Merge "Migrate structured logging for audit logging to the Rust macro." into main am: e2ce4fd642
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2939900 Change-Id: I9d04a8eebe288efe3e4cf0f4bb5772b9fa089f3e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Markus Vill
Automerger Merge Worker
commit
f164d5cfc3
2 changed files with 14 additions and 25 deletions
|
|
@ -28,6 +28,7 @@ rust_defaults {
|
|||
defaults: [
|
||||
"keymint_use_latest_hal_aidl_rust",
|
||||
"keystore2_use_latest_aidl_rust",
|
||||
"structured_log_rust_defaults",
|
||||
],
|
||||
|
||||
rustlibs: [
|
||||
|
|
@ -54,7 +55,6 @@ rust_defaults {
|
|||
"libkeystore2_selinux",
|
||||
"liblazy_static",
|
||||
"liblibc",
|
||||
"liblog_event_list",
|
||||
"liblog_rust",
|
||||
"libmessage_macro",
|
||||
"librand",
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ use android_system_keystore2::aidl::android::system::keystore2::{
|
|||
Domain::Domain, KeyDescriptor::KeyDescriptor,
|
||||
};
|
||||
use libc::uid_t;
|
||||
use log_event_list::{LogContext, LogContextError, LogIdSecurity};
|
||||
use structured_log::{structured_log, LOG_ID_SECURITY};
|
||||
|
||||
const TAG_KEY_GENERATED: u32 = 210024;
|
||||
const TAG_KEY_IMPORTED: u32 = 210025;
|
||||
|
|
@ -58,30 +58,19 @@ pub fn log_key_deleted(key: &KeyDescriptor, calling_app: uid_t, success: bool) {
|
|||
|
||||
/// Logs key integrity violation to NIAP audit log.
|
||||
pub fn log_key_integrity_violation(key: &KeyDescriptor) {
|
||||
with_log_context(TAG_KEY_INTEGRITY_VIOLATION, |ctx| {
|
||||
let owner = key_owner(key.domain, key.nspace, key.nspace as i32);
|
||||
ctx.append_str(key.alias.as_ref().map_or("none", String::as_str))?.append_i32(owner)
|
||||
})
|
||||
let alias = String::from(key.alias.as_ref().map_or("none", String::as_str));
|
||||
LOGS_HANDLER.queue_lo(move |_| {
|
||||
let _result =
|
||||
structured_log!(log_id: LOG_ID_SECURITY, TAG_KEY_INTEGRITY_VIOLATION, alias, owner);
|
||||
});
|
||||
}
|
||||
|
||||
fn log_key_event(tag: u32, key: &KeyDescriptor, calling_app: uid_t, success: bool) {
|
||||
with_log_context(tag, |ctx| {
|
||||
let owner = key_owner(key.domain, key.nspace, calling_app as i32);
|
||||
ctx.append_i32(i32::from(success))?
|
||||
.append_str(key.alias.as_ref().map_or("none", String::as_str))?
|
||||
.append_i32(owner)
|
||||
})
|
||||
}
|
||||
|
||||
fn with_log_context<F>(tag: u32, f: F)
|
||||
where
|
||||
F: Fn(LogContext) -> Result<LogContext, LogContextError>,
|
||||
{
|
||||
if let Some(ctx) = LogContext::new(LogIdSecurity, tag) {
|
||||
if let Ok(event) = f(ctx) {
|
||||
let alias = String::from(key.alias.as_ref().map_or("none", String::as_str));
|
||||
LOGS_HANDLER.queue_lo(move |_| {
|
||||
let _result = event.write();
|
||||
let _result =
|
||||
structured_log!(log_id: LOG_ID_SECURITY, tag, i32::from(success), alias, owner);
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue