1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
#!/bin/bash
# Test 'fscrypt metadata'.
cd "$(dirname "$0")"
. common.sh
# Create three protectors, and a policy protected by them.
echo foo | fscrypt metadata create protector "$MNT" \
--quiet --name=foo --source=custom_passphrase
echo bar | fscrypt metadata create protector "$MNT" \
--quiet --name=bar --source=custom_passphrase
echo baz | fscrypt metadata create protector "$MNT" \
--quiet --name=baz --source=custom_passphrase
prot_foo=$MNT:$(_get_protector_descriptor "$MNT" custom foo)
prot_bar=$MNT:$(_get_protector_descriptor "$MNT" custom bar)
desc_baz=$(_get_protector_descriptor "$MNT" custom baz)
prot_baz=$MNT:$desc_baz
echo foo | fscrypt metadata create policy "$MNT" --quiet \
--protector="$prot_foo"
policy=$MNT:$(fscrypt status "$MNT" | grep -A10 "^POLICY" | \
tail -1 | awk '{print $1}')
echo -e "bar\nfoo" | fscrypt metadata add-protector-to-policy --quiet \
--policy="$policy" --protector="$prot_bar"
echo -e "baz\nfoo" | fscrypt metadata add-protector-to-policy --quiet \
--policy="$policy" --protector="$prot_baz" --unlock-with="$prot_foo"
fscrypt status "$MNT"
# Remove two of the protectors from the policy.
# Make sure that this works even if the protector was already deleted.
fscrypt metadata remove-protector-from-policy --quiet --force \
--policy="$policy" --protector="$prot_bar"
rm "$MNT/.fscrypt/protectors/$desc_baz"
fscrypt metadata remove-protector-from-policy --quiet --force \
--policy="$policy" --protector="$prot_baz"
fscrypt status "$MNT"
|
