Add cred mng app metrics to DPMS

    private static final String CALLED_FROM_PARENT = "calledFromParent";

    private static final String NOT_CALLED_FROM_PARENT = "notCalledFromParent";

    private static final String CREDENTIAL_MANAGEMENT_APP = "credentialManagementApp";

    private static final String NOT_CREDENTIAL_MANAGEMENT_APP = "notCredentialManagementApp";

    // Comprehensive list of delegations.

    private static final String DELEGATIONS[] = {

        DELEGATION_CERT_INSTALL,

            byte[] cert, byte[] chain, String alias, boolean requestAccess,

            boolean isUserSelectable) {

        final CallerIdentity caller = getCallerIdentity(who, callerPackage);

        final boolean isCallerDelegate = isCallerDelegate(caller, DELEGATION_CERT_INSTALL);

        final boolean isCredentialManagementApp =

                isCredentialManagementApp(caller, alias, isUserSelectable);

        Preconditions.checkCallAuthorization((caller.hasAdminComponent()

                && (isProfileOwner(caller) || isDeviceOwner(caller)))

                || (caller.hasPackage() && (isCallerDelegate(caller, DELEGATION_CERT_INSTALL)

                || isCredentialManagementApp(caller, alias, isUserSelectable))));

                || (caller.hasPackage() && (isCallerDelegate || isCredentialManagementApp)));

        final long id = mInjector.binderClearCallingIdentity();

        try {

            try {

                IKeyChainService keyChain = keyChainConnection.getService();

                if (!keyChain.installKeyPair(privKey, cert, chain, alias, KeyStore.UID_SELF)) {

                    logInstallKeyPairFailure(caller, isCredentialManagementApp);

                    return false;

                }

                if (requestAccess) {

                DevicePolicyEventLogger

                        .createEvent(DevicePolicyEnums.INSTALL_KEY_PAIR)

                        .setAdmin(caller.getPackageName())

                        .setBoolean(/* isDelegate */ who == null)

                        .setBoolean(/* isDelegate */ isCallerDelegate)

                        .setStrings(isCredentialManagementApp

                                ? CREDENTIAL_MANAGEMENT_APP : NOT_CREDENTIAL_MANAGEMENT_APP)

                        .write();

                return true;

            } catch (RemoteException e) {

        } finally {

            mInjector.binderRestoreCallingIdentity(id);

        }

        logInstallKeyPairFailure(caller, isCredentialManagementApp);

        return false;

    }

    private void logInstallKeyPairFailure(CallerIdentity caller,

            boolean isCredentialManagementApp) {

        if (!isCredentialManagementApp) {

            return;

        }

        DevicePolicyEventLogger

                .createEvent(DevicePolicyEnums.CREDENTIAL_MANAGEMENT_APP_INSTALL_KEY_PAIR_FAILED)

                .setStrings(caller.getPackageName())

                .write();

    }

    @Override

    public boolean removeKeyPair(ComponentName who, String callerPackage, String alias) {

        final CallerIdentity caller = getCallerIdentity(who, callerPackage);

        final boolean isCallerDelegate = isCallerDelegate(caller, DELEGATION_CERT_INSTALL);

        final boolean isCredentialManagementApp = isCredentialManagementApp(caller, alias);

        Preconditions.checkCallAuthorization((caller.hasAdminComponent()

                && (isProfileOwner(caller) || isDeviceOwner(caller)))

                || (caller.hasPackage() && (isCallerDelegate(caller, DELEGATION_CERT_INSTALL)

                || isCredentialManagementApp(caller, alias))));

                || (caller.hasPackage() && (isCallerDelegate || isCredentialManagementApp)));

        final long id = Binder.clearCallingIdentity();

        try {

                DevicePolicyEventLogger

                        .createEvent(DevicePolicyEnums.REMOVE_KEY_PAIR)

                        .setAdmin(caller.getPackageName())

                        .setBoolean(/* isDelegate */ who == null)

                        .setBoolean(/* isDelegate */ isCallerDelegate)

                        .setStrings(isCredentialManagementApp

                                ? CREDENTIAL_MANAGEMENT_APP : NOT_CREDENTIAL_MANAGEMENT_APP)

                        .write();

                return keyChain.removeKeyPair(alias);

            } catch (RemoteException e) {

                "Requested Device ID attestation but challenge is empty");

        final CallerIdentity caller = getCallerIdentity(who, callerPackage);

        final boolean isCallerDelegate = isCallerDelegate(caller, DELEGATION_CERT_INSTALL);

        final boolean isCredentialManagementApp = isCredentialManagementApp(caller, alias);

        if (deviceIdAttestationRequired && attestationUtilsFlags.length > 0) {

            // TODO: replace enforce methods

            enforceCallerCanRequestDeviceIdAttestation(caller);

        } else {

            Preconditions.checkCallAuthorization((caller.hasAdminComponent()

                    && (isProfileOwner(caller) || isDeviceOwner(caller)))

                    || (caller.hasPackage() && (isCallerDelegate(caller, DELEGATION_CERT_INSTALL)

                    || isCredentialManagementApp(caller, alias))));

                    || (caller.hasPackage() && (isCallerDelegate || isCredentialManagementApp)));

        }

        // As the caller will be granted access to the key, ensure no UID was specified, as

        // it will not have the desired effect.

        if (keySpec.getUid() != KeyStore.UID_SELF) {

            Log.e(LOG_TAG, "Only the caller can be granted access to the generated keypair.");

            logGenerateKeyPairFailure(caller, isCredentialManagementApp);

            return false;

        }

                                    DevicePolicyManager.KEY_GEN_STRONGBOX_UNAVAILABLE,

                                    String.format("KeyChain error: %d", generationResult));

                        default:

                            logGenerateKeyPairFailure(caller, isCredentialManagementApp);

                            return false;

                    }

                }

                            throw new UnsupportedOperationException(

                                    "Device does not support Device ID attestation.");

                        }

                        logGenerateKeyPairFailure(caller, isCredentialManagementApp);

                        return false;

                    }

                }

                DevicePolicyEventLogger

                        .createEvent(DevicePolicyEnums.GENERATE_KEY_PAIR)

                        .setAdmin(caller.getPackageName())

                        .setBoolean(/* isDelegate */ who == null)

                        .setBoolean(/* isDelegate */ isCallerDelegate)

                        .setInt(idAttestationFlags)

                        .setStrings(algorithm)

                        .setStrings(algorithm, isCredentialManagementApp

                                ? CREDENTIAL_MANAGEMENT_APP : NOT_CREDENTIAL_MANAGEMENT_APP)

                        .write();

                return true;

            }

        } finally {

            mInjector.binderRestoreCallingIdentity(id);

        }

        logGenerateKeyPairFailure(caller, isCredentialManagementApp);

        return false;

    }

    private void logGenerateKeyPairFailure(CallerIdentity caller,

            boolean isCredentialManagementApp) {

        if (!isCredentialManagementApp) {

            return;

        }

        DevicePolicyEventLogger

                .createEvent(DevicePolicyEnums.CREDENTIAL_MANAGEMENT_APP_GENERATE_KEY_PAIR_FAILED)

                .setStrings(caller.getPackageName())

                .write();

    }

    private void enforceIndividualAttestationSupportedIfRequested(int[] attestationUtilsFlags) {

        for (int attestationFlag : attestationUtilsFlags) {

            if (attestationFlag == USE_INDIVIDUAL_ATTESTATION

    public boolean setKeyPairCertificate(ComponentName who, String callerPackage, String alias,

            byte[] cert, byte[] chain, boolean isUserSelectable) {

        final CallerIdentity caller = getCallerIdentity(who, callerPackage);

        final boolean isCallerDelegate = isCallerDelegate(caller, DELEGATION_CERT_INSTALL);

        final boolean isCredentialManagementApp = isCredentialManagementApp(caller, alias);

        Preconditions.checkCallAuthorization((caller.hasAdminComponent()

                && (isProfileOwner(caller) || isDeviceOwner(caller)))

                || (caller.hasPackage() && (isCallerDelegate(caller, DELEGATION_CERT_INSTALL)

                || isCredentialManagementApp(caller, alias))));

                || (caller.hasPackage() && (isCallerDelegate || isCredentialManagementApp)));

        final long id = mInjector.binderClearCallingIdentity();

        try (final KeyChainConnection keyChainConnection =

            DevicePolicyEventLogger

                    .createEvent(DevicePolicyEnums.SET_KEY_PAIR_CERTIFICATE)

                    .setAdmin(caller.getPackageName())

                    .setBoolean(/* isDelegate */ who == null)

                    .setBoolean(/* isDelegate */ isCallerDelegate)

                    .setStrings(isCredentialManagementApp

                            ? CREDENTIAL_MANAGEMENT_APP : NOT_CREDENTIAL_MANAGEMENT_APP)

                    .write();

            return true;

        } catch (InterruptedException e) {