Add new auth types to capture bitmask values and unspecified auth types.
When the HardwareAuthenticatorType AIDL enum used in Keystore2 metrics
was defined, an AUTH_TYPE_UNSPECIFIED sentinel value was added and
the enum tag numbers of the other values were incremented by one. This
meant that the enum can't behave as a bitmask like the KeyMint AIDL
enum does. As a result, the metrics enum can't represent the binary OR
of certain pairs of the KeyMint enum's values. So, if such a value
appears in the wild, the metrics enum's sentinel value
(AUTH_TYPE_UNSPECIFIED) is used.
Bug: 385175793
Test: Updated the argument to `user_auth_type` in a test in
`user_auth.rs` to pass in the bitmask of PASSWORD and FINGERPRINT,
ran the test, ran `adb shell dumpsys android.security.maintenance`,
and checked that a row in the `KEYGEN_AUTH` section has `auth=PW_OR_GP`.
Did the same without my fix and instead a row with `auth=UNSPEC`
appears.
Test: Removed all user authentication parameters from a test in
`user_auth.rs`, ran the test, ran `adb shell dumpsys
android.security.maintenance`, and checked that a row in the
`KEYGEN_AUTH` section has `auth=NOAUTH`. Did the same without my fix
and instead a row with `auth=UNSPEC` appears.
Change-Id: I71c5f6822f22e11e5b4e029264c8a472e8d21a01
diff --git a/keystore2/src/metrics_store.rs b/keystore2/src/metrics_store.rs
index fd1f9b5..72bbfe2 100644
--- a/keystore2/src/metrics_store.rs
+++ b/keystore2/src/metrics_store.rs
@@ -205,7 +205,7 @@
};
let mut key_creation_with_auth_info = KeyCreationWithAuthInfo {
- user_auth_type: MetricsHardwareAuthenticatorType::AUTH_TYPE_UNSPECIFIED,
+ user_auth_type: MetricsHardwareAuthenticatorType::NO_AUTH_TYPE,
log10_auth_key_timeout_seconds: -1,
security_level: MetricsSecurityLevel::SECURITY_LEVEL_UNSPECIFIED,
};
@@ -258,6 +258,12 @@
HardwareAuthenticatorType::FINGERPRINT => {
MetricsHardwareAuthenticatorType::FINGERPRINT
}
+ a if a.0
+ == HardwareAuthenticatorType::PASSWORD.0
+ | HardwareAuthenticatorType::FINGERPRINT.0 =>
+ {
+ MetricsHardwareAuthenticatorType::PASSWORD_OR_FINGERPRINT
+ }
HardwareAuthenticatorType::ANY => MetricsHardwareAuthenticatorType::ANY,
_ => MetricsHardwareAuthenticatorType::AUTH_TYPE_UNSPECIFIED,
}
@@ -792,14 +798,14 @@
SECURITY_LEVEL_KEYSTORE => "KEYSTORE",
);
-// Metrics values for HardwareAuthenticatorType are broken -- the AIDL type is a bitmask
-// not an enum, so offseting the enum values by 1 doesn't work.
-impl_summary_enum!(MetricsHardwareAuthenticatorType, 6,
+impl_summary_enum!(MetricsHardwareAuthenticatorType, 8,
AUTH_TYPE_UNSPECIFIED => "UNSPEC",
NONE => "NONE",
PASSWORD => "PASSWD",
FINGERPRINT => "FPRINT",
+ PASSWORD_OR_FINGERPRINT => "PW_OR_FP",
ANY => "ANY",
+ NO_AUTH_TYPE => "NOAUTH",
);
impl_summary_enum!(MetricsPurpose, 7,