Keystore 2.0: Remove keystore2.enable property. am: b488a8fe1a am: 9e8375e948

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1627183

Change-Id: I04fe96802425a663090276f348cdc8a0e8bc7b32

private/credstore.te

@@ -4,6 +4,3 @@ init_daemon_domain(credstore)
 
 # talk to Identity Credential
 hal_client_domain(credstore, hal_identity)
-
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-get_prop(credstore, keystore2_enable_prop)

private/property.te

@@ -34,9 +34,6 @@ system_internal_prop(userspace_reboot_test_prop)
 system_internal_prop(verity_status_prop)
 system_internal_prop(zygote_wrap_prop)
 
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-system_internal_prop(keystore2_enable_prop)
-
 ###
 ### Neverallow rules
 ###
@@ -541,17 +538,6 @@ neverallow {
   lower_kptr_restrict_prop
 }:property_service set;
 
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-neverallow {
-  domain
-  -init
-  -dumpstate
-  -system_app
-  -system_server
-  -zygote
-  -credstore
-} keystore2_enable_prop:file no_rw_file_perms;
-
 neverallow {
   domain
   -init
@@ -603,15 +589,3 @@ neverallow {
   -init
   -shell
 } rollback_test_prop:property_service set;
-
-# Only init and vendor_init are allowed to set apexd_config_prop
-neverallow { domain -init -vendor_init } apexd_config_prop:property_service set;
-
-# apexd_config properties should only be read by apexd, and dumpstate (to appear in bugreports).
-neverallow {
-  domain
-  -apexd
-  -init
-  -dumpstate
-  -vendor_init
-} apexd_config_prop:file no_rw_file_perms;

private/property_contexts

@@ -1088,10 +1088,6 @@ zygote.critical_window.minute u:object_r:zygote_config_prop:s0 exact int
 
 ro.zygote.disable_gl_preload u:object_r:zygote_config_prop:s0 exact bool
 
-# Enable Keystore 2.0.
-# TODO remove this property when Keystore 2.0 migration is complete b/171563717
-persist.android.security.keystore2.enable    u:object_r:keystore2_enable_prop:s0 exact bool
-
 # Broadcast boot stages, which keystore listens to
 keystore.boot_level u:object_r:keystore_listen_prop:s0 exact int
 

private/system_app.te

@@ -172,9 +172,6 @@ allow system_app system_server:udp_socket {
 # Settings app reads ro.oem_unlock_supported
 get_prop(system_app, oem_unlock_prop)
 
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-get_prop(system_app, keystore2_enable_prop)
-
 ###
 ### Neverallow rules
 ###

private/system_server.te

@@ -1290,9 +1290,6 @@ neverallow {
 # Read/Write /proc/pressure/memory
 allow system_server proc_pressure_mem:file rw_file_perms;
 
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-get_prop(system_server, keystore2_enable_prop)
-
 # dexoptanalyzer is currently used only for secondary dex files which
 # system_server should never access.
 neverallow system_server dexoptanalyzer_exec:file no_x_file_perms;

private/zygote.te

@@ -223,9 +223,6 @@ get_prop(zygote, qemu_sf_lcd_density_prop)
 # Allow zygote to read /apex/apex-info-list.xml
 allow zygote apex_info_file:file r_file_perms;
 
-# TODO Remove this property when Keystore 2.0 migration is complete b/171563717
-get_prop(zygote, keystore2_enable_prop)
-
 ###
 ### neverallow rules
 ###