Ignore serial number checks when emulating FBE.

When emulating FBE, we may have chmod 000'ed the directory to emulate
it being locked, which results in us failing to read the serial
number, causing a unintentional data wipe.

To avoid this, ignore the serial number check when emulating FBE,
which is a developer-only feature.

Bug: 29231715
Change-Id: Idb056ab378174004d1430b5e7c20db17de28231e

diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 627cdd0..681bf15 100644 (file)
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -2947,6 +2947,14 @@ public class UserManagerService extends IUserManager.Stub {
      *             number is mismatched.
      */
     public static void enforceSerialNumber(File file, int serialNumber) throws IOException {
+        if (StorageManager.isFileEncryptedEmulatedOnly()) {
+            // When we're emulating FBE, the directory may have been chmod
+            // 000'ed, meaning we can't read the serial number to enforce it;
+            // instead of destroying the user, just log a warning.
+            Slog.w(LOG_TAG, "Device is emulating FBE; assuming current serial number is valid");
+            return;
+        }
+
         final int foundSerial = getSerialNumber(file);
         Slog.v(LOG_TAG, "Found " + file + " with serial number " + foundSerial);