Merge "NIAP: Log cert validation and key integrity failures."
diff --git a/api/current.txt b/api/current.txt
index 63a40e5..f503874 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -6740,6 +6740,7 @@
field public static final int TAG_APP_PROCESS_START = 210005; // 0x33455
field public static final int TAG_CERT_AUTHORITY_INSTALLED = 210029; // 0x3346d
field public static final int TAG_CERT_AUTHORITY_REMOVED = 210030; // 0x3346e
+ field public static final int TAG_CERT_VALIDATION_FAILURE = 210033; // 0x33471
field public static final int TAG_CRYPTO_SELF_TEST_COMPLETED = 210031; // 0x3346f
field public static final int TAG_KEYGUARD_DISABLED_FEATURES_SET = 210021; // 0x33465
field public static final int TAG_KEYGUARD_DISMISSED = 210006; // 0x33456
@@ -6748,6 +6749,7 @@
field public static final int TAG_KEY_DESTRUCTION = 210026; // 0x3346a
field public static final int TAG_KEY_GENERATED = 210024; // 0x33468
field public static final int TAG_KEY_IMPORT = 210025; // 0x33469
+ field public static final int TAG_KEY_INTEGRITY_VIOLATION = 210032; // 0x33470
field public static final int TAG_LOGGING_STARTED = 210011; // 0x3345b
field public static final int TAG_LOGGING_STOPPED = 210012; // 0x3345c
field public static final int TAG_LOG_BUFFER_SIZE_CRITICAL = 210015; // 0x3345f
diff --git a/core/java/android/app/admin/SecurityLog.java b/core/java/android/app/admin/SecurityLog.java
index 202b894..69ec26c 100644
--- a/core/java/android/app/admin/SecurityLog.java
+++ b/core/java/android/app/admin/SecurityLog.java
@@ -78,6 +78,8 @@
TAG_CERT_AUTHORITY_INSTALLED,
TAG_CERT_AUTHORITY_REMOVED,
TAG_CRYPTO_SELF_TEST_COMPLETED,
+ TAG_KEY_INTEGRITY_VIOLATION,
+ TAG_CERT_VALIDATION_FAILURE,
})
public @interface SecurityLogTag {}
@@ -409,6 +411,23 @@
SecurityLogTags.SECURITY_CRYPTO_SELF_TEST_COMPLETED;
/**
+ * Indicates a failed cryptographic key integrity check. The log entry contains the following
+ * information about the event, encapsulated in an {@link Object} array and accessible via
+ * {@link SecurityEvent#getData()}:
+ * <li> [0] alias of the key ({@code String})
+ * <li> [1] owner application uid ({@code Integer}).
+ */
+ public static final int TAG_KEY_INTEGRITY_VIOLATION =
+ SecurityLogTags.SECURITY_KEY_INTEGRITY_VIOLATION;
+
+ /**
+ * Indicates a failure to validate X.509v3 certificate. The log entry contains a {@code String}
+ * payload indicating the failure reason, accessible via {@link SecurityEvent#getData()}.
+ */
+ public static final int TAG_CERT_VALIDATION_FAILURE =
+ SecurityLogTags.SECURITY_CERT_VALIDATION_FAILURE;
+
+ /**
* Event severity level indicating that the event corresponds to normal workflow.
*/
public static final int LEVEL_INFO = 1;
@@ -548,7 +567,10 @@
return getSuccess() ? LEVEL_INFO : LEVEL_WARNING;
case TAG_LOG_BUFFER_SIZE_CRITICAL:
case TAG_WIPE_FAILURE:
+ case TAG_KEY_INTEGRITY_VIOLATION:
return LEVEL_ERROR;
+ case TAG_CERT_VALIDATION_FAILURE:
+ return LEVEL_WARNING;
default:
return LEVEL_INFO;
}
diff --git a/core/java/android/app/admin/SecurityLogTags.logtags b/core/java/android/app/admin/SecurityLogTags.logtags
index b64b7e3..fe2519d 100644
--- a/core/java/android/app/admin/SecurityLogTags.logtags
+++ b/core/java/android/app/admin/SecurityLogTags.logtags
@@ -35,4 +35,6 @@
210028 security_user_restriction_removed (package|3),(admin_user|1),(restriction|3)
210029 security_cert_authority_installed (success|1),(subject|3)
210030 security_cert_authority_removed (success|1),(subject|3)
-210031 security_crypto_self_test_completed (success|1)
\ No newline at end of file
+210031 security_crypto_self_test_completed (success|1)
+210032 security_key_integrity_violation (key_id|3),(uid|1)
+210033 security_cert_validation_failure (reason|3)