From: Yehuda Sadeh <ysadehwe@ibm.com>
Date: Wed, 5 Jul 2023 08:02:18 +0000 (-0400)
Subject: add FS_IOC_SET_ENCRYPTION_POLICY_RESTRICTED ioctl
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=c31d5c523289c162cd582372bb532c360bcd898f;p=fscrypt.git

add FS_IOC_SET_ENCRYPTION_POLICY_RESTRICTED ioctl

Signed-off-by: Yehuda Sadeh <ysadehwe@ibm.com>
---

diff --git a/keyring/fscrypt_uapi.h b/keyring/fscrypt_uapi.h
index 5a7736d..ede9170 100644
--- a/keyring/fscrypt_uapi.h
+++ b/keyring/fscrypt_uapi.h
@@ -75,6 +75,13 @@ struct fscrypt_policy_v2 {
 	__u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];
 };
 
+struct fscrypt_policy_arg {
+  union {
+    struct fscrypt_policy_v1 v1;
+    struct fscrypt_policy_v2 v2;
+  } policy;
+}; /* output */
+
 /* Struct passed to FS_IOC_GET_ENCRYPTION_POLICY_EX */
 struct fscrypt_get_policy_ex_arg {
 	__u64 policy_size; /* input/output */
@@ -167,6 +174,7 @@ struct fscrypt_get_key_status_arg {
 };
 
 #define FS_IOC_SET_ENCRYPTION_POLICY		_IOR('f', 19, struct fscrypt_policy_v1)
+#define FS_IOC_SET_ENCRYPTION_POLICY_RESTRICTED	_IOWR('f', 19, struct fscrypt_policy_arg)
 #define FS_IOC_GET_ENCRYPTION_PWSALT		_IOW('f', 20, __u8[16])
 #define FS_IOC_GET_ENCRYPTION_POLICY		_IOW('f', 21, struct fscrypt_policy_v1)
 #define FS_IOC_GET_ENCRYPTION_POLICY_EX		_IOWR('f', 22, __u8[9]) /* size + version */
diff --git a/metadata/policy.go b/metadata/policy.go
index 4129ab5..33704d1 100644
--- a/metadata/policy.go
+++ b/metadata/policy.go
@@ -24,6 +24,7 @@ package metadata
 #include "../keyring/fscrypt_uapi.h"
 
 long long fs_ioc_get_encryption_policy_ex_restricted = FS_IOC_GET_ENCRYPTION_POLICY_EX_RESTRICTED;
+long long fs_ioc_set_encryption_policy_restricted = FS_IOC_SET_ENCRYPTION_POLICY_RESTRICTED;
 
 */
 import "C"
@@ -121,7 +122,12 @@ func getPolicyIoctl(file *os.File, request uintptr, arg unsafe.Pointer) error {
 }
 
 func setPolicy(file *os.File, arg unsafe.Pointer) error {
+	log.Printf("FS_IOC_SET_ENCRYPTION_KEY");
 	_, _, errno := unix.Syscall(unix.SYS_IOCTL, file.Fd(), unix.FS_IOC_SET_ENCRYPTION_POLICY, uintptr(arg))
+	if errno == unix.EINVAL {
+                log.Printf("FS_IOC_SET_ENCRYPTION_KEY_RESTRICTED");
+                _, _, errno = unix.Syscall(unix.SYS_IOCTL, file.Fd(), uintptr(C.fs_ioc_set_encryption_policy_restricted), uintptr(arg))
+        }
 	if errno != 0 {
 		return errno
 	}