Merge pull request #237 from ebiggers/t_v1_policy_fix

Adjust status message for v1 policies unlocked by another user and fix cli-tests/t_v1_policy

4 files changed, 19 insertions, 7 deletions

diff --git a/cli-tests/common.sh b/cli-tests/common.sh
index fcebfd6..79b42ae 100644
--- a/cli-tests/common.sh
+++ b/cli-tests/common.sh
@@ -128,6 +128,18 @@ _user_do_and_expect_failure()
 	_expect_failure "_user_do '$1'"
 }
 
+# Clear the test user's user keyring and unlink it from root's user keyring, if
+# it is linked into it.
+_cleanup_user_keyrings()
+{
+	local ringid
+
+	ringid=$(_user_do "keyctl show @u" | awk '/keyring: _uid/{print $1}')
+
+	_user_do "keyctl clear $ringid"
+	keyctl unlink "$ringid" @u &> /dev/null || true
+}
+
 # Gives the test a new session keyring which contains the test user's keyring
 # but not root's keyring.  Also clears the test user's keyring.  This must be
 # called at the beginning of the test script as it may re-execute the script.
diff --git a/cli-tests/t_v1_policy.out b/cli-tests/t_v1_policy.out
index b47bcca..9adb00a 100644
--- a/cli-tests/t_v1_policy.out
+++ b/cli-tests/t_v1_policy.out
@@ -42,7 +42,7 @@ desc2  No      custom protector "prot"
 
 Policy:   desc1
 Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:1 
-Unlocked: Yes
+Unlocked: Partially (incompletely locked, or unlocked by another user)
 
 Protected with 1 protector:
 PROTECTOR         LINKED  DESCRIPTION
@@ -115,7 +115,7 @@ Then re-run:
 
 Policy:   desc1
 Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:1 
-Unlocked: Partially (incompletely locked)
+Unlocked: Partially (incompletely locked, or unlocked by another user)
 
 Protected with 1 protector:
 PROTECTOR         LINKED  DESCRIPTION
diff --git a/cli-tests/t_v1_policy.sh b/cli-tests/t_v1_policy.sh
index e9f3acf..e883dcd 100755
--- a/cli-tests/t_v1_policy.sh
+++ b/cli-tests/t_v1_policy.sh
@@ -6,6 +6,7 @@ cd "$(dirname "$0")"
 . common.sh
 
 _setup_session_keyring
+trap _cleanup_user_keyrings EXIT
 
 dir="$MNT/dir"
 mkdir "$dir"
diff --git a/cmd/fscrypt/status.go b/cmd/fscrypt/status.go
index 02fdc74..255bb2b 100644
--- a/cmd/fscrypt/status.go
+++ b/cmd/fscrypt/status.go
@@ -68,13 +68,12 @@ func policyUnlockedStatus(policy *actions.Policy, path string) string {
 	status := policy.GetProvisioningStatus()
 
 	// Due to a limitation in the old kernel API for fscrypt, for v1
-	// policies using the user keyring that are incompletely locked we'll
-	// get KeyAbsent, not KeyAbsentButFilesBusy as expected.  If we have a
-	// directory path, use a heuristic to try to detect whether it is still
-	// usable and thus the policy is actually incompletely locked.
+	// policies using the user keyring that are incompletely locked or are
+	// unlocked by another user, we'll get KeyAbsent.  If we have a
+	// directory path, use a heuristic to try to detect these cases.
 	if status == keyring.KeyAbsent && policy.NeedsUserKeyring() &&
 		path != "" && isDirUnlockedHeuristic(path) {
-		status = keyring.KeyAbsentButFilesBusy
+		return "Partially (incompletely locked, or unlocked by another user)"
 	}
 
 	switch status {