commit b488a8fe1afdbac900987a20251fed54f83ccadc
author Janis Danisevskis <jdanis@google.com> Wed Mar 10 20:55:08 2021 -0800
committer Janis Danisevskis <jdanis@google.com> Fri Mar 19 10:07:49 2021 -0700
tree 6784443eb4ad11a1f35fa2099cbb1ba337c8989d
parent bd0268c0200a5d79d9797c90e53b6f525b660bdf

Keystore 2.0: Remove keystore2.enable property.

Bug: 171563717
Test: N/A
Change-Id: I85819a71dc24777a9d54f0c83b8b29da9f48cec1

private/credstore.te

diff --git a/private/credstore.te b/private/credstore.te
index a1c3263..8d87e2f 100644
--- a/private/credstore.te
+++ b/private/credstore.te
@@ -4,6 +4,3 @@
 
 # talk to Identity Credential
 hal_client_domain(credstore, hal_identity)
-
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-get_prop(credstore, keystore2_enable_prop)

private/property.te

diff --git a/private/property.te b/private/property.te
index de0caa4..4a17f62 100644
--- a/private/property.te
+++ b/private/property.te
@@ -34,9 +34,6 @@
 system_internal_prop(verity_status_prop)
 system_internal_prop(zygote_wrap_prop)
 
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-system_internal_prop(keystore2_enable_prop)
-
 ###
 ### Neverallow rules
 ###
@@ -541,17 +538,6 @@
   lower_kptr_restrict_prop
 }:property_service set;
 
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-neverallow {
-  domain
-  -init
-  -dumpstate
-  -system_app
-  -system_server
-  -zygote
-  -credstore
-} keystore2_enable_prop:file no_rw_file_perms;
-
 neverallow {
   domain
   -init
@@ -603,15 +589,3 @@
   -init
   -shell
 } rollback_test_prop:property_service set;
-
-# Only init and vendor_init are allowed to set apexd_config_prop
-neverallow { domain -init -vendor_init } apexd_config_prop:property_service set;
-
-# apexd_config properties should only be read by apexd, and dumpstate (to appear in bugreports).
-neverallow {
-  domain
-  -apexd
-  -init
-  -dumpstate
-  -vendor_init
-} apexd_config_prop:file no_rw_file_perms;

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index a3cd9e0..7d49fa2 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1088,10 +1088,6 @@
 
 ro.zygote.disable_gl_preload u:object_r:zygote_config_prop:s0 exact bool
 
-# Enable Keystore 2.0.
-# TODO remove this property when Keystore 2.0 migration is complete b/171563717
-persist.android.security.keystore2.enable    u:object_r:keystore2_enable_prop:s0 exact bool
-
 # Broadcast boot stages, which keystore listens to
 keystore.boot_level u:object_r:keystore_listen_prop:s0 exact int
 

private/system_app.te

diff --git a/private/system_app.te b/private/system_app.te
index 36208bf..58322b8 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -172,9 +172,6 @@
 # Settings app reads ro.oem_unlock_supported
 get_prop(system_app, oem_unlock_prop)
 
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-get_prop(system_app, keystore2_enable_prop)
-
 ###
 ### Neverallow rules
 ###

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index bfb7fef..084ea22 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1290,9 +1290,6 @@
 # Read/Write /proc/pressure/memory
 allow system_server proc_pressure_mem:file rw_file_perms;
 
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-get_prop(system_server, keystore2_enable_prop)
-
 # dexoptanalyzer is currently used only for secondary dex files which
 # system_server should never access.
 neverallow system_server dexoptanalyzer_exec:file no_x_file_perms;

private/zygote.te

diff --git a/private/zygote.te b/private/zygote.te
index e78e070..c2c6e89 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -223,9 +223,6 @@
 # Allow zygote to read /apex/apex-info-list.xml
 allow zygote apex_info_file:file r_file_perms;
 
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-get_prop(zygote, keystore2_enable_prop)
-
 ###
 ### neverallow rules
 ###