libfscrypt: simplify fscrypt_policy_ensure()
fscrypt_policy_ensure() sets an encryption policy if the directory is
empty, otherwise it verifies the existing encryption policy.
However, it's unnecessary to actually implement this logic in userspace,
because this is the behavior of the FS_IOC_SET_ENCRYPTION_POLICY ioctl
already. See the documentation:
https://www.kernel.org/doc/html/latest/filesystems/fscrypt.html#setting-an-encryption-policy
Therefore, just call FS_IOC_SET_ENCRYPTION_POLICY and handle errors
appropriately.
This makes the code shorter and less racy, and it also fixes the issue
where if files were created in the directory before an encryption policy
is set, the error message was confusing:
Failed to get encryption policy for $dir: No data available
Now it's:
Failed to set encryption policy of $dir to ...: Directory not empty
Test: booted after factory reset, checked log, rebooted, checked log
again.
Change-Id: I51ee70706bc9ccb216ccefd7bdfbbfc57faae14d
1 file changed