tequilaOS/platform_system_security
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Log keystore key attestation events using statsd.

Browse source 
This is the third CL on sending keystore logging to statsd.
This creates the logs for key attestation events.
Test: Adding tests for logging is yet to be decided.
Bug: 157664923
Merged-In: I412ac59fd6bb2dbcb380f8579740d02ce2fd8790
Change-Id: I16cac8c4ee950adc330659dcb648052e8b2b41a2
This commit is contained in:
Hasini Gunasinghe 2020-06-23 17:17:47 +00:00
parent 54c295ccab
commit 8c8c2d4676
4 changed files with 67 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
keystore/Android.bp
View file

@ -36,6 +36,7 @@ cc_binary {
"grant_store.cpp", "grant_store.cpp",
"key_creation_log_handler.cpp", "key_creation_log_handler.cpp",
"key_operation_log_handler.cpp", "key_operation_log_handler.cpp",
"key_attestation_log_handler.cpp",
"key_store_service.cpp", "key_store_service.cpp",
"keyblob_utils.cpp", "keyblob_utils.cpp",
"keymaster_enforcement.cpp", "keymaster_enforcement.cpp",

25
keystore/key_attestation_log_handler.cpp Normal file
View file

@ -0,0 +1,25 @@
/*
* Copyright (C) 2018 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <statslog.h>
namespace keystore {
void logKeystoreKeyAttestationEvent(bool wasSuccessful, int32_t errorCode) {
android::util::stats_write(android::util::KEYSTORE_KEY_EVENT_REPORTED,
android::util::KEYSTORE_KEY_EVENT_REPORTED__TYPE__KEY_ATTESTATION,
wasSuccessful, errorCode);
}
} // namespace keystore

26
keystore/key_attestation_log_handler.h Normal file
View file

@ -0,0 +1,26 @@
/*
* Copyright (C) 2018 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef _KEY_ATTESTATION_LOG_HANDLER_H_
#define _KEY_ATTESTATION_LOG_HANDLER_H_
namespace keystore {
void logKeystoreKeyAttestationEvent(bool wasSuccessful, int32_t errorCode);
}
#endif //_KEY_ATTESTATION_LOG_HANDLER_H_

18
keystore/key_store_service.cpp
View file

@ -41,6 +41,7 @@
#include <keymasterV4_0/keymaster_utils.h> #include <keymasterV4_0/keymaster_utils.h>
#include "defaults.h" #include "defaults.h"
#include "key_attestation_log_handler.h"
#include "keystore_keymaster_enforcement.h" #include "keystore_keymaster_enforcement.h"
#include "keystore_utils.h" #include "keystore_utils.h"
#include <keystore/keystore_attestation_id.h> #include <keystore/keystore_attestation_id.h>
@ -1117,6 +1118,10 @@ Status KeyStoreService::attestKey(
AuthorizationSet mutableParams = params.getParameters(); AuthorizationSet mutableParams = params.getParameters();
KeyStoreServiceReturnCode rc = updateParamsForAttestation(callingUid, &mutableParams); KeyStoreServiceReturnCode rc = updateParamsForAttestation(callingUid, &mutableParams);
auto logErrorOnReturn = android::base::make_scope_guard(
[&] { logKeystoreKeyAttestationEvent(false /*wasSuccessful*/, rc.getErrorCode()); });
if (!rc.isOk()) { if (!rc.isOk()) {
return AIDL_RETURN(rc); return AIDL_RETURN(rc);
} }
@ -1133,6 +1138,8 @@ Status KeyStoreService::attestKey(
return AIDL_RETURN(rc); return AIDL_RETURN(rc);
} }
logErrorOnReturn.Disable();
auto dev = mKeyStore->getDevice(keyBlob); auto dev = mKeyStore->getDevice(keyBlob);
auto hidlKey = blob2hidlVec(keyBlob); auto hidlKey = blob2hidlVec(keyBlob);
dev->attestKey( dev->attestKey(
@ -1141,13 +1148,18 @@ Status KeyStoreService::attestKey(
std::tuple<ErrorCode, hidl_vec<hidl_vec<uint8_t>>>&& hidlResult) { std::tuple<ErrorCode, hidl_vec<hidl_vec<uint8_t>>>&& hidlResult) {
auto& [ret, certChain] = hidlResult; auto& [ret, certChain] = hidlResult;
if (!rc.isOk()) { if (!rc.isOk()) {
logKeystoreKeyAttestationEvent(false /*wasSuccessful*/,
static_cast<int32_t>(ResponseCode::SYSTEM_ERROR));
cb->onFinished(KeyStoreServiceReturnCode(ResponseCode::SYSTEM_ERROR), {}); cb->onFinished(KeyStoreServiceReturnCode(ResponseCode::SYSTEM_ERROR), {});
} else if (ret != ErrorCode::OK) { } else if (ret != ErrorCode::OK) {
KeyStoreServiceReturnCode ksrc(ret);
logKeystoreKeyAttestationEvent(false /*wasSuccessful*/, ksrc.getErrorCode());
dev->logIfKeymasterVendorError(ret); dev->logIfKeymasterVendorError(ret);
cb->onFinished(KeyStoreServiceReturnCode(ret), {}); cb->onFinished(ksrc, {});
} else { } else {
cb->onFinished(KeyStoreServiceReturnCode(ret), KeyStoreServiceReturnCode ksrc(ret);
KeymasterCertificateChain(std::move(certChain))); logKeystoreKeyAttestationEvent(true /*wasSuccessful*/, ksrc.getErrorCode());
cb->onFinished(ksrc, KeymasterCertificateChain(std::move(certChain)));
} }
}); });