Log keystore key attestation events using statsd.
This is the third CL on sending keystore logging to statsd.
This creates the logs for key attestation events.
Test: Adding tests for logging is yet to be decided.
Bug: 157664923
Merged-In: I412ac59fd6bb2dbcb380f8579740d02ce2fd8790
Change-Id: I16cac8c4ee950adc330659dcb648052e8b2b41a2
diff --git a/keystore/Android.bp b/keystore/Android.bp
index eb0009f..45b721b 100644
--- a/keystore/Android.bp
+++ b/keystore/Android.bp
@@ -36,6 +36,7 @@
"grant_store.cpp",
"key_creation_log_handler.cpp",
"key_operation_log_handler.cpp",
+ "key_attestation_log_handler.cpp",
"key_store_service.cpp",
"keyblob_utils.cpp",
"keymaster_enforcement.cpp",
diff --git a/keystore/key_attestation_log_handler.cpp b/keystore/key_attestation_log_handler.cpp
new file mode 100644
index 0000000..34c76a3
--- /dev/null
+++ b/keystore/key_attestation_log_handler.cpp
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <statslog.h>
+namespace keystore {
+
+void logKeystoreKeyAttestationEvent(bool wasSuccessful, int32_t errorCode) {
+ android::util::stats_write(android::util::KEYSTORE_KEY_EVENT_REPORTED,
+ android::util::KEYSTORE_KEY_EVENT_REPORTED__TYPE__KEY_ATTESTATION,
+ wasSuccessful, errorCode);
+}
+
+} // namespace keystore
\ No newline at end of file
diff --git a/keystore/key_attestation_log_handler.h b/keystore/key_attestation_log_handler.h
new file mode 100644
index 0000000..e69e667
--- /dev/null
+++ b/keystore/key_attestation_log_handler.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _KEY_ATTESTATION_LOG_HANDLER_H_
+#define _KEY_ATTESTATION_LOG_HANDLER_H_
+
+namespace keystore {
+
+void logKeystoreKeyAttestationEvent(bool wasSuccessful, int32_t errorCode);
+
+}
+
+#endif //_KEY_ATTESTATION_LOG_HANDLER_H_
\ No newline at end of file
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 8501cdf..4e5bc48 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -41,6 +41,7 @@
#include <keymasterV4_0/keymaster_utils.h>
#include "defaults.h"
+#include "key_attestation_log_handler.h"
#include "keystore_keymaster_enforcement.h"
#include "keystore_utils.h"
#include <keystore/keystore_attestation_id.h>
@@ -1117,6 +1118,10 @@
AuthorizationSet mutableParams = params.getParameters();
KeyStoreServiceReturnCode rc = updateParamsForAttestation(callingUid, &mutableParams);
+
+ auto logErrorOnReturn = android::base::make_scope_guard(
+ [&] { logKeystoreKeyAttestationEvent(false /*wasSuccessful*/, rc.getErrorCode()); });
+
if (!rc.isOk()) {
return AIDL_RETURN(rc);
}
@@ -1133,6 +1138,8 @@
return AIDL_RETURN(rc);
}
+ logErrorOnReturn.Disable();
+
auto dev = mKeyStore->getDevice(keyBlob);
auto hidlKey = blob2hidlVec(keyBlob);
dev->attestKey(
@@ -1141,13 +1148,18 @@
std::tuple<ErrorCode, hidl_vec<hidl_vec<uint8_t>>>&& hidlResult) {
auto& [ret, certChain] = hidlResult;
if (!rc.isOk()) {
+ logKeystoreKeyAttestationEvent(false /*wasSuccessful*/,
+ static_cast<int32_t>(ResponseCode::SYSTEM_ERROR));
cb->onFinished(KeyStoreServiceReturnCode(ResponseCode::SYSTEM_ERROR), {});
} else if (ret != ErrorCode::OK) {
+ KeyStoreServiceReturnCode ksrc(ret);
+ logKeystoreKeyAttestationEvent(false /*wasSuccessful*/, ksrc.getErrorCode());
dev->logIfKeymasterVendorError(ret);
- cb->onFinished(KeyStoreServiceReturnCode(ret), {});
+ cb->onFinished(ksrc, {});
} else {
- cb->onFinished(KeyStoreServiceReturnCode(ret),
- KeymasterCertificateChain(std::move(certChain)));
+ KeyStoreServiceReturnCode ksrc(ret);
+ logKeystoreKeyAttestationEvent(true /*wasSuccessful*/, ksrc.getErrorCode());
+ cb->onFinished(ksrc, KeymasterCertificateChain(std::move(certChain)));
}
});