Update documentation regarding auth-bound keys.

When a key requires user authentication and one of the authentication
methods permitted is the device's screen lock credentials, the
root SID is added as an authenticator, and change of biometrics
enrollment will not invalidate the key.

Bug: 275900161
Test: m docs
Change-Id: I180f28883a5ac62e8bfa0b0596396085ff676637

1 files changed, 3 insertions, 1 deletions

diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
index ffd041f60e26..7afb890e6254 100644
--- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java
+++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
@@ -1335,7 +1335,9 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
          * the key, it is also irreversibly invalidated once a new biometric is enrolled or once\
          * no more biometrics are enrolled, unless {@link
          * #setInvalidatedByBiometricEnrollment(boolean)} is used to allow validity after
-         * enrollment. Attempts to initialize cryptographic operations using such keys will throw
+         * enrollment, or {@code KeyProperties.AUTH_DEVICE_CREDENTIAL} is specified as part of
+         * the parameters to {@link #setUserAuthenticationParameters}.
+         * Attempts to initialize cryptographic operations using such keys will throw
          * {@link KeyPermanentlyInvalidatedException}.</li>
          * </ul>
          *