• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash
2#
3# This is the script that was used to create the image.gz in this directory.
4#
5# This requires a patched version of debugfs that understands the "fscrypt."
6# xattr name prefix, so that the encryption xattrs can be manipulated.
7
8set -e -u
9umask 0022
10
11do_debugfs() {
12	umount mnt
13	debugfs -w "$@" image
14	mount image mnt
15}
16
17create_encrypted_file() {
18	local file=$1
19	local ino
20
21	echo foo > "$file"
22
23	# not needed, but makes image more compressible
24	ino=$(stat -c %i "$file")
25	do_debugfs -R "zap_block -f <$ino> 0"
26}
27
28set_encryption_xattr() {
29	local file=$1
30	local value=$2
31	local ino
32
33	ino=$(stat -c %i "$file")
34	do_debugfs -R "ea_set <$ino> fscrypt.c $value"
35}
36
37rm_encryption_xattr() {
38	local file=$1
39	local ino
40
41	ino=$(stat -c %i "$file")
42	do_debugfs -R "ea_rm <$ino> fscrypt.c"
43}
44
45clear_encrypt_flag() {
46	local file=$1
47	local ino
48
49	ino=$(stat -c %i "$file")
50	do_debugfs -R "set_inode_field <$ino> flags 0"
51}
52
53clear_encryption() {
54	local file=$1
55	local ino
56	local is_symlink=false
57
58	if [ -L "$file" ]; then
59		is_symlink=true
60	fi
61	ino=$(stat -c %i "$file")
62
63	do_debugfs -R "ea_rm <$ino> fscrypt.c"
64	do_debugfs -R "set_inode_field <$ino> flags 0"
65	if $is_symlink; then
66		do_debugfs -R "set_inode_field <$ino> block[0] 0xAAAAAAAA"
67		do_debugfs -R "set_inode_field <$ino> block[1] 0"
68		do_debugfs -R "set_inode_field <$ino> size 4"
69	fi
70}
71
72mkdir -p mnt
73umount mnt &> /dev/null || true
74
75dd if=/dev/zero of=image bs=4096 count=128
76mke2fs -O encrypt -b 4096 -N 128 image
77mount image mnt
78
79# Create an encrypted directory (ino 12)
80dir=mnt/edir
81mkdir $dir
82echo password | e4crypt add_key $dir
83
84# Control cases: valid encrypted regular file, dir, and symlink (ino 13-15)
85create_encrypted_file $dir/encrypted_file
86mkdir $dir/encrypted_dir
87ln -s target $dir/encrypted_symlink
88
89# Control case: file type that is never encrypted (ino 16)
90mkfifo $dir/fifo
91
92# Inodes with missing encryption xattr (ino 17-18).
93# e2fsck should offer to clear the encrypt flag on these inodes.
94
95create_encrypted_file $dir/missing_xattr_file
96rm_encryption_xattr $dir/missing_xattr_file
97
98mkdir $dir/missing_xattr_dir
99rm_encryption_xattr $dir/missing_xattr_dir
100
101# Inodes with corrupt encryption xattr (ino 19-22).
102# e2fsck should offer to clear these inodes.
103
104create_encrypted_file $dir/corrupt_xattr_1
105set_encryption_xattr $dir/corrupt_xattr_1 '\0'
106
107create_encrypted_file $dir/corrupt_xattr_2
108set_encryption_xattr $dir/corrupt_xattr_2 \
109	'\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0'
110
111create_encrypted_file $dir/corrupt_xattr_3
112set_encryption_xattr $dir/corrupt_xattr_3 '\1'
113
114create_encrypted_file $dir/corrupt_xattr_4
115set_encryption_xattr $dir/corrupt_xattr_4 '\2'
116
117# Unencrypted inodes in encrypted directory (ino 23-25).
118# e2fsck should offer to clear these directory entries.
119
120create_encrypted_file $dir/unencrypted_file
121clear_encryption $dir/unencrypted_file
122
123mkdir $dir/unencrypted_dir
124clear_encryption $dir/unencrypted_dir
125
126ln -s target $dir/unencrypted_symlink
127clear_encryption $dir/unencrypted_symlink
128
129# Inodes with different encryption policy in encrypted directory (ino 26-29).
130# e2fsck should offer to clear these directory entries.
131
132xattr='\1\1\4\0AAAAAAAABBBBBBBBBBBBBBBB'
133
134create_encrypted_file $dir/inconsistent_file_1
135set_encryption_xattr $dir/inconsistent_file_1 $xattr
136
137mkdir $dir/inconsistent_dir
138set_encryption_xattr $dir/inconsistent_dir $xattr
139
140ln -s target $dir/inconsistent_symlink
141set_encryption_xattr $dir/inconsistent_symlink $xattr
142
143xattr='\2\1\4\0\0\0\0\0AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB'
144create_encrypted_file $dir/inconsistent_file_2
145set_encryption_xattr $dir/inconsistent_file_2 $xattr
146
147# Encrypted file and directory with valid v2 encryption policy (ino 30-31).
148# e2fsck shouldn't change these.
149dir2=mnt/edir2
150mkdir $dir2
151echo password | e4crypt add_key $dir2
152xattr='\2\1\4\0\0\0\0\0AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB'
153create_encrypted_file $dir2/file
154set_encryption_xattr $dir2/file $xattr
155set_encryption_xattr $dir2 $xattr
156
157# Encrypted file and directory with unrecognized encryption policy version
158# (ino 32-33).  e2fsck shouldn't change these.
159dir3=mnt/edir3
160mkdir $dir3
161echo password | e4crypt add_key $dir3
162xattr='\3'
163create_encrypted_file $dir3/file
164set_encryption_xattr $dir3/file $xattr
165set_encryption_xattr $dir3 $xattr
166
167umount mnt
168rmdir mnt
169gzip -9 -f image
170