apfs/apfstests
0
0
Fork 0
mirror of https://github.com/linux-apfs/apfstests.git synced 2026-05-01 15:01:44 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
69db2233f3570ca64e78300bcc04fef183775ee3
apfstests/tests/generic/581
T
Darrick J. Wong a860a167d8 common: kill _supported_os 
fstests only supports Linux, so get rid of this unnecessary predicate.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
2020-09-21 01:16:50 +08:00

157 lines
4.4 KiB
Bash
Executable File
Raw Blame History

#! /bin/bash
# SPDX-License-Identifier: GPL-2.0
# Copyright 2019 Google LLC
#
# FS QA Test No. generic/581
#
# Test non-root use of the fscrypt filesystem-level encryption keyring
# and v2 encryption policies.
#
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"
echo
here=`pwd`
tmp=/tmp/$$
status=1 # failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
orig_maxkeys=
_cleanup()
{
cd /
rm -f $tmp.*
if [ -n "$orig_maxkeys" ]; then
echo "$orig_maxkeys" > /proc/sys/kernel/keys/maxkeys
fi
}
# get standard environment, filters and checks
. ./common/rc
. ./common/filter
. ./common/encrypt
# remove previous $seqres.full before test
rm -f $seqres.full
# real QA test starts here
_supported_fs generic
_require_user
_require_scratch_encryption -v 2
_scratch_mkfs_encrypted &>> $seqres.full
_scratch_mount
dir=$SCRATCH_MNT/dir
raw_key=""
for i in `seq 64`; do
raw_key+="\\x$(printf "%02x" $i)"
done
keydesc="0000111122223333"
keyid="69b2f6edeee720cce0577937eb8a6751"
chmod 777 $SCRATCH_MNT
_user_do "mkdir $dir"
echo "# Setting v1 policy as regular user (should succeed)"
_user_do_set_encpolicy $dir $keydesc
echo "# Getting v1 policy as regular user (should succeed)"
_user_do_get_encpolicy $dir | _filter_scratch
echo "# Adding v1 policy key as regular user (should fail with EACCES)"
_user_do_add_enckey $SCRATCH_MNT "$raw_key" -d $keydesc
rm -rf $dir
echo
_user_do "mkdir $dir"
echo "# Setting v2 policy as regular user without key already added (should fail with ENOKEY)"
_user_do_set_encpolicy $dir $keyid |& _filter_scratch
echo "# Adding v2 policy key as regular user (should succeed)"
_user_do_add_enckey $SCRATCH_MNT "$raw_key"
echo "# Setting v2 policy as regular user with key added (should succeed)"
_user_do_set_encpolicy $dir $keyid
echo "# Getting v2 policy as regular user (should succeed)"
_user_do_get_encpolicy $dir | _filter_scratch
echo "# Creating encrypted file as regular user (should succeed)"
_user_do "echo contents > $dir/file"
echo "# Removing v2 policy key as regular user (should succeed)"
_user_do_rm_enckey $SCRATCH_MNT $keyid
_scratch_cycle_mount # Clear all keys
# Wait for any invalidated keys to be garbage-collected.
i=0
while grep -E -q '^[0-9a-f]+ [^ ]*i[^ ]*' /proc/keys; do
if ((++i >= 20)); then
echo "Timed out waiting for invalidated keys to be GC'ed" >> $seqres.full
break
fi
sleep 0.5
done
# Set the user key quota to the fsgqa user's current number of keys plus 5.
orig_keys=$(_user_do "awk '/^[[:space:]]*$(id -u fsgqa):/{print \$4}' /proc/key-users | cut -d/ -f1")
: ${orig_keys:=0}
echo "orig_keys=$orig_keys" >> $seqres.full
orig_maxkeys=$(</proc/sys/kernel/keys/maxkeys)
keys_to_add=5
echo $((orig_keys + keys_to_add)) > /proc/sys/kernel/keys/maxkeys
echo
echo "# Testing user key quota"
for i in `seq $((keys_to_add + 1))`; do
rand_raw_key=$(_generate_raw_encryption_key)
_user_do_add_enckey $SCRATCH_MNT "$rand_raw_key" \
| sed 's/ with identifier .*$//'
done
# Restore the original key quota.
echo "$orig_maxkeys" > /proc/sys/kernel/keys/maxkeys
rm -rf $dir
echo
_user_do "mkdir $dir"
_scratch_cycle_mount # Clear all keys
# Test multiple users adding the same key.
echo "# Adding key as root"
_add_enckey $SCRATCH_MNT "$raw_key"
echo "# Getting key status as regular user"
_user_do_enckey_status $SCRATCH_MNT $keyid
echo "# Removing key only added by another user (should fail with ENOKEY)"
_user_do_rm_enckey $SCRATCH_MNT $keyid
echo "# Setting v2 encryption policy with key only added by another user (should fail with ENOKEY)"
_user_do_set_encpolicy $dir $keyid |& _filter_scratch
echo "# Adding second user of key"
_user_do_add_enckey $SCRATCH_MNT "$raw_key"
echo "# Getting key status as regular user"
_user_do_enckey_status $SCRATCH_MNT $keyid
echo "# Setting v2 encryption policy as regular user"
_user_do_set_encpolicy $dir $keyid
echo "# Removing this user's claim to the key"
_user_do_rm_enckey $SCRATCH_MNT $keyid
echo "# Getting key status as regular user"
_user_do_enckey_status $SCRATCH_MNT $keyid
echo "# Adding back second user of key"
_user_do_add_enckey $SCRATCH_MNT "$raw_key"
echo "# Remove key for \"all users\", as regular user (should fail with EACCES)"
_user_do_rm_enckey $SCRATCH_MNT $keyid -a |& _filter_scratch
_enckey_status $SCRATCH_MNT $keyid
echo "# Remove key for \"all users\", as root"
_rm_enckey $SCRATCH_MNT $keyid -a
_enckey_status $SCRATCH_MNT $keyid
# success, all done
status=0
exit
Reference in New Issue View Git Blame Copy Permalink