summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
c8e2917)
generic/395 contains workarounds to allow for some of the fscrypt ioctls
to fail with different error codes. However, the error codes were all
fixed up and documented years ago:
- FS_IOC_GET_ENCRYPTION_POLICY on ext4 failed with ENOENT instead of
ENODATA on unencrypted files. Fixed by commit
db717d8e26c2
("fscrypto: move ioctl processing more fully into common code").
- FS_IOC_SET_ENCRYPTION_POLICY failed with EINVAL instead of EEXIST
on encrypted files. Fixed by commit
8488cd96ff88 ("fscrypt: use
EEXIST when file already uses different policy").
- FS_IOC_SET_ENCRYPTION_POLICY failed with EINVAL instead of ENOTDIR
on nondirectories. Fixed by commit
dffd0cfa06d4 ("fscrypt: use
ENOTDIR when setting encryption policy on nondirectory").
It's been long enough, so update the test to expect the correct behavior
only, so we don't accidentally reintroduce the wrong behavior.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
_scratch_mkfs_encrypted &>> $seqres.full
_scratch_mount
_scratch_mkfs_encrypted &>> $seqres.full
_scratch_mount
-check_no_policy()
-{
- # When a file is unencrypted, FS_IOC_GET_ENCRYPTION_POLICY currently
- # fails with ENOENT on ext4 but with ENODATA on f2fs. TODO: it's
- # planned to consistently use ENODATA. For now this test accepts both.
- _get_encpolicy $1 |&
- sed -e 's/No such file or directory/No data available/'
-}
-
# Should be able to set an encryption policy on an empty directory
empty_dir=$SCRATCH_MNT/empty_dir
echo -e "\n*** Setting encryption policy on empty directory ***"
mkdir $empty_dir
# Should be able to set an encryption policy on an empty directory
empty_dir=$SCRATCH_MNT/empty_dir
echo -e "\n*** Setting encryption policy on empty directory ***"
mkdir $empty_dir
-check_no_policy $empty_dir |& _filter_scratch
+_get_encpolicy $empty_dir |& _filter_scratch
_set_encpolicy $empty_dir 0000111122223333
_get_encpolicy $empty_dir | _filter_scratch
# Should be able to set the same policy again, but not a different one.
_set_encpolicy $empty_dir 0000111122223333
_get_encpolicy $empty_dir | _filter_scratch
# Should be able to set the same policy again, but not a different one.
-# TODO: the error code for "already has a different policy" is planned to switch
-# from EINVAL to EEXIST. For now this test accepts both.
echo -e "\n*** Setting encryption policy again ***"
_set_encpolicy $empty_dir 0000111122223333
_get_encpolicy $empty_dir | _filter_scratch
echo -e "\n*** Setting encryption policy again ***"
_set_encpolicy $empty_dir 0000111122223333
_get_encpolicy $empty_dir | _filter_scratch
-_set_encpolicy $empty_dir 4444555566667777 |& \
- _filter_scratch | sed -e 's/Invalid argument/File exists/'
+_set_encpolicy $empty_dir 4444555566667777 |& _filter_scratch
_get_encpolicy $empty_dir | _filter_scratch
# Should *not* be able to set an encryption policy on a nonempty directory
_get_encpolicy $empty_dir | _filter_scratch
# Should *not* be able to set an encryption policy on a nonempty directory
mkdir $nonempty_dir
touch $nonempty_dir/file
_set_encpolicy $nonempty_dir |& _filter_scratch
mkdir $nonempty_dir
touch $nonempty_dir/file
_set_encpolicy $nonempty_dir |& _filter_scratch
-check_no_policy $nonempty_dir |& _filter_scratch
+_get_encpolicy $nonempty_dir |& _filter_scratch
# Should *not* be able to set an encryption policy on a nondirectory file, even
# an empty one. Regression test for 002ced4be642: "fscrypto: only allow setting
# encryption policy on directories".
# Should *not* be able to set an encryption policy on a nondirectory file, even
# an empty one. Regression test for 002ced4be642: "fscrypto: only allow setting
# encryption policy on directories".
-# TODO: the error code for "not a directory" is planned to switch from EINVAL to
-# ENOTDIR. For now this test accepts both.
nondirectory=$SCRATCH_MNT/nondirectory
echo -e "\n*** Setting encryption policy on nondirectory ***"
touch $nondirectory
nondirectory=$SCRATCH_MNT/nondirectory
echo -e "\n*** Setting encryption policy on nondirectory ***"
touch $nondirectory
-_set_encpolicy $nondirectory |& \
- _filter_scratch | sed -e 's/Invalid argument/Not a directory/'
-check_no_policy $nondirectory |& _filter_scratch
+_set_encpolicy $nondirectory |& _filter_scratch
+_get_encpolicy $nondirectory |& _filter_scratch
# Should *not* be able to set an encryption policy on another user's directory.
# Regression test for 163ae1c6ad62: "fscrypto: add authorization check for
# Should *not* be able to set an encryption policy on another user's directory.
# Regression test for 163ae1c6ad62: "fscrypto: add authorization check for
echo -e "\n*** Setting encryption policy on another user's directory ***"
mkdir $unauthorized_dir
_user_do_set_encpolicy $unauthorized_dir |& _filter_scratch
echo -e "\n*** Setting encryption policy on another user's directory ***"
mkdir $unauthorized_dir
_user_do_set_encpolicy $unauthorized_dir |& _filter_scratch
-check_no_policy $unauthorized_dir |& _filter_scratch
+_get_encpolicy $unauthorized_dir |& _filter_scratch
# Should *not* be able to set an encryption policy on a directory on a
# filesystem mounted readonly. Regression test for ba63f23d69a3: "fscrypto:
# Should *not* be able to set an encryption policy on a directory on a
# filesystem mounted readonly. Regression test for ba63f23d69a3: "fscrypto:
mkdir $SCRATCH_MNT/ro_dir $SCRATCH_MNT/ro_bind_mnt
_scratch_remount ro
_set_encpolicy $SCRATCH_MNT/ro_dir |& _filter_scratch
mkdir $SCRATCH_MNT/ro_dir $SCRATCH_MNT/ro_bind_mnt
_scratch_remount ro
_set_encpolicy $SCRATCH_MNT/ro_dir |& _filter_scratch
-check_no_policy $SCRATCH_MNT/ro_dir |& _filter_scratch
+_get_encpolicy $SCRATCH_MNT/ro_dir |& _filter_scratch
_scratch_remount rw
mount --bind $SCRATCH_MNT $SCRATCH_MNT/ro_bind_mnt
mount -o remount,ro,bind $SCRATCH_MNT/ro_bind_mnt
_set_encpolicy $SCRATCH_MNT/ro_bind_mnt/ro_dir |& _filter_scratch
_scratch_remount rw
mount --bind $SCRATCH_MNT $SCRATCH_MNT/ro_bind_mnt
mount -o remount,ro,bind $SCRATCH_MNT/ro_bind_mnt
_set_encpolicy $SCRATCH_MNT/ro_bind_mnt/ro_dir |& _filter_scratch
-check_no_policy $SCRATCH_MNT/ro_bind_mnt/ro_dir |& _filter_scratch
+_get_encpolicy $SCRATCH_MNT/ro_bind_mnt/ro_dir |& _filter_scratch
umount $SCRATCH_MNT/ro_bind_mnt
# success, all done
umount $SCRATCH_MNT/ro_bind_mnt
# success, all done