keystore2: Remove remote provisioning logic
keystore2 will always be using RKPD instead.
Bug: 261214100
Test: m keystore2 keystore2_test
Change-Id: Ibd27a8ae7d502e0fab2f728aa49175d28a6780b0
diff --git a/keystore2/src/metrics_store.rs b/keystore2/src/metrics_store.rs
index 6043612..77cead8 100644
--- a/keystore2/src/metrics_store.rs
+++ b/keystore2/src/metrics_store.rs
@@ -17,12 +17,11 @@
//! stores them in an in-memory store.
//! 2. Returns the collected metrics when requested by the statsd proxy.
-use crate::error::{get_error_code, Error};
+use crate::error::get_error_code;
use crate::globals::DB;
use crate::key_parameter::KeyParameterValue as KsKeyParamValue;
use crate::ks_err;
use crate::operation::Outcome;
-use crate::remote_provisioning::get_pool_status;
use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
Algorithm::Algorithm, BlockMode::BlockMode, Digest::Digest, EcCurve::EcCurve,
HardwareAuthenticatorType::HardwareAuthenticatorType, KeyOrigin::KeyOrigin,
@@ -42,16 +41,13 @@
KeystoreAtom::KeystoreAtom, KeystoreAtomPayload::KeystoreAtomPayload,
Outcome::Outcome as MetricsOutcome, Purpose::Purpose as MetricsPurpose,
RkpError::RkpError as MetricsRkpError, RkpErrorStats::RkpErrorStats,
- RkpPoolStats::RkpPoolStats, SecurityLevel::SecurityLevel as MetricsSecurityLevel,
- Storage::Storage as MetricsStorage,
+ SecurityLevel::SecurityLevel as MetricsSecurityLevel, Storage::Storage as MetricsStorage,
};
-use android_system_keystore2::aidl::android::system::keystore2::ResponseCode::ResponseCode;
use anyhow::{Context, Result};
use lazy_static::lazy_static;
use rustutils::system_properties::PropertyWatcherError;
use std::collections::HashMap;
use std::sync::Mutex;
-use std::time::{Duration, SystemTime, UNIX_EPOCH};
// Note: Crash events are recorded at keystore restarts, based on the assumption that keystore only
// gets restarted after a crash, during a boot cycle.
@@ -95,11 +91,6 @@
return pull_storage_stats();
}
- // Process and return RKP pool stats.
- if AtomID::RKP_POOL_STATS == atom_id {
- return pull_attestation_pool_stats();
- }
-
// Process keystore crash stats.
if AtomID::CRASH_STATS == atom_id {
return Ok(vec![KeystoreAtom {
@@ -560,45 +551,6 @@
Ok(atom_vec)
}
-fn pull_attestation_pool_stats() -> Result<Vec<KeystoreAtom>> {
- let mut atoms = Vec::<KeystoreAtom>::new();
- for sec_level in &[SecurityLevel::TRUSTED_ENVIRONMENT, SecurityLevel::STRONGBOX] {
- // set the expired_by date to be three days from now
- let expired_by = SystemTime::now()
- .checked_add(Duration::from_secs(60 * 60 * 24 * 3))
- .ok_or(Error::Rc(ResponseCode::SYSTEM_ERROR))
- .context(ks_err!("Failed to compute expired by system time."))?
- .duration_since(UNIX_EPOCH)
- .context(ks_err!("Failed to compute expired by duration."))?
- .as_millis() as i64;
-
- let result = get_pool_status(expired_by, *sec_level);
-
- if let Ok(pool_status) = result {
- let rkp_pool_stats = RkpPoolStats {
- security_level: process_security_level(*sec_level),
- expiring: pool_status.expiring,
- unassigned: pool_status.unassigned,
- attested: pool_status.attested,
- total: pool_status.total,
- };
- atoms.push(KeystoreAtom {
- payload: KeystoreAtomPayload::RkpPoolStats(rkp_pool_stats),
- ..Default::default()
- });
- } else {
- log::error!(
- concat!(
- "In pull_attestation_pool_stats: Failed to retrieve pool status",
- " for security level: {:?}"
- ),
- sec_level
- );
- }
- }
- Ok(atoms)
-}
-
/// Log error events related to Remote Key Provisioning (RKP).
pub fn log_rkp_error_stats(rkp_error: MetricsRkpError, sec_level: &SecurityLevel) {
let rkp_error_stats = KeystoreAtomPayload::RkpErrorStats(RkpErrorStats {