From d98dcfb331c8e81a4aff2d61252f8bb1965e4920 Mon Sep 17 00:00:00 2001
From: "Brian C. Young" <bcyoung@google.com>
Date: Tue, 27 Mar 2018 17:31:29 -0700
Subject: [PATCH] Filter USER_ID tag from the hardware keystore

An as-yet-undiscovered mismatch between authorization sets that do or
don't have the USER_ID tag applied are causing failures for PIN setting
on the secondary account. This changes makes sure those tags are not
sent to the underlying keystore to fix the PIN failure, while we
diagnose the underlying cause.

Bug: 76460912

Test: Switch to guest account, set PIN, lock and unlock.
Change-Id: I880899af5095a95ae41b7a64c5a76329f0f78f4a
---
 keymaster/4.0/support/Keymaster3.cpp | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/keymaster/4.0/support/Keymaster3.cpp b/keymaster/4.0/support/Keymaster3.cpp
index b2cdbd9263..84b3ee1f60 100644
--- a/keymaster/4.0/support/Keymaster3.cpp
+++ b/keymaster/4.0/support/Keymaster3.cpp
@@ -61,9 +61,12 @@ KeyParameter convert(const V3_0::KeyParameter& param) {
 }
 
 hidl_vec<V3_0::KeyParameter> convert(const hidl_vec<KeyParameter>& params) {
-    hidl_vec<V3_0::KeyParameter> converted(params.size());
-    for (size_t i = 0; i < params.size(); ++i) {
-        converted[i] = convert(params[i]);
+    std::vector<V3_0::KeyParameter> converted;
+    converted.reserve(params.size());
+    for (const auto& param : params) {
+        // Qualcomm's Keymaster3 implementation behaves oddly if Tag::USER_ID is provided. Filter it
+        // out.  Revert this change when b/73286437 is fixed.
+        if (param.tag != Tag::USER_ID) converted.push_back(convert(param));
     }
     return converted;
 }