fscrypt.git/actions/policy_test.go, branch v0.3.6 Go tool for managing Linux filesystem encryption Make all new metadata files owned by user when needed 2022-02-23T20:35:04+00:00 Eric Biggers ebiggers@google.com 2022-02-23T20:35:04+00:00 d4ce0b892cbe68db9f90f4015342e6a9069b079c Since commit 4c7c6631cc5a ("Set owner of login protectors to correct user"), login protectors are made owned by the user when root creates one on a user's behalf. That's good, but the same isn't true of other files that get created at the same time: - The policy protecting the directory - The protector link file, if the policy is on a different filesystem - The recovery protector, if the policy is on a different filesystem - The recovery instructions file In preparation for setting all metadata files to mode 0600, start making all these files owned by the user in this scenario as well. 
Since commit 4c7c6631cc5a ("Set owner of login protectors to correct
user"), login protectors are made owned by the user when root creates
one on a user's behalf.  That's good, but the same isn't true of other
files that get created at the same time:

- The policy protecting the directory
- The protector link file, if the policy is on a different filesystem
- The recovery protector, if the policy is on a different filesystem
- The recovery instructions file

In preparation for setting all metadata files to mode 0600, start making
all these files owned by the user in this scenario as well.
cmd/fscrypt: don't load protector in remove-protector-from-policy 2021-12-23T17:44:13+00:00 Eric Biggers ebiggers@google.com 2021-12-23T17:39:08+00:00 6ebd5a54eae2dfb16b66da649e75848fe6030b7f Make remove-protector-from-policy work even if the protector cannot be loaded (for example, due to having been deleted already). Fixes https://github.com/google/fscrypt/issues/258 Fixes https://github.com/google/fscrypt/issues/272 
Make remove-protector-from-policy work even if the protector cannot be
loaded (for example, due to having been deleted already).

Fixes https://github.com/google/fscrypt/issues/258
Fixes https://github.com/google/fscrypt/issues/272
actions: Add tests for policy unlocking 2017-07-17T19:32:03+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-07-17T19:32:03+00:00 3bbb2b60498ec937ad736e698ce4afcb452a4644 






actions: error handling and API changed
2017-06-28T22:15:15+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-06-21T17:03:44+00:00

93415b198a3ef427c02893b8fdf036aa75ffe50f

This commit changes the error handling for the actions package to use
the error handling library github.com/pkg/errors. This means replacing
"errors" with "github.com/pkg/errors", reworking some of the error
values, and wrapping some errors with additional context.

This commit also changes the Protector/Policy API, moving most of the
package functionality into Protector or Policy methods. These types are
now "locked" when they are queried from the filesystem, and Unlock()
must be used to get their corresponding keys. Note that only certain
operations will require unlocking the keys. Certain unnecessary
functions and methods are also removed.

This CL also fixes two bugs reported by Tyler Hicks in CreateConfigFile.
CPU time is used instead of wall time, and kiB is used instead of kB.

Change-Id: I88f45659e9fe4938d148843e3289e7b6d5b698d8





This commit changes the error handling for the actions package to use
the error handling library github.com/pkg/errors. This means replacing
"errors" with "github.com/pkg/errors", reworking some of the error
values, and wrapping some errors with additional context.

This commit also changes the Protector/Policy API, moving most of the
package functionality into Protector or Policy methods. These types are
now "locked" when they are queried from the filesystem, and Unlock()
must be used to get their corresponding keys. Note that only certain
operations will require unlocking the keys. Certain unnecessary
functions and methods are also removed.

This CL also fixes two bugs reported by Tyler Hicks in CreateConfigFile.
CPU time is used instead of wall time, and kiB is used instead of kB.

Change-Id: I88f45659e9fe4938d148843e3289e7b6d5b698d8







actions: Simplify the callback mechanism
2017-06-26T22:40:08+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-06-01T00:54:35+00:00

defd27f75df3a6eef84ac33adf89b1ce255e738c

This commit makes the callbacks for getting keys easier to understand.
Functions which need keys now take a KeyFunc callback. This callback
contains a ProtectorInfo parameter (basically a read-only version of
metadata.ProtectorData) and a boolean which indicates if the call is
being retried. The documentation is also updated to say which functions
will retry the KeyFunc.

For selecting a protector, there is now an OptionFunc callback which
takes a slice of ProtectorOptions. A ProtectorOption is a ProtectorInfo
along with additional information about a linked filesystem (if
applicable).

This commit also adds in methods for getting the protector options for a
specific filesystem or policy. It also adds a function for getting the
policy descriptor for a specific path.

Change-Id: I41e0d94ffd44e7166b0c5cf1b5d18437960bdf90





This commit makes the callbacks for getting keys easier to understand.
Functions which need keys now take a KeyFunc callback. This callback
contains a ProtectorInfo parameter (basically a read-only version of
metadata.ProtectorData) and a boolean which indicates if the call is
being retried. The documentation is also updated to say which functions
will retry the KeyFunc.

For selecting a protector, there is now an OptionFunc callback which
takes a slice of ProtectorOptions. A ProtectorOption is a ProtectorInfo
along with additional information about a linked filesystem (if
applicable).

This commit also adds in methods for getting the protector options for a
specific filesystem or policy. It also adds a function for getting the
policy descriptor for a specific path.

Change-Id: I41e0d94ffd44e7166b0c5cf1b5d18437960bdf90







actions: creating and unlocking policies
2017-05-31T20:54:07+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-05-24T01:59:39+00:00

9c6a5203c72c811c4354a7cdc8d3f705953db095

This commit adds in the Policy structure. This structure represents an
unlocked policy key and its associated data. Policies can add or remove
Protectors, apply encryption policies to filesystem directories, and
provision a key into the kernel keyring.

Change-Id: I089710223221e0ea60188d523703469e5d67ad0e





This commit adds in the Policy structure. This structure represents an
unlocked policy key and its associated data. Policies can add or remove
Protectors, apply encryption policies to filesystem directories, and
provision a key into the kernel keyring.

Change-Id: I089710223221e0ea60188d523703469e5d67ad0e