2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2016 Google, Inc. All Rights Reserved.
5 # FS QA Test generic/395
7 # Test setting and getting encryption policies.
10 seqres=$RESULT_DIR/$seq
11 echo "QA output created by $seq"
15 status=1 # failure is the default!
16 trap "_cleanup; exit \$status" 0 1 2 3 15
24 # get standard environment, filters and checks
29 # remove previous $seqres.full before test
32 # real QA test starts here
34 _require_scratch_encryption
35 _require_xfs_io_command "get_encpolicy"
38 _scratch_mkfs_encrypted &>> $seqres.full
41 # Should be able to set an encryption policy on an empty directory
42 empty_dir=$SCRATCH_MNT/empty_dir
43 echo -e "\n*** Setting encryption policy on empty directory ***"
45 _get_encpolicy $empty_dir |& _filter_scratch
46 _set_encpolicy $empty_dir 0000111122223333
47 _get_encpolicy $empty_dir | _filter_scratch
49 # Should be able to set the same policy again, but not a different one.
50 echo -e "\n*** Setting encryption policy again ***"
51 _set_encpolicy $empty_dir 0000111122223333
52 _get_encpolicy $empty_dir | _filter_scratch
53 _set_encpolicy $empty_dir 4444555566667777 |& _filter_scratch
54 _get_encpolicy $empty_dir | _filter_scratch
56 # Should *not* be able to set an encryption policy on a nonempty directory
57 nonempty_dir=$SCRATCH_MNT/nonempty_dir
58 echo -e "\n*** Setting encryption policy on nonempty directory ***"
60 touch $nonempty_dir/file
61 _set_encpolicy $nonempty_dir |& _filter_scratch
62 _get_encpolicy $nonempty_dir |& _filter_scratch
64 # Should *not* be able to set an encryption policy on a nondirectory file, even
65 # an empty one. Regression test for 002ced4be642: "fscrypto: only allow setting
66 # encryption policy on directories".
67 nondirectory=$SCRATCH_MNT/nondirectory
68 echo -e "\n*** Setting encryption policy on nondirectory ***"
70 _set_encpolicy $nondirectory |& _filter_scratch
71 _get_encpolicy $nondirectory |& _filter_scratch
73 # Should *not* be able to set an encryption policy on another user's directory.
74 # Regression test for 163ae1c6ad62: "fscrypto: add authorization check for
75 # setting encryption policy".
76 unauthorized_dir=$SCRATCH_MNT/unauthorized_dir
77 echo -e "\n*** Setting encryption policy on another user's directory ***"
78 mkdir $unauthorized_dir
79 _user_do_set_encpolicy $unauthorized_dir |& _filter_scratch
80 _get_encpolicy $unauthorized_dir |& _filter_scratch
82 # Should *not* be able to set an encryption policy on a directory on a
83 # filesystem mounted readonly. Regression test for ba63f23d69a3: "fscrypto:
84 # require write access to mount to set encryption policy". Test both a regular
85 # readonly filesystem and a readonly bind mount of a read-write filesystem.
86 echo -e "\n*** Setting encryption policy on readonly filesystem ***"
87 mkdir $SCRATCH_MNT/ro_dir $SCRATCH_MNT/ro_bind_mnt
89 _set_encpolicy $SCRATCH_MNT/ro_dir |& _filter_scratch
90 _get_encpolicy $SCRATCH_MNT/ro_dir |& _filter_scratch
92 mount --bind $SCRATCH_MNT $SCRATCH_MNT/ro_bind_mnt
93 mount -o remount,ro,bind $SCRATCH_MNT/ro_bind_mnt
94 _set_encpolicy $SCRATCH_MNT/ro_bind_mnt/ro_dir |& _filter_scratch
95 _get_encpolicy $SCRATCH_MNT/ro_bind_mnt/ro_dir |& _filter_scratch
96 umount $SCRATCH_MNT/ro_bind_mnt