Reduce over-severe logging

Reduce the number of error logs that are emitted by Keystore on a normal
start-up:

- StrongBox is optional, so if its hardware type is unavailable, don't
  treat that as an error.
- Helper text for `deleteAllKeys`.
- Swap "unexpected" for domain info.
- Also remove unnecessary `pub` instances.

Test: boot Cuttlefish, watch logcat
Change-Id: I7c2a7a3ad05a5afedf2b3f3cdba1136a38183183
diff --git a/keystore2/src/audit_log.rs b/keystore2/src/audit_log.rs
index 8d9735e..4952b3b 100644
--- a/keystore2/src/audit_log.rs
+++ b/keystore2/src/audit_log.rs
@@ -34,8 +34,8 @@
     match domain {
         Domain::APP => uid,
         Domain::SELINUX => (nspace | FLAG_NAMESPACE) as i32,
-        _ => {
-            log::info!("Not logging audit event for key with unexpected domain");
+        d => {
+            log::info!("Not logging audit event for key with domain {d:?}");
             0
         }
     }
diff --git a/keystore2/src/database/versioning.rs b/keystore2/src/database/versioning.rs
index 2c816f4..bc68f15 100644
--- a/keystore2/src/database/versioning.rs
+++ b/keystore2/src/database/versioning.rs
@@ -15,7 +15,7 @@
 use anyhow::{anyhow, Context, Result};
 use rusqlite::{params, OptionalExtension, Transaction};
 
-pub fn create_or_get_version(tx: &Transaction, current_version: u32) -> Result<u32> {
+fn create_or_get_version(tx: &Transaction, current_version: u32) -> Result<u32> {
     tx.execute(
         "CREATE TABLE IF NOT EXISTS persistent.version (
                 id INTEGER PRIMARY KEY,
@@ -61,7 +61,7 @@
     Ok(version)
 }
 
-pub fn update_version(tx: &Transaction, new_version: u32) -> Result<()> {
+fn update_version(tx: &Transaction, new_version: u32) -> Result<()> {
     let updated = tx
         .execute("UPDATE persistent.version SET version = ? WHERE id = 0;", params![new_version])
         .context("In update_version: Failed to update row.")?;
diff --git a/keystore2/src/maintenance.rs b/keystore2/src/maintenance.rs
index 43d99d1..8cbd9c7 100644
--- a/keystore2/src/maintenance.rs
+++ b/keystore2/src/maintenance.rs
@@ -28,7 +28,7 @@
     check_keystore_permission, uid_to_android_user, watchdog as wd,
 };
 use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
-    IKeyMintDevice::IKeyMintDevice, SecurityLevel::SecurityLevel,
+    ErrorCode::ErrorCode, IKeyMintDevice::IKeyMintDevice, SecurityLevel::SecurityLevel,
 };
 use android_security_maintenance::aidl::android::security::maintenance::IKeystoreMaintenance::{
     BnKeystoreMaintenance, IKeystoreMaintenance,
@@ -164,12 +164,21 @@
                     name,
                     &sec_level_string
                 ),
-                Err(ref e) => log::error!(
-                    "Call to {} failed for security level {}: {}.",
-                    name,
-                    &sec_level_string,
-                    e
-                ),
+                Err(ref e) => {
+                    if *sec_level == SecurityLevel::STRONGBOX
+                        && e.downcast_ref::<Error>()
+                            == Some(&Error::Km(ErrorCode::HARDWARE_TYPE_UNAVAILABLE))
+                    {
+                        log::info!("Call to {} failed for StrongBox as it is not available", name,)
+                    } else {
+                        log::error!(
+                            "Call to {} failed for security level {}: {}.",
+                            name,
+                            &sec_level_string,
+                            e
+                        )
+                    }
+                }
             }
             curr_result
         })
@@ -313,7 +322,7 @@
     }
 
     fn deleteAllKeys(&self) -> BinderResult<()> {
-        log::warn!("deleteAllKeys()");
+        log::warn!("deleteAllKeys() invoked, indicating initial setup or post-factory reset");
         let _wp = wd::watch("IKeystoreMaintenance::deleteAllKeys");
         Self::delete_all_keys().map_err(into_logged_binder)
     }