2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2016 Google, Inc. All Rights Reserved.
5 # FS QA Test generic/398
7 # Filesystem encryption is designed to enforce that a consistent encryption
8 # policy is used within a given encrypted directory tree and that an encrypted
9 # directory tree does not contain any unencrypted files. This test verifies
10 # that filesystem operations that would violate this constraint fail. This does
11 # not test enforcement of this constraint on lookup, which is still needed to
12 # detect offline changes.
15 _begin_fstest auto quick encrypt
17 # Import common functions.
22 # real QA test starts here
24 _require_scratch_encryption
25 _require_renameat2 exchange
28 _scratch_mkfs_encrypted &>> $seqres.full
31 # Set up two encrypted directories, with different encryption policies,
32 # and one unencrypted directory.
33 edir1=$SCRATCH_MNT/edir1
34 edir2=$SCRATCH_MNT/edir2
35 udir=$SCRATCH_MNT/udir
36 mkdir $edir1 $edir2 $udir
37 keydesc1=$(_generate_session_encryption_key)
38 keydesc2=$(_generate_session_encryption_key)
39 _set_encpolicy $edir1 $keydesc1
40 _set_encpolicy $edir2 $keydesc2
45 # Test linking and renaming an encrypted file into an encrypted directory with a
46 # different encryption policy. Should fail with EXDEV.
48 echo -e "\n*** Link encrypted <= encrypted ***"
49 ln $edir1/efile1 $edir2/efile1 |& _filter_scratch
51 echo -e "\n*** Rename encrypted => encrypted ***"
52 $here/src/renameat2 $edir1/efile1 $edir2/efile1
54 # Test linking and renaming an unencrypted file into an encrypted directory.
55 # Should fail with EXDEV.
57 echo -e "\n\n*** Link unencrypted <= encrypted ***"
58 ln $udir/ufile $edir1/ufile |& _filter_scratch
60 echo -e "\n*** Rename unencrypted => encrypted ***"
61 $here/src/renameat2 $udir/ufile $edir1/ufile
63 # Test linking and renaming an encrypted file into an unencrypted directory.
66 echo -e "\n\n*** Link encrypted <= unencrypted ***"
67 ln -v $edir1/efile1 $udir/efile1 |& _filter_scratch
68 rm $udir/efile1 # undo
70 echo -e "\n*** Rename encrypted => unencrypted ***"
71 $here/src/renameat2 $edir1/efile1 $udir/efile1
72 $here/src/renameat2 $udir/efile1 $edir1/efile1 # undo
74 # Test renaming a forbidden (unencrypted, or encrypted with a different
75 # encryption policy) file into an encrypted directory via an exchange (cross
76 # rename) operation. Should fail with EXDEV.
78 echo -e "\n\n*** Exchange encrypted <=> encrypted ***"
79 $here/src/renameat2 -x $edir1/efile1 $edir2/efile2
81 echo -e "\n*** Exchange unencrypted <=> encrypted ***"
82 $here/src/renameat2 -x $udir/ufile $edir1/efile1
84 echo -e "\n*** Exchange encrypted <=> unencrypted ***"
85 $here/src/renameat2 -x $edir1/efile1 $udir/ufile
87 # Test a file with a special type, i.e. not regular, directory, or symlink.
88 # Since such files are not subject to encryption, there should be no
89 # restrictions on linking or renaming them into encrypted directories.
91 echo -e "\n\n*** Special file tests ***"
93 $here/src/renameat2 $edir1/fifo $edir2/fifo
94 $here/src/renameat2 $edir2/fifo $udir/fifo
95 $here/src/renameat2 $udir/fifo $edir1/fifo
97 $here/src/renameat2 -x $udir/fifo $edir1/fifo
98 ln -v $edir1/fifo $edir2/fifo | _filter_scratch
99 rm $edir1/fifo $edir2/fifo $udir/fifo
101 # Now test that *without* access to the encrypted key, we cannot use an exchange
102 # (cross rename) operation to move a forbidden file into an encrypted directory.
104 _unlink_session_encryption_key $keydesc1
105 _unlink_session_encryption_key $keydesc2
107 efile1=$(find $edir1 -type f)
108 efile2=$(find $edir2 -type f)
110 echo -e "\n\n*** Exchange encrypted <=> encrypted without key ***"
111 $here/src/renameat2 -x $efile1 $efile2
112 echo -e "\n*** Exchange encrypted <=> unencrypted without key ***"
113 $here/src/renameat2 -x $efile1 $udir/ufile