Merge "Add new SecurityLevel::KEYSTORE"
diff --git a/keystore2/src/km_compat/km_compat.cpp b/keystore2/src/km_compat/km_compat.cpp
index 2273d73..601baf1 100644
--- a/keystore2/src/km_compat/km_compat.cpp
+++ b/keystore2/src/km_compat/km_compat.cpp
@@ -89,10 +89,19 @@
 static std::vector<KeyCharacteristics>
 convertKeyCharacteristicsFromLegacy(KeyMintSecurityLevel securityLevel,
                                     const V4_0_KeyCharacteristics& legacyKc) {
-    KeyCharacteristics kc;
-    kc.securityLevel = securityLevel;
-    kc.authorizations = convertKeyParametersFromLegacy(legacyKc.hardwareEnforced);
-    return {kc};
+    if (securityLevel == KeyMintSecurityLevel::SOFTWARE) {
+        CHECK(legacyKc.hardwareEnforced.size() > 0);
+        KeyCharacteristics keystoreEnforced{
+            KeyMintSecurityLevel::KEYSTORE,
+            convertKeyParametersFromLegacy(legacyKc.softwareEnforced)};
+        return {keystoreEnforced};
+    }
+
+    KeyCharacteristics hwEnforced{securityLevel,
+                                  convertKeyParametersFromLegacy(legacyKc.hardwareEnforced)};
+    KeyCharacteristics keystoreEnforced{KeyMintSecurityLevel::KEYSTORE,
+                                        convertKeyParametersFromLegacy(legacyKc.softwareEnforced)};
+    return {hwEnforced, keystoreEnforced};
 }
 
 static V4_0_KeyFormat convertKeyFormatToLegacy(const KeyFormat& kf) {
diff --git a/keystore2/src/km_compat/km_compat_type_conversion.h b/keystore2/src/km_compat/km_compat_type_conversion.h
index df9c862..5fdca91 100644
--- a/keystore2/src/km_compat/km_compat_type_conversion.h
+++ b/keystore2/src/km_compat/km_compat_type_conversion.h
@@ -395,6 +395,8 @@
         return V4_0::SecurityLevel::TRUSTED_ENVIRONMENT;
     case KMV1::SecurityLevel::STRONGBOX:
         return V4_0::SecurityLevel::STRONGBOX;
+    case KMV1::SecurityLevel::KEYSTORE:
+        return V4_0::SecurityLevel::SOFTWARE;
     }
 }