Restore "Add "Unlocked device required" parameter to keys"

Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.

This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.

This reverts commit a1ba90df6372d7194fcb2fa59d69f0d53b2141a6.

Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
(cherry picked from commit cff1364ed2d18b23b987188aededbbb422ce147e)

Bug: 67752510

Merged-In: I62d4176f04077af96779cb53c628a8579a7679d1
Change-Id: I62d4176f04077af96779cb53c628a8579a7679d1

2 files changed, 2 insertions, 1 deletions

diff --git a/include/keymaster/attestation_record.h b/include/keymaster/attestation_record.h
index 604e391..c7facd3 100644
--- a/include/keymaster/attestation_record.h
+++ b/include/keymaster/attestation_record.h
@@ -71,6 +71,7 @@ typedef struct km_auth_list {
     ASN1_INTEGER* user_auth_type;
     ASN1_INTEGER* auth_timeout;
     ASN1_NULL* allow_while_on_body;
+    ASN1_NULL* unlocked_device_required;
     ASN1_NULL* all_applications;
     ASN1_OCTET_STRING* application_id;
     ASN1_INTEGER* creation_date_time;
diff --git a/km_openssl/attestation_record.cpp b/km_openssl/attestation_record.cpp
index 3305896..f59a9f3 100644
--- a/km_openssl/attestation_record.cpp
+++ b/km_openssl/attestation_record.cpp
@@ -224,7 +224,7 @@ keymaster_error_t build_auth_list(const AuthorizationSet& auth_list, KM_AUTH_LIS
             bool_ptr = &record->allow_while_on_body;
             break;
         case KM_TAG_UNLOCKED_DEVICE_REQUIRED:
-            // TODO(67752510)
+            bool_ptr = &record->unlocked_device_required;
             break;
         case KM_TAG_CALLER_NONCE:
             bool_ptr = &record->caller_nonce;