diff options
| author | Joe Richey joerichey@google.com <joerichey@google.com> | 2017-07-14 12:04:21 -0700 |
|---|---|---|
| committer | Joe Richey joerichey@google.com <joerichey@google.com> | 2017-07-14 12:04:21 -0700 |
| commit | 480527993359c477849ccbd2c4d369df54807903 (patch) | |
| tree | e35fb083482d26499038ca559fb5e345697d2542 | |
| parent | 7ee5d16c1d4da0561976b372da15bd2d7a32d8b8 (diff) | |
actions: Policies now have Description method
| -rw-r--r-- | actions/policy.go | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/actions/policy.go b/actions/policy.go index e755883..0d0ed02 100644 --- a/actions/policy.go +++ b/actions/policy.go @@ -56,7 +56,7 @@ func PurgeAllPolicies(ctx *Context) error { for _, policyDescriptor := range policies { service := ctx.getService() - err = crypto.RemovePolicyKey(policyDescriptor, service) + err = crypto.RemovePolicyKey(service + policyDescriptor) switch errors.Cause(err) { case nil, crypto.ErrKeyringSearch: @@ -188,6 +188,12 @@ func (policy *Policy) Descriptor() string { return policy.data.KeyDescriptor } +// Description returns the description that will be used when the key for this +// Policy is inserted into the keyring +func (policy *Policy) Description() string { + return policy.Context.getService() + policy.Descriptor() +} + // Destroy removes a policy from the filesystem. The internal key should still // be wiped with Lock(). func (policy *Policy) Destroy() error { @@ -339,7 +345,7 @@ func (policy *Policy) Apply(path string) error { // IsProvisioned returns a boolean indicating if the policy has its key in the // keyring, meaning files and directories using this policy are accessible. func (policy *Policy) IsProvisioned() bool { - _, _, err := crypto.FindPolicyKey(policy.Descriptor(), policy.Context.getService()) + _, _, err := crypto.FindPolicyKey(policy.Description()) return err == nil } @@ -349,13 +355,13 @@ func (policy *Policy) Provision() error { if policy.key == nil { return ErrLocked } - return crypto.InsertPolicyKey(policy.key, policy.Descriptor(), policy.Context.getService()) + return crypto.InsertPolicyKey(policy.key, policy.Description()) } // Deprovision removes the Policy key from the kernel keyring. This prevents // reading and writing to the directory once the caches are cleared. func (policy *Policy) Deprovision() error { - return crypto.RemovePolicyKey(policy.Descriptor(), policy.Context.getService()) + return crypto.RemovePolicyKey(policy.Description()) } // commitData writes the Policy's current data to the filesystem. |