/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
int rc = 0;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_dentry);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry,
ecryptfs_dentry->d_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
out:
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
struct inode *ecryptfs_inode)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
#ifdef FEATURE_SDCARD_ENCRYPTION
struct ecryptfs_mount_sd_crypt_stat *mount_sd_crypt_stat =
&ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_sd_crypt_stat;
char dentry_name[MAX_FILE_NAME_LENGTH] = {0,};
#endif
int rc = 0;
if (S_ISDIR(ecryptfs_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#ifdef FEATURE_SDCARD_ENCRYPTION
memcpy(dentry_name, ecryptfs_dentry->d_name.name, ecryptfs_dentry->d_name.len);
if (mount_sd_crypt_stat && (mount_sd_crypt_stat->flags
& ECRYPTFS_MEDIA_EXCEPTION)) {
if(ecryptfs_media_file_search(dentry_name)){
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
}
if(ecryptfs_asec_file_search(dentry_name)){
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
if (mount_sd_crypt_stat && (mount_sd_crypt_stat->flags
& ECRYPTFS_DECRYPTION_ONLY)) {
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#endif
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_inode);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry, ecryptfs_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
rc = ecryptfs_write_metadata(ecryptfs_dentry, ecryptfs_inode);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_inode);
out:
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
int rc = 0;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
crypt_stat->flags |= ECRYPTFS_NEW_FILE;
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_dentry);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc) {
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
goto out;
}
rc = grow_file(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error growing file; rc = [%d]\n", rc);
out:
return rc;
}
static int ecryptfs_update_crypt_flag(struct dentry *dentry, int is_sensitive)
{
int rc = 0;
struct inode *inode;
struct inode *lower_inode;
struct ecryptfs_crypt_stat *crypt_stat;
u32 tmp_flags;
crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
if (!(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED))
ecryptfs_init_crypt_stat(crypt_stat);
inode = dentry->d_inode;
lower_inode = ecryptfs_inode_to_lower(inode);
mutex_lock(&crypt_stat->cs_mutex);
rc = ecryptfs_get_lower_file(dentry, inode);
if (rc) {
mutex_unlock(&crypt_stat->cs_mutex);
DEK_LOGE("ecryptfs_get_lower_file rc=%d\n", rc);
goto out;
}
tmp_flags = crypt_stat->flags;
if (is_sensitive) {
crypt_stat->flags |= ECRYPTFS_DEK_IS_SENSITIVE;
/*
* Set sensirive for all the pages in the inode
*/
set_sensitive_mapping_pages(inode->i_mapping, 0, -1);
}
else{
crypt_stat->flags &= ~ECRYPTFS_DEK_IS_SENSITIVE;
}
rc = ecryptfs_write_metadata(dentry, inode);
if (rc) {
crypt_stat->flags = tmp_flags;
mutex_unlock(&crypt_stat->cs_mutex);
DEK_LOGE("ecryptfs_write_metadata rc=%d\n", rc);
goto out;
}
rc = ecryptfs_write_inode_size_to_metadata(inode);
if (rc) {
mutex_unlock(&crypt_stat->cs_mutex);
DEK_LOGE("Problem with "
"ecryptfs_write_inode_size_to_metadata; "
"rc = [%d]\n", rc);
goto out;
}
ecryptfs_put_lower_file(inode);
mutex_unlock(&crypt_stat->cs_mutex);
out:
fsstack_copy_attr_all(inode, lower_inode);
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
struct inode *ecryptfs_inode)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
#if 1 // FEATURE_SDCARD_ENCRYPTION
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
#endif
int rc = 0;
if (S_ISDIR(ecryptfs_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#if defined (FEATURE_SDCARD_MEDIAEXN_SYSTEMCALL_ENCRYPTION)
if (getMediaProperty() == 1){
if(ecryptfs_mediaFileSearch(ecryptfs_dentry->d_name.name)){
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
}
#endif //FEATURE_SDCARD_MEDIAEXN_SYSTEMCALL_ENCRYPTION
#if 1 // FEATURE_SDCARD_ENCRYPTION
if (mount_crypt_stat && (mount_crypt_stat->flags
& ECRYPTFS_DECRYPTION_ONLY)) {
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#endif
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_inode);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry, ecryptfs_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
rc = ecryptfs_write_metadata(ecryptfs_dentry, ecryptfs_inode);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_inode);
out:
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
#if 1 // FEATURE_SDCARD_ENCRYPTION
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
#endif
int rc = 0;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
ecryptfs_printk(KERN_ERR, "%s:%d:: decryption_only set : ENCRYPTION DISABLED\n", __FUNCTION__, __LINE__); // FEATURE_SDCARD_ENCRYPTION DEBUG
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#if 1 // FEATURE_SDCARD_ENCRYPTION
if (mount_crypt_stat && (mount_crypt_stat->flags
& ECRYPTFS_DECRYPTION_ONLY)) {
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#endif
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_dentry);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry,
ecryptfs_dentry->d_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
out:
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
int rc = 0;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
crypt_stat->flags |= ECRYPTFS_NEW_FILE;
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_dentry);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
if (!ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->lower_file) {
rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the persistent file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
}
/* [email protected] encryption filter */
#ifdef WTL_ENCRYPTION_FILTER
/* fzhang, TODO, should not change flags for existing encrypted
files even through their ext match filter rule */
if (crypt_stat->flags & ECRYPTFS_ENCRYPTED) {
struct dentry *fp_dentry =
ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)
->lower_file->f_dentry;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat = &ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
char filename[256];
strcpy(filename, fp_dentry->d_name.name);
if ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_NEW_PASSTHROUGH)
|| ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_FILTERING) &&
(is_file_name_match(mount_crypt_stat, fp_dentry) ||
is_file_ext_match(mount_crypt_stat, filename)))) {
/*printk(KERN_ERR "fzhang %s will not be encrypted.\n",
fp_dentry->d_iname); */
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
} else {
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc) {
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
goto out;
}
rc = grow_file(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error growing file; rc = [%d]\n", rc);
}
}
#else
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc) {
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
goto out;
}
rc = grow_file(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error growing file; rc = [%d]\n", rc);
#endif
out:
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
int rc = 0;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_dentry);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry,
ecryptfs_dentry->d_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
#ifdef CONFIG_WTL_ENCRYPTION_FILTER
mutex_lock(&crypt_stat->cs_mutex);
if (crypt_stat->flags & ECRYPTFS_ENCRYPTED) {
struct dentry *fp_dentry =
ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)
->lower_file->f_dentry;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(ecryptfs_dentry->d_sb)
->mount_crypt_stat;
char filename[256];
strcpy(filename, fp_dentry->d_name.name);
if ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_NEW_PASSTHROUGH)
|| ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_FILTERING) &&
(is_file_name_match(mount_crypt_stat, fp_dentry) ||
is_file_ext_match(mount_crypt_stat, filename)))) {
crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
} else {
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc)
printk(
KERN_ERR "Error writing headers; rc = [%d]\n"
, rc);
ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
}
}
mutex_unlock(&crypt_stat->cs_mutex);
#else
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
#endif
out:
return rc;
}
static int ecryptfs_update_crypt_flag(struct dentry *dentry, int is_sensitive)
{
int rc = 0;
struct dentry *lower_dentry;
struct inode *inode;
struct inode *lower_inode;
struct ecryptfs_crypt_stat *crypt_stat;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
if (!(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED))
ecryptfs_init_crypt_stat(crypt_stat);
inode = dentry->d_inode;
lower_inode = ecryptfs_inode_to_lower(inode);
lower_dentry = ecryptfs_dentry_to_lower(dentry);
mutex_lock(&crypt_stat->cs_mutex);
mount_crypt_stat = &ecryptfs_superblock_to_private(
dentry->d_sb)->mount_crypt_stat;
rc = ecryptfs_get_lower_file(dentry, inode);
if (rc) {
mutex_unlock(&crypt_stat->cs_mutex);
DEK_LOGE("ecryptfs_get_lower_file rc=%d\n", rc);
goto out;
}
if (is_sensitive) {
crypt_stat->flags |= ECRYPTFS_DEK_IS_SENSITIVE;
/*
* Set sensirive for all the pages in the inode
*/
set_sensitive_mapping_pages(inode->i_mapping, 0, -1);
}
else{
crypt_stat->flags &= ~ECRYPTFS_DEK_IS_SENSITIVE;
}
rc = ecryptfs_write_metadata(dentry, inode);
if (rc) {
if (!(mount_crypt_stat->flags
& ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
rc = -EIO;
DEK_LOGE("Either the lower file "
"is not in a valid eCryptfs format, "
"or the key could not be retrieved. "
"Plaintext passthrough mode is not "
"enabled; returning -EIO\n");
mutex_unlock(&crypt_stat->cs_mutex);
DEK_LOGD("ecryptfs_write_metadata rc=%d\n", rc);
goto out;
}
rc = 0;
crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
}
rc = ecryptfs_write_inode_size_to_metadata(inode);
if (rc) {
mutex_unlock(&crypt_stat->cs_mutex);
DEK_LOGE("Problem with "
"ecryptfs_write_inode_size_to_metadata; "
"rc = [%d]\n", rc);
goto out;
}
ecryptfs_put_lower_file(inode);
mutex_unlock(&crypt_stat->cs_mutex);
out:
fsstack_copy_attr_all(inode, lower_inode);
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
struct inode *ecryptfs_inode)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
int rc = 0;
#ifdef CONFIG_DLP
sdp_fs_command_t *cmd = NULL;
#endif
if (S_ISDIR(ecryptfs_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_inode);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry, ecryptfs_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
#ifdef CONFIG_DLP
if(crypt_stat->mount_crypt_stat->flags & ECRYPTFS_MOUNT_DLP_ENABLED) {
#if DLP_DEBUG
printk(KERN_ERR "DLP %s: file name: [%s], userid: [%d]\n",
__func__, ecryptfs_dentry->d_iname, crypt_stat->mount_crypt_stat->userid);
#endif
if(!rc && (in_egroup_p(AID_KNOX_DLP) || in_egroup_p(AID_KNOX_DLP_RESTRICTED))) {
/* TODO: Can DLP files be created while in locked state? */
struct timespec ts;
crypt_stat->flags |= ECRYPTFS_DLP_ENABLED;
getnstimeofday(&ts);
crypt_stat->expiry.expiry_time.tv_sec = (int64_t)ts.tv_sec + 600;
crypt_stat->expiry.expiry_time.tv_nsec = (int64_t)ts.tv_nsec;
#if DLP_DEBUG
printk(KERN_ERR "DLP %s: current->pid : %d\n", __func__, current->tgid);
printk(KERN_ERR "DLP %s: crypt_stat->mount_crypt_stat->userid : %d\n", __func__, crypt_stat->mount_crypt_stat->userid);
printk(KERN_ERR "DLP %s: crypt_stat->mount_crypt_stat->partition_id : %d\n", __func__, crypt_stat->mount_crypt_stat->partition_id);
#endif
if(in_egroup_p(AID_KNOX_DLP)) {
cmd = sdp_fs_command_alloc(FSOP_DLP_FILE_INIT,
current->tgid, crypt_stat->mount_crypt_stat->userid, crypt_stat->mount_crypt_stat->partition_id,
ecryptfs_inode->i_ino, GFP_KERNEL);
}
else if(in_egroup_p(AID_KNOX_DLP_RESTRICTED)) {
cmd = sdp_fs_command_alloc(FSOP_DLP_FILE_INIT_RESTRICTED,
current->tgid, crypt_stat->mount_crypt_stat->userid, crypt_stat->mount_crypt_stat->partition_id,
ecryptfs_inode->i_ino, GFP_KERNEL);
}
} else {
printk(KERN_ERR "DLP %s: not in group\n", __func__);
}
}
#endif
#ifdef CONFIG_WTL_ENCRYPTION_FILTER
mutex_lock(&crypt_stat->cs_mutex);
if (crypt_stat->flags & ECRYPTFS_ENCRYPTED) {
struct dentry *fp_dentry =
ecryptfs_inode_to_private(ecryptfs_inode)
->lower_file->f_dentry;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(ecryptfs_dentry->d_sb)
->mount_crypt_stat;
char filename[NAME_MAX+1] = {0};
if (fp_dentry->d_name.len <= NAME_MAX)
memcpy(filename, fp_dentry->d_name.name,
fp_dentry->d_name.len + 1);
if ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_NEW_PASSTHROUGH)
|| ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_FILTERING) &&
(is_file_name_match(mount_crypt_stat, fp_dentry) ||
is_file_ext_match(mount_crypt_stat, filename)))) {
crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
ecryptfs_put_lower_file(ecryptfs_inode);
} else {
rc = ecryptfs_write_metadata(ecryptfs_dentry,
ecryptfs_inode);
if (rc)
printk(
KERN_ERR "Error writing headers; rc = [%d]\n"
, rc);
ecryptfs_put_lower_file(ecryptfs_inode);
}
}
mutex_unlock(&crypt_stat->cs_mutex);
#else
rc = ecryptfs_write_metadata(ecryptfs_dentry, ecryptfs_inode);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_inode);
#endif
out:
#ifdef CONFIG_DLP
if(cmd) {
sdp_fs_request(cmd, NULL);
sdp_fs_command_free(cmd);
}
#endif
return rc;
}
