Make FS_IOC_SET_ENCRYPTION_POLICY start rejecting the DIRECT_KEY flag when it's incompatible with the selected encryption modes, instead of delaying this check until later when actually trying to set up the directory's key. Also make some related cleanups, such as splitting fscrypt_supported_policy() into a separate function for each encryption policy version. Eric Biggers (4): fscrypt: split up fscrypt_supported_policy() by policy version fscrypt: check for appropriate use of DIRECT_KEY flag earlier fscrypt: move fscrypt_valid_enc_modes() to policy.c fscrypt: remove fscrypt_is_direct_key_policy() fs/crypto/fscrypt_private.h | 30 +------ fs/crypto/keysetup.c | 14 +--- fs/crypto/keysetup_v1.c | 15 ---- fs/crypto/policy.c | 163 +++++++++++++++++++++++------------- 4 files changed, 111 insertions(+), 111 deletions(-) -- 2.24.0.393.g34dc348eaf-goog
|