diff options
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/context.go | 11 | ||||
| -rw-r--r-- | actions/policy.go | 9 |
2 files changed, 12 insertions, 8 deletions
diff --git a/actions/context.go b/actions/context.go index fb25b54..7e4b64b 100644 --- a/actions/context.go +++ b/actions/context.go @@ -31,9 +31,10 @@ package actions import ( "log" + "golang.org/x/sys/unix" + "github.com/pkg/errors" - "github.com/google/fscrypt/crypto" "github.com/google/fscrypt/filesystem" "github.com/google/fscrypt/metadata" ) @@ -101,8 +102,10 @@ func (ctx *Context) checkContext() error { } // getService returns the keyring service for this context. We use the presence -// of the LegacyConfig flag to determine if we should use the legacy services -// (which are necessary for kernels before v4.8). +// of the LegacyConfig flag to determine if we should use the legacy services. +// For ext4 systems before v4.8 and f2fs systems before v4.6, filesystem +// specific services must be used (these legacy services will still work with +// later kernels). func (ctx *Context) getService() string { // For legacy configurations, we may need non-standard services if ctx.Config.HasCompatibilityOption(LegacyConfig) { @@ -111,7 +114,7 @@ func (ctx *Context) getService() string { return ctx.Mount.Filesystem + ":" } } - return crypto.DefaultService + return unix.FS_KEY_DESC_PREFIX } // getProtectorOption returns the ProtectorOption for the protector on the diff --git a/actions/policy.go b/actions/policy.go index ceae573..bf1f593 100644 --- a/actions/policy.go +++ b/actions/policy.go @@ -29,6 +29,7 @@ import ( "github.com/google/fscrypt/crypto" "github.com/google/fscrypt/filesystem" "github.com/google/fscrypt/metadata" + "github.com/google/fscrypt/security" "github.com/google/fscrypt/util" ) @@ -56,10 +57,10 @@ func PurgeAllPolicies(ctx *Context) error { for _, policyDescriptor := range policies { service := ctx.getService() - err = crypto.RemovePolicyKey(service + policyDescriptor) + err = security.RemoveKey(service + policyDescriptor) switch errors.Cause(err) { - case nil, crypto.ErrKeyringSearch: + case nil, security.ErrKeyringSearch: // We don't care if the key has already been removed default: return err @@ -365,7 +366,7 @@ func (policy *Policy) Apply(path string) error { // IsProvisioned returns a boolean indicating if the policy has its key in the // keyring, meaning files and directories using this policy are accessible. func (policy *Policy) IsProvisioned() bool { - _, err := crypto.FindPolicyKey(policy.Description()) + _, err := security.FindKey(policy.Description()) return err == nil } @@ -381,7 +382,7 @@ func (policy *Policy) Provision() error { // Deprovision removes the Policy key from the kernel keyring. This prevents // reading and writing to the directory once the caches are cleared. func (policy *Policy) Deprovision() error { - return crypto.RemovePolicyKey(policy.Description()) + return security.RemoveKey(policy.Description()) } // commitData writes the Policy's current data to the filesystem. |