Merge pull request #148 from ebiggers/fscrypt-key-mgmt-improvements

Filesystem keyring and v2 encryption policy support

1 files changed, 16 insertions, 2 deletions

diff --git a/cmd/fscrypt/status.go b/cmd/fscrypt/status.go
index 375899b..bf11495 100644
--- a/cmd/fscrypt/status.go
+++ b/cmd/fscrypt/status.go
@@ -31,6 +31,7 @@ import (
 
 	"github.com/google/fscrypt/actions"
 	"github.com/google/fscrypt/filesystem"
+	"github.com/google/fscrypt/keyring"
 	"github.com/google/fscrypt/metadata"
 )
 
@@ -65,6 +66,19 @@ func yesNoString(b bool) string {
 	return "No"
 }
 
+func policyUnlockedStatus(policy *actions.Policy) string {
+	switch policy.GetProvisioningStatus() {
+	case keyring.KeyPresent, keyring.KeyPresentButOnlyOtherUsers:
+		return "Yes"
+	case keyring.KeyAbsent:
+		return "No"
+	case keyring.KeyAbsentButFilesBusy:
+		return "Partially (incompletely locked)"
+	default:
+		return "Unknown"
+	}
+}
+
 // writeGlobalStatus prints all the filesystems that use (or could use) fscrypt.
 func writeGlobalStatus(w io.Writer) error {
 	mounts, err := filesystem.AllFilesystems()
@@ -160,7 +174,7 @@ func writeFilesystemStatus(w io.Writer, ctx *actions.Context) error {
 			continue
 		}
 
-		fmt.Fprintf(t, "%s\t%s\t%s\n", descriptor, yesNoString(policy.IsProvisioned()),
+		fmt.Fprintf(t, "%s\t%s\t%s\n", descriptor, policyUnlockedStatus(policy),
 			strings.Join(policy.ProtectorDescriptors(), ", "))
 	}
 	return t.Flush()
@@ -180,7 +194,7 @@ func writePathStatus(w io.Writer, path string) error {
 	fmt.Fprintln(w)
 	fmt.Fprintf(w, "Policy:   %s\n", policy.Descriptor())
 	fmt.Fprintf(w, "Options:  %s\n", policy.Options())
-	fmt.Fprintf(w, "Unlocked: %s\n", yesNoString(policy.IsProvisioned()))
+	fmt.Fprintf(w, "Unlocked: %s\n", policyUnlockedStatus(policy))
 	fmt.Fprintln(w)
 
 	options := policy.ProtectorOptions()