2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2016 Google, Inc. All Rights Reserved.
5 # FS QA Test generic/398
7 # Filesystem encryption is designed to enforce that a consistent encryption
8 # policy is used within a given encrypted directory tree and that an encrypted
9 # directory tree does not contain any unencrypted files. This test verifies
10 # that filesystem operations that would violate this constraint fail. This does
11 # not test enforcement of this constraint on lookup, which is still needed to
12 # detect offline changes.
15 seqres=$RESULT_DIR/$seq
16 echo "QA output created by $seq"
20 status=1 # failure is the default!
21 trap "_cleanup; exit \$status" 0 1 2 3 15
29 # get standard environment, filters and checks
35 # remove previous $seqres.full before test
38 # real QA test starts here
40 _require_scratch_encryption
41 _require_renameat2 exchange
44 _scratch_mkfs_encrypted &>> $seqres.full
47 # Set up two encrypted directories, with different encryption policies,
48 # and one unencrypted directory.
49 edir1=$SCRATCH_MNT/edir1
50 edir2=$SCRATCH_MNT/edir2
51 udir=$SCRATCH_MNT/udir
52 mkdir $edir1 $edir2 $udir
53 keydesc1=$(_generate_session_encryption_key)
54 keydesc2=$(_generate_session_encryption_key)
55 _set_encpolicy $edir1 $keydesc1
56 _set_encpolicy $edir2 $keydesc2
62 # Test linking and renaming an encrypted file into an encrypted directory with a
63 # different encryption policy. Should fail with EXDEV.
65 echo -e "\n*** Link encrypted <= encrypted ***"
66 ln $edir1/efile1 $edir2/efile1 |& _filter_scratch
68 echo -e "\n*** Rename encrypted => encrypted ***"
69 $here/src/renameat2 $edir1/efile1 $edir2/efile1
72 # Test linking and renaming an unencrypted file into an encrypted directory.
73 # Should fail with EXDEV.
75 echo -e "\n\n*** Link unencrypted <= encrypted ***"
76 ln $udir/ufile $edir1/ufile |& _filter_scratch
78 echo -e "\n*** Rename unencrypted => encrypted ***"
79 $here/src/renameat2 $udir/ufile $edir1/ufile
82 # Test linking and renaming an encrypted file into an unencrypted directory.
85 echo -e "\n\n*** Link encrypted <= unencrypted ***"
86 ln -v $edir1/efile1 $udir/efile1 |& _filter_scratch
87 rm $udir/efile1 # undo
89 echo -e "\n*** Rename encrypted => unencrypted ***"
90 $here/src/renameat2 $edir1/efile1 $udir/efile1
91 $here/src/renameat2 $udir/efile1 $edir1/efile1 # undo
94 # Test renaming a forbidden (unencrypted, or encrypted with a different
95 # encryption policy) file into an encrypted directory via an exchange (cross
96 # rename) operation. Should fail with EXDEV.
98 echo -e "\n\n*** Exchange encrypted <=> encrypted ***"
99 $here/src/renameat2 -x $edir1/efile1 $edir2/efile2
101 echo -e "\n*** Exchange unencrypted <=> encrypted ***"
102 $here/src/renameat2 -x $udir/ufile $edir1/efile1
104 echo -e "\n*** Exchange encrypted <=> unencrypted ***"
105 $here/src/renameat2 -x $edir1/efile1 $udir/ufile
108 # Test a file with a special type, i.e. not regular, directory, or symlink.
109 # Since such files are not subject to encryption, there should be no
110 # restrictions on linking or renaming them into encrypted directories.
112 echo -e "\n\n*** Special file tests ***"
114 $here/src/renameat2 $edir1/fifo $edir2/fifo
115 $here/src/renameat2 $edir2/fifo $udir/fifo
116 $here/src/renameat2 $udir/fifo $edir1/fifo
118 $here/src/renameat2 -x $udir/fifo $edir1/fifo
119 ln -v $edir1/fifo $edir2/fifo | _filter_scratch
120 rm $edir1/fifo $edir2/fifo $udir/fifo
123 # Now test that *without* access to the encrypted key, we cannot use an exchange
124 # (cross rename) operation to move a forbidden file into an encrypted directory.
126 _unlink_session_encryption_key $keydesc1
127 _unlink_session_encryption_key $keydesc2
129 efile1=$(find $edir1 -type f)
130 efile2=$(find $edir2 -type f)
132 echo -e "\n\n*** Exchange encrypted <=> encrypted without key ***"
133 $here/src/renameat2 -x $efile1 $efile2
134 echo -e "\n*** Exchange encrypted <=> unencrypted without key ***"
135 $here/src/renameat2 -x $efile1 $udir/ufile