diff --git a/core/java/android/hardware/biometrics/IBiometricAuthenticator.aidl b/core/java/android/hardware/biometrics/IBiometricAuthenticator.aidl
index b4ebed7044417..c1dd20d66d53b 100644
--- a/core/java/android/hardware/biometrics/IBiometricAuthenticator.aidl
+++ b/core/java/android/hardware/biometrics/IBiometricAuthenticator.aidl
@@ -57,5 +57,5 @@ interface IBiometricAuthenticator {
     void setActiveUser(int uid);
 
     // Gets the authenticator ID representing the current set of enrolled templates
-    long getAuthenticatorId();
+    long getAuthenticatorId(int callingUserId);
 }
diff --git a/core/java/android/hardware/biometrics/IBiometricService.aidl b/core/java/android/hardware/biometrics/IBiometricService.aidl
index 10295db38120f..07f88c2fbea67 100644
--- a/core/java/android/hardware/biometrics/IBiometricService.aidl
+++ b/core/java/android/hardware/biometrics/IBiometricService.aidl
@@ -65,5 +65,5 @@ interface IBiometricService {
     // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet
     // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore
     // land as SIDs, and are used during key generation.
-    long[] getAuthenticatorIds();
+    long[] getAuthenticatorIds(int callingUserId);
 }
diff --git a/core/java/android/hardware/face/IFaceService.aidl b/core/java/android/hardware/face/IFaceService.aidl
index 03937e0276e61..e2ab529d1e867 100644
--- a/core/java/android/hardware/face/IFaceService.aidl
+++ b/core/java/android/hardware/face/IFaceService.aidl
@@ -85,7 +85,7 @@ interface IFaceService {
     // long getHardwareDevice(int i);
 
     // Gets the authenticator ID for face
-    long getAuthenticatorId();
+    long getAuthenticatorId(int callingUserId);
 
     // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password)
     void resetLockout(in byte [] token);
diff --git a/core/java/android/hardware/fingerprint/IFingerprintService.aidl b/core/java/android/hardware/fingerprint/IFingerprintService.aidl
index 2507c840d0e9c..c5c375543adc9 100644
--- a/core/java/android/hardware/fingerprint/IFingerprintService.aidl
+++ b/core/java/android/hardware/fingerprint/IFingerprintService.aidl
@@ -89,7 +89,7 @@ interface IFingerprintService {
     // long getHardwareDevice(int i);
 
     // Gets the authenticator ID for fingerprint
-    long getAuthenticatorId();
+    long getAuthenticatorId(int callingUserId);
 
     // Reset the timeout when user authenticates with strong auth (e.g. PIN, pattern or password)
     void resetTimeout(in byte [] cryptoToken);
diff --git a/services/core/java/com/android/server/biometrics/AuthService.java b/services/core/java/com/android/server/biometrics/AuthService.java
index a0876c063fb32..061972c5723a5 100644
--- a/services/core/java/com/android/server/biometrics/AuthService.java
+++ b/services/core/java/com/android/server/biometrics/AuthService.java
@@ -290,9 +290,10 @@ public class AuthService extends SystemService {
             // The permission check should be restored once Android Keystore no longer invokes this
             // method from inside app processes.
 
+            final int callingUserId = UserHandle.getCallingUserId();
             final long identity = Binder.clearCallingIdentity();
             try {
-                return mBiometricService.getAuthenticatorIds();
+                return mBiometricService.getAuthenticatorIds(callingUserId);
             } finally {
                 Binder.restoreCallingIdentity(identity);
             }
diff --git a/services/core/java/com/android/server/biometrics/BiometricService.java b/services/core/java/com/android/server/biometrics/BiometricService.java
index 4ddfe1b6e2d20..540c6ff09c9df 100644
--- a/services/core/java/com/android/server/biometrics/BiometricService.java
+++ b/services/core/java/com/android/server/biometrics/BiometricService.java
@@ -879,13 +879,13 @@ public class BiometricService extends SystemService {
         }
 
         @Override // Binder call
-        public long[] getAuthenticatorIds() {
+        public long[] getAuthenticatorIds(int callingUserId) {
             checkInternalPermission();
 
             final List<Long> ids = new ArrayList<>();
             for (AuthenticatorWrapper authenticator : mAuthenticators) {
                 try {
-                    final long id = authenticator.impl.getAuthenticatorId();
+                    final long id = authenticator.impl.getAuthenticatorId(callingUserId);
                     if (Utils.isAtLeastStrength(authenticator.getActualStrength(),
                             Authenticators.BIOMETRIC_STRONG) && id != 0) {
                         ids.add(id);
diff --git a/services/core/java/com/android/server/biometrics/BiometricServiceBase.java b/services/core/java/com/android/server/biometrics/BiometricServiceBase.java
index 5a6ab4e594245..75452ea5fb619 100644
--- a/services/core/java/com/android/server/biometrics/BiometricServiceBase.java
+++ b/services/core/java/com/android/server/biometrics/BiometricServiceBase.java
@@ -1250,9 +1250,8 @@ public abstract class BiometricServiceBase extends SystemService
     /***
      * @return authenticator id for the calling user
      */
-    protected long getAuthenticatorId() {
-        final int userId = getUserOrWorkProfileId(null /* clientPackage */,
-                UserHandle.getCallingUserId());
+    protected long getAuthenticatorId(int callingUserId) {
+        final int userId = getUserOrWorkProfileId(null /* clientPackage */, callingUserId);
         return mAuthenticatorIds.getOrDefault(userId, 0L);
     }
 
diff --git a/services/core/java/com/android/server/biometrics/face/FaceAuthenticator.java b/services/core/java/com/android/server/biometrics/face/FaceAuthenticator.java
index 9d8fcc3421cbb..405c54e3be637 100644
--- a/services/core/java/com/android/server/biometrics/face/FaceAuthenticator.java
+++ b/services/core/java/com/android/server/biometrics/face/FaceAuthenticator.java
@@ -74,7 +74,7 @@ public final class FaceAuthenticator extends IBiometricAuthenticator.Stub {
     }
 
     @Override
-    public long getAuthenticatorId() throws RemoteException {
-        return mFaceService.getAuthenticatorId();
+    public long getAuthenticatorId(int callingUserId) throws RemoteException {
+        return mFaceService.getAuthenticatorId(callingUserId);
     }
 }
diff --git a/services/core/java/com/android/server/biometrics/face/FaceService.java b/services/core/java/com/android/server/biometrics/face/FaceService.java
index ad73b6491697c..72e1bbbcba60e 100644
--- a/services/core/java/com/android/server/biometrics/face/FaceService.java
+++ b/services/core/java/com/android/server/biometrics/face/FaceService.java
@@ -608,9 +608,9 @@ public class FaceService extends BiometricServiceBase {
         }
 
         @Override // Binder call
-        public long getAuthenticatorId() {
+        public long getAuthenticatorId(int callingUserId) {
             checkPermission(USE_BIOMETRIC_INTERNAL);
-            return FaceService.this.getAuthenticatorId();
+            return FaceService.this.getAuthenticatorId(callingUserId);
         }
 
         @Override // Binder call
diff --git a/services/core/java/com/android/server/biometrics/fingerprint/FingerprintAuthenticator.java b/services/core/java/com/android/server/biometrics/fingerprint/FingerprintAuthenticator.java
index 4604752408ba2..61ddadadd7841 100644
--- a/services/core/java/com/android/server/biometrics/fingerprint/FingerprintAuthenticator.java
+++ b/services/core/java/com/android/server/biometrics/fingerprint/FingerprintAuthenticator.java
@@ -74,7 +74,7 @@ public final class FingerprintAuthenticator extends IBiometricAuthenticator.Stub
     }
 
     @Override
-    public long getAuthenticatorId() throws RemoteException {
-        return mFingerprintService.getAuthenticatorId();
+    public long getAuthenticatorId(int callingUserId) throws RemoteException {
+        return mFingerprintService.getAuthenticatorId(callingUserId);
     }
 }
diff --git a/services/core/java/com/android/server/biometrics/fingerprint/FingerprintService.java b/services/core/java/com/android/server/biometrics/fingerprint/FingerprintService.java
index d90f3afd8dca4..6b7ba6a56d821 100644
--- a/services/core/java/com/android/server/biometrics/fingerprint/FingerprintService.java
+++ b/services/core/java/com/android/server/biometrics/fingerprint/FingerprintService.java
@@ -412,9 +412,9 @@ public class FingerprintService extends BiometricServiceBase {
         }
 
         @Override // Binder call
-        public long getAuthenticatorId() {
+        public long getAuthenticatorId(int callingUserId) {
             checkPermission(USE_BIOMETRIC_INTERNAL);
-            return FingerprintService.this.getAuthenticatorId();
+            return FingerprintService.this.getAuthenticatorId(callingUserId);
         }
 
         @Override // Binder call
diff --git a/services/core/java/com/android/server/biometrics/iris/IrisAuthenticator.java b/services/core/java/com/android/server/biometrics/iris/IrisAuthenticator.java
index 6789a12d065ff..03818ed949261 100644
--- a/services/core/java/com/android/server/biometrics/iris/IrisAuthenticator.java
+++ b/services/core/java/com/android/server/biometrics/iris/IrisAuthenticator.java
@@ -67,7 +67,7 @@ public final class IrisAuthenticator extends IBiometricAuthenticator.Stub {
     }
 
     @Override
-    public long getAuthenticatorId() throws RemoteException {
+    public long getAuthenticatorId(int callingUserId) throws RemoteException {
         return 0;
     }
 }