blob: e0f87f6ff753162fa8d39fd7aef60e1f6242d940 [file] [log] [blame]
/*
* Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
syntax = "proto2";
package android.os.statsd.rkpd;
import "frameworks/proto_logging/stats/atom_field_options.proto";
import "frameworks/proto_logging/stats/atoms.proto";
option java_package = "com.android.os.rkpd";
option java_multiple_files = true;
extend Atom {
optional RkpdPoolStats rkpd_pool_stats = 664 [(module) = "rkpd"];
optional RkpdClientOperation rkpd_client_operation = 665 [(module) = "rkpd"];
}
/**
* Status of the attestation key pool related to Remote Key Provisioning.
*
* Logged from: packages/modules/RemoteKeyProvisioning
*/
message RkpdPoolStats {
/**
* The name of the IRemotelyProvisionedComponent for which the keys were
* provisioned. There is a small number (~3) of values per device.
*/
optional string remotely_provisioned_component = 1;
/**
* The number of signed attestation certificate chains which are
* expiring.
*/
optional int32 expiring = 2;
/**
* The number of signed attestation certificate chains which have
* not yet been assigned to an app.
*/
optional int32 unassigned = 3;
/**
* The total number of attestation keys.
*/
optional int32 total = 4;
}
/**
* Records an operation from an Remote Key Provisioning Daemon client.
*
* Logged from: packages/modules/RemoteKeyProvisioning
*/
message RkpdClientOperation {
enum Operation {
OPERATION_UNKNOWN = 0;
OPERATION_GET_REGISTRATION = 1;
OPERATION_GET_KEY = 2;
OPERATION_CANCEL_GET_KEY = 3;
OPERATION_STORE_UPGRADED_KEY = 4;
}
enum Result {
RESULT_UNKNOWN = 0;
RESULT_SUCCESS = 1;
RESULT_CANCELED = 2;
RESULT_RKP_UNSUPPORTED = 3;
RESULT_ERROR_INTERNAL = 4;
// results specific to OPERATION_GET_KEY
RESULT_ERROR_REQUIRES_SECURITY_PATCH = 5;
RESULT_ERROR_PENDING_INTERNET_CONNECTIVITY = 6;
RESULT_ERROR_PERMANENT = 7;
// results specific to OPERATION_GET_REGISTRATION
RESULT_ERROR_INVALID_HAL = 8;
// results specific to OPERATION_STORE_UPGRADED_KEY
RESULT_ERROR_KEY_NOT_FOUND = 9;
}
// The name of the remotely provisioned component for whom keys are being
// generated and certified. The string value is determined by the vendor,
// and is fixed for the lifetime of the device. The number of unique string
// values on a given device is determined by how many remotely provisioned
// component HALs are on a given device. Typically, this is 2-3 HALs.
optional string remotely_provisioned_component = 1;
// The client package that is requesting keys. The API is exposed to
// system, so all clients are built-in system applications.
optional int32 client_uid = 2 [(is_uid) = true];
// Which operation the client requested
optional Operation operation = 3;
// The result of the operation
optional Result result = 4;
// Total time the operation took to run
optional int32 operation_time_millis = 5;
}