diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-05-09 14:04:47 -0700 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2020-05-09 14:04:47 -0700 |
| commit | b13bfeef21c18302dcb31f7fb6d354da9a5a567b (patch) | |
| tree | 7adc8ef33b0ee9a5d329e69415662501703ebbdb /cli-tests/t_v1_policy.sh | |
| parent | 9e71603b7fb28a21e2d57210c4d1d9e3391edb7c (diff) | |
cli-tests: add t_v1_policy
Test using v1 encryption policies (deprecated).
Diffstat (limited to 'cli-tests/t_v1_policy.sh')
| -rwxr-xr-x | cli-tests/t_v1_policy.sh | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/cli-tests/t_v1_policy.sh b/cli-tests/t_v1_policy.sh new file mode 100755 index 0000000..1ebfae5 --- /dev/null +++ b/cli-tests/t_v1_policy.sh @@ -0,0 +1,56 @@ +#!/bin/bash + +# Test using v1 encryption policies (deprecated). + +cd "$(dirname "$0")" +. common.sh + +_setup_session_keyring + +dir="$MNT/dir" +mkdir "$dir" +chown "$TEST_USER" "$dir" + +_print_header "Set policy_version 1" +sed -i 's/"policy_version": "2"/"policy_version": "1"/' "$FSCRYPT_CONF" + +_print_header "Try to encrypt as root" +_expect_failure "echo hunter2 | fscrypt encrypt --quiet --name=prot '$dir'" + +_print_header "Try to use --user=root as user" +_user_do_and_expect_failure "echo hunter2 | fscrypt encrypt --quiet --name=prot --user=root '$dir'" + +_print_header "Try to encrypt without user keyring in session keyring" +_user_do "keyctl unlink @u @s" +_user_do_and_expect_failure "echo hunter2 | fscrypt encrypt --quiet --name=prot '$dir'" +_user_do "keyctl link @u @s" + +_print_header "Encrypt a directory" +_user_do "echo hunter2 | fscrypt encrypt --quiet --name=prot '$dir'" + +_print_header "Get dir status as user" +_user_do "fscrypt status '$dir'" + +_print_header "Get dir status as root" +fscrypt status "$dir" + +_print_header "Create files in v1-encrypted directory" +echo contents > "$dir/file" +mkdir "$dir/subdir" +ln -s target "$dir/symlink" + +# Due to the limitations of the v1 key management mechanism, 'fscrypt lock' only +# works when run as root and with the --user argument. + +_print_header "Try to lock v1-encrypted directory as user" +_user_do_and_expect_failure "fscrypt lock '$dir'" +_user_do "fscrypt status '$dir'" + +_print_header "Try to lock v1-encrypted directory as root without --user" +_expect_failure "fscrypt lock '$dir'" +_user_do "fscrypt status '$dir'" + +_print_header "Lock v1-encrypted directory" +fscrypt lock "$dir" --user="$TEST_USER" +_user_do "fscrypt status '$dir'" +_expect_failure "cat '$dir/file'" |