fs_crypto_domain_lock_dynamic()

Lock a dynamic domain

Synopsis:

#include <fs_crypto_api.h>
#include <sys/fs_crypto.h>

int fs_crypto_domain_lock_dynamic(
        const char *path,
        int *preply)
  

Arguments:

path
The path to the filesystem's mountpoint.
preply
A pointer to a location where the function can store additional success or error information.

Library:

libfscrypto

Use the -l fscrypto option to qcc to link against this library.

Description:

The fs_crypto_domain_lock_dynamic() function locks a dynamic domain, which prevents access to the original contents of any file that belongs to the specified domain, and clears both the domain key and individual file encryption keys (FEKs). When this action is complete, the state of the domain is equivalent to the usual locked state.

Because the domain key is cleared, any further I/O operations fail with EACCES. File access, which requires access to the domain key to update file metadata, is not permitted.

To make sure that filesystem metadata is updated consistently before the domain is locked, this function also flushes the entire filesystem.

Note:
  • In order to use filesystem encryption, download the Encrypted Filesystem package from the QNX Software Center.
  • You must be in the group that owns the filesystem's mountpoint to lock a domain.

This function sets the variable pointed to by preply to one of the following values:

FS_CRYPTO_REPLY_ALREADY
The domain was already locked.
FS_CRYPTO_REPLY_COMPLETE
The domain is now locked.
FS_CRYPTO_REPLY_INVALID
The command wasn't completed successfully.
FS_CRYPTO_REPLY_NOENTRY
No entry was found for the given domain.
FS_CRYPTO_REPLY_UNKNOWN_TYPE
The type of encryption used for the domain is invalid.

Returns:

EOK
Success.
EINVAL
Invalid arguments.
ENOMEM
Insufficent free memory.

This function can also return any of the errors indicated by devctl() or open().

Classification:

QNX Neutrino

Safety:  
Cancellation point Yes
Interrupt handler No
Signal handler No
Thread Yes