2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2017 Google, Inc. All Rights Reserved.
7 # Test that when the filesystem tries to enforce that all files in a directory
8 # tree use the same encryption policy, it doesn't get confused and incorrectly
9 # return EPERM in cases where the parent's key is cached but not the child's, or
10 # vice versa. Such situations can arise following removal of the master key
11 # from the keyring. Regression test for:
12 # 272f98f68462 ("fscrypt: fix context consistency check when key(s) unavailable")
15 seqres=$RESULT_DIR/$seq
16 echo "QA output created by $seq"
20 status=1 # failure is the default!
21 trap "_cleanup; exit \$status" 0 1 2 3 15
29 # get standard environment, filters and checks
34 # remove previous $seqres.full before test
37 # real QA test starts here
40 _require_scratch_encryption
42 _require_command "$KEYCTL_PROG" keyctl
44 # Set up an encryption-capable filesystem and an encryption key.
46 _scratch_mkfs_encrypted &>> $seqres.full
48 keydesc=$(_generate_key_descriptor)
49 raw_key=$(_generate_raw_encryption_key)
50 _add_session_encryption_key $keydesc $raw_key
52 # Set up an encrypted directory containing a regular file, a subdirectory, and a
54 mkdir $SCRATCH_MNT/edir
55 _set_encpolicy $SCRATCH_MNT/edir $keydesc
56 mkdir $SCRATCH_MNT/edir/subdir
57 ln -s target $SCRATCH_MNT/edir/symlink
58 echo contents > $SCRATCH_MNT/edir/file
60 # Starting from a fresh mount (no inodes have their encryption key cached),
61 # reproduce the situation where an encrypted file *without* its key cached is
62 # looked up or opened from within a directory *with* its key cached, and no key
63 # is in the keyring. Try with a regular file, a directory, and a symlink.
66 echo "***** Parent has key, but child doesn't *****"
67 exec 3< $SCRATCH_MNT/edir # pin inode with cached key in memory
68 ls $SCRATCH_MNT/edir | sort
69 _unlink_session_encryption_key $keydesc
70 cat $SCRATCH_MNT/edir/file |& _filter_scratch
71 ls $SCRATCH_MNT/edir/subdir
72 cat $SCRATCH_MNT/edir/symlink |& _filter_scratch
75 # Now, the inverse: an encrypted file *with* its key cached is looked up or
76 # opened from within a directory *without* its key cached, and no key is in the
77 # keyring. This is most easily reproducible using a hard link. Note: the
78 # expected behavior (at least, until we have a real API for revoking filesystem
79 # encryption keys) is that we should still be able to open the file and read its
80 # plaintext contents, even though its filename is shown in ciphertext!
82 echo "***** Child has key, but parent doesn't *****"
83 _add_session_encryption_key $keydesc $raw_key
84 mkdir $SCRATCH_MNT/edir2
85 _set_encpolicy $SCRATCH_MNT/edir2 $keydesc
86 ln $SCRATCH_MNT/edir/file $SCRATCH_MNT/edir2/link
88 cat $SCRATCH_MNT/edir2/link
89 exec 3< $SCRATCH_MNT/edir2/link # pin inode with cached key in memory
90 _unlink_session_encryption_key $keydesc
91 stat $SCRATCH_MNT/edir/file |& _filter_scratch
92 cat "$(find $SCRATCH_MNT/edir/ -type f)"