static int ecryptfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) { int rc; struct dentry *lower_dentry; struct dentry *lower_dir_dentry; lower_dentry = ecryptfs_dentry_to_lower(dentry); lower_dir_dentry = lock_parent(lower_dentry); #ifdef CONFIG_SDP if(!strncmp(lower_dir_dentry->d_sb->s_type->name, "sdcardfs", 8)) { struct sdcardfs_dentry_info *dinfo = SDCARDFS_D(lower_dir_dentry); int len = strlen(dentry->d_name.name); int i, numeric = 1; dinfo->under_knox = 1; dinfo->userid = -1; if(IS_UNDER_ROOT(dentry)) { for(i=0 ; i < len ; i++) if(!isdigit(dentry->d_name.name[i])) { numeric = 0; break; } if(numeric) { dinfo->userid = simple_strtoul(dentry->d_name.name, NULL, 10); } } } #endif rc = vfs_mkdir(lower_dir_dentry->d_inode, lower_dentry, mode); if (rc || !lower_dentry->d_inode) goto out; rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb); if (rc) goto out; fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode); fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode); set_nlink(dir, lower_dir_dentry->d_inode->i_nlink); out: #ifdef CONFIG_SDP if(!strncmp(lower_dir_dentry->d_sb->s_type->name, "sdcardfs", 8)) { struct sdcardfs_dentry_info *dinfo = SDCARDFS_D(lower_dir_dentry); dinfo->under_knox = 0; dinfo->userid = -1; } #endif unlock_dir(lower_dir_dentry); if (!dentry->d_inode) d_drop(dentry); return rc; }
/** * ecryptfs_interpose * @lower_dentry: Existing dentry in the lower filesystem * @dentry: ecryptfs' dentry * @sb: ecryptfs's super_block * * Interposes upper and lower dentries. * * Returns zero on success; non-zero otherwise */ static int ecryptfs_interpose(struct dentry *lower_dentry, struct dentry *dentry, struct super_block *sb) { struct inode *inode = ecryptfs_get_inode(lower_dentry->d_inode, sb); if (IS_ERR(inode)) return PTR_ERR(inode); d_instantiate(dentry, inode); if(d_unhashed(dentry)) d_rehash(dentry); #ifdef CONFIG_SDP if(S_ISDIR(inode->i_mode) && dentry) { if(IS_UNDER_ROOT(dentry)) { struct ecryptfs_mount_crypt_stat *mount_crypt_stat = &ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat; int engineid; printk("Creating a directoy under root directory of current partition.\n"); if(is_chamber_directory(mount_crypt_stat, dentry->d_name.name, &engineid)) { printk("This is a chamber directory engine[%d]\n", engineid); set_chamber_flag(engineid, inode); } } else if(IS_SENSITIVE_DENTRY(dentry->d_parent)) { /* * When parent directory is sensitive */ struct ecryptfs_crypt_stat *crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; struct ecryptfs_crypt_stat *parent_crypt_stat = &ecryptfs_inode_to_private(dentry->d_parent->d_inode)->crypt_stat; //TODO : remove this log DEK_LOGE("Parent %s[id:%d] is sensitive. so this directory is sensitive too\n", dentry->d_parent->d_name.name, parent_crypt_stat->engine_id); crypt_stat->flags |= ECRYPTFS_DEK_IS_SENSITIVE; crypt_stat->engine_id = parent_crypt_stat->engine_id; } } #endif return 0; }
/** * ecryptfs_interpose * @lower_dentry: Existing dentry in the lower filesystem * @dentry: ecryptfs' dentry * @sb: ecryptfs's super_block * * Interposes upper and lower dentries. * * Returns zero on success; non-zero otherwise */ static int ecryptfs_interpose(struct dentry *lower_dentry, struct dentry *dentry, struct super_block *sb) { struct inode *inode = ecryptfs_get_inode(lower_dentry->d_inode, sb); if (IS_ERR(inode)) return PTR_ERR(inode); d_instantiate(dentry, inode); #ifdef CONFIG_SDP if(S_ISDIR(inode->i_mode) && dentry) { if(IS_UNDER_ROOT(dentry)) { struct ecryptfs_mount_crypt_stat *mount_crypt_stat = &ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat; printk("Creating a directoy under root directory of current partition.\n"); if(is_chamber_directory(mount_crypt_stat, (char *)dentry->d_name.name)) { printk("This is a chamber directory\n"); set_chamber_flag(inode); } } else if(IS_SENSITIVE_DENTRY(dentry->d_parent)) { /* * When parent directory is sensitive */ struct ecryptfs_crypt_stat *crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; printk("Parent %s is sensitive. so this directory is sensitive too\n", dentry->d_parent->d_name.name); crypt_stat->flags |= ECRYPTFS_DEK_IS_SENSITIVE; } } #endif return 0; }
/** * ecryptfs_lookup_interpose - Dentry interposition for a lookup */ static int ecryptfs_lookup_interpose(struct dentry *dentry, struct dentry *lower_dentry, struct inode *dir_inode) { struct inode *inode, *lower_inode = lower_dentry->d_inode; struct ecryptfs_dentry_info *dentry_info; struct vfsmount *lower_mnt; int rc = 0; dentry_info = kmem_cache_alloc(ecryptfs_dentry_info_cache, GFP_KERNEL); if (!dentry_info) { printk(KERN_ERR "%s: Out of memory whilst attempting " "to allocate ecryptfs_dentry_info struct\n", __func__); dput(lower_dentry); return -ENOMEM; } lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent)); fsstack_copy_attr_atime(dir_inode, lower_dentry->d_parent->d_inode); BUG_ON(!lower_dentry->d_count); ecryptfs_set_dentry_private(dentry, dentry_info); ecryptfs_set_dentry_lower(dentry, lower_dentry); ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt); if (!lower_dentry->d_inode) { /* We want to add because we couldn't find in lower */ d_add(dentry, NULL); return 0; } inode = __ecryptfs_get_inode(lower_inode, dir_inode->i_sb); if (IS_ERR(inode)) { printk(KERN_ERR "%s: Error interposing; rc = [%ld]\n", __func__, PTR_ERR(inode)); return PTR_ERR(inode); } if (S_ISREG(inode->i_mode)) { rc = ecryptfs_i_size_read(dentry, inode); if (rc) { make_bad_inode(inode); return rc; } } #ifdef CONFIG_SDP if (S_ISDIR(inode->i_mode) && dentry) { if(IS_UNDER_ROOT(dentry)) { struct ecryptfs_mount_crypt_stat *mount_crypt_stat = &ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat; printk("Lookup a directoy under root directory of current partition.\n"); if(is_chamber_directory(mount_crypt_stat, (char *)dentry->d_name.name)) { /* * When this directory is under ROOT directory and the name is registered * as Chamber. */ printk("This is a chamber directory\n"); set_chamber_flag(inode); } } else if(IS_SENSITIVE_DENTRY(dentry->d_parent)) { /* * When parent directory is sensitive */ struct ecryptfs_crypt_stat *crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; printk("Parent %s is sensitive. so this directory is sensitive too\n", dentry->d_parent->d_name.name); crypt_stat->flags |= ECRYPTFS_DEK_IS_SENSITIVE; } } #endif if (inode->i_state & I_NEW) unlock_new_inode(inode); d_add(dentry, inode); return rc; }
/** * ecryptfs_lookup * @ecryptfs_dir_inode: The eCryptfs directory inode * @ecryptfs_dentry: The eCryptfs dentry that we are looking up * @ecryptfs_nd: nameidata; may be NULL * * Find a file on disk. If the file does not exist, then we'll add it to the * dentry cache and continue on to read it from the disk. */ static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode, struct dentry *ecryptfs_dentry, unsigned int flags) { char *encrypted_and_encoded_name = NULL; size_t encrypted_and_encoded_name_size; struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL; struct dentry *lower_dir_dentry, *lower_dentry; int rc = 0; lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent); mutex_lock(&lower_dir_dentry->d_inode->i_mutex); lower_dentry = lookup_one_len(ecryptfs_dentry->d_name.name, lower_dir_dentry, ecryptfs_dentry->d_name.len); mutex_unlock(&lower_dir_dentry->d_inode->i_mutex); if (IS_ERR(lower_dentry)) { rc = PTR_ERR(lower_dentry); ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned " "[%d] on lower_dentry = [%s]\n", __func__, rc, ecryptfs_dentry->d_name.name); goto out; } if (lower_dentry->d_inode) goto interpose; mount_crypt_stat = &ecryptfs_superblock_to_private( ecryptfs_dentry->d_sb)->mount_crypt_stat; if (!(mount_crypt_stat && (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES))) goto interpose; dput(lower_dentry); rc = ecryptfs_encrypt_and_encode_filename( &encrypted_and_encoded_name, &encrypted_and_encoded_name_size, NULL, mount_crypt_stat, ecryptfs_dentry->d_name.name, ecryptfs_dentry->d_name.len); if (rc) { printk(KERN_ERR "%s: Error attempting to encrypt and encode " "filename; rc = [%d]\n", __func__, rc); goto out; } mutex_lock(&lower_dir_dentry->d_inode->i_mutex); #ifdef CONFIG_SDP if(!strncmp(lower_dir_dentry->d_sb->s_type->name, "sdcardfs", 8)) { struct sdcardfs_dentry_info *dinfo = SDCARDFS_D(lower_dir_dentry); int len = strlen(ecryptfs_dentry->d_name.name); int i, numeric = 1; dinfo->under_knox = 1; dinfo->userid = -1; if(IS_UNDER_ROOT(ecryptfs_dentry)) { for(i=0 ; i < len ; i++) if(!isdigit(ecryptfs_dentry->d_name.name[i])) { numeric = 0; break; } if(numeric) { dinfo->userid = simple_strtoul(ecryptfs_dentry->d_name.name, NULL, 10); } } } #endif lower_dentry = lookup_one_len(encrypted_and_encoded_name, lower_dir_dentry, encrypted_and_encoded_name_size); #ifdef CONFIG_SDP if(!strncmp(lower_dir_dentry->d_sb->s_type->name, "sdcardfs", 8)) { struct sdcardfs_dentry_info *dinfo = SDCARDFS_D(lower_dir_dentry); dinfo->under_knox = 0; dinfo->userid = -1; } #endif mutex_unlock(&lower_dir_dentry->d_inode->i_mutex); if (IS_ERR(lower_dentry)) { rc = PTR_ERR(lower_dentry); ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned " "[%d] on lower_dentry = [%s]\n", __func__, rc, encrypted_and_encoded_name); goto out; } interpose: rc = ecryptfs_lookup_interpose(ecryptfs_dentry, lower_dentry, ecryptfs_dir_inode); out: kfree(encrypted_and_encoded_name); return ERR_PTR(rc); }