1/*
2 * Copyright (C) 2023 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17syntax = "proto2";
18
19package android.os.statsd.rkpd;
20
21import "frameworks/proto_logging/stats/atom_field_options.proto";
22import "frameworks/proto_logging/stats/atoms.proto";
23
24option java_package = "com.android.os.rkpd";
25option java_multiple_files = true;
26
27extend Atom {
28  optional RkpdPoolStats rkpd_pool_stats = 664 [(module) = "rkpd"];
29  optional RkpdClientOperation rkpd_client_operation = 665 [(module) = "rkpd"];
30}
31
32/**
33 * Status of the attestation key pool related to Remote Key Provisioning.
34 *
35 * Logged from: packages/modules/RemoteKeyProvisioning
36 */
37message RkpdPoolStats {
38    /**
39     * The name of the IRemotelyProvisionedComponent for which the keys were
40     * provisioned. There is a small number (~3) of values per device.
41     */
42    optional string remotely_provisioned_component = 1;
43
44    /**
45     * The number of signed attestation certificate chains which are
46     * expiring.
47     */
48    optional int32 expiring = 2;
49
50    /**
51     * The number of signed attestation certificate chains which have
52     * not yet been assigned to an app.
53     */
54    optional int32 unassigned = 3;
55
56    /**
57     * The total number of attestation keys.
58     */
59    optional int32 total = 4;
60}
61
62/**
63 * Records an operation from an Remote Key Provisioning Daemon client.
64 *
65 * Logged from: packages/modules/RemoteKeyProvisioning
66 */
67message RkpdClientOperation {
68    enum Operation {
69        OPERATION_UNKNOWN = 0;
70        OPERATION_GET_REGISTRATION = 1;
71        OPERATION_GET_KEY = 2;
72        OPERATION_CANCEL_GET_KEY = 3;
73        OPERATION_STORE_UPGRADED_KEY = 4;
74    }
75
76    enum Result {
77        RESULT_UNKNOWN = 0;
78        RESULT_SUCCESS = 1;
79        RESULT_CANCELED = 2;
80        RESULT_RKP_UNSUPPORTED = 3;
81        RESULT_ERROR_INTERNAL = 4;
82
83        // results specific to OPERATION_GET_KEY
84        RESULT_ERROR_REQUIRES_SECURITY_PATCH = 5;
85        RESULT_ERROR_PENDING_INTERNET_CONNECTIVITY = 6;
86        RESULT_ERROR_PERMANENT = 7;
87
88        // results specific to OPERATION_GET_REGISTRATION
89        RESULT_ERROR_INVALID_HAL = 8;
90
91        // results specific to OPERATION_STORE_UPGRADED_KEY
92        RESULT_ERROR_KEY_NOT_FOUND = 9;
93    }
94
95    // The name of the remotely provisioned component for whom keys are being
96    // generated and certified. The string value is determined by the vendor,
97    // and is fixed for the lifetime of the device. The number of unique string
98    // values on a given device is determined by how many remotely provisioned
99    // component HALs are on a given device. Typically, this is 2-3 HALs.
100    optional string remotely_provisioned_component = 1;
101
102    // The client package that is requesting keys. The API is exposed to
103    // system, so all clients are built-in system applications.
104    optional int32 client_uid = 2 [(is_uid) = true];
105
106    // Which operation the client requested
107    optional Operation operation = 3;
108
109    // The result of the operation
110    optional Result result = 4;
111
112    // Total time the operation took to run
113    optional int32 operation_time_millis = 5;
114}
115
116