From 299345bb8e64e432bfa481ac09f7e21a426b9005 Mon Sep 17 00:00:00 2001
From: Joshua Duong <joshuaduong@google.com>
Date: Tue, 27 Apr 2021 15:01:16 -0700
Subject: Use keymasterSwEnforcedUserAuthenticators if
 keymasterHwEnforcedUserAuthenticators is zero.

Bug: 186562600

Test: atest android.appsecurity.cts.AuthBoundKeyTest#useInvalidatedAuthBoundKey
Change-Id: I52a9c04b3e000416fb141d90d8d1f034348499de
---
 .../security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java        | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java
index fe05989c3846..97592b44ba2e 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java
@@ -252,7 +252,9 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
                 blockModes,
                 userAuthenticationRequired,
                 (int) userAuthenticationValidityDurationSeconds,
-                keymasterHwEnforcedUserAuthenticators,
+                userAuthenticationRequirementEnforcedBySecureHardware
+                        ? keymasterHwEnforcedUserAuthenticators
+                        : keymasterSwEnforcedUserAuthenticators,
                 userAuthenticationRequirementEnforcedBySecureHardware,
                 userAuthenticationValidWhileOnBody,
                 trustedUserPresenceRequired,
-- 
cgit v1.2.3-59-g8ed1b