Google Git
Sign in
android / platform / system / sepolicy / 4a7945290^! / .
commit4a7945290df5d36ed6a4779dd50ba60e103c338a[log] [tgz]
authorPaul Crowley <paulcrowley@google.com>Sun Jun 13 09:56:33 2021 -0700
committerPaul Crowley <paulcrowley@google.com>Thu Jun 17 11:12:16 2021 -0700
treebc6337acc5e2c6c44d6a2ab463bbffcc62ce21c2
parent49de475b86c7a792acd2c65c1b92c7699c660576 [diff]
Remove wait_for_keymaster and references

No longer needed now init listens for property changes on a
separate thread.

Some references to wait_for_keymaster survive: in order to avoid
trouble downstream, we keep the definition of the `wait_for_keymaster`
and `wait_for_keymaster_exec` types, but remove all their permissions,
and of course prebuilds and compat cil files are unchanged.

Bug: 186580823
Test: Cuttlefish boots successfully
Change-Id: Id97fc2668743fb58dfd10c75a4f4c4d0348284ce

diff --git a/private/file_contexts b/private/file_contexts
index 89b63d6..d34f64f 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -361,7 +361,6 @@
 /system/bin/stats                u:object_r:stats_exec:s0
 /system/bin/statsd               u:object_r:statsd_exec:s0
 /system/bin/bpfloader            u:object_r:bpfloader_exec:s0
-/system/bin/wait_for_keymaster   u:object_r:wait_for_keymaster_exec:s0
 /system/bin/watchdogd            u:object_r:watchdogd_exec:s0
 /system/bin/apexd                u:object_r:apexd_exec:s0
 /system/bin/gsid                 u:object_r:gsid_exec:s0

diff --git a/private/keystore.te b/private/keystore.te
index 3fccf59..0e57045 100644
--- a/private/keystore.te
+++ b/private/keystore.te

@@ -29,7 +29,6 @@
 
 get_prop(keystore, keystore_listen_prop)
 
-# Keystore needs to transfer binder references to vold and wait_for_keymaster so that they
+# Keystore needs to transfer binder references to vold so that it
 # can call keystore methods on those references.
 allow keystore vold:binder transfer;
-allow keystore wait_for_keymaster:binder transfer;

diff --git a/private/wait_for_keymaster.te b/private/wait_for_keymaster.te
index da98e2e..974a297 100644
--- a/private/wait_for_keymaster.te
+++ b/private/wait_for_keymaster.te

@@ -1,15 +1,5 @@
-# wait_for_keymaster service
+# wait_for_keymaster service. No longer used;
+# here only so that downstream code compiles.
 type wait_for_keymaster, domain, coredomain;
 type wait_for_keymaster_exec, system_file_type, exec_type, file_type;
 
-init_daemon_domain(wait_for_keymaster)
-
-hal_client_domain(wait_for_keymaster, hal_keymaster)
-
-allow wait_for_keymaster kmsg_device:chr_file w_file_perms;
-
-# wait_for_keymaster needs to find keystore and call methods with the returned
-# binder reference.
-binder_use(wait_for_keymaster)
-allow wait_for_keymaster keystore_service:service_manager find;
-binder_call(wait_for_keymaster, keystore)