fs-util: add helper path_is_encrypted() that checks if a file system is encrypted

2020-05-01 19:37:24 +02:00 · 2020-05-01 19:37:24 +02:00 · ed9c0851e5
parent a6e1018df2
commit ed9c0851e5
3 changed files with 50 additions and 0 deletions
--- a/src/basic/fs-util.c
+++ b/src/basic/fs-util.c
@ -8,8 +8,10 @@
 #include <unistd.h>

 #include "alloc-util.h"
+#include "blockdev-util.h"
 #include "dirent-util.h"
 #include "fd-util.h"
+#include "fileio.h"
 #include "fs-util.h"
 #include "locale-util.h"
 #include "log.h"
@ -1488,3 +1490,26 @@ int open_parent(const char *path, int flags, mode_t mode) {

        return fd;
 }
+
+int path_is_encrypted(const char *path) {
+        _cleanup_free_ char *uuids = NULL;
+        char p[SYS_BLOCK_PATH_MAX("/dm/uuid")];
+        dev_t devt;
+        int r;
+
+        r = get_block_device(path, &devt);
+        if (r < 0)
+                return r;
+        if (r == 0) /* doesn't have a block device */
+                return false;
+
+        xsprintf_sys_block_path(p, "/dm/uuid", devt);
+        r = read_one_line_file(p, &uuids);
+        if (r == -ENOENT)
+                return false;
+        if (r < 0)
+                return r;
+
+        /* The DM device's uuid attribute is prefixed with "CRYPT-" if this is a dm-crypt device. */
+        return !!startswith(uuids, "CRYPT-");
+}
--- a/src/basic/fs-util.h
+++ b/src/basic/fs-util.h
@ -122,3 +122,5 @@ int fsync_path_at(int at_fd, const char *path);
 int syncfs_path(int atfd, const char *path);

 int open_parent(const char *path, int flags, mode_t mode);
+
+int path_is_encrypted(const char *path);
--- a/src/test/test-fs-util.c
+++ b/src/test/test-fs-util.c
@ -846,6 +846,28 @@ static void test_chmod_and_chown_unsafe(void) {
        assert_se(S_ISLNK(st.st_mode));
 }

+static void test_path_is_encrypted_one(const char *p, int expect) {
+        int r;
+
+        r = path_is_encrypted(p);
+        assert_se(r >= 0);
+
+        printf("%s encrypted: %s\n", p, yes_no(r));
+
+        assert_se(expect < 0 || ((r > 0) == (expect > 0)));
+}
+
+static void test_path_is_encrypted(void) {
+        log_info("/* %s */", __func__);
+
+        test_path_is_encrypted_one("/home", -1);
+        test_path_is_encrypted_one("/var", -1);
+        test_path_is_encrypted_one("/", -1);
+        test_path_is_encrypted_one("/proc", false);
+        test_path_is_encrypted_one("/sys", false);
+        test_path_is_encrypted_one("/dev", false);
+}
+
 int main(int argc, char *argv[]) {
        test_setup_logging(LOG_INFO);

@ -864,6 +886,7 @@ int main(int argc, char *argv[]) {
        test_rename_noreplace();
        test_chmod_and_chown();
        test_chmod_and_chown_unsafe();
+        test_path_is_encrypted();

        return 0;
 }