Revert "Securely encrypt the master key"

This reverts commit 5287d9a8.

Change-Id: I9ec0db0718da7088dc2b66f5b1749b8fb069575a

domain.te

@@ -93,7 +93,6 @@ allow domain urandom_device:chr_file rw_file_perms;
 allow domain random_device:chr_file rw_file_perms;
 allow domain properties_device:file r_file_perms;
 allow domain init:key search;
-allow domain vold:key search;
 
 # logd access
 write_logd(domain)

init.te

@@ -257,7 +257,11 @@ allow init pstorefs:file r_file_perms;
 # linux keyring configuration
 allow init init:key { write search setattr };
 
-# Allow init to create /data/unencrypted
+# Allow init to link temp fs to unencrypted data on userdata
+allow init tmpfs:lnk_file { create read getattr relabelfrom };
+
+# Allow init to manipulate /data/unencrypted
+allow init unencrypted_data_file:{ file lnk_file } create_file_perms;
 allow init unencrypted_data_file:dir create_dir_perms;
 
 unix_socket_connect(init, vold, vold)

vold.te

@@ -143,18 +143,14 @@ allow vold userdata_block_device:blk_file rw_file_perms;
 # Access metadata block device used for encryption meta-data.
 allow vold metadata_block_device:blk_file rw_file_perms;
 
-# Allow vold to manipulate /data/unencrypted
-allow vold unencrypted_data_file:{ file } create_file_perms;
+# Allow init to manipulate /data/unencrypted
+allow vold unencrypted_data_file:{ file lnk_file } create_file_perms;
 allow vold unencrypted_data_file:dir create_dir_perms;
 
 # Give vold a place where only vold can store files; everyone else is off limits
 allow vold vold_data_file:dir rw_dir_perms;
 allow vold vold_data_file:file create_file_perms;
 
-# linux keyring configuration
-allow vold init:key { write search setattr };
-allow vold vold:key { write search setattr };
-
 neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto };
 neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
 neverallow { domain -vold -init } vold_data_file:dir *;