diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-01-27 20:16:35 -0800 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2020-01-28 10:45:52 -0800 |
| commit | 2d7229eb2a97c845d73a65ff9dd3368056c255a6 (patch) | |
| tree | 16f75a173808cfffd4153adf488f86b440a099ca /actions | |
| parent | 07d744068d437b09d7a07975e88e18440f5db2f3 (diff) | |
actions/policy: revert new protector links on failure
Ensure that when an encryption policy is reverted (e.g. due to
encryptPath() failing after the policy was created), we also delete any
new protector links that were created for the policy, as this is not
handled by the logic that reverts new protectors.
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/policy.go | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/actions/policy.go b/actions/policy.go index 9d644c1..b7fe5a6 100644 --- a/actions/policy.go +++ b/actions/policy.go @@ -79,10 +79,11 @@ func PurgeAllPolicies(ctx *Context) error { // allow encrypted files to be accessed). As with the key struct, a Policy // should be wiped after use. type Policy struct { - Context *Context - data *metadata.PolicyData - key *crypto.Key - created bool + Context *Context + data *metadata.PolicyData + key *crypto.Key + created bool + newLinkedProtectors []string } // CreatePolicy creates a Policy protected by given Protector and stores the @@ -208,9 +209,13 @@ func (policy *Policy) Version() int64 { return policy.data.Options.PolicyVersion } -// Destroy removes a policy from the filesystem. The internal key should still -// be wiped with Lock(). +// Destroy removes a policy from the filesystem. It also removes any new +// protector links that were created for the policy. This does *not* wipe the +// policy's internal key from memory; use Lock() to do that. func (policy *Policy) Destroy() error { + for _, protectorDescriptor := range policy.newLinkedProtectors { + policy.Context.Mount.RemoveProtector(protectorDescriptor) + } return policy.Context.Mount.RemovePolicy(policy.Descriptor()) } @@ -315,11 +320,15 @@ func (policy *Policy) AddProtector(protector *Protector) error { // to it on the policy's filesystem. if policy.Context.Mount != protector.Context.Mount { log.Printf("policy on %s\n protector on %s\n", policy.Context.Mount, protector.Context.Mount) - _, err := policy.Context.Mount.AddLinkedProtector( + isNewLink, err := policy.Context.Mount.AddLinkedProtector( protector.Descriptor(), protector.Context.Mount) if err != nil { return err } + if isNewLink { + policy.newLinkedProtectors = append(policy.newLinkedProtectors, + protector.Descriptor()) + } } else { log.Printf("policy and protector both on %q", policy.Context.Mount) } |