Merge "Fix encoding of PubKeyEd25519"
diff --git a/keystore2/aidl/android/security/metrics/RkpErrorStats.aidl b/keystore2/aidl/android/security/metrics/RkpErrorStats.aidl
index 616d129..dcd5122 100644
--- a/keystore2/aidl/android/security/metrics/RkpErrorStats.aidl
+++ b/keystore2/aidl/android/security/metrics/RkpErrorStats.aidl
@@ -17,6 +17,7 @@
package android.security.metrics;
import android.security.metrics.RkpError;
+import android.security.metrics.SecurityLevel;
/**
* Atom that encapsulates error information in remote key provisioning events.
* @hide
@@ -24,4 +25,5 @@
@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true)
parcelable RkpErrorStats {
RkpError rkpError;
+ SecurityLevel security_level;
}
\ No newline at end of file
diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs
index 7713618..6b74e3c 100644
--- a/keystore2/src/database.rs
+++ b/keystore2/src/database.rs
@@ -46,6 +46,7 @@
mod versioning;
use crate::gc::Gc;
+use crate::globals::get_keymint_dev_by_uuid;
use crate::impl_metadata; // This is in db_utils.rs
use crate::key_parameter::{KeyParameter, Tag};
use crate::metrics_store::log_rkp_error_stats;
@@ -1863,7 +1864,9 @@
)
.context("Failed to assign attestation key")?;
if result == 0 {
- log_rkp_error_stats(MetricsRkpError::OUT_OF_KEYS);
+ let (_, hw_info) = get_keymint_dev_by_uuid(km_uuid)
+ .context("Error in retrieving keymint device by UUID.")?;
+ log_rkp_error_stats(MetricsRkpError::OUT_OF_KEYS, &hw_info.securityLevel);
return Err(KsError::Rc(ResponseCode::OUT_OF_KEYS)).context("Out of keys.");
} else if result > 1 {
return Err(KsError::sys())
diff --git a/keystore2/src/metrics_store.rs b/keystore2/src/metrics_store.rs
index b6f1343..5e88052 100644
--- a/keystore2/src/metrics_store.rs
+++ b/keystore2/src/metrics_store.rs
@@ -599,8 +599,11 @@
}
/// Log error events related to Remote Key Provisioning (RKP).
-pub fn log_rkp_error_stats(rkp_error: MetricsRkpError) {
- let rkp_error_stats = KeystoreAtomPayload::RkpErrorStats(RkpErrorStats { rkpError: rkp_error });
+pub fn log_rkp_error_stats(rkp_error: MetricsRkpError, sec_level: &SecurityLevel) {
+ let rkp_error_stats = KeystoreAtomPayload::RkpErrorStats(RkpErrorStats {
+ rkpError: rkp_error,
+ security_level: process_security_level(*sec_level),
+ });
METRICS_STORE.insert_atom(AtomID::RKP_ERROR_STATS, rkp_error_stats);
}
diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs
index b47b373..8ed2be4 100644
--- a/keystore2/src/remote_provisioning.rs
+++ b/keystore2/src/remote_provisioning.rs
@@ -159,7 +159,10 @@
if self.is_rkp_only() {
return Err(e);
}
- log_rkp_error_stats(MetricsRkpError::FALL_BACK_DURING_HYBRID);
+ log_rkp_error_stats(
+ MetricsRkpError::FALL_BACK_DURING_HYBRID,
+ &self.security_level,
+ );
Ok(None)
}
Ok(v) => match v {
diff --git a/keystore2/tests/Android.bp b/keystore2/tests/Android.bp
index 21784a1..e5d78e4 100644
--- a/keystore2/tests/Android.bp
+++ b/keystore2/tests/Android.bp
@@ -12,6 +12,15 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "system_security_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["system_security_license"],
+}
+
rust_test {
name: "keystore2_client_tests",
defaults: [