Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 06b969a4 authored by Omer Nebil Yaveroglu's avatar Omer Nebil Yaveroglu
Browse files

Add log events to AppIntegrityManagerServiceImpl. 

Eldar approval: http://eldar/assessments/987588008/revisions/1

Test: followed http://go/westworld-local-development and locally verified working
Bug:147095027
Change-Id: I4bf5ca1087923b6f4e5f674fd3056086ac4ae99b
parent 1dfa0895

cmds/statsd/src/atoms.proto

+42 −0
Original line number Diff line number Diff line
@@ -341,6 +341,8 @@ message Atom { 
        NotificationReported notification_reported = 244;

        NotificationPanelReported notification_panel_reported = 245;

        NotificationChannelModified notification_panel_modified = 246;

        IntegrityCheckResultReported integrity_check_result_reported = 247;

        IntegrityRulesPushed integrity_rules_pushed = 248;

    }



    // Pulled events will start at field 10000.
@@ -8069,3 +8071,43 @@ message UserspaceRebootReported { 
    // State of primary user's encryption storage at the moment boot completed. Always set.

    optional UserEncryptionState user_encryption_state = 3;

}



/*

 * Logs integrity check information during each install.

 *

 * Logged from:

 *   frameworks/base/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java

 */

message IntegrityCheckResultReported {

    optional string package_name = 1;

    optional string app_certificate_hash = 2;

    optional int32 version_code = 3;

    optional string installer_package_name = 4;

    enum Response {

        UNKNOWN = 0;

        ALLOWED = 1;

        REJECTED = 2;

        FORCE_ALLOWED = 3;

    }

    optional Response response = 5;

    // An estimate on the cause of the response. This will only be populated for

    // REJECTED and FORCE_ALLOWED

    optional bool caused_by_app_cert_rule = 6;

    optional bool caused_by_installer_rule = 7;

}



/**

 * Logs the information about the rules and the provider whenever rules are

 * pushed into AppIntegrityManager.

 *

 * Logged from:

 *   frameworks/base/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java

 */

message IntegrityRulesPushed {

    optional bool success = 1;

    // Package name of the app that pushed the rules.

    optional string rule_provider = 2;

    // Version string of arbitrary format provided by the rule provider to

    // identify the rules.

    optional string rule_version = 3;

}

services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java

+32 −0
Original line number Diff line number Diff line
@@ -49,6 +49,7 @@ import android.os.Handler; 
import android.os.HandlerThread;

import android.os.RemoteException;

import android.util.Slog;

import android.util.StatsLog;



import com.android.internal.R;

import com.android.internal.annotations.VisibleForTesting;
@@ -161,6 +162,8 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { 
                        success = false;

                    }



                    StatsLog.write(StatsLog.INTEGRITY_RULES_PUSHED, success, ruleProvider, version);



                    Intent intent = new Intent();

                    intent.putExtra(EXTRA_STATUS, success ? STATUS_SUCCESS : STATUS_FAILURE);

                    try {
@@ -258,6 +261,15 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { 
                            + result.getEffect()

                            + " due to "

                            + result.getRule());

            StatsLog.write(

                    StatsLog.INTEGRITY_CHECK_RESULT_REPORTED,

                    packageName,

                    appCert,

                    appInstallMetadata.getVersionCode(),

                    installerPackageName,

                    getLoggingResponse(result),

                    isCausedByAppCertRule(result),

                    isCausedByInstallerRule(result));

            mPackageManagerInternal.setIntegrityVerificationResult(

                    verificationId,

                    result.getEffect() == IntegrityCheckResult.Effect.ALLOW
@@ -570,6 +582,26 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { 
        }

    }



    private static int getLoggingResponse(IntegrityCheckResult result) {

        if (result.getEffect() == IntegrityCheckResult.Effect.DENY) {

            return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__REJECTED;

        } else if (result.getRule() != null) {

            return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__FORCE_ALLOWED;

        } else {

            return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__ALLOWED;

        }

    }



    private static boolean isCausedByAppCertRule(IntegrityCheckResult result) {

        // TODO(b/147095027): implement this.

        return true;

    }



    private static boolean isCausedByInstallerRule(IntegrityCheckResult result) {

        // TODO(b/147095027): implement this.

        return true;

    }



    private List<String> getAllowedRuleProviders() {

        return Arrays.asList(mContext.getResources().getStringArray(

                R.array.config_integrityRuleProviderPackages));