Revert^2 "Allow vold to deleteAllKeys in Keystore"
Revert submission 15536724-revert-15521094-vold-deleteAllKeys-GDJSMLXRVZ
Reason for revert: Underlying KM problem fixed
Reverted Changes:
I8e2621bef:Revert "Detect factory reset and deleteAllKeys"
I546b980bb:Revert "Add deleteAllKeys to IKeystoreMaintenance"...
I1ed68dd9e:Revert "Allow vold to deleteAllKeys in Keystore"
Bug: 187105270
Test: booted Cuttlefish twice
Change-Id: I6a9981ace72b133082d1d600f8e45b55bdb34b44
diff --git a/prebuilts/api/31.0/private/access_vectors b/prebuilts/api/31.0/private/access_vectors
index 5ff7aef..7496c65 100644
--- a/prebuilts/api/31.0/private/access_vectors
+++ b/prebuilts/api/31.0/private/access_vectors
@@ -730,6 +730,7 @@
report_off_body
reset
unlock
+ delete_all_keys
}
class keystore2_key
diff --git a/prebuilts/api/31.0/private/property_contexts b/prebuilts/api/31.0/private/property_contexts
index 246ffcf..4cec734 100644
--- a/prebuilts/api/31.0/private/property_contexts
+++ b/prebuilts/api/31.0/private/property_contexts
@@ -499,6 +499,7 @@
ro.crypto.dm_default_key.options_format.version u:object_r:vold_config_prop:s0 exact int
ro.crypto.fde_algorithm u:object_r:vold_config_prop:s0 exact string
ro.crypto.fde_sector_size u:object_r:vold_config_prop:s0 exact int
+ro.crypto.metadata_init_delete_all_keys.enabled u:object_r:vold_config_prop:s0 exact bool
ro.crypto.scrypt_params u:object_r:vold_config_prop:s0 exact string
ro.crypto.set_dun u:object_r:vold_config_prop:s0 exact bool
ro.crypto.volume.contents_mode u:object_r:vold_config_prop:s0 exact string
diff --git a/prebuilts/api/31.0/private/vold.te b/prebuilts/api/31.0/private/vold.te
index a802bdb..de0fde4 100644
--- a/prebuilts/api/31.0/private/vold.te
+++ b/prebuilts/api/31.0/private/vold.te
@@ -53,8 +53,9 @@
allow vold keystore_service:service_manager find;
allow vold keystore_maintenance_service:service_manager find;
-# vold needs to be able to call earlyBootEnded()
+# vold needs to be able to call earlyBootEnded() and deleteAllKeys()
allow vold keystore:keystore2 early_boot_ended;
+allow vold keystore:keystore2 delete_all_keys;
neverallow {
domain
diff --git a/private/access_vectors b/private/access_vectors
index 5ff7aef..7496c65 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -730,6 +730,7 @@
report_off_body
reset
unlock
+ delete_all_keys
}
class keystore2_key
diff --git a/private/property_contexts b/private/property_contexts
index 246ffcf..4cec734 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -499,6 +499,7 @@
ro.crypto.dm_default_key.options_format.version u:object_r:vold_config_prop:s0 exact int
ro.crypto.fde_algorithm u:object_r:vold_config_prop:s0 exact string
ro.crypto.fde_sector_size u:object_r:vold_config_prop:s0 exact int
+ro.crypto.metadata_init_delete_all_keys.enabled u:object_r:vold_config_prop:s0 exact bool
ro.crypto.scrypt_params u:object_r:vold_config_prop:s0 exact string
ro.crypto.set_dun u:object_r:vold_config_prop:s0 exact bool
ro.crypto.volume.contents_mode u:object_r:vold_config_prop:s0 exact string
diff --git a/private/vold.te b/private/vold.te
index a802bdb..de0fde4 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -53,8 +53,9 @@
allow vold keystore_service:service_manager find;
allow vold keystore_maintenance_service:service_manager find;
-# vold needs to be able to call earlyBootEnded()
+# vold needs to be able to call earlyBootEnded() and deleteAllKeys()
allow vold keystore:keystore2 early_boot_ended;
+allow vold keystore:keystore2 delete_all_keys;
neverallow {
domain