Simplify choosing the key description prefix

There's no real need to allow users to choose the key description prefix
(a.k.a. the "service"), since on ext4 and f2fs we can just use "ext4"
and "f2fs" for compatibility with all kernels both old and new, and on
other filesystems we can just use "fscrypt".  So, let's do that.

Since this removes the point of the "--legacy" option to 'fscrypt setup'
and the "compatibility" field in /etc/fscrypt.conf, remove those too.

Specifically, we start ignoring the "compatibility" in existing config
files and not writing it to new ones.  The corresponding protobuf field
number and name are reserved.  We stop accepting the "--legacy" option
at all, although since it was default true and there was no real reason
for anyone to change it to false, probably no one will notice.  If
anyone does, they should just stop specifying the option.

Note that this change only affects user keyrings and thus only affects
v1 encryption policies, which are deprecated in favor of v2 anyway.

4 files changed, 5 insertions, 35 deletions

diff --git a/actions/config.go b/actions/config.go
index 6b019df..3433438 100644
--- a/actions/config.go
+++ b/actions/config.go
@@ -36,10 +36,6 @@ import (
 	"github.com/google/fscrypt/util"
 )
 
-// LegacyConfig indicates that keys should be inserted into the keyring with the
-// legacy service prefixes. Needed for kernels before v4.8.
-const LegacyConfig = "legacy"
-
 // ConfigFileLocation is the location of fscrypt's global settings. This can be
 // overridden by the user of this package.
 var ConfigFileLocation = "/etc/fscrypt.conf"
@@ -61,12 +57,9 @@ var (
 )
 
 // CreateConfigFile creates a new config file at the appropriate location with
-// the appropriate hashing costs and encryption parameters. This creation is
-// configurable in two ways. First, a time target must be specified. This target
-// will determine the hashing costs, by picking parameters that make the hashing
-// take as long as the specified target. Second, the config can include the
-// legacy option, which is needed for systems with kernels older than v4.8.
-func CreateConfigFile(target time.Duration, useLegacy bool) error {
+// the appropriate hashing costs and encryption parameters. The hashing will be
+// configured to take as long as the specified time target.
+func CreateConfigFile(target time.Duration) error {
 	// Create the config file before computing the hashing costs, so we fail
 	// immediately if the program has insufficient permissions.
 	configFile, err := filesystem.OpenFileOverridingUmask(ConfigFileLocation,
@@ -83,10 +76,6 @@ func CreateConfigFile(target time.Duration, useLegacy bool) error {
 		Source:  metadata.DefaultSource,
 		Options: metadata.DefaultOptions,
 	}
-	if useLegacy {
-		config.Compatibility = LegacyConfig
-		log.Printf("Using %q compatibility option\n", LegacyConfig)
-	}
 
 	if config.HashCosts, err = getHashingCosts(target); err != nil {
 		return err
diff --git a/actions/config_test.go b/actions/config_test.go
index 037e433..02c89e6 100644
--- a/actions/config_test.go
+++ b/actions/config_test.go
@@ -42,7 +42,7 @@ func TestConfigFileIsCreatedWithCorrectMode(t *testing.T) {
 	defer os.RemoveAll(tempDir)
 	ConfigFileLocation = filepath.Join(tempDir, "test.conf")
 
-	if err = CreateConfigFile(time.Millisecond, false); err != nil {
+	if err = CreateConfigFile(time.Millisecond); err != nil {
 		t.Fatal(err)
 	}
 	fileInfo, err := os.Stat(ConfigFileLocation)
diff --git a/actions/context.go b/actions/context.go
index f07f225..0db0671 100644
--- a/actions/context.go
+++ b/actions/context.go
@@ -32,8 +32,6 @@ import (
 	"log"
 	"os/user"
 
-	"golang.org/x/sys/unix"
-
 	"github.com/pkg/errors"
 
 	"github.com/google/fscrypt/filesystem"
@@ -133,27 +131,10 @@ func (ctx *Context) checkContext() error {
 	return ctx.Mount.CheckSetup()
 }
 
-// getService returns the keyring service for this context. We use the presence
-// of the LegacyConfig flag to determine if we should use the legacy services.
-// For ext4 systems before v4.8 and f2fs systems before v4.6, filesystem
-// specific services must be used (these legacy services will still work with
-// later kernels).
-func (ctx *Context) getService() string {
-	// For legacy configurations, we may need non-standard services
-	if ctx.Config.HasCompatibilityOption(LegacyConfig) {
-		switch ctx.Mount.FilesystemType {
-		case "ext4", "f2fs":
-			return ctx.Mount.FilesystemType + ":"
-		}
-	}
-	return unix.FSCRYPT_KEY_DESC_PREFIX
-}
-
 func (ctx *Context) getKeyringOptions() *keyring.Options {
 	return &keyring.Options{
 		Mount:                     ctx.Mount,
 		User:                      ctx.TargetUser,
-		Service:                   ctx.getService(),
 		UseFsKeyringForV1Policies: ctx.Config.GetUseFsKeyringForV1Policies(),
 	}
 }
diff --git a/actions/context_test.go b/actions/context_test.go
index e8aefd7..4f93776 100644
--- a/actions/context_test.go
+++ b/actions/context_test.go
@@ -52,7 +52,7 @@ func setupContext() (ctx *Context, err error) {
 		return nil, fmt.Errorf("created context at %q without config file", badCtx.Mount.Path)
 	}
 
-	if err = CreateConfigFile(testTime, true); err != nil {
+	if err = CreateConfigFile(testTime); err != nil {
 		return nil, err
 	}
 	defer func() {