Mark unused policy as such.
The usage of unique device identifiers is enforced via Android system
permission, not SELinux policy.
Mark the USE_DEV_ID SELinux policy as unused.
Bug: 235987410
Test: atest keystore2_test
Change-Id: I89e61eaf5d1f708e3ce10a90cf33d90946009201
diff --git a/keystore2/src/permission.rs b/keystore2/src/permission.rs
index 22509c4..7b3199c 100644
--- a/keystore2/src/permission.rs
+++ b/keystore2/src/permission.rs
@@ -87,7 +87,9 @@
/// Checked when the caller attempts to use a private or public key.
#[selinux(name = use)]
Use = KeyPermission::USE.0,
- /// Checked when the caller attempts to use device ids for attestation.
+ /// Does nothing, and is not checked. For use of device identifiers,
+ /// the caller must hold the READ_PRIVILEGED_PHONE_STATE Android
+ /// permission.
#[selinux(name = use_dev_id)]
UseDevId = KeyPermission::USE_DEV_ID.0,
}