Stop reading fs-verity certificate from keystore

We punting support for extra certificate to S.

Test: boot
Bug: 112038744
Change-Id: I3bc342a7df0c47c02494ef6fdae24e7ad00a8507
diff --git a/fsverity_init/Android.bp b/fsverity_init/Android.bp
index 407849d..3c9ade0 100644
--- a/fsverity_init/Android.bp
+++ b/fsverity_init/Android.bp
@@ -9,7 +9,6 @@
     ],
     shared_libs: [
         "libbase",
-        "libkeystore_binder",
         "libkeyutils",
         "liblog",
         "liblogwrap",
diff --git a/fsverity_init/fsverity_init.cpp b/fsverity_init/fsverity_init.cpp
index 7052375..e2a8bf7 100644
--- a/fsverity_init/fsverity_init.cpp
+++ b/fsverity_init/fsverity_init.cpp
@@ -19,20 +19,14 @@
 #include <sys/types.h>
 
 #include <filesystem>
-#include <memory>
 #include <string>
-#include <vector>
 
 #include <android-base/file.h>
 #include <android-base/logging.h>
 #include <android-base/properties.h>
 #include <android-base/strings.h>
-#include <keystore/keystore_client.h>
-#include <keystore/keystore_client_impl.h>
-#include <keystore/keystore_get.h>
 #include <log/log.h>
 #include <mini_keyctl_utils.h>
-#include <private/android_filesystem_config.h>
 
 bool LoadKeyToKeyring(key_serial_t keyring_id, const char* desc, const char* data, size_t size) {
     key_serial_t key = add_key("asymmetric", desc, data, size, keyring_id);
@@ -61,31 +55,6 @@
     }
 }
 
-std::unique_ptr<keystore::KeystoreClient> CreateKeystoreInstance() {
-    return std::unique_ptr<keystore::KeystoreClient>(
-        static_cast<keystore::KeystoreClient*>(new keystore::KeystoreClientImpl));
-}
-
-void LoadKeysFromKeystore(key_serial_t keyring_id) {
-    auto client = CreateKeystoreInstance();
-
-    std::vector<std::string> aliases;
-    if (client == nullptr || !client->listKeysOfUid("FSV_", AID_FSVERITY_CERT, &aliases)) {
-        LOG(ERROR) << "Failed to list key";
-        return;
-    }
-
-    // Always try to load all keys even if some fails to load. The rest may still
-    // be important to have.
-    for (auto& alias : aliases) {
-        auto blob = client->getKey(alias, AID_FSVERITY_CERT);
-        if (!LoadKeyToKeyring(keyring_id, "fsv_user", reinterpret_cast<char*>(blob->data()),
-                              blob->size())) {
-            LOG(ERROR) << "Failed to load key " << alias << " from keyring";
-        }
-    }
-}
-
 int main(int /*argc*/, const char** /*argv*/) {
     key_serial_t keyring_id = android::GetKeyringId(".fs-verity");
     if (keyring_id < 0) {
@@ -100,7 +69,6 @@
     }
 
     LoadKeyFromVerifiedPartitions(keyring_id);
-    LoadKeysFromKeystore(keyring_id);
 
     if (!android::base::GetBoolProperty("ro.debuggable", false)) {
         if (keyctl_restrict_keyring(keyring_id, nullptr, nullptr) < 0) {
diff --git a/keystore/permissions.cpp b/keystore/permissions.cpp
index 8b9e28d..2cd42cf 100644
--- a/keystore/permissions.cpp
+++ b/keystore/permissions.cpp
@@ -57,8 +57,6 @@
 user_euid user_euids[] = {{AID_VPN, AID_SYSTEM},
                           {AID_WIFI, AID_SYSTEM},
                           {AID_ROOT, AID_SYSTEM},
-                          {AID_FSVERITY_CERT, AID_ROOT},
-                          {AID_FSVERITY_CERT, AID_SYSTEM},
 
 #ifdef GRANT_ROOT_ALL_PERMISSIONS
                           // Allow VTS tests to act on behalf of the wifi user