Merge "Improve documentation for unlockUserKeyIfUnsecured()" into main am: c410ea7a

    }

    /**

     * Unlocks the credential-encrypted storage for the given user if the user is not secured, i.e.

     * doesn't have an LSKF.

     * If the user is not secured, ie doesn't have an LSKF, then decrypt the user's synthetic

     * password and use it to unlock various cryptographic keys associated with the user.  This

     * primarily includes unlocking the user's credential-encrypted (CE) storage.  It also includes

     * deriving or decrypting the vendor auth secret and sending it to the AuthSecret HAL.

     * <p>

     * These tasks would normally be done when the LSKF is verified.  This method is where these

     * tasks are done when the user doesn't have an LSKF.  It's called when the user is started.

     * <p>

     * Except on permission denied, this method doesn't throw an exception on failure.  However, the

     * last thing that it does is unlock CE storage, and whether CE storage has been successfully

     * unlocked can be determined by {@link StorageManager#isCeStorageUnlocked()}.

     * <p>

     * Whether the storage has been unlocked can be determined by

     * {@link StorageManager#isUserKeyUnlocked()}.

     *

     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.

     *

     * @param userId the ID of the user whose storage to unlock

     * @param userId the ID of the user whose keys to unlock

     */

    public void unlockUserKeyIfUnsecured(@UserIdInt int userId) {

        try {