Remove keystore and keymint from the images
These have been replaced by diced so are no longer in microdroid. The
removal of keymint also allows for the removal of hwservicemanager.
Bug: 215747811
Test: atest MicrodroidTests
Change-Id: Id390e39558d93f4922481bc214a0c01a3a6c93ef
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index e078108..6f27ce1 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -73,7 +73,6 @@
"apexd",
"debuggerd",
"diced.microdroid",
- "keystore2_microdroid",
"linker",
"linkerconfig",
"servicemanager.microdroid",
@@ -81,15 +80,10 @@
"cgroups.json",
"public.libraries.android.txt",
- // TODO(b/185767624): remove hidl after full keymint support
- "hwservicemanager",
-
"microdroid_plat_sepolicy_and_mapping.sha256",
"microdroid_file_contexts",
- "microdroid_hwservice_contexts",
"microdroid_property_contexts",
"microdroid_service_contexts",
- "microdroid_keystore2_key_contexts",
"microdroid_compatibility_matrix",
"microdroid_manifest",
@@ -179,7 +173,6 @@
use_avb: true,
deps: [
"android.hardware.security.dice-service.microdroid",
- "android.hardware.security.keymint-service.microdroid",
"microdroid_fstab",
"microdroid_precompiled_sepolicy.plat_sepolicy_and_mapping.sha256",
"microdroid_vendor_manifest",
diff --git a/microdroid/init.rc b/microdroid/init.rc
index e76260e..ebe2464 100644
--- a/microdroid/init.rc
+++ b/microdroid/init.rc
@@ -83,9 +83,6 @@
setprop ro.debuggable ${ro.boot.microdroid.debuggable:-0}
- # TODO(b/185767624): remove hidl after full keymint support
- start hwservicemanager
-
on init && property:ro.boot.logd.enabled=1
# Start logd before any other services run to ensure we capture all of their logs.
start logd
@@ -138,21 +135,15 @@
# We restorecon /data in case the userdata partition has been reset.
restorecon /data
- # set up keystore directory structure first so that we can end early boot
+ # set up misc directory structure first so that we can end early boot
# and start apexd
mkdir /data/misc 01771 system misc
- mkdir /data/misc/keystore 0700 keystore keystore
# work around b/183668221
- restorecon /data/misc /data/misc/keystore
-
- start keystore2
+ restorecon /data/misc
mkdir /data/misc/authfs 0700 root root
start authfs_service
-on late-fs
- start vendor.keymint-microdroid
-
on post-fs-data
mark_post_data
@@ -169,12 +160,6 @@
start tombstoned
- # Boot level 30
- # odsign signing keys have MAX_BOOT_LEVEL=30
- # This is currently the earliest boot level, but we start at 30
- # to leave room for earlier levels.
- setprop keystore.boot_level 30
-
# For security reasons, /data/local/tmp should always be empty.
# Do not place files or directories in /data/local/tmp
mkdir /data/local 0751 root root
diff --git a/microdroid/microdroid_compatibility_matrix.xml b/microdroid/microdroid_compatibility_matrix.xml
index dbc12a8..f9088b1 100644
--- a/microdroid/microdroid_compatibility_matrix.xml
+++ b/microdroid/microdroid_compatibility_matrix.xml
@@ -1,11 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<compatibility-matrix version="1.0" type="framework">
- <hal format="aidl" optional="true">
- <name>android.hardware.security.keymint</name>
- <version>1</version>
- <interface>
- <name>IKeyMintDevice</name>
- <instance>default</instance>
- </interface>
- </hal>
+ <!-- empty -->
</compatibility-matrix>
diff --git a/microdroid/microdroid_manifest.xml b/microdroid/microdroid_manifest.xml
index 28a374f..b84ba8f 100644
--- a/microdroid/microdroid_manifest.xml
+++ b/microdroid/microdroid_manifest.xml
@@ -1,24 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<manifest version="1.0" type="framework">
- <!--TODO(b/185767624): remove hidl after full keymint support-->
- <hal format="hidl">
- <name>android.hidl.manager</name>
- <transport>hwbinder</transport>
- <version>1.2</version>
- <interface>
- <name>IServiceManager</name>
- <instance>default</instance>
- </interface>
- <fqname>@1.2::IServiceManager/default</fqname>
- </hal>
- <hal format="hidl">
- <name>android.hidl.token</name>
- <transport>hwbinder</transport>
- <version>1.0</version>
- <interface>
- <name>ITokenManager</name>
- <instance>default</instance>
- </interface>
- <fqname>@1.0::ITokenManager/default</fqname>
- </hal>
+ <!-- empty -->
</manifest>
diff --git a/microdroid/microdroid_vendor_compatibility_matrix.xml b/microdroid/microdroid_vendor_compatibility_matrix.xml
index efa1c98..44735d8 100644
--- a/microdroid/microdroid_vendor_compatibility_matrix.xml
+++ b/microdroid/microdroid_vendor_compatibility_matrix.xml
@@ -1,27 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<compatibility-matrix version="1.0" type="device">
- <hal format="aidl">
- <name>android.system.keystore2</name>
- <interface>
- <name>IKeystoreService</name>
- <instance>default</instance>
- </interface>
- </hal>
- <!--TODO(b/185767624): remove hidl after full keymint support-->
- <hal format="hidl" optional="true">
- <name>android.hidl.manager</name>
- <version>1.0</version>
- <interface>
- <name>IServiceManager</name>
- <instance>default</instance>
- </interface>
- </hal>
- <hal format="hidl" optional="true">
- <name>android.hidl.token</name>
- <version>1.0</version>
- <interface>
- <name>ITokenManager</name>
- <instance>default</instance>
- </interface>
- </hal>
+ <!-- empty -->
</compatibility-matrix>