Log keystore key attestation events using statsd.

This is the third CL on sending keystore logging to statsd. This creates the logs for key attestation events. Test: Adding tests for logging is yet to be decided. Bug: 157664923 Merged-In: I412ac59fd6bb2dbcb380f8579740d02ce2fd8790 Change-Id: I16cac8c4ee950adc330659dcb648052e8b2b41a2
2020-06-23 17:17:47 +00:00 · 2020-06-23 17:17:47 +00:00 · 8c8c2d4676
commit 8c8c2d4676
parent 54c295ccab
4 changed files with 67 additions and 3 deletions
--- a/keystore/Android.bp
+++ b/keystore/Android.bp
@ -36,6 +36,7 @@ cc_binary {
        "grant_store.cpp",
        "key_creation_log_handler.cpp",
        "key_operation_log_handler.cpp",
+        "key_attestation_log_handler.cpp",
        "key_store_service.cpp",
        "keyblob_utils.cpp",
        "keymaster_enforcement.cpp",
--- a/keystore/key_attestation_log_handler.cpp
+++ b/keystore/key_attestation_log_handler.cpp
@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <statslog.h>
+namespace keystore {
+
+void logKeystoreKeyAttestationEvent(bool wasSuccessful, int32_t errorCode) {
+    android::util::stats_write(android::util::KEYSTORE_KEY_EVENT_REPORTED,
+                               android::util::KEYSTORE_KEY_EVENT_REPORTED__TYPE__KEY_ATTESTATION,
+                               wasSuccessful, errorCode);
+}
+
+}  // namespace keystore
--- a/keystore/key_attestation_log_handler.h
+++ b/keystore/key_attestation_log_handler.h
@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _KEY_ATTESTATION_LOG_HANDLER_H_
+#define _KEY_ATTESTATION_LOG_HANDLER_H_
+
+namespace keystore {
+
+void logKeystoreKeyAttestationEvent(bool wasSuccessful, int32_t errorCode);
+
+}
+
+#endif  //_KEY_ATTESTATION_LOG_HANDLER_H_
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@ -41,6 +41,7 @@
 #include <keymasterV4_0/keymaster_utils.h>

 #include "defaults.h"
+#include "key_attestation_log_handler.h"
 #include "keystore_keymaster_enforcement.h"
 #include "keystore_utils.h"
 #include <keystore/keystore_attestation_id.h>
@ -1117,6 +1118,10 @@ Status KeyStoreService::attestKey(

    AuthorizationSet mutableParams = params.getParameters();
    KeyStoreServiceReturnCode rc = updateParamsForAttestation(callingUid, &mutableParams);
+
+    auto logErrorOnReturn = android::base::make_scope_guard(
+        [&] { logKeystoreKeyAttestationEvent(false /*wasSuccessful*/, rc.getErrorCode()); });
+
    if (!rc.isOk()) {
        return AIDL_RETURN(rc);
    }
@ -1133,6 +1138,8 @@ Status KeyStoreService::attestKey(
        return AIDL_RETURN(rc);
    }

+    logErrorOnReturn.Disable();
+
    auto dev = mKeyStore->getDevice(keyBlob);
    auto hidlKey = blob2hidlVec(keyBlob);
    dev->attestKey(
@ -1141,13 +1148,18 @@ Status KeyStoreService::attestKey(
                  std::tuple<ErrorCode, hidl_vec<hidl_vec<uint8_t>>>&& hidlResult) {
            auto& [ret, certChain] = hidlResult;
            if (!rc.isOk()) {
+                logKeystoreKeyAttestationEvent(false /*wasSuccessful*/,
+                                               static_cast<int32_t>(ResponseCode::SYSTEM_ERROR));
                cb->onFinished(KeyStoreServiceReturnCode(ResponseCode::SYSTEM_ERROR), {});
            } else if (ret != ErrorCode::OK) {
+                KeyStoreServiceReturnCode ksrc(ret);
+                logKeystoreKeyAttestationEvent(false /*wasSuccessful*/, ksrc.getErrorCode());
                dev->logIfKeymasterVendorError(ret);
-                cb->onFinished(KeyStoreServiceReturnCode(ret), {});
+                cb->onFinished(ksrc, {});
            } else {
-                cb->onFinished(KeyStoreServiceReturnCode(ret),
-                               KeymasterCertificateChain(std::move(certChain)));
+                KeyStoreServiceReturnCode ksrc(ret);
+                logKeystoreKeyAttestationEvent(true /*wasSuccessful*/, ksrc.getErrorCode());
+                cb->onFinished(ksrc, KeymasterCertificateChain(std::move(certChain)));
            }
        });