2 files changed, 74 insertions, 0 deletions
diff --git a/cmds/statsd/src/atoms.proto b/cmds/statsd/src/atoms.proto
index d05ac189c834..974b71f99bc0 100644
--- a/cmds/statsd/src/atoms.proto
+++ b/cmds/statsd/src/atoms.proto
@@ -341,6 +341,8 @@ message Atom {
         NotificationReported notification_reported = 244;
         NotificationPanelReported notification_panel_reported = 245;
         NotificationChannelModified notification_panel_modified = 246;
+        IntegrityCheckResultReported integrity_check_result_reported = 247;
+        IntegrityRulesPushed integrity_rules_pushed = 248;
     }
 
     // Pulled events will start at field 10000.
@@ -8069,3 +8071,43 @@ message UserspaceRebootReported {
     // State of primary user's encryption storage at the moment boot completed. Always set.
     optional UserEncryptionState user_encryption_state = 3;
 }
+
+/*
+ * Logs integrity check information during each install.
+ *
+ * Logged from:
+ *   frameworks/base/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java
+ */
+message IntegrityCheckResultReported {
+    optional string package_name = 1;
+    optional string app_certificate_hash = 2;
+    optional int32 version_code = 3;
+    optional string installer_package_name = 4;
+    enum Response {
+        UNKNOWN = 0;
+        ALLOWED = 1;
+        REJECTED = 2;
+        FORCE_ALLOWED = 3;
+    }
+    optional Response response = 5;
+    // An estimate on the cause of the response. This will only be populated for
+    // REJECTED and FORCE_ALLOWED
+    optional bool caused_by_app_cert_rule = 6;
+    optional bool caused_by_installer_rule = 7;
+}
+
+/**
+ * Logs the information about the rules and the provider whenever rules are
+ * pushed into AppIntegrityManager.
+ *
+ * Logged from:
+ *   frameworks/base/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java
+ */
+message IntegrityRulesPushed {
+    optional bool success = 1;
+    // Package name of the app that pushed the rules.
+    optional string rule_provider = 2;
+    // Version string of arbitrary format provided by the rule provider to
+    // identify the rules.
+    optional string rule_version = 3;
+}
diff --git a/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java b/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java
index 2926ec94417f..2bdb33c06778 100644
--- a/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java
+++ b/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java
@@ -49,6 +49,7 @@ import android.os.Handler;
 import android.os.HandlerThread;
 import android.os.RemoteException;
 import android.util.Slog;
+import android.util.StatsLog;
 
 import com.android.internal.R;
 import com.android.internal.annotations.VisibleForTesting;
@@ -161,6 +162,8 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub {
                         success = false;
                     }
 
+                    StatsLog.write(StatsLog.INTEGRITY_RULES_PUSHED, success, ruleProvider, version);
+
                     Intent intent = new Intent();
                     intent.putExtra(EXTRA_STATUS, success ? STATUS_SUCCESS : STATUS_FAILURE);
                     try {
@@ -258,6 +261,15 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub {
                             + result.getEffect()
                             + " due to "
                             + result.getRule());
+            StatsLog.write(
+                    StatsLog.INTEGRITY_CHECK_RESULT_REPORTED,
+                    packageName,
+                    appCert,
+                    appInstallMetadata.getVersionCode(),
+                    installerPackageName,
+                    getLoggingResponse(result),
+                    isCausedByAppCertRule(result),
+                    isCausedByInstallerRule(result));
             mPackageManagerInternal.setIntegrityVerificationResult(
                     verificationId,
                     result.getEffect() == IntegrityCheckResult.Effect.ALLOW
@@ -570,6 +582,26 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub {
         }
     }
 
+    private static int getLoggingResponse(IntegrityCheckResult result) {
+        if (result.getEffect() == IntegrityCheckResult.Effect.DENY) {
+            return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__REJECTED;
+        } else if (result.getRule() != null) {
+            return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__FORCE_ALLOWED;
+        } else {
+            return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__ALLOWED;
+        }
+    }
+
+    private static boolean isCausedByAppCertRule(IntegrityCheckResult result) {
+        // TODO(b/147095027): implement this.
+        return true;
+    }
+
+    private static boolean isCausedByInstallerRule(IntegrityCheckResult result) {
+        // TODO(b/147095027): implement this.
+        return true;
+    }
+
     private List<String> getAllowedRuleProviders() {
         return Arrays.asList(mContext.getResources().getStringArray(
                 R.array.config_integrityRuleProviderPackages));