diff options
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/config.go | 9 | ||||
| -rw-r--r-- | actions/config_test.go | 26 | ||||
| -rw-r--r-- | actions/context_test.go | 2 |
3 files changed, 33 insertions, 4 deletions
diff --git a/actions/config.go b/actions/config.go index 3433438..2463b95 100644 --- a/actions/config.go +++ b/actions/config.go @@ -58,8 +58,9 @@ var ( // CreateConfigFile creates a new config file at the appropriate location with // the appropriate hashing costs and encryption parameters. The hashing will be -// configured to take as long as the specified time target. -func CreateConfigFile(target time.Duration) error { +// configured to take as long as the specified time target. In addition, the +// version of encryption policy to use may be overridden from the default of v1. +func CreateConfigFile(target time.Duration, policyVersion int64) error { // Create the config file before computing the hashing costs, so we fail // immediately if the program has insufficient permissions. configFile, err := filesystem.OpenFileOverridingUmask(ConfigFileLocation, @@ -77,6 +78,10 @@ func CreateConfigFile(target time.Duration) error { Options: metadata.DefaultOptions, } + if policyVersion != 0 { + config.Options.PolicyVersion = policyVersion + } + if config.HashCosts, err = getHashingCosts(target); err != nil { return err } diff --git a/actions/config_test.go b/actions/config_test.go index 02c89e6..3599667 100644 --- a/actions/config_test.go +++ b/actions/config_test.go @@ -26,6 +26,8 @@ import ( "time" "golang.org/x/sys/unix" + + "github.com/google/fscrypt/metadata" ) // Test that the global config file is created with mode 0644, regardless of the @@ -42,7 +44,7 @@ func TestConfigFileIsCreatedWithCorrectMode(t *testing.T) { defer os.RemoveAll(tempDir) ConfigFileLocation = filepath.Join(tempDir, "test.conf") - if err = CreateConfigFile(time.Millisecond); err != nil { + if err = CreateConfigFile(time.Millisecond, 0); err != nil { t.Fatal(err) } fileInfo, err := os.Stat(ConfigFileLocation) @@ -53,3 +55,25 @@ func TestConfigFileIsCreatedWithCorrectMode(t *testing.T) { t.Error("Expected newly created config file to have mode 0644") } } + +func TestCreateConfigFileV2Policy(t *testing.T) { + tempDir, err := ioutil.TempDir("", "fscrypt") + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll(tempDir) + ConfigFileLocation = filepath.Join(tempDir, "test.conf") + + if err = CreateConfigFile(time.Millisecond, 2); err != nil { + t.Fatal(err) + } + + var config *metadata.Config + config, err = getConfig() + if err != nil { + t.Fatal(err) + } + if config.Options.PolicyVersion != 2 { + t.Error("Expected PolicyVersion 2") + } +} diff --git a/actions/context_test.go b/actions/context_test.go index 4f93776..4488a6b 100644 --- a/actions/context_test.go +++ b/actions/context_test.go @@ -52,7 +52,7 @@ func setupContext() (ctx *Context, err error) { return nil, fmt.Errorf("created context at %q without config file", badCtx.Mount.Path) } - if err = CreateConfigFile(testTime); err != nil { + if err = CreateConfigFile(testTime, 0); err != nil { return nil, err } defer func() { |