaeada6fd69e2326b5841adc2b67f091bb

Revert "Update the security logs for better understanding"

This reverts commit 9a587a2b5dd42f3a63889ef6b239abbe1f2b9fb2.

Reason for revert: APPLICATION_ID displayed in logs

Change-Id: I8a2debf0685be3188a72fe9b828371ddbce3dfca

keystore2/src/security_level.rs

diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index b4c5ac9..4a8c418 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -34,8 +34,7 @@
 use crate::utils::{
     check_device_attestation_permissions, check_key_permission,
     check_unique_id_attestation_permissions, is_device_id_attestation_tag,
-    key_characteristics_to_internal, log_security_safe_params, uid_to_android_user, watchdog as wd,
-    UNDEFINED_NOT_AFTER,
+    key_characteristics_to_internal, uid_to_android_user, watchdog as wd, UNDEFINED_NOT_AFTER,
 };
 use crate::{
     database::{
@@ -517,7 +516,6 @@
         flags: i32,
         _entropy: &[u8],
     ) -> Result<KeyMetadata> {
-        log::info!("security_level: generate_key(key={:?})", key.alias);
         if key.domain != Domain::BLOB && key.alias.is_none() {
             return Err(error::Error::Km(ErrorCode::INVALID_ARGUMENT))
                 .context(ks_err!("Alias must be specified"));
@@ -587,11 +585,7 @@
                         })
                     },
                 )
-                .context(ks_err!(
-                    "While generating with a user-generated \
-                     attestation key, params: {:?}.",
-                    log_security_safe_params(&params)
-                ))
+                .context(ks_err!("Using user generated attestation key."))
                 .map(|(result, _)| result),
             Some(AttestationKeyInfo::RkpdProvisioned { attestation_key, attestation_certs }) => {
                 self.upgrade_rkpd_keyblob_if_required_with(&attestation_key.keyBlob, &[], |blob| {
@@ -611,12 +605,7 @@
                         self.keymint.generateKey(&params, dynamic_attest_key.as_ref())
                     })
                 })
-                .context(ks_err!(
-                    "While generating Key {:?} with remote \
-                    provisioned attestation key and params: {:?}.",
-                    key.alias,
-                    log_security_safe_params(&params)
-                ))
+                .context(ks_err!("While generating Key with remote provisioned attestation key."))
                 .map(|(mut result, _)| {
                     result.certificateChain.push(attestation_certs);
                     result
@@ -632,11 +621,7 @@
                 );
                 self.keymint.generateKey(&params, None)
             })
-            .context(ks_err!(
-                "While generating without a provided \
-                attestation key and params: {:?}.",
-                log_security_safe_params(&params)
-            )),
+            .context(ks_err!("While generating Key without explicit attestation key.")),
         }
         .context(ks_err!())?;
 
@@ -921,10 +906,7 @@
                 }
             },
         )
-        .context(ks_err!(
-            "upgrade_rkpd_keyblob_if_required_with(params={:?})",
-            log_security_safe_params(params)
-        ))
+        .context(ks_err!())
     }
 
     fn convert_storage_key_to_ephemeral(