From db67f303f48ac628bc7a634bbad0f7c85f485534 Mon Sep 17 00:00:00 2001 From: Spandan Das Date: Thu, 31 Oct 2024 22:18:30 +0000 Subject: [PATCH] Do not install android.hardware.hardware_keystore.xml outside apex `android.hardware.security.keymint-service.nonsecure` is part of `com.android.hardware.keymint.rust_nonsecure` apex. However, listing android.hardware.hardware_keystore.xml in `required` of the binary installs two copies of this permission file on device - one inside the apex, and another it the /vendor/etc/permission (outside the apex). With this CL, the latter will no longer be installed. This CL is motivated by having the vendor.img building with soong as part of mk->bp migration. Test: m com.android.hardware.keymint.rust_nonsecure Test: deapexer list out/target/product/vsoc_x86_64/vendor/apex/com.android.hardware.keymint.rust_nonsecure.apex # verified that etc/permissions/android.hardware.hardware_keystore.xml is present Bug: 374371755 Bug: 376110962 Change-Id: I15ba92c81296f869277940767ff3a76c28214c18 --- security/keymint/aidl/default/Android.bp | 3 --- 1 file changed, 3 deletions(-) diff --git a/security/keymint/aidl/default/Android.bp b/security/keymint/aidl/default/Android.bp index 22a46ed534..a7066decc6 100644 --- a/security/keymint/aidl/default/Android.bp +++ b/security/keymint/aidl/default/Android.bp @@ -97,9 +97,6 @@ rust_binary { "libkmr_hal_nonsecure", "libkmr_ta_nonsecure", ], - required: [ - "android.hardware.hardware_keystore.xml", - ], vintf_fragment_modules: [ "android.hardware.security.keymint-service.xml", "android.hardware.security.sharedsecret-service.xml",