Reduce over-severe logging
Reduce the number of error logs that are emitted by Keystore on a normal
start-up:
- StrongBox is optional, so if its hardware type is unavailable, don't
treat that as an error.
- Helper text for `deleteAllKeys`.
- Swap "unexpected" for domain info.
- Also remove unnecessary `pub` instances.
Test: boot Cuttlefish, watch logcat
Change-Id: I7c2a7a3ad05a5afedf2b3f3cdba1136a38183183
diff --git a/keystore2/src/maintenance.rs b/keystore2/src/maintenance.rs
index 43d99d1..8cbd9c7 100644
--- a/keystore2/src/maintenance.rs
+++ b/keystore2/src/maintenance.rs
@@ -28,7 +28,7 @@
check_keystore_permission, uid_to_android_user, watchdog as wd,
};
use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
- IKeyMintDevice::IKeyMintDevice, SecurityLevel::SecurityLevel,
+ ErrorCode::ErrorCode, IKeyMintDevice::IKeyMintDevice, SecurityLevel::SecurityLevel,
};
use android_security_maintenance::aidl::android::security::maintenance::IKeystoreMaintenance::{
BnKeystoreMaintenance, IKeystoreMaintenance,
@@ -164,12 +164,21 @@
name,
&sec_level_string
),
- Err(ref e) => log::error!(
- "Call to {} failed for security level {}: {}.",
- name,
- &sec_level_string,
- e
- ),
+ Err(ref e) => {
+ if *sec_level == SecurityLevel::STRONGBOX
+ && e.downcast_ref::<Error>()
+ == Some(&Error::Km(ErrorCode::HARDWARE_TYPE_UNAVAILABLE))
+ {
+ log::info!("Call to {} failed for StrongBox as it is not available", name,)
+ } else {
+ log::error!(
+ "Call to {} failed for security level {}: {}.",
+ name,
+ &sec_level_string,
+ e
+ )
+ }
+ }
}
curr_result
})
@@ -313,7 +322,7 @@
}
fn deleteAllKeys(&self) -> BinderResult<()> {
- log::warn!("deleteAllKeys()");
+ log::warn!("deleteAllKeys() invoked, indicating initial setup or post-factory reset");
let _wp = wd::watch("IKeystoreMaintenance::deleteAllKeys");
Self::delete_all_keys().map_err(into_logged_binder)
}