diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-05-09 15:15:12 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-09 15:15:12 -0700 |
| commit | 338347ac4766f899fdc471d57f293798ff0e6c29 (patch) | |
| tree | 8f5c0969a49a396d60c33a324834d92d9911a240 /cli-tests/t_v1_policy_fs_keyring.sh | |
| parent | 1aef2541a434bd9e88ebd52be72f13d56c5ef748 (diff) | |
| parent | e68d65c440125ff1e47627abf1fc5a97f700d38d (diff) | |
Merge pull request #218 from ebiggers/cli-tests
Add tests for command-line interface
Add tests that directly test the fscrypt command-line tool.
See cli-tests/README.md for information about the test framework.
The following test scripts are included:
* t_change_passphrase
* t_encrypt_custom
* t_encrypt_login
* t_encrypt_raw_key
* t_encrypt
* t_lock
* t_not_enabled
* t_not_supported
* t_passphrase_hashing
* t_setup
* t_status
* t_unlock
* t_v1_policy_fs_keyring
* t_v1_policy
Unfortunately, we can't actually make Travis CI run these tests yet because they need kernel v5.4 or later, and Travis CI doesn't support an Ubuntu version that has that yet. But for now, they can be run manually using make cli-test.
Diffstat (limited to 'cli-tests/t_v1_policy_fs_keyring.sh')
| -rwxr-xr-x | cli-tests/t_v1_policy_fs_keyring.sh | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/cli-tests/t_v1_policy_fs_keyring.sh b/cli-tests/t_v1_policy_fs_keyring.sh new file mode 100755 index 0000000..bf1191a --- /dev/null +++ b/cli-tests/t_v1_policy_fs_keyring.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +# Test using v1 encryption policies (deprecated) with +# use_fs_keyring_for_v1_policies = true. + +# This works similar to v2 policies, except locking and unlocking (including +# 'fscrypt encrypt' without --skip-unlock) will only work as root. + +cd "$(dirname "$0")" +. common.sh + +_print_header "Enable v1 policies with fs keyring" +sed -e 's/"use_fs_keyring_for_v1_policies": false/"use_fs_keyring_for_v1_policies": true/' \ + -e 's/"policy_version": "2"/"policy_version": "1"/' \ + -i "$FSCRYPT_CONF" + +dir="$MNT/dir" +mkdir "$dir" +chown "$TEST_USER" "$dir" + +_print_header "Try to encrypt directory as user" +_user_do_and_expect_failure "echo hunter2 | fscrypt encrypt --quiet --name=prot '$dir'" +_expect_failure "fscrypt status '$dir'" + +_print_header "Encrypt directory as user with --skip-unlock" +_user_do "echo hunter2 | fscrypt encrypt --quiet --name=prot --skip-unlock '$dir'" +fscrypt status "$dir" +_expect_failure "mkdir '$dir/subdir'" + +_print_header "Try to unlock directory as user" +_user_do_and_expect_failure "echo hunter2 | fscrypt unlock '$dir'" + +_print_header "Unlock directory as root" +echo hunter2 | fscrypt unlock "$dir" +mkdir "$dir/subdir" +echo contents > "$dir/file" +fscrypt status "$dir" + +_print_header "Try to lock directory as user" +_user_do_and_expect_failure "fscrypt lock '$dir'" + +_print_header "Lock directory as root" +fscrypt lock "$dir" +_expect_failure "cat '$dir/file'" +fscrypt status "$dir" + +_print_header "Check that user can access file when directory is unlocked by root" +echo hunter2 | fscrypt unlock "$dir" +_user_do "cat '$dir/file'" |