From 4b8112473dbfcbe6fcdf76ecd370b7a77502a226 Mon Sep 17 00:00:00 2001
From: Shawn Willden <swillden@google.com>
Date: Thu, 12 Aug 2021 01:03:12 +0000
Subject: [PATCH] Revert "Allow vold to deleteAllKeys in Keystore"

Revert submission 15521094-vold-deleteAllKeys

Reason for revert: Causes infinite loop in Trusty KeyMint
Reverted Changes:
I9c5c54714:Detect factory reset and deleteAllKeys
I2fb0e94db:Allow vold to deleteAllKeys in Keystore
Id23f25c69:Add deleteAllKeys to IKeystoreMaintenance
Ife779307d:Enable deleteAllKeys from vold
I4312b9a11:Enable deleteAllKeys from vold

Bug: 187105270
Change-Id: I1ed68dd9ee9a6f14152307d610af0b16dd3219ac
---
 prebuilts/api/31.0/private/access_vectors    | 1 -
 prebuilts/api/31.0/private/property_contexts | 1 -
 prebuilts/api/31.0/private/vold.te           | 3 +--
 private/access_vectors                       | 1 -
 private/property_contexts                    | 1 -
 private/vold.te                              | 3 +--
 6 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/prebuilts/api/31.0/private/access_vectors b/prebuilts/api/31.0/private/access_vectors
index 7496c65ca..5ff7aef53 100644
--- a/prebuilts/api/31.0/private/access_vectors
+++ b/prebuilts/api/31.0/private/access_vectors
@@ -730,7 +730,6 @@ class keystore2
 	report_off_body
 	reset
 	unlock
-	delete_all_keys
 }
 
 class keystore2_key
diff --git a/prebuilts/api/31.0/private/property_contexts b/prebuilts/api/31.0/private/property_contexts
index 4cec7348d..246ffcfb6 100644
--- a/prebuilts/api/31.0/private/property_contexts
+++ b/prebuilts/api/31.0/private/property_contexts
@@ -499,7 +499,6 @@ ro.crypto.allow_encrypt_override                u:object_r:vold_config_prop:s0 e
 ro.crypto.dm_default_key.options_format.version u:object_r:vold_config_prop:s0 exact int
 ro.crypto.fde_algorithm                         u:object_r:vold_config_prop:s0 exact string
 ro.crypto.fde_sector_size                       u:object_r:vold_config_prop:s0 exact int
-ro.crypto.metadata_init_delete_all_keys.enabled u:object_r:vold_config_prop:s0 exact bool
 ro.crypto.scrypt_params                         u:object_r:vold_config_prop:s0 exact string
 ro.crypto.set_dun                               u:object_r:vold_config_prop:s0 exact bool
 ro.crypto.volume.contents_mode                  u:object_r:vold_config_prop:s0 exact string
diff --git a/prebuilts/api/31.0/private/vold.te b/prebuilts/api/31.0/private/vold.te
index de0fde48a..a802bdbec 100644
--- a/prebuilts/api/31.0/private/vold.te
+++ b/prebuilts/api/31.0/private/vold.te
@@ -53,9 +53,8 @@ allow vold keystore:binder call;
 allow vold keystore_service:service_manager find;
 allow vold keystore_maintenance_service:service_manager find;
 
-# vold needs to be able to call earlyBootEnded() and deleteAllKeys()
+# vold needs to be able to call earlyBootEnded()
 allow vold keystore:keystore2 early_boot_ended;
-allow vold keystore:keystore2 delete_all_keys;
 
 neverallow {
     domain
diff --git a/private/access_vectors b/private/access_vectors
index 7496c65ca..5ff7aef53 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -730,7 +730,6 @@ class keystore2
 	report_off_body
 	reset
 	unlock
-	delete_all_keys
 }
 
 class keystore2_key
diff --git a/private/property_contexts b/private/property_contexts
index 4cec7348d..246ffcfb6 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -499,7 +499,6 @@ ro.crypto.allow_encrypt_override                u:object_r:vold_config_prop:s0 e
 ro.crypto.dm_default_key.options_format.version u:object_r:vold_config_prop:s0 exact int
 ro.crypto.fde_algorithm                         u:object_r:vold_config_prop:s0 exact string
 ro.crypto.fde_sector_size                       u:object_r:vold_config_prop:s0 exact int
-ro.crypto.metadata_init_delete_all_keys.enabled u:object_r:vold_config_prop:s0 exact bool
 ro.crypto.scrypt_params                         u:object_r:vold_config_prop:s0 exact string
 ro.crypto.set_dun                               u:object_r:vold_config_prop:s0 exact bool
 ro.crypto.volume.contents_mode                  u:object_r:vold_config_prop:s0 exact string
diff --git a/private/vold.te b/private/vold.te
index de0fde48a..a802bdbec 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -53,9 +53,8 @@ allow vold keystore:binder call;
 allow vold keystore_service:service_manager find;
 allow vold keystore_maintenance_service:service_manager find;
 
-# vold needs to be able to call earlyBootEnded() and deleteAllKeys()
+# vold needs to be able to call earlyBootEnded()
 allow vold keystore:keystore2 early_boot_ended;
-allow vold keystore:keystore2 delete_all_keys;
 
 neverallow {
     domain