crypto: Updated to include user parameter

2 files changed, 15 insertions, 11 deletions

diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go
index 719db00..444f847 100644
--- a/crypto/crypto_test.go
+++ b/crypto/crypto_test.go
@@ -34,6 +34,7 @@ import (
 
 	"github.com/google/fscrypt/metadata"
 	"github.com/google/fscrypt/security"
+	"github.com/google/fscrypt/util"
 )
 
 // Reader that always returns the same byte
@@ -60,6 +61,8 @@ var (
 	fakeValidPolicyKey, _   = makeKey(42, metadata.PolicyKeyLen)
 	fakeInvalidPolicyKey, _ = makeKey(42, metadata.PolicyKeyLen-1)
 	fakeWrappingKey, _      = makeKey(17, metadata.InternalKeyLen)
+
+	testUser, _ = util.EffectiveUser()
 )
 
 // As the passpharase hashing function clears the passphrase, we need to make
@@ -243,10 +246,10 @@ func TestKeyLargeResize(t *testing.T) {
 func TestAddRemoveKeys(t *testing.T) {
 	for _, service := range []string{defaultService, "ext4:", "f2fs:"} {
 		validDescription := service + fakeValidDescriptor
-		if err := InsertPolicyKey(fakeValidPolicyKey, validDescription); err != nil {
+		if err := InsertPolicyKey(fakeValidPolicyKey, validDescription, testUser); err != nil {
 			t.Error(err)
 		}
-		if err := security.RemoveKey(validDescription); err != nil {
+		if err := security.RemoveKey(validDescription, testUser); err != nil {
 			t.Error(err)
 		}
 	}
@@ -255,23 +258,23 @@ func TestAddRemoveKeys(t *testing.T) {
 // Adds a key twice (both should succeed)
 func TestAddTwice(t *testing.T) {
 	validDescription := defaultService + fakeValidDescriptor
-	InsertPolicyKey(fakeValidPolicyKey, validDescription)
-	if InsertPolicyKey(fakeValidPolicyKey, validDescription) != nil {
+	InsertPolicyKey(fakeValidPolicyKey, validDescription, testUser)
+	if InsertPolicyKey(fakeValidPolicyKey, validDescription, testUser) != nil {
 		t.Error("InsertPolicyKey should not fail if key already exists")
 	}
-	security.RemoveKey(validDescription)
+	security.RemoveKey(validDescription, testUser)
 }
 
 // Makes sure a key fails with bad policy or service
 func TestBadAddKeys(t *testing.T) {
 	validDescription := defaultService + fakeValidDescriptor
-	if InsertPolicyKey(fakeInvalidPolicyKey, validDescription) == nil {
-		security.RemoveKey(validDescription)
+	if InsertPolicyKey(fakeInvalidPolicyKey, validDescription, testUser) == nil {
+		security.RemoveKey(validDescription, testUser)
 		t.Error("InsertPolicyKey should fail with bad policy key")
 	}
 	invalidDescription := "ext4" + fakeValidDescriptor
-	if InsertPolicyKey(fakeValidPolicyKey, invalidDescription) == nil {
-		security.RemoveKey(invalidDescription)
+	if InsertPolicyKey(fakeValidPolicyKey, invalidDescription, testUser) == nil {
+		security.RemoveKey(invalidDescription, testUser)
 		t.Error("InsertPolicyKey should fail with bad service")
 	}
 }
diff --git a/crypto/key.go b/crypto/key.go
index ec37330..9bf9098 100644
--- a/crypto/key.go
+++ b/crypto/key.go
@@ -33,6 +33,7 @@ import (
 	"io"
 	"log"
 	"os"
+	"os/user"
 	"runtime"
 	"unsafe"
 
@@ -247,7 +248,7 @@ func NewFixedLengthKeyFromReader(reader io.Reader, length int) (*Key, error) {
 
 // InsertPolicyKey puts the provided policy key into the kernel keyring with the
 // provided description, and type logon. The key must be a policy key.
-func InsertPolicyKey(key *Key, description string) error {
+func InsertPolicyKey(key *Key, description string, target *user.User) error {
 	if err := util.CheckValidLength(metadata.PolicyKeyLen, key.Len()); err != nil {
 		return errors.Wrap(err, "policy key")
 	}
@@ -266,7 +267,7 @@ func InsertPolicyKey(key *Key, description string) error {
 	fscryptKey.Size = metadata.PolicyKeyLen
 	copy(fscryptKey.Raw[:], key.data)
 
-	return security.InsertKey(payload.data, description)
+	return security.InsertKey(payload.data, description, target)
 }
 
 var (