Stop granting permissions on keystore_key class When keystore was replaced with keystore2 in Android 12, the SELinux class of keystore keys was changed from keystore_key to keystore2_key. However, the rules that granted access to keystore_key were never removed. This CL removes them, as they are no longer needed. Don't actually remove the class and its permissions from private/security_classes and private/access_vectors. That would break the build because they're referenced by rules in prebuilts/. Bug: 171305684 Test: atest CtsKeystoreTestCases Flag: exempt, removing obsolete code Change-Id: I35d9ea22c0d069049a892def15a18696c4f287a3

commit: cc5cb431eea77f51b678af0ba76b06e339676eb0 [log] [tgz]
author: Eric Biggers <ebiggers@google.com> Mon Oct 16 21:44:26 2023 +0000
committer: Eric Biggers <ebiggers@google.com> Mon Oct 16 22:22:54 2023 +0000
tree: cfc61be0cb4499057ed3a927f94bada1f05eee4f
parent: 51cc740ca83f46af5b9a3144a183d807506791db [diff] [blame]
diff --git a/private/keystore.te b/private/keystore.te
index cd2ef76..73961ac 100644
--- a/private/keystore.te
+++ b/private/keystore.te

@@ -26,7 +26,7 @@
 # Allow keystore to write to statsd.
 unix_socket_send(keystore, statsdw, statsd)
 
-# Keystore need access to the keystore_key context files to load the keystore key backend.
+# Keystore need access to the keystore2_key_contexts file to load the keystore key backend.
 allow keystore keystore2_key_contexts_file:file r_file_perms;
 
 # Allow keystore to listen to changing boot levels
commit	cc5cb431eea77f51b678af0ba76b06e339676eb0	[log] [tgz]
author	Eric Biggers <ebiggers@google.com>	Mon Oct 16 21:44:26 2023 +0000
committer	Eric Biggers <ebiggers@google.com>	Mon Oct 16 22:22:54 2023 +0000
tree	cfc61be0cb4499057ed3a927f94bada1f05eee4f
parent	51cc740ca83f46af5b9a3144a183d807506791db [diff] [blame]