2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2017 Google, Inc. All Rights Reserved.
7 # Test that when the filesystem tries to enforce that all files in a directory
8 # tree use the same encryption policy, it doesn't get confused and incorrectly
9 # return EPERM in cases where the parent's key is cached but not the child's, or
10 # vice versa. Such situations can arise following removal of the master key
11 # from the keyring. Regression test for:
12 # 272f98f68462 ("fscrypt: fix context consistency check when key(s) unavailable")
15 seqres=$RESULT_DIR/$seq
16 echo "QA output created by $seq"
20 status=1 # failure is the default!
21 trap "_cleanup; exit \$status" 0 1 2 3 15
29 # get standard environment, filters and checks
34 # remove previous $seqres.full before test
37 # real QA test starts here
39 _require_scratch_encryption
41 _require_command "$KEYCTL_PROG" keyctl
43 # Set up an encryption-capable filesystem and an encryption key.
45 _scratch_mkfs_encrypted &>> $seqres.full
47 keydesc=$(_generate_key_descriptor)
48 raw_key=$(_generate_raw_encryption_key)
49 _add_session_encryption_key $keydesc $raw_key
51 # Set up an encrypted directory containing a regular file, a subdirectory, and a
53 mkdir $SCRATCH_MNT/edir
54 _set_encpolicy $SCRATCH_MNT/edir $keydesc
55 mkdir $SCRATCH_MNT/edir/subdir
56 ln -s target $SCRATCH_MNT/edir/symlink
57 echo contents > $SCRATCH_MNT/edir/file
59 # Starting from a fresh mount (no inodes have their encryption key cached),
60 # reproduce the situation where an encrypted file *without* its key cached is
61 # looked up or opened from within a directory *with* its key cached, and no key
62 # is in the keyring. Try with a regular file, a directory, and a symlink.
65 echo "***** Parent has key, but child doesn't *****"
66 exec 3< $SCRATCH_MNT/edir # pin inode with cached key in memory
67 ls $SCRATCH_MNT/edir | sort
68 _unlink_session_encryption_key $keydesc
69 cat $SCRATCH_MNT/edir/file |& _filter_scratch
70 ls $SCRATCH_MNT/edir/subdir
71 cat $SCRATCH_MNT/edir/symlink |& _filter_scratch
74 # Now, the inverse: an encrypted file *with* its key cached is looked up or
75 # opened from within a directory *without* its key cached, and no key is in the
76 # keyring. This is most easily reproducible using a hard link. Note: the
77 # expected behavior (at least, until we have a real API for revoking filesystem
78 # encryption keys) is that we should still be able to open the file and read its
79 # plaintext contents, even though its filename is shown in ciphertext!
81 echo "***** Child has key, but parent doesn't *****"
82 _add_session_encryption_key $keydesc $raw_key
83 mkdir $SCRATCH_MNT/edir2
84 _set_encpolicy $SCRATCH_MNT/edir2 $keydesc
85 ln $SCRATCH_MNT/edir/file $SCRATCH_MNT/edir2/link
87 cat $SCRATCH_MNT/edir2/link
88 exec 3< $SCRATCH_MNT/edir2/link # pin inode with cached key in memory
89 _unlink_session_encryption_key $keydesc
90 stat $SCRATCH_MNT/edir/file |& _filter_stat |& _filter_scratch
91 cat "$(find $SCRATCH_MNT/edir/ -type f)"