Log key import, generation, deletion for NIAP
Bug: 183201685
Test: atest MixedDeviceOwnerTest#testSecurityLoggingWithSingleUser
Change-Id: Ie4271a769c8a8c3241079cd15efed4e3b9e9468b
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index 03514b3..e8760dc 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -32,6 +32,7 @@
};
use crate::attestation_key_utils::{get_attest_key_info, AttestationKeyInfo};
+use crate::audit_log::{log_key_deleted, log_key_generated, log_key_imported};
use crate::database::{CertificateInfo, KeyIdGuard};
use crate::globals::{DB, ENFORCEMENTS, LEGACY_MIGRATOR, SUPER_KEY};
use crate::key_parameter::KeyParameter as KsKeyParam;
@@ -877,6 +878,7 @@
) -> binder::public_api::Result<KeyMetadata> {
let result = self.generate_key(key, attestation_key, params, flags, entropy);
log_key_creation_event_stats(self.security_level, params, &result);
+ log_key_generated(key, ThreadState::get_calling_uid(), result.is_ok());
map_or_log_err(result, Ok)
}
fn importKey(
@@ -889,6 +891,7 @@
) -> binder::public_api::Result<KeyMetadata> {
let result = self.import_key(key, attestation_key, params, flags, key_data);
log_key_creation_event_stats(self.security_level, params, &result);
+ log_key_imported(key, ThreadState::get_calling_uid(), result.is_ok());
map_or_log_err(result, Ok)
}
fn importWrappedKey(
@@ -902,6 +905,7 @@
let result =
self.import_wrapped_key(key, wrapping_key, masking_key, params, authenticators);
log_key_creation_event_stats(self.security_level, params, &result);
+ log_key_imported(key, ThreadState::get_calling_uid(), result.is_ok());
map_or_log_err(result, Ok)
}
fn convertStorageKeyToEphemeral(
@@ -911,6 +915,8 @@
map_or_log_err(self.convert_storage_key_to_ephemeral(storage_key), Ok)
}
fn deleteKey(&self, key: &KeyDescriptor) -> binder::public_api::Result<()> {
- map_or_log_err(self.delete_key(key), Ok)
+ let result = self.delete_key(key);
+ log_key_deleted(key, ThreadState::get_calling_uid(), result.is_ok());
+ map_or_log_err(result, Ok)
}
}