Change the old experiment setup to use the new API

Vendors can still set the default behavior by pm.dexopt.priv-app-oob*
system properties, but still the experiment flag can override the
behavior.

This change also removes the audit log because the setting provider is
not ready.  The old code works because we use the default system property
(which may be inconsistent to settings).

Test: cmd package compile -m speed -f com.google.android.dialer
      am start com.google.android.dialer
      cat /proc/`pidof com.google.android.dialer`/maps |grep oat |grep /data
      # Compiled code IS mapped as executable
Test: device_config put fsi_boot oob_enabled true
      pkill com.google.android.dialer; am start ...
      # Compiled code is NOT mapped as executable
Test: device_config put fsi_boot oob_enabled false
      # Compiled code IS mapped as executable
Test: device_config put fsi_boot oob_enabled true
      device_config put fsi_boot oob_whitelist com.android.vending,com.example
      # Compiled code is NOT mapped as executable
Test: device_config put fsi_boot oob_enabled true
      device_config put fsi_boot oob_whitelist com.android.vending,com.google.android.dialer
      # Compiled code IS mapped as executable
Test: device_config reset untrusted_clear
      # Compiled code IS mapped as executable
Test: atest DexManagerTests
Bug: 120793002
Change-Id: I67f29ac593bd2c33dc8c75ce2135cf9ec5490650

2 files changed, 13 insertions, 17 deletions

diff --git a/core/java/android/provider/DeviceConfig.java b/core/java/android/provider/DeviceConfig.java
index 87efbf3b2397..158d231dfd02 100644
--- a/core/java/android/provider/DeviceConfig.java
+++ b/core/java/android/provider/DeviceConfig.java
@@ -121,6 +121,19 @@ public final class DeviceConfig {
         String PROPERTY_RAMPING_RINGER_DURATION = "ramping_duration";
     }
 
+    /**
+     * Namespace for Full Stack Integrity to run privileged apps only in JIT mode. The flag applies
+     * at process start, so reboot is a way to bring the device to a clean state.
+     *
+     * @hide
+     */
+    @SystemApi
+    public interface FsiBoot {
+        String NAMESPACE = "fsi_boot";
+        String OOB_ENABLED = "oob_enabled";
+        String OOB_WHITELIST = "oob_whitelist";
+    }
+
     private static final Object sLock = new Object();
     @GuardedBy("sLock")
     private static Map<OnPropertyChangedListener, Pair<String, Executor>> sListeners =
diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java
index c9bb3cf9b915..d64ec406740e 100644
--- a/core/java/android/provider/Settings.java
+++ b/core/java/android/provider/Settings.java
@@ -9452,23 +9452,6 @@ public final class Settings {
                 "hdmi_control_auto_device_off_enabled";
 
         /**
-         * If <b>true</b>, enables out-of-the-box execution for priv apps.
-         * Default: false
-         * Values: 0 = false, 1 = true
-         *
-         * @hide
-         */
-        public static final String PRIV_APP_OOB_ENABLED = "priv_app_oob_enabled";
-
-        /**
-         * Comma separated list of privileged package names, which will be running out-of-box APK.
-         * Default: "ALL"
-         *
-         * @hide
-         */
-        public static final String PRIV_APP_OOB_LIST = "priv_app_oob_list";
-
-        /**
          * The interval in milliseconds at which location requests will be throttled when they are
          * coming from the background.
          *