diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-05-09 14:52:07 -0700 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2020-05-09 15:21:31 -0700 |
| commit | 209a2d1419ea575fd316bd9975fb63e40cce7a77 (patch) | |
| tree | 30d6b308d60af9963f7dbfd0bf989b7728d3f2b2 /cli-tests | |
| parent | 37457cce5b0436493dba7cdac6e1af5f51d25f47 (diff) | |
actions/policy: improve errors
ErrMissingPolicyMetadata:
Include the mount, directory path, and metadata path. Also move
the explanation into actions/ since it doesn't refer to any CLI
command.
ErrPolicyMetadataMismatch:
Include a lot more information. Also start checking for
consistency of the policy key descriptors, not just the
encryption options. Add a test for this.
ErrDifferentFilesystem:
Include the mountpoints.
ErrOnlyProtector:
Clarify the message and include the protector descriptor.
ErrAlreadyProtected:
ErrNotProtected:
Include the policy and protector descriptors.
ErrAccessDeniedPossiblyV2:
Make it slightly clearer what failed. Also move the explanation
into actions/ since it doesn't refer to any CLI command.
Diffstat (limited to 'cli-tests')
| -rw-r--r-- | cli-tests/t_unlock.out | 38 | ||||
| -rwxr-xr-x | cli-tests/t_unlock.sh | 13 |
2 files changed, 41 insertions, 10 deletions
diff --git a/cli-tests/t_unlock.out b/cli-tests/t_unlock.out index 29a10dd..710b063 100644 --- a/cli-tests/t_unlock.out +++ b/cli-tests/t_unlock.out @@ -81,21 +81,39 @@ contents desc1 Yes desc2 # Try to unlock with corrupt policy metadata -[ERROR] fscrypt unlock: MNT/dir: system error: missing - policy metadata for encrypted directory - -This file or directory has either been encrypted with another tool (such as -e4crypt) or the corresponding filesystem metadata has been deleted. +[ERROR] fscrypt unlock: filesystem "MNT" does not contain + the policy metadata for "MNT/dir". + This directory has either been encrypted with another + tool (such as e4crypt), or the file + "MNT/.fscrypt/policies/desc1" + has been deleted. # Try to unlock with missing policy metadata -[ERROR] fscrypt unlock: MNT/dir: system error: missing - policy metadata for encrypted directory - -This file or directory has either been encrypted with another tool (such as -e4crypt) or the corresponding filesystem metadata has been deleted. +[ERROR] fscrypt unlock: filesystem "MNT" does not contain + the policy metadata for "MNT/dir". + This directory has either been encrypted with another + tool (such as e4crypt), or the file + "MNT/.fscrypt/policies/desc20" + has been deleted. # Try to unlock with missing protector metadata [ERROR] fscrypt unlock: could not load any protectors You may need to mount a linked filesystem. Run with --verbose for more information. + +# Try to unlock with wrong policy metadata +[ERROR] fscrypt unlock: inconsistent metadata between encrypted directory + "MNT/dir1" and its corresponding + metadata file + "MNT/.fscrypt/policies/desc21". + + Directory has + descriptor:desc21 padding:32 + contents:AES_256_XTS filenames:AES_256_CTS + policy_version:2 + + Metadata file has + descriptor:desc23 padding:32 + contents:AES_256_XTS filenames:AES_256_CTS + policy_version:2 diff --git a/cli-tests/t_unlock.sh b/cli-tests/t_unlock.sh index 3dfba41..e32b0f7 100755 --- a/cli-tests/t_unlock.sh +++ b/cli-tests/t_unlock.sh @@ -67,3 +67,16 @@ mkdir "$dir" echo hunter2 | fscrypt encrypt --quiet --name=prot --skip-unlock "$dir" rm "$MNT"/.fscrypt/protectors/* _expect_failure "echo hunter2 | fscrypt unlock '$dir'" + +_print_header "Try to unlock with wrong policy metadata" +_reset_filesystems +mkdir "$MNT/dir1" +mkdir "$MNT/dir2" +echo hunter2 | fscrypt encrypt --quiet --name=dir1 --skip-unlock "$MNT/dir1" +echo hunter2 | fscrypt encrypt --quiet --name=dir2 --skip-unlock "$MNT/dir2" +policy1=$(find "$MNT/.fscrypt/policies/" -type f | head -1) +policy2=$(find "$MNT/.fscrypt/policies/" -type f | tail -1) +mv "$policy1" "$TMPDIR/policy" +mv "$policy2" "$policy1" +mv "$TMPDIR/policy" "$policy2" +_expect_failure "echo hunter2 | fscrypt unlock '$MNT/dir1'" |