From: Yehuda Sadeh <yehuda@redhat.com>
Date: Mon, 15 May 2023 17:54:42 +0000 (-0400)
Subject: add FS_IOC_GET_ENCRYPTION_POLICY_EX_RESTRICTED ioctl
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=1a42ff502e6176d96b9e0900ecfa1aee177fed2b;p=fscrypt.git

add FS_IOC_GET_ENCRYPTION_POLICY_EX_RESTRICTED ioctl

to deal with restricted fuse backend

Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
---

diff --git a/keyring/fscrypt_uapi.h b/keyring/fscrypt_uapi.h
index c84138a..5a7736d 100644
--- a/keyring/fscrypt_uapi.h
+++ b/keyring/fscrypt_uapi.h
@@ -170,6 +170,7 @@ struct fscrypt_get_key_status_arg {
 #define FS_IOC_GET_ENCRYPTION_PWSALT		_IOW('f', 20, __u8[16])
 #define FS_IOC_GET_ENCRYPTION_POLICY		_IOW('f', 21, struct fscrypt_policy_v1)
 #define FS_IOC_GET_ENCRYPTION_POLICY_EX		_IOWR('f', 22, __u8[9]) /* size + version */
+#define FS_IOC_GET_ENCRYPTION_POLICY_EX_RESTRICTED	_IOWR('f', 22, struct fscrypt_get_policy_ex_arg) /* size + version */
 #define FS_IOC_ADD_ENCRYPTION_KEY		_IOWR('f', 23, struct fscrypt_add_key_arg)
 #define FS_IOC_ADD_ENCRYPTION_KEY64		_IOWR('f', 23, struct fscrypt_add_key64_arg)
 #define FS_IOC_REMOVE_ENCRYPTION_KEY		_IOWR('f', 24, struct fscrypt_remove_key_arg)
diff --git a/metadata/policy.go b/metadata/policy.go
index fe6c38f..4129ab5 100644
--- a/metadata/policy.go
+++ b/metadata/policy.go
@@ -20,6 +20,14 @@
 
 package metadata
 
+/*
+#include "../keyring/fscrypt_uapi.h"
+
+long long fs_ioc_get_encryption_policy_ex_restricted = FS_IOC_GET_ENCRYPTION_POLICY_EX_RESTRICTED;
+
+*/
+import "C"
+
 import (
 	"encoding/hex"
 	"fmt"
@@ -186,6 +194,9 @@ func GetPolicy(path string) (*PolicyData, error) {
 	arg.Size = uint64(unsafe.Sizeof(arg.Policy))
 	policyPtr := util.Ptr(arg.Policy[:])
 	err = getPolicyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY_EX, unsafe.Pointer(&arg))
+        if err == unix.ERANGE {
+	  err = getPolicyIoctl(file, uintptr(C.fs_ioc_get_encryption_policy_ex_restricted), unsafe.Pointer(&arg))
+	}
 	if err == unix.ENOTTY {
 		// Fall back to the old version of the ioctl. This works for v1 policies only.
 		err = getPolicyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY, policyPtr)