From 2912b101aaa34abfa9637f2f00c992e7d129b994 Mon Sep 17 00:00:00 2001
From: N Harish <kqn736@zebra.com>
Date: Mon, 25 Jan 2021 17:22:33 +0530
Subject: Fix for TestDirectBootEmulated testcase

In case of emulated FBE the secrets are empty hence add this
exception to prevent from unlocking userkey.

Bug: 177617301
Test: android.appsecurity.cts.DirectBootHostTest#testDirectBootEmulated

Change-Id: I5be2ceb61d9ef47219862e75cc8ec03ab5513426
---
 services/core/java/com/android/server/StorageManagerService.java | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java
index 5c34584d0adf..4e2519b47a47 100644
--- a/services/core/java/com/android/server/StorageManagerService.java
+++ b/services/core/java/com/android/server/StorageManagerService.java
@@ -3297,6 +3297,12 @@ class StorageManagerService extends IStorageManager.Stub
         enforcePermission(android.Manifest.permission.STORAGE_INTERNAL);
 
         if (isFsEncrypted) {
+            // When a user has secure lock screen, require secret to actually unlock.
+            // This check is mostly in place for emulation mode.
+            if (StorageManager.isFileEncryptedEmulatedOnly() &&
+                mLockPatternUtils.isSecure(userId) && ArrayUtils.isEmpty(secret)) {
+                throw new IllegalStateException("Secret required to unlock secure user " + userId);
+            }
             try {
                 mVold.unlockUserKey(userId, serialNumber, encodeBytes(token),
                         encodeBytes(secret));
-- 
cgit v1.2.3-59-g8ed1b