Merge "Permit dropping caches from the shell through sys.drop_caches."
diff --git a/private/credstore.te b/private/credstore.te
index a1c3263..8d87e2f 100644
--- a/private/credstore.te
+++ b/private/credstore.te
@@ -4,6 +4,3 @@
# talk to Identity Credential
hal_client_domain(credstore, hal_identity)
-
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-get_prop(credstore, keystore2_enable_prop)
diff --git a/private/property.te b/private/property.te
index e357b11..2f5fcde 100644
--- a/private/property.te
+++ b/private/property.te
@@ -35,9 +35,6 @@
system_internal_prop(verity_status_prop)
system_internal_prop(zygote_wrap_prop)
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-system_internal_prop(keystore2_enable_prop)
-
###
### Neverallow rules
###
@@ -542,17 +539,6 @@
lower_kptr_restrict_prop
}:property_service set;
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-neverallow {
- domain
- -init
- -dumpstate
- -system_app
- -system_server
- -zygote
- -credstore
-} keystore2_enable_prop:file no_rw_file_perms;
-
neverallow {
domain
-init
@@ -604,15 +590,3 @@
-init
-shell
} rollback_test_prop:property_service set;
-
-# Only init and vendor_init are allowed to set apexd_config_prop
-neverallow { domain -init -vendor_init } apexd_config_prop:property_service set;
-
-# apexd_config properties should only be read by apexd, and dumpstate (to appear in bugreports).
-neverallow {
- domain
- -apexd
- -init
- -dumpstate
- -vendor_init
-} apexd_config_prop:file no_rw_file_perms;
diff --git a/private/property_contexts b/private/property_contexts
index e637665..7f3cb2f 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1092,10 +1092,6 @@
ro.zygote.disable_gl_preload u:object_r:zygote_config_prop:s0 exact bool
-# Enable Keystore 2.0.
-# TODO remove this property when Keystore 2.0 migration is complete b/171563717
-persist.android.security.keystore2.enable u:object_r:keystore2_enable_prop:s0 exact bool
-
# Broadcast boot stages, which keystore listens to
keystore.boot_level u:object_r:keystore_listen_prop:s0 exact int
diff --git a/private/system_app.te b/private/system_app.te
index 36208bf..58322b8 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -172,9 +172,6 @@
# Settings app reads ro.oem_unlock_supported
get_prop(system_app, oem_unlock_prop)
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-get_prop(system_app, keystore2_enable_prop)
-
###
### Neverallow rules
###
diff --git a/private/system_server.te b/private/system_server.te
index bfb7fef..084ea22 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1290,9 +1290,6 @@
# Read/Write /proc/pressure/memory
allow system_server proc_pressure_mem:file rw_file_perms;
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-get_prop(system_server, keystore2_enable_prop)
-
# dexoptanalyzer is currently used only for secondary dex files which
# system_server should never access.
neverallow system_server dexoptanalyzer_exec:file no_x_file_perms;
diff --git a/private/zygote.te b/private/zygote.te
index e78e070..c2c6e89 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -223,9 +223,6 @@
# Allow zygote to read /apex/apex-info-list.xml
allow zygote apex_info_file:file r_file_perms;
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-get_prop(zygote, keystore2_enable_prop)
-
###
### neverallow rules
###
diff --git a/public/service.te b/public/service.te
index 4f004c8..229131c 100644
--- a/public/service.te
+++ b/public/service.te
@@ -99,7 +99,7 @@
type devicestoragemonitor_service, system_server_service, service_manager_type;
type diskstats_service, system_api_service, system_server_service, service_manager_type;
type display_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type domain_verification_service, system_api_service, system_server_service, service_manager_type;
+type domain_verification_service, app_api_service, system_server_service, service_manager_type;
type color_display_service, system_api_service, system_server_service, service_manager_type;
type external_vibrator_service, system_server_service, service_manager_type;
type file_integrity_service, app_api_service, system_server_service, service_manager_type;