3 files changed, 37 insertions, 0 deletions

diff --git a/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java b/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java
index 48dab2f1ada5..5514ec701c15 100644
--- a/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java
+++ b/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java
@@ -214,6 +214,12 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub {
                                         version, ruleProvider));
                     }
 
+                    FrameworkStatsLog.write(
+                            FrameworkStatsLog.INTEGRITY_RULES_PUSHED,
+                            success,
+                            ruleProvider,
+                            version);
+
                     Intent intent = new Intent();
                     intent.putExtra(EXTRA_STATUS, success ? STATUS_SUCCESS : STATUS_FAILURE);
                     try {
@@ -340,6 +346,15 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub {
                                 packageName, result.getEffect(), result.getMatchedRules()));
             }
 
+            FrameworkStatsLog.write(
+                    FrameworkStatsLog.INTEGRITY_CHECK_RESULT_REPORTED,
+                    packageName,
+                    appCertificates.toString(),
+                    appInstallMetadata.getVersionCode(),
+                    installerPackageName,
+                    result.getLoggingResponse(),
+                    result.isCausedByAppCertRule(),
+                    result.isCausedByInstallerRule());
             mPackageManagerInternal.setIntegrityVerificationResult(
                     verificationId,
                     result.getEffect() == IntegrityCheckResult.Effect.ALLOW
diff --git a/services/core/java/com/android/server/integrity/model/IntegrityCheckResult.java b/services/core/java/com/android/server/integrity/model/IntegrityCheckResult.java
index 05186cd706d9..1fa067065e1b 100644
--- a/services/core/java/com/android/server/integrity/model/IntegrityCheckResult.java
+++ b/services/core/java/com/android/server/integrity/model/IntegrityCheckResult.java
@@ -82,6 +82,21 @@ public final class IntegrityCheckResult {
         return new IntegrityCheckResult(Effect.DENY, ruleList);
     }
 
+    /**
+     * Returns the in value of the integrity check result for logging purposes.
+     */
+    public int getLoggingResponse() {
+        if (getEffect() == Effect.DENY) {
+            return FrameworkStatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__REJECTED;
+        } else if (getEffect() == Effect.ALLOW && getMatchedRules().isEmpty()) {
+            return FrameworkStatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__ALLOWED;
+        } else if (getEffect() == Effect.ALLOW && !getMatchedRules().isEmpty()) {
+            return FrameworkStatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__FORCE_ALLOWED;
+        } else {
+            throw new IllegalStateException("IntegrityCheckResult is not valid.");
+        }
+    }
+
     /** Returns true when the {@code mEffect} is caused by an app certificate mismatch. */
     public boolean isCausedByAppCertRule() {
         return mRuleList.stream().anyMatch(rule -> rule.getFormula().isAppCertificateFormula());
diff --git a/services/tests/servicestests/src/com/android/server/integrity/model/IntegrityCheckResultTest.java b/services/tests/servicestests/src/com/android/server/integrity/model/IntegrityCheckResultTest.java
index c39378fd7512..6c23ff6fcb3c 100644
--- a/services/tests/servicestests/src/com/android/server/integrity/model/IntegrityCheckResultTest.java
+++ b/services/tests/servicestests/src/com/android/server/integrity/model/IntegrityCheckResultTest.java
@@ -40,6 +40,8 @@ public class IntegrityCheckResultTest {
 
         assertThat(allowResult.getEffect()).isEqualTo(IntegrityCheckResult.Effect.ALLOW);
         assertThat(allowResult.getMatchedRules()).isEmpty();
+        assertThat(allowResult.getLoggingResponse())
+                .isEqualTo(FrameworkStatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__ALLOWED);
     }
 
     @Test
@@ -56,6 +58,9 @@ public class IntegrityCheckResultTest {
 
         assertThat(allowResult.getEffect()).isEqualTo(IntegrityCheckResult.Effect.ALLOW);
         assertThat(allowResult.getMatchedRules()).containsExactly(forceAllowRule);
+        assertThat(allowResult.getLoggingResponse())
+                .isEqualTo(
+                        FrameworkStatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__FORCE_ALLOWED);
     }
 
     @Test
@@ -72,6 +77,8 @@ public class IntegrityCheckResultTest {
 
         assertThat(denyResult.getEffect()).isEqualTo(IntegrityCheckResult.Effect.DENY);
         assertThat(denyResult.getMatchedRules()).containsExactly(failedRule);
+        assertThat(denyResult.getLoggingResponse())
+                .isEqualTo(FrameworkStatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__REJECTED);
     }
 
     @Test