Stop granting permission to report_off_body to keystore2

The report_off_body permission of the "keystore2" class only guarded the Binder API IKeystoreMaintenance#onDeviceOffBody() served by keystore2. That API is being removed because it is unused (https://r.android.com/2974277). Therefore, stop granting the report_off_body permission. Don't actually remove the permission from private/access_vectors. That would break the build because it's referenced by rules in prebuilts/. However, document the access vectors that are known to be unused. Bug: 289849354 Test: atest CtsKeystoreTestCases Change-Id: I344a1a8ad1dc12217b414899994397d5e62bd771
2024-03-14 21:53:21 +00:00 · 2024-03-14 21:53:21 +00:00 · 92ca7b7af1
commit 92ca7b7af1
parent b229d824ad
2 changed files with 3 additions and 6 deletions
--- a/private/access_vectors
+++ b/private/access_vectors
@ -692,7 +692,7 @@ class hwservice_manager
 	list
 }

-class keystore_key
+class keystore_key # No longer used
 {
 	get_state
 	get
@ -727,11 +727,11 @@ class keystore2
 	get_attestation_key
 	get_auth_token
 	get_last_auth_time
-	get_state
+	get_state # No longer used
 	list
 	lock
 	pull_metrics
-	report_off_body
+	report_off_body # No longer used
 	reset
 	unlock
 }
--- a/private/priv_app.te
+++ b/private/priv_app.te
@ -294,8 +294,5 @@ neverallow priv_app *:{
  alg_socket nfc_socket kcm_socket qipcrtr_socket smc_socket xdp_socket
 } *;

-# Allow priv apps to report off body events to keystore2.
-allow priv_app keystore:keystore2 report_off_body;
-
 # Allow priv_apps to check if archiving is enabled
 get_prop(priv_app, pm_archiving_enabled_prop)