diff options
| author | Eric Biggers <ebiggers@google.com> | 2021-12-23 11:39:08 -0600 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2021-12-23 11:44:13 -0600 |
| commit | 6ebd5a54eae2dfb16b66da649e75848fe6030b7f (patch) | |
| tree | 35560cae2edcc7ad7206412c2df9d98b2eef6a65 /cli-tests | |
| parent | 57be034ce4700fb07c10b771628c1c63d8483d09 (diff) | |
cmd/fscrypt: don't load protector in remove-protector-from-policy
Make remove-protector-from-policy work even if the protector cannot be
loaded (for example, due to having been deleted already).
Fixes https://github.com/google/fscrypt/issues/258
Fixes https://github.com/google/fscrypt/issues/272
Diffstat (limited to 'cli-tests')
| -rw-r--r-- | cli-tests/t_metadata.out | 17 | ||||
| -rwxr-xr-x | cli-tests/t_metadata.sh | 36 |
2 files changed, 53 insertions, 0 deletions
diff --git a/cli-tests/t_metadata.out b/cli-tests/t_metadata.out new file mode 100644 index 0000000..fba816a --- /dev/null +++ b/cli-tests/t_metadata.out @@ -0,0 +1,17 @@ +ext4 filesystem "MNT" has 3 protectors and 1 policy + +PROTECTOR LINKED DESCRIPTION +desc1 No custom protector "foo" +desc2 No custom protector "bar" +desc3 No custom protector "baz" + +POLICY UNLOCKED PROTECTORS +desc4 No desc1, desc2, desc3 +ext4 filesystem "MNT" has 2 protectors and 1 policy + +PROTECTOR LINKED DESCRIPTION +desc1 No custom protector "foo" +desc2 No custom protector "bar" + +POLICY UNLOCKED PROTECTORS +desc4 No desc1 diff --git a/cli-tests/t_metadata.sh b/cli-tests/t_metadata.sh new file mode 100755 index 0000000..e688eda --- /dev/null +++ b/cli-tests/t_metadata.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# Test 'fscrypt metadata'. + +cd "$(dirname "$0")" +. common.sh + +# Create three protectors, and a policy protected by them. +echo foo | fscrypt metadata create protector "$MNT" \ + --quiet --name=foo --source=custom_passphrase +echo bar | fscrypt metadata create protector "$MNT" \ + --quiet --name=bar --source=custom_passphrase +echo baz | fscrypt metadata create protector "$MNT" \ + --quiet --name=baz --source=custom_passphrase +prot_foo=$MNT:$(_get_protector_descriptor "$MNT" custom foo) +prot_bar=$MNT:$(_get_protector_descriptor "$MNT" custom bar) +desc_baz=$(_get_protector_descriptor "$MNT" custom baz) +prot_baz=$MNT:$desc_baz +echo foo | fscrypt metadata create policy "$MNT" --quiet \ + --protector="$prot_foo" +policy=$MNT:$(fscrypt status "$MNT" | grep -A10 "^POLICY" | \ + tail -1 | awk '{print $1}') +echo -e "bar\nfoo" | fscrypt metadata add-protector-to-policy --quiet \ + --policy="$policy" --protector="$prot_bar" +echo -e "baz\nfoo" | fscrypt metadata add-protector-to-policy --quiet \ + --policy="$policy" --protector="$prot_baz" --unlock-with="$prot_foo" +fscrypt status "$MNT" + +# Remove two of the protectors from the policy. +# Make sure that this works even if the protector was already deleted. +fscrypt metadata remove-protector-from-policy --quiet --force \ + --policy="$policy" --protector="$prot_bar" +rm "$MNT/.fscrypt/protectors/$desc_baz" +fscrypt metadata remove-protector-from-policy --quiet --force \ + --policy="$policy" --protector="$prot_baz" +fscrypt status "$MNT" |