/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
int rc = 0;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_dentry);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry,
ecryptfs_dentry->d_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
out:
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
struct inode *ecryptfs_inode)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
#ifdef FEATURE_SDCARD_ENCRYPTION
struct ecryptfs_mount_sd_crypt_stat *mount_sd_crypt_stat =
&ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_sd_crypt_stat;
char dentry_name[MAX_FILE_NAME_LENGTH] = {0,};
#endif
int rc = 0;
if (S_ISDIR(ecryptfs_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#ifdef FEATURE_SDCARD_ENCRYPTION
memcpy(dentry_name, ecryptfs_dentry->d_name.name, ecryptfs_dentry->d_name.len);
if (mount_sd_crypt_stat && (mount_sd_crypt_stat->flags
& ECRYPTFS_MEDIA_EXCEPTION)) {
if(ecryptfs_media_file_search(dentry_name)){
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
}
if(ecryptfs_asec_file_search(dentry_name)){
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
if (mount_sd_crypt_stat && (mount_sd_crypt_stat->flags
& ECRYPTFS_DECRYPTION_ONLY)) {
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#endif
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_inode);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry, ecryptfs_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
rc = ecryptfs_write_metadata(ecryptfs_dentry, ecryptfs_inode);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_inode);
out:
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
int rc = 0;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
crypt_stat->flags |= ECRYPTFS_NEW_FILE;
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_dentry);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc) {
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
goto out;
}
rc = grow_file(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error growing file; rc = [%d]\n", rc);
out:
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
struct inode *ecryptfs_inode)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
#if 1 // FEATURE_SDCARD_ENCRYPTION
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
#endif
int rc = 0;
if (S_ISDIR(ecryptfs_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#if defined (FEATURE_SDCARD_MEDIAEXN_SYSTEMCALL_ENCRYPTION)
if (getMediaProperty() == 1){
if(ecryptfs_mediaFileSearch(ecryptfs_dentry->d_name.name)){
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
}
#endif //FEATURE_SDCARD_MEDIAEXN_SYSTEMCALL_ENCRYPTION
#if 1 // FEATURE_SDCARD_ENCRYPTION
if (mount_crypt_stat && (mount_crypt_stat->flags
& ECRYPTFS_DECRYPTION_ONLY)) {
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#endif
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_inode);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry, ecryptfs_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
rc = ecryptfs_write_metadata(ecryptfs_dentry, ecryptfs_inode);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_inode);
out:
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
#if 1 // FEATURE_SDCARD_ENCRYPTION
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
#endif
int rc = 0;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
ecryptfs_printk(KERN_ERR, "%s:%d:: decryption_only set : ENCRYPTION DISABLED\n", __FUNCTION__, __LINE__); // FEATURE_SDCARD_ENCRYPTION DEBUG
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#if 1 // FEATURE_SDCARD_ENCRYPTION
if (mount_crypt_stat && (mount_crypt_stat->flags
& ECRYPTFS_DECRYPTION_ONLY)) {
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#endif
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_dentry);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry,
ecryptfs_dentry->d_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
out:
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
int rc = 0;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
crypt_stat->flags |= ECRYPTFS_NEW_FILE;
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_dentry);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
if (!ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->lower_file) {
rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the persistent file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
}
/* [email protected] encryption filter */
#ifdef WTL_ENCRYPTION_FILTER
/* fzhang, TODO, should not change flags for existing encrypted
files even through their ext match filter rule */
if (crypt_stat->flags & ECRYPTFS_ENCRYPTED) {
struct dentry *fp_dentry =
ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)
->lower_file->f_dentry;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat = &ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
char filename[256];
strcpy(filename, fp_dentry->d_name.name);
if ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_NEW_PASSTHROUGH)
|| ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_FILTERING) &&
(is_file_name_match(mount_crypt_stat, fp_dentry) ||
is_file_ext_match(mount_crypt_stat, filename)))) {
/*printk(KERN_ERR "fzhang %s will not be encrypted.\n",
fp_dentry->d_iname); */
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
} else {
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc) {
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
goto out;
}
rc = grow_file(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error growing file; rc = [%d]\n", rc);
}
}
#else
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc) {
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
goto out;
}
rc = grow_file(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error growing file; rc = [%d]\n", rc);
#endif
out:
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
int rc = 0;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_dentry);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry,
ecryptfs_dentry->d_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
#ifdef CONFIG_WTL_ENCRYPTION_FILTER
mutex_lock(&crypt_stat->cs_mutex);
if (crypt_stat->flags & ECRYPTFS_ENCRYPTED) {
struct dentry *fp_dentry =
ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)
->lower_file->f_dentry;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(ecryptfs_dentry->d_sb)
->mount_crypt_stat;
char filename[256];
strcpy(filename, fp_dentry->d_name.name);
if ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_NEW_PASSTHROUGH)
|| ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_FILTERING) &&
(is_file_name_match(mount_crypt_stat, fp_dentry) ||
is_file_ext_match(mount_crypt_stat, filename)))) {
crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
} else {
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc)
printk(
KERN_ERR "Error writing headers; rc = [%d]\n"
, rc);
ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
}
}
mutex_unlock(&crypt_stat->cs_mutex);
#else
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
#endif
out:
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
struct inode *ecryptfs_inode)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
int rc = 0;
#ifdef CONFIG_DLP
sdp_fs_command_t *cmd = NULL;
#endif
if (S_ISDIR(ecryptfs_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_inode);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry, ecryptfs_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
#ifdef CONFIG_DLP
if(crypt_stat->mount_crypt_stat->flags & ECRYPTFS_MOUNT_DLP_ENABLED) {
#if DLP_DEBUG
printk(KERN_ERR "DLP %s: file name: [%s], userid: [%d]\n",
__func__, ecryptfs_dentry->d_iname, crypt_stat->mount_crypt_stat->userid);
#endif
if(!rc && (in_egroup_p(AID_KNOX_DLP) || in_egroup_p(AID_KNOX_DLP_RESTRICTED))) {
/* TODO: Can DLP files be created while in locked state? */
struct timespec ts;
crypt_stat->flags |= ECRYPTFS_DLP_ENABLED;
getnstimeofday(&ts);
crypt_stat->expiry.expiry_time.tv_sec = (int64_t)ts.tv_sec + 600;
crypt_stat->expiry.expiry_time.tv_nsec = (int64_t)ts.tv_nsec;
#if DLP_DEBUG
printk(KERN_ERR "DLP %s: current->pid : %d\n", __func__, current->tgid);
printk(KERN_ERR "DLP %s: crypt_stat->mount_crypt_stat->userid : %d\n", __func__, crypt_stat->mount_crypt_stat->userid);
printk(KERN_ERR "DLP %s: crypt_stat->mount_crypt_stat->partition_id : %d\n", __func__, crypt_stat->mount_crypt_stat->partition_id);
#endif
if(in_egroup_p(AID_KNOX_DLP)) {
cmd = sdp_fs_command_alloc(FSOP_DLP_FILE_INIT,
current->tgid, crypt_stat->mount_crypt_stat->userid, crypt_stat->mount_crypt_stat->partition_id,
ecryptfs_inode->i_ino, GFP_KERNEL);
}
else if(in_egroup_p(AID_KNOX_DLP_RESTRICTED)) {
cmd = sdp_fs_command_alloc(FSOP_DLP_FILE_INIT_RESTRICTED,
current->tgid, crypt_stat->mount_crypt_stat->userid, crypt_stat->mount_crypt_stat->partition_id,
ecryptfs_inode->i_ino, GFP_KERNEL);
}
} else {
printk(KERN_ERR "DLP %s: not in group\n", __func__);
}
}
#endif
#ifdef CONFIG_WTL_ENCRYPTION_FILTER
mutex_lock(&crypt_stat->cs_mutex);
if (crypt_stat->flags & ECRYPTFS_ENCRYPTED) {
struct dentry *fp_dentry =
ecryptfs_inode_to_private(ecryptfs_inode)
->lower_file->f_dentry;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(ecryptfs_dentry->d_sb)
->mount_crypt_stat;
char filename[NAME_MAX+1] = {0};
if (fp_dentry->d_name.len <= NAME_MAX)
memcpy(filename, fp_dentry->d_name.name,
fp_dentry->d_name.len + 1);
if ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_NEW_PASSTHROUGH)
|| ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_FILTERING) &&
(is_file_name_match(mount_crypt_stat, fp_dentry) ||
is_file_ext_match(mount_crypt_stat, filename)))) {
crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
ecryptfs_put_lower_file(ecryptfs_inode);
} else {
rc = ecryptfs_write_metadata(ecryptfs_dentry,
ecryptfs_inode);
if (rc)
printk(
KERN_ERR "Error writing headers; rc = [%d]\n"
, rc);
ecryptfs_put_lower_file(ecryptfs_inode);
}
}
mutex_unlock(&crypt_stat->cs_mutex);
#else
rc = ecryptfs_write_metadata(ecryptfs_dentry, ecryptfs_inode);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_inode);
#endif
out:
#ifdef CONFIG_DLP
if(cmd) {
sdp_fs_request(cmd, NULL);
sdp_fs_command_free(cmd);
}
#endif
return rc;
}
