/* * Copyright (C) 2023 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ syntax = "proto2"; package android.os.statsd.rkpd; import "frameworks/proto_logging/stats/atom_field_options.proto"; import "frameworks/proto_logging/stats/atoms.proto"; option java_package = "com.android.os.rkpd"; option java_multiple_files = true; extend Atom { optional RkpdPoolStats rkpd_pool_stats = 664 [(module) = "rkpd"]; optional RkpdClientOperation rkpd_client_operation = 665 [(module) = "rkpd"]; } /** * Status of the attestation key pool related to Remote Key Provisioning. * * Logged from: packages/modules/RemoteKeyProvisioning */ message RkpdPoolStats { /** * The name of the IRemotelyProvisionedComponent for which the keys were * provisioned. There is a small number (~3) of values per device. */ optional string remotely_provisioned_component = 1; /** * The number of signed attestation certificate chains which are * expiring. */ optional int32 expiring = 2; /** * The number of signed attestation certificate chains which have * not yet been assigned to an app. */ optional int32 unassigned = 3; /** * The total number of attestation keys. */ optional int32 total = 4; } /** * Records an operation from an Remote Key Provisioning Daemon client. * * Logged from: packages/modules/RemoteKeyProvisioning */ message RkpdClientOperation { enum Operation { OPERATION_UNKNOWN = 0; OPERATION_GET_REGISTRATION = 1; OPERATION_GET_KEY = 2; OPERATION_CANCEL_GET_KEY = 3; OPERATION_STORE_UPGRADED_KEY = 4; } enum Result { RESULT_UNKNOWN = 0; RESULT_SUCCESS = 1; RESULT_CANCELED = 2; RESULT_RKP_UNSUPPORTED = 3; RESULT_ERROR_INTERNAL = 4; // results specific to OPERATION_GET_KEY RESULT_ERROR_REQUIRES_SECURITY_PATCH = 5; RESULT_ERROR_PENDING_INTERNET_CONNECTIVITY = 6; RESULT_ERROR_PERMANENT = 7; // results specific to OPERATION_GET_REGISTRATION RESULT_ERROR_INVALID_HAL = 8; // results specific to OPERATION_STORE_UPGRADED_KEY RESULT_ERROR_KEY_NOT_FOUND = 9; } // The name of the remotely provisioned component for whom keys are being // generated and certified. The string value is determined by the vendor, // and is fixed for the lifetime of the device. The number of unique string // values on a given device is determined by how many remotely provisioned // component HALs are on a given device. Typically, this is 2-3 HALs. optional string remotely_provisioned_component = 1; // The client package that is requesting keys. The API is exposed to // system, so all clients are built-in system applications. optional int32 client_uid = 2 [(is_uid) = true]; // Which operation the client requested optional Operation operation = 3; // The result of the operation optional Result result = 4; // Total time the operation took to run optional int32 operation_time_millis = 5; }