Allow system_server to call IKeystoreMaintenance.deleteAllKeys()
This allows RecoverySystem to destroy all synthetic blob protector keys
and make FBE-encrypted data unrecoverable even if data wipe in recovery
is interrupted or skipped.
Bug: 324321147
Test: Manual - System -> Reset options -> Erase all data.
Test: Hold VolDown key to interrupt reboot and stop at bootloader
screen.
Test: fastboot oem bcd wipe command && fastboot oem bcd wipe recovery
Test: fastboot reboot
Test: Device reboots into recovery and prompts to factory reset:
Test: 'Cannot load Android system. Your data may be corrupt. ...
Change-Id: I5be2f9e8314d36448994f4f14ff585ded7095c8c
diff --git a/private/system_server.te b/private/system_server.te
index a244ff4..22a6238 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1014,6 +1014,7 @@
change_user
clear_ns
clear_uid
+ delete_all_keys
get_last_auth_time
lock
pull_metrics