/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
struct inode *ecryptfs_inode)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
#ifdef FEATURE_SDCARD_ENCRYPTION
struct ecryptfs_mount_sd_crypt_stat *mount_sd_crypt_stat =
&ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_sd_crypt_stat;
char dentry_name[MAX_FILE_NAME_LENGTH] = {0,};
#endif
int rc = 0;
if (S_ISDIR(ecryptfs_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#ifdef FEATURE_SDCARD_ENCRYPTION
memcpy(dentry_name, ecryptfs_dentry->d_name.name, ecryptfs_dentry->d_name.len);
if (mount_sd_crypt_stat && (mount_sd_crypt_stat->flags
& ECRYPTFS_MEDIA_EXCEPTION)) {
if(ecryptfs_media_file_search(dentry_name)){
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
}
if(ecryptfs_asec_file_search(dentry_name)){
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
if (mount_sd_crypt_stat && (mount_sd_crypt_stat->flags
& ECRYPTFS_DECRYPTION_ONLY)) {
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#endif
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_inode);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry, ecryptfs_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
rc = ecryptfs_write_metadata(ecryptfs_dentry, ecryptfs_inode);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_inode);
out:
return rc;
}
/**
* ecryptfs_lookup
* @ecryptfs_dir_inode: The eCryptfs directory inode
* @ecryptfs_dentry: The eCryptfs dentry that we are looking up
* @ecryptfs_nd: nameidata; may be NULL
*
* Find a file on disk. If the file does not exist, then we'll add it to the
* dentry cache and continue on to read it from the disk.
*/
static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
struct dentry *ecryptfs_dentry,
unsigned int flags)
{
char *encrypted_and_encoded_name = NULL;
size_t encrypted_and_encoded_name_size;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
struct dentry *lower_dir_dentry, *lower_dentry;
int rc = 0;
lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent);
mutex_lock(&lower_dir_dentry->d_inode->i_mutex);
lower_dentry = lookup_one_len(ecryptfs_dentry->d_name.name,
lower_dir_dentry,
ecryptfs_dentry->d_name.len);
mutex_unlock(&lower_dir_dentry->d_inode->i_mutex);
if (IS_ERR(lower_dentry)) {
rc = PTR_ERR(lower_dentry);
ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
"[%d] on lower_dentry = [%s]\n", __func__, rc,
ecryptfs_dentry->d_name.name);
goto out;
}
if (lower_dentry->d_inode)
goto interpose;
mount_crypt_stat = &ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
if (!(mount_crypt_stat
&& (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)))
goto interpose;
dput(lower_dentry);
rc = ecryptfs_encrypt_and_encode_filename(
&encrypted_and_encoded_name, &encrypted_and_encoded_name_size,
NULL, mount_crypt_stat, ecryptfs_dentry->d_name.name,
ecryptfs_dentry->d_name.len);
if (rc) {
printk(KERN_ERR "%s: Error attempting to encrypt and encode "
"filename; rc = [%d]\n", __func__, rc);
goto out;
}
mutex_lock(&lower_dir_dentry->d_inode->i_mutex);
lower_dentry = lookup_one_len(encrypted_and_encoded_name,
lower_dir_dentry,
encrypted_and_encoded_name_size);
mutex_unlock(&lower_dir_dentry->d_inode->i_mutex);
if (IS_ERR(lower_dentry)) {
rc = PTR_ERR(lower_dentry);
ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
"[%d] on lower_dentry = [%s]\n", __func__, rc,
encrypted_and_encoded_name);
goto out;
}
interpose:
rc = ecryptfs_lookup_interpose(ecryptfs_dentry, lower_dentry,
ecryptfs_dir_inode);
out:
kfree(encrypted_and_encoded_name);
return ERR_PTR(rc);
}
int ecryptfs_super_block_get_userid(struct super_block *sb)
{
int userid = ecryptfs_superblock_to_private(sb)->userid;
#if ECRYPTFS_DEK_DEBUG
DEK_LOGD("sdp id is %d\n", userid);
#endif
return userid;
}
/**
* ecryptfs_put_super
* @sb: Pointer to the ecryptfs super block
*
* Final actions when unmounting a file system.
* This will handle deallocation and release of our private data.
*/
static void ecryptfs_put_super(struct super_block *sb)
{
struct ecryptfs_sb_info *sb_info = ecryptfs_superblock_to_private(sb);
ecryptfs_destroy_mount_crypt_stat(&sb_info->mount_crypt_stat);
kmem_cache_free(ecryptfs_sb_info_cache, sb_info);
ecryptfs_set_superblock_private(sb, NULL);
}
static long
ecryptfs_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
struct file *lower_file = NULL;
long rc = -ENOTTY;
#ifdef CONFIG_WTL_ENCRYPTION_FILTER
if (cmd == ECRYPTFS_IOCTL_GET_ATTRIBUTES) {
u32 __user *user_attr = (u32 __user *)arg;
u32 attr = 0;
char filename[NAME_MAX+1] = {0};
struct dentry *ecryptfs_dentry = file->f_path.dentry;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(ecryptfs_dentry->d_sb)
->mount_crypt_stat;
struct inode *inode = ecryptfs_dentry->d_inode;
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(inode)->crypt_stat;
struct dentry *fp_dentry =
ecryptfs_inode_to_private(inode)->lower_file->f_dentry;
if (fp_dentry->d_name.len <= NAME_MAX)
memcpy(filename, fp_dentry->d_name.name,
fp_dentry->d_name.len + 1);
mutex_lock(&crypt_stat->cs_mutex);
if ((crypt_stat->flags & ECRYPTFS_ENCRYPTED
|| crypt_stat->flags & ECRYPTFS_ENCRYPTED_OTHER_DEVICE)
|| ((mount_crypt_stat->flags
& ECRYPTFS_ENABLE_FILTERING)
&& (is_file_name_match
(mount_crypt_stat, fp_dentry)
|| is_file_ext_match
(mount_crypt_stat, filename)))) {
if (crypt_stat->flags & ECRYPTFS_KEY_VALID)
attr = ECRYPTFS_WAS_ENCRYPTED;
else
attr = ECRYPTFS_WAS_ENCRYPTED_OTHER_DEVICE;
}
mutex_unlock(&crypt_stat->cs_mutex);
put_user(attr, user_attr);
return 0;
}
#endif
#ifdef CONFIG_SDP
rc = ecryptfs_do_sdp_ioctl(file, cmd, arg);
if (rc == 0) {
return rc;
}
#else
printk("%s CONFIG_SDP not enabled \n", __func__);
#endif
if (ecryptfs_file_to_private(file))
lower_file = ecryptfs_file_to_lower(file);
if (lower_file && lower_file->f_op && lower_file->f_op->unlocked_ioctl)
rc = lower_file->f_op->unlocked_ioctl(lower_file, cmd, arg);
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry,
struct inode *ecryptfs_inode)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat;
#if 1 // FEATURE_SDCARD_ENCRYPTION
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
#endif
int rc = 0;
if (S_ISDIR(ecryptfs_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#if defined (FEATURE_SDCARD_MEDIAEXN_SYSTEMCALL_ENCRYPTION)
if (getMediaProperty() == 1){
if(ecryptfs_mediaFileSearch(ecryptfs_dentry->d_name.name)){
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
}
#endif //FEATURE_SDCARD_MEDIAEXN_SYSTEMCALL_ENCRYPTION
#if 1 // FEATURE_SDCARD_ENCRYPTION
if (mount_crypt_stat && (mount_crypt_stat->flags
& ECRYPTFS_DECRYPTION_ONLY)) {
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#endif
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_inode);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry, ecryptfs_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
rc = ecryptfs_write_metadata(ecryptfs_dentry, ecryptfs_inode);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_inode);
out:
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
#if 1 // FEATURE_SDCARD_ENCRYPTION
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
#endif
int rc = 0;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
ecryptfs_printk(KERN_ERR, "%s:%d:: decryption_only set : ENCRYPTION DISABLED\n", __FUNCTION__, __LINE__); // FEATURE_SDCARD_ENCRYPTION DEBUG
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#if 1 // FEATURE_SDCARD_ENCRYPTION
if (mount_crypt_stat && (mount_crypt_stat->flags
& ECRYPTFS_DECRYPTION_ONLY)) {
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
#endif
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_dentry);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry,
ecryptfs_dentry->d_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
out:
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
int rc = 0;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
if (mount_crypt_stat && (mount_crypt_stat->flags
& ECRYPTFS_NO_NEW_ENCRYPTED)) {
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_dentry);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry,
ecryptfs_dentry->d_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
out:
return rc;
}
/**
* ecryptfs_interpose
* @lower_dentry: Existing dentry in the lower filesystem
* @dentry: ecryptfs' dentry
* @sb: ecryptfs's super_block
*
* Interposes upper and lower dentries.
*
* Returns zero on success; non-zero otherwise
*/
static int ecryptfs_interpose(struct dentry *lower_dentry,
struct dentry *dentry, struct super_block *sb)
{
struct inode *inode = ecryptfs_get_inode(lower_dentry->d_inode, sb);
if (IS_ERR(inode))
return PTR_ERR(inode);
d_instantiate(dentry, inode);
if(d_unhashed(dentry))
d_rehash(dentry);
#ifdef CONFIG_SDP
if(S_ISDIR(inode->i_mode) && dentry) {
if(IS_UNDER_ROOT(dentry)) {
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat;
int engineid;
printk("Creating a directoy under root directory of current partition.\n");
if(is_chamber_directory(mount_crypt_stat, dentry->d_name.name, &engineid)) {
printk("This is a chamber directory engine[%d]\n", engineid);
set_chamber_flag(engineid, inode);
}
} else if(IS_SENSITIVE_DENTRY(dentry->d_parent)) {
/*
* When parent directory is sensitive
*/
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(inode)->crypt_stat;
struct ecryptfs_crypt_stat *parent_crypt_stat =
&ecryptfs_inode_to_private(dentry->d_parent->d_inode)->crypt_stat;
//TODO : remove this log
DEK_LOGE("Parent %s[id:%d] is sensitive. so this directory is sensitive too\n",
dentry->d_parent->d_name.name, parent_crypt_stat->engine_id);
crypt_stat->flags |= ECRYPTFS_DEK_IS_SENSITIVE;
crypt_stat->engine_id = parent_crypt_stat->engine_id;
}
}
#endif
return 0;
}
/**
* ecryptfs_lookup
* @ecryptfs_dir_inode: The eCryptfs directory inode
* @ecryptfs_dentry: The eCryptfs dentry that we are looking up
* @flags: lookup flags
*
* Find a file on disk. If the file does not exist, then we'll add it to the
* dentry cache and continue on to read it from the disk.
*/
static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
struct dentry *ecryptfs_dentry,
unsigned int flags)
{
char *encrypted_and_encoded_name = NULL;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
struct dentry *lower_dir_dentry, *lower_dentry;
const char *name = ecryptfs_dentry->d_name.name;
size_t len = ecryptfs_dentry->d_name.len;
struct dentry *res;
int rc = 0;
lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent);
mount_crypt_stat = &ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
if (mount_crypt_stat
&& (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)) {
rc = ecryptfs_encrypt_and_encode_filename(
&encrypted_and_encoded_name, &len,
mount_crypt_stat, name, len);
if (rc) {
printk(KERN_ERR "%s: Error attempting to encrypt and encode "
"filename; rc = [%d]\n", __func__, rc);
return ERR_PTR(rc);
}
name = encrypted_and_encoded_name;
}
lower_dentry = lookup_one_len_unlocked(name, lower_dir_dentry, len);
if (IS_ERR(lower_dentry)) {
ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
"[%ld] on lower_dentry = [%s]\n", __func__,
PTR_ERR(lower_dentry),
name);
res = ERR_CAST(lower_dentry);
} else {
res = ecryptfs_lookup_interpose(ecryptfs_dentry, lower_dentry);
}
kfree(encrypted_and_encoded_name);
return res;
}
static int read_or_initialize_metadata(struct dentry *dentry)
{
struct inode *inode = dentry->d_inode;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
struct ecryptfs_crypt_stat *crypt_stat;
int rc;
crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
mount_crypt_stat = &ecryptfs_superblock_to_private(
inode->i_sb)->mount_crypt_stat;
mutex_lock(&crypt_stat->cs_mutex);
if (crypt_stat->flags & ECRYPTFS_POLICY_APPLIED &&
crypt_stat->flags & ECRYPTFS_KEY_VALID) {
rc = 0;
goto out;
}
rc = ecryptfs_read_metadata(dentry);
if (!rc)
goto out;
if (mount_crypt_stat->flags & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED) {
crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
rc = 0;
goto out;
}
if (!(mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED) &&
!i_size_read(ecryptfs_inode_to_lower(inode))) {
rc = ecryptfs_initialize_file(dentry, inode);
if (!rc)
goto out;
}
rc = -EIO;
out:
mutex_unlock(&crypt_stat->cs_mutex);
return rc;
}
static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry,
const char *symname)
{
int rc;
struct dentry *lower_dentry;
struct dentry *lower_dir_dentry;
char *encoded_symname;
size_t encoded_symlen;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
lower_dentry = ecryptfs_dentry_to_lower(dentry);
dget(lower_dentry);
lower_dir_dentry = lock_parent(lower_dentry);
mount_crypt_stat = &ecryptfs_superblock_to_private(
dir->i_sb)->mount_crypt_stat;
rc = ecryptfs_encrypt_and_encode_filename(&encoded_symname,
&encoded_symlen,
NULL,
mount_crypt_stat, symname,
strlen(symname));
if (rc)
goto out_lock;
rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry,
encoded_symname);
kfree(encoded_symname);
if (rc || !lower_dentry->d_inode)
goto out_lock;
rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb);
if (rc)
goto out_lock;
fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
out_lock:
unlock_dir(lower_dir_dentry);
dput(lower_dentry);
if (!dentry->d_inode)
d_drop(dentry);
return rc;
}
/**
* ecryptfs_interpose
* @lower_dentry: Existing dentry in the lower filesystem
* @dentry: ecryptfs' dentry
* @sb: ecryptfs's super_block
*
* Interposes upper and lower dentries.
*
* Returns zero on success; non-zero otherwise
*/
static int ecryptfs_interpose(struct dentry *lower_dentry,
struct dentry *dentry, struct super_block *sb)
{
struct inode *inode = ecryptfs_get_inode(lower_dentry->d_inode, sb);
if (IS_ERR(inode))
return PTR_ERR(inode);
d_instantiate(dentry, inode);
#ifdef CONFIG_SDP
if(S_ISDIR(inode->i_mode) && dentry) {
if(IS_UNDER_ROOT(dentry)) {
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat;
printk("Creating a directoy under root directory of current partition.\n");
if(is_chamber_directory(mount_crypt_stat, (char *)dentry->d_name.name)) {
printk("This is a chamber directory\n");
set_chamber_flag(inode);
}
} else if(IS_SENSITIVE_DENTRY(dentry->d_parent)) {
/*
* When parent directory is sensitive
*/
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(inode)->crypt_stat;
printk("Parent %s is sensitive. so this directory is sensitive too\n",
dentry->d_parent->d_name.name);
crypt_stat->flags |= ECRYPTFS_DEK_IS_SENSITIVE;
}
}
#endif
return 0;
}
static int read_or_initialize_metadata(struct dentry *dentry)
{
struct inode *inode = dentry->d_inode;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
struct ecryptfs_crypt_stat *crypt_stat;
int rc;
crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
mount_crypt_stat = &ecryptfs_superblock_to_private(
inode->i_sb)->mount_crypt_stat;
#ifdef CONFIG_WTL_ENCRYPTION_FILTER
if (crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED
&& crypt_stat->flags & ECRYPTFS_POLICY_APPLIED
&& crypt_stat->flags & ECRYPTFS_ENCRYPTED
&& !(crypt_stat->flags & ECRYPTFS_KEY_VALID)
&& !(crypt_stat->flags & ECRYPTFS_KEY_SET)
&& crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED) {
crypt_stat->flags |= ECRYPTFS_ENCRYPTED_OTHER_DEVICE;
}
mutex_lock(&crypt_stat->cs_mutex);
if ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_NEW_PASSTHROUGH)
&& (crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
if (ecryptfs_read_metadata(dentry)) {
crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
mutex_unlock(&crypt_stat->cs_mutex);
rc = 0;
goto out;
}
} else if ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_FILTERING)
&& (crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
struct dentry *fp_dentry =
ecryptfs_inode_to_private(inode)->lower_file->f_dentry;
char filename[NAME_MAX+1] = {0};
if (fp_dentry->d_name.len <= NAME_MAX)
memcpy(filename, fp_dentry->d_name.name,
fp_dentry->d_name.len + 1);
if (is_file_name_match(mount_crypt_stat, fp_dentry)
|| is_file_ext_match(mount_crypt_stat, filename)) {
if (ecryptfs_read_metadata(dentry))
crypt_stat->flags &=
~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
mutex_unlock(&crypt_stat->cs_mutex);
rc = 0;
goto out;
}
}
mutex_unlock(&crypt_stat->cs_mutex);
#endif
mutex_lock(&crypt_stat->cs_mutex);
if (crypt_stat->flags & ECRYPTFS_POLICY_APPLIED &&
crypt_stat->flags & ECRYPTFS_KEY_VALID) {
rc = 0;
goto out;
}
rc = ecryptfs_read_metadata(dentry);
if (!rc)
goto out;
if (mount_crypt_stat->flags & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED) {
crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
rc = 0;
goto out;
}
if (!(mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED) &&
!i_size_read(ecryptfs_inode_to_lower(inode))) {
rc = ecryptfs_initialize_file(dentry, inode);
if (!rc)
goto out;
}
rc = -EIO;
out:
mutex_unlock(&crypt_stat->cs_mutex);
return rc;
}
/**
* ecryptfs_lookup
* @ecryptfs_dir_inode: The eCryptfs directory inode
* @ecryptfs_dentry: The eCryptfs dentry that we are looking up
* @ecryptfs_nd: nameidata; may be NULL
*
* Find a file on disk. If the file does not exist, then we'll add it to the
* dentry cache and continue on to read it from the disk.
*/
static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
struct dentry *ecryptfs_dentry,
struct nameidata *ecryptfs_nd)
{
char *encrypted_and_encoded_name = NULL;
size_t encrypted_and_encoded_name_size;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
struct dentry *lower_dir_dentry, *lower_dentry;
int rc = 0;
ecryptfs_dentry->d_op = &ecryptfs_dops;
if ((ecryptfs_dentry->d_name.len == 1
&& !strcmp(ecryptfs_dentry->d_name.name, "."))
|| (ecryptfs_dentry->d_name.len == 2
&& !strcmp(ecryptfs_dentry->d_name.name, ".."))) {
goto out_d_drop;
}
lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent);
mutex_lock(&lower_dir_dentry->d_inode->i_mutex);
lower_dentry = lookup_one_len(ecryptfs_dentry->d_name.name,
lower_dir_dentry,
ecryptfs_dentry->d_name.len);
mutex_unlock(&lower_dir_dentry->d_inode->i_mutex);
if (IS_ERR(lower_dentry)) {
rc = PTR_ERR(lower_dentry);
printk(KERN_ERR "%s: lookup_one_len() returned [%d] on "
"lower_dentry = [%s]\n", __func__, rc,
ecryptfs_dentry->d_name.name);
goto out_d_drop;
}
if (lower_dentry->d_inode)
goto lookup_and_interpose;
mount_crypt_stat = &ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
if (!(mount_crypt_stat
&& (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)))
goto lookup_and_interpose;
dput(lower_dentry);
rc = ecryptfs_encrypt_and_encode_filename(
&encrypted_and_encoded_name, &encrypted_and_encoded_name_size,
NULL, mount_crypt_stat, ecryptfs_dentry->d_name.name,
ecryptfs_dentry->d_name.len);
if (rc) {
printk(KERN_ERR "%s: Error attempting to encrypt and encode "
"filename; rc = [%d]\n", __func__, rc);
goto out_d_drop;
}
mutex_lock(&lower_dir_dentry->d_inode->i_mutex);
lower_dentry = lookup_one_len(encrypted_and_encoded_name,
lower_dir_dentry,
encrypted_and_encoded_name_size - 1);
mutex_unlock(&lower_dir_dentry->d_inode->i_mutex);
if (IS_ERR(lower_dentry)) {
rc = PTR_ERR(lower_dentry);
printk(KERN_ERR "%s: lookup_one_len() returned [%d] on "
"lower_dentry = [%s]\n", __func__, rc,
encrypted_and_encoded_name);
goto out_d_drop;
}
lookup_and_interpose:
rc = ecryptfs_lookup_and_interpose_lower(ecryptfs_dentry, lower_dentry,
ecryptfs_dir_inode,
ecryptfs_nd);
goto out;
out_d_drop:
d_drop(ecryptfs_dentry);
out:
kfree(encrypted_and_encoded_name);
return ERR_PTR(rc);
}
/**
* ecryptfs_lookup_and_interpose_lower - Perform a lookup
*/
int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry,
struct dentry *lower_dentry,
struct inode *ecryptfs_dir_inode,
struct nameidata *ecryptfs_nd)
{
struct dentry *lower_dir_dentry;
struct vfsmount *lower_mnt;
struct inode *lower_inode;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
struct ecryptfs_crypt_stat *crypt_stat;
char *page_virt = NULL;
u64 file_size;
int rc = 0;
lower_dir_dentry = lower_dentry->d_parent;
lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(
ecryptfs_dentry->d_parent));
lower_inode = lower_dentry->d_inode;
fsstack_copy_attr_atime(ecryptfs_dir_inode, lower_dir_dentry->d_inode);
BUG_ON(!atomic_read(&lower_dentry->d_count));
ecryptfs_set_dentry_private(ecryptfs_dentry,
kmem_cache_alloc(ecryptfs_dentry_info_cache,
GFP_KERNEL));
if (!ecryptfs_dentry_to_private(ecryptfs_dentry)) {
rc = -ENOMEM;
printk(KERN_ERR "%s: Out of memory whilst attempting "
"to allocate ecryptfs_dentry_info struct\n",
__func__);
goto out_put;
}
ecryptfs_set_dentry_lower(ecryptfs_dentry, lower_dentry);
ecryptfs_set_dentry_lower_mnt(ecryptfs_dentry, lower_mnt);
if (!lower_dentry->d_inode) {
/* We want to add because we couldn't find in lower */
d_add(ecryptfs_dentry, NULL);
goto out;
}
rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry,
ecryptfs_dir_inode->i_sb, 1);
if (rc) {
printk(KERN_ERR "%s: Error interposing; rc = [%d]\n",
__func__, rc);
goto out;
}
if (S_ISDIR(lower_inode->i_mode))
goto out;
if (S_ISLNK(lower_inode->i_mode))
goto out;
if (special_file(lower_inode->i_mode))
goto out;
if (!ecryptfs_nd)
goto out;
/* Released in this function */
page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2, GFP_USER);
if (!page_virt) {
printk(KERN_ERR "%s: Cannot kmem_cache_zalloc() a page\n",
__func__);
rc = -ENOMEM;
goto out;
}
if (!ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->lower_file) {
rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the persistent file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out_free_kmem;
}
}
crypt_stat = &ecryptfs_inode_to_private(
ecryptfs_dentry->d_inode)->crypt_stat;
/* TODO: lock for crypt_stat comparison */
if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
ecryptfs_set_default_sizes(crypt_stat);
rc = ecryptfs_read_and_validate_header_region(page_virt,
ecryptfs_dentry->d_inode);
if (rc) {
rc = ecryptfs_read_and_validate_xattr_region(page_virt,
ecryptfs_dentry);
if (rc) {
rc = 0;
goto out_free_kmem;
}
crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
}
mount_crypt_stat = &ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
file_size = (crypt_stat->num_header_bytes_at_front
+ i_size_read(lower_dentry->d_inode));
else
file_size = i_size_read(lower_dentry->d_inode);
} else {
file_size = get_unaligned_be64(page_virt);
}
i_size_write(ecryptfs_dentry->d_inode, (loff_t)file_size);
out_free_kmem:
kmem_cache_free(ecryptfs_header_cache_2, page_virt);
goto out;
out_put:
dput(lower_dentry);
mntput(lower_mnt);
d_drop(ecryptfs_dentry);
out:
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
int rc = 0;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
crypt_stat->flags |= ECRYPTFS_NEW_FILE;
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_dentry);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
if (!ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->lower_file) {
rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the persistent file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
}
/* [email protected] encryption filter */
#ifdef WTL_ENCRYPTION_FILTER
/* fzhang, TODO, should not change flags for existing encrypted
files even through their ext match filter rule */
if (crypt_stat->flags & ECRYPTFS_ENCRYPTED) {
struct dentry *fp_dentry =
ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)
->lower_file->f_dentry;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat = &ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
char filename[256];
strcpy(filename, fp_dentry->d_name.name);
if ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_NEW_PASSTHROUGH)
|| ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_FILTERING) &&
(is_file_name_match(mount_crypt_stat, fp_dentry) ||
is_file_ext_match(mount_crypt_stat, filename)))) {
/*printk(KERN_ERR "fzhang %s will not be encrypted.\n",
fp_dentry->d_iname); */
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
} else {
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc) {
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
goto out;
}
rc = grow_file(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error growing file; rc = [%d]\n", rc);
}
}
#else
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc) {
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
goto out;
}
rc = grow_file(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error growing file; rc = [%d]\n", rc);
#endif
out:
return rc;
}
/**
* ecryptfs_initialize_file
*
* Cause the file to be changed from a basic empty file to an ecryptfs
* file with a header and first data page.
*
* Returns zero on success
*/
static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
{
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->crypt_stat;
int rc = 0;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
goto out;
}
ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");
rc = ecryptfs_new_file_context(ecryptfs_dentry);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error creating new file "
"context; rc = [%d]\n", rc);
goto out;
}
rc = ecryptfs_get_lower_file(ecryptfs_dentry,
ecryptfs_dentry->d_inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out;
}
#ifdef CONFIG_WTL_ENCRYPTION_FILTER
mutex_lock(&crypt_stat->cs_mutex);
if (crypt_stat->flags & ECRYPTFS_ENCRYPTED) {
struct dentry *fp_dentry =
ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)
->lower_file->f_dentry;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(ecryptfs_dentry->d_sb)
->mount_crypt_stat;
char filename[256];
strcpy(filename, fp_dentry->d_name.name);
if ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_NEW_PASSTHROUGH)
|| ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_FILTERING) &&
(is_file_name_match(mount_crypt_stat, fp_dentry) ||
is_file_ext_match(mount_crypt_stat, filename)))) {
crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
} else {
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc)
printk(
KERN_ERR "Error writing headers; rc = [%d]\n"
, rc);
ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
}
}
mutex_unlock(&crypt_stat->cs_mutex);
#else
rc = ecryptfs_write_metadata(ecryptfs_dentry);
if (rc)
printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc);
ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
#endif
out:
return rc;
}
static int read_or_initialize_metadata(struct dentry *dentry)
{
struct inode *inode = dentry->d_inode;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
struct ecryptfs_crypt_stat *crypt_stat;
int rc;
crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
mount_crypt_stat = &ecryptfs_superblock_to_private(
inode->i_sb)->mount_crypt_stat;
#ifdef CONFIG_WTL_ENCRYPTION_FILTER
if (crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED
&& crypt_stat->flags & ECRYPTFS_POLICY_APPLIED
&& crypt_stat->flags & ECRYPTFS_ENCRYPTED
&& !(crypt_stat->flags & ECRYPTFS_KEY_VALID)
&& !(crypt_stat->flags & ECRYPTFS_KEY_SET)
&& crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED) {
crypt_stat->flags |= ECRYPTFS_ENCRYPTED_OTHER_DEVICE;
}
mutex_lock(&crypt_stat->cs_mutex);
if ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_NEW_PASSTHROUGH)
&& (crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
if (ecryptfs_read_metadata(dentry)) {
crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
rc = 0;
goto out;
}
} else if ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_FILTERING)
&& (crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
struct dentry *fp_dentry =
ecryptfs_inode_to_private(inode)->lower_file->f_dentry;
char filename[NAME_MAX+1] = {0};
if (fp_dentry->d_name.len <= NAME_MAX)
memcpy(filename, fp_dentry->d_name.name,
fp_dentry->d_name.len + 1);
if (is_file_name_match(mount_crypt_stat, fp_dentry)
|| is_file_ext_match(mount_crypt_stat, filename)) {
if (ecryptfs_read_metadata(dentry))
crypt_stat->flags &=
~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
rc = 0;
goto out;
}
}
mutex_unlock(&crypt_stat->cs_mutex);
#endif
mutex_lock(&crypt_stat->cs_mutex);
if (crypt_stat->flags & ECRYPTFS_POLICY_APPLIED &&
crypt_stat->flags & ECRYPTFS_KEY_VALID) {
rc = 0;
goto out;
}
rc = ecryptfs_read_metadata(dentry);
if (!rc)
goto out;
#ifdef CONFIG_SDP
/*
* no passthrough/xattr for sensitive files
*/
if ((rc) && crypt_stat->flags & ECRYPTFS_DEK_IS_SENSITIVE)
goto out;
#endif
if (mount_crypt_stat->flags & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED) {
crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
rc = 0;
goto out;
}
if (!(mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED) &&
!i_size_read(ecryptfs_inode_to_lower(inode))) {
rc = ecryptfs_initialize_file(dentry, inode);
if (!rc)
goto out;
}
rc = -EIO;
out:
mutex_unlock(&crypt_stat->cs_mutex);
#ifdef CONFIG_SDP
if(!rc)
{
/*
* SDP v2.0 : sensitive directory (SDP vault)
* Files under sensitive directory automatically becomes sensitive
*/
struct dentry *p = dentry->d_parent;
struct inode *parent_inode = p->d_inode;
struct ecryptfs_crypt_stat *parent_crypt_stat =
&ecryptfs_inode_to_private(parent_inode)->crypt_stat;
if (!(crypt_stat->flags & ECRYPTFS_DEK_IS_SENSITIVE) &&
((S_ISDIR(parent_inode->i_mode)) &&
(parent_crypt_stat->flags & ECRYPTFS_DEK_IS_SENSITIVE))) {
ecryptfs_sdp_set_sensitive(dentry);
}
}
#endif
return rc;
}
/**
* ecryptfs_open
* @inode: inode speciying file to open
* @file: Structure to return filled in
*
* Opens the file specified by inode.
*
* Returns zero on success; non-zero otherwise
*/
static int ecryptfs_open(struct inode *inode, struct file *file)
{
int rc = 0;
struct ecryptfs_crypt_stat *crypt_stat = NULL;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
struct dentry *ecryptfs_dentry = file->f_path.dentry;
/* Private value of ecryptfs_dentry allocated in
* ecryptfs_lookup() */
struct ecryptfs_file_info *file_info;
mount_crypt_stat = &ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
&& ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR)
|| (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC)
|| (file->f_flags & O_APPEND))) {
printk(KERN_WARNING "Mount has encrypted view enabled; "
"files may only be read\n");
rc = -EPERM;
goto out;
}
/* Released in ecryptfs_release or end of function if failure */
file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL);
ecryptfs_set_file_private(file, file_info);
if (!file_info) {
ecryptfs_printk(KERN_ERR,
"Error attempting to allocate memory\n");
rc = -ENOMEM;
goto out;
}
crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
mutex_lock(&crypt_stat->cs_mutex);
if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) {
ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n");
/* Policy code enabled in future release */
crypt_stat->flags |= (ECRYPTFS_POLICY_APPLIED
| ECRYPTFS_ENCRYPTED);
}
mutex_unlock(&crypt_stat->cs_mutex);
rc = ecryptfs_get_lower_file(ecryptfs_dentry, inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out_free;
}
if ((ecryptfs_inode_to_private(inode)->lower_file->f_flags & O_ACCMODE)
== O_RDONLY && (file->f_flags & O_ACCMODE) != O_RDONLY) {
rc = -EPERM;
printk(KERN_WARNING "%s: Lower file is RO; eCryptfs "
"file must hence be opened RO\n", __func__);
goto out_put;
}
ecryptfs_set_file_lower(
file, ecryptfs_inode_to_private(inode)->lower_file);
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
mutex_lock(&crypt_stat->cs_mutex);
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
mutex_unlock(&crypt_stat->cs_mutex);
rc = 0;
goto out;
}
rc = read_or_initialize_metadata(ecryptfs_dentry);
if (rc)
goto out_put;
ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = "
"[0x%.16lx] size: [0x%.16llx]\n", inode, inode->i_ino,
(unsigned long long)i_size_read(inode));
goto out;
out_put:
ecryptfs_put_lower_file(inode);
out_free:
kmem_cache_free(ecryptfs_file_info_cache,
ecryptfs_file_to_private(file));
out:
return rc;
}
/**
* ecryptfs_lookup_interpose - Dentry interposition for a lookup
*/
static int ecryptfs_lookup_interpose(struct dentry *dentry,
struct dentry *lower_dentry,
struct inode *dir_inode)
{
struct inode *inode, *lower_inode = lower_dentry->d_inode;
struct ecryptfs_dentry_info *dentry_info;
struct vfsmount *lower_mnt;
int rc = 0;
dentry_info = kmem_cache_alloc(ecryptfs_dentry_info_cache, GFP_KERNEL);
if (!dentry_info) {
printk(KERN_ERR "%s: Out of memory whilst attempting "
"to allocate ecryptfs_dentry_info struct\n",
__func__);
dput(lower_dentry);
return -ENOMEM;
}
lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent));
fsstack_copy_attr_atime(dir_inode, lower_dentry->d_parent->d_inode);
BUG_ON(!lower_dentry->d_count);
ecryptfs_set_dentry_private(dentry, dentry_info);
ecryptfs_set_dentry_lower(dentry, lower_dentry);
ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt);
if (!lower_dentry->d_inode) {
/* We want to add because we couldn't find in lower */
d_add(dentry, NULL);
return 0;
}
inode = __ecryptfs_get_inode(lower_inode, dir_inode->i_sb);
if (IS_ERR(inode)) {
printk(KERN_ERR "%s: Error interposing; rc = [%ld]\n",
__func__, PTR_ERR(inode));
return PTR_ERR(inode);
}
if (S_ISREG(inode->i_mode)) {
rc = ecryptfs_i_size_read(dentry, inode);
if (rc) {
make_bad_inode(inode);
return rc;
}
}
#ifdef CONFIG_SDP
if (S_ISDIR(inode->i_mode) && dentry) {
if(IS_UNDER_ROOT(dentry)) {
struct ecryptfs_mount_crypt_stat *mount_crypt_stat =
&ecryptfs_superblock_to_private(inode->i_sb)->mount_crypt_stat;
printk("Lookup a directoy under root directory of current partition.\n");
if(is_chamber_directory(mount_crypt_stat, (char *)dentry->d_name.name)) {
/*
* When this directory is under ROOT directory and the name is registered
* as Chamber.
*/
printk("This is a chamber directory\n");
set_chamber_flag(inode);
}
} else if(IS_SENSITIVE_DENTRY(dentry->d_parent)) {
/*
* When parent directory is sensitive
*/
struct ecryptfs_crypt_stat *crypt_stat =
&ecryptfs_inode_to_private(inode)->crypt_stat;
printk("Parent %s is sensitive. so this directory is sensitive too\n",
dentry->d_parent->d_name.name);
crypt_stat->flags |= ECRYPTFS_DEK_IS_SENSITIVE;
}
}
#endif
if (inode->i_state & I_NEW)
unlock_new_inode(inode);
d_add(dentry, inode);
return rc;
}
/**
* ecryptfs_open
* @inode: inode speciying file to open
* @file: Structure to return filled in
*
* Opens the file specified by inode.
*
* Returns zero on success; non-zero otherwise
*/
static int ecryptfs_open(struct inode *inode, struct file *file)
{
int rc = 0;
struct ecryptfs_crypt_stat *crypt_stat = NULL;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
struct dentry *ecryptfs_dentry = file->f_path.dentry;
/* Private value of ecryptfs_dentry allocated in
* ecryptfs_lookup() */
struct dentry *lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
struct ecryptfs_file_info *file_info;
mount_crypt_stat = &ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
&& ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR)
|| (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC)
|| (file->f_flags & O_APPEND))) {
printk(KERN_WARNING "Mount has encrypted view enabled; "
"files may only be read\n");
rc = -EPERM;
goto out;
}
/* Released in ecryptfs_release or end of function if failure */
file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL);
ecryptfs_set_file_private(file, file_info);
if (!file_info) {
ecryptfs_printk(KERN_ERR,
"Error attempting to allocate memory\n");
rc = -ENOMEM;
goto out;
}
lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
mutex_lock(&crypt_stat->cs_mutex);
if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) {
ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n");
/* Policy code enabled in future release */
crypt_stat->flags |= (ECRYPTFS_POLICY_APPLIED
| ECRYPTFS_ENCRYPTED);
}
mutex_unlock(&crypt_stat->cs_mutex);
ecryptfs_set_file_lower(
file, ecryptfs_inode_to_private(inode)->lower_file);
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
mutex_lock(&crypt_stat->cs_mutex);
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
mutex_unlock(&crypt_stat->cs_mutex);
rc = 0;
goto out;
}
mutex_lock(&crypt_stat->cs_mutex);
if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
|| !(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
rc = ecryptfs_read_metadata(ecryptfs_dentry);
if (rc) {
ecryptfs_printk(KERN_DEBUG,
"Valid headers not found\n");
if (!(mount_crypt_stat->flags
& ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
rc = -EIO;
printk(KERN_WARNING "Either the lower file "
"is not in a valid eCryptfs format, "
"or the key could not be retrieved. "
"Plaintext passthrough mode is not "
"enabled; returning -EIO\n");
mutex_unlock(&crypt_stat->cs_mutex);
goto out_free;
}
rc = 0;
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
mutex_unlock(&crypt_stat->cs_mutex);
goto out;
}
}
mutex_unlock(&crypt_stat->cs_mutex);
ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = [0x%.16x] "
"size: [0x%.16x]\n", inode, inode->i_ino,
i_size_read(inode));
goto out;
out_free:
kmem_cache_free(ecryptfs_file_info_cache,
ecryptfs_file_to_private(file));
out:
return rc;
}
static int
ecryptfs_readlink(struct dentry *dentry, char __user *buf, int bufsiz)
{
char *lower_buf;
size_t lower_bufsiz;
struct dentry *lower_dentry;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
char *plaintext_name;
size_t plaintext_name_size;
mm_segment_t old_fs;
int rc;
lower_dentry = ecryptfs_dentry_to_lower(dentry);
if (!lower_dentry->d_inode->i_op->readlink) {
rc = -EINVAL;
goto out;
}
mount_crypt_stat = &ecryptfs_superblock_to_private(
dentry->d_sb)->mount_crypt_stat;
/*
* If the lower filename is encrypted, it will result in a significantly
* longer name. If needed, truncate the name after decode and decrypt.
*/
if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
lower_bufsiz = PATH_MAX;
else
lower_bufsiz = bufsiz;
/* Released in this function */
lower_buf = kmalloc(lower_bufsiz, GFP_KERNEL);
if (lower_buf == NULL) {
printk(KERN_ERR "%s: Out of memory whilst attempting to "
"kmalloc [%zd] bytes\n", __func__, lower_bufsiz);
rc = -ENOMEM;
goto out;
}
old_fs = get_fs();
set_fs(get_ds());
rc = lower_dentry->d_inode->i_op->readlink(lower_dentry,
(char __user *)lower_buf,
lower_bufsiz);
set_fs(old_fs);
if (rc >= 0) {
rc = ecryptfs_decode_and_decrypt_filename(&plaintext_name,
&plaintext_name_size,
dentry, lower_buf,
rc);
if (rc) {
printk(KERN_ERR "%s: Error attempting to decode and "
"decrypt filename; rc = [%d]\n", __func__,
rc);
goto out_free_lower_buf;
}
/* Check for bufsiz <= 0 done in sys_readlinkat() */
rc = copy_to_user(buf, plaintext_name,
min((size_t) bufsiz, plaintext_name_size));
if (rc)
rc = -EFAULT;
else
rc = plaintext_name_size;
kfree(plaintext_name);
fsstack_copy_attr_atime(dentry->d_inode, lower_dentry->d_inode);
}
out_free_lower_buf:
kfree(lower_buf);
out:
return rc;
}
static int ecryptfs_update_crypt_flag(struct dentry *dentry, int is_sensitive)
{
int rc = 0;
struct dentry *lower_dentry;
struct inode *inode;
struct inode *lower_inode;
struct ecryptfs_crypt_stat *crypt_stat;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
if (!(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED))
ecryptfs_init_crypt_stat(crypt_stat);
inode = dentry->d_inode;
lower_inode = ecryptfs_inode_to_lower(inode);
lower_dentry = ecryptfs_dentry_to_lower(dentry);
mutex_lock(&crypt_stat->cs_mutex);
mount_crypt_stat = &ecryptfs_superblock_to_private(
dentry->d_sb)->mount_crypt_stat;
rc = ecryptfs_get_lower_file(dentry, inode);
if (rc) {
mutex_unlock(&crypt_stat->cs_mutex);
DEK_LOGE("ecryptfs_get_lower_file rc=%d\n", rc);
goto out;
}
if (is_sensitive) {
crypt_stat->flags |= ECRYPTFS_DEK_IS_SENSITIVE;
/*
* Set sensirive for all the pages in the inode
*/
set_sensitive_mapping_pages(inode->i_mapping, 0, -1);
}
else{
crypt_stat->flags &= ~ECRYPTFS_DEK_IS_SENSITIVE;
}
rc = ecryptfs_write_metadata(dentry, inode);
if (rc) {
if (!(mount_crypt_stat->flags
& ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
rc = -EIO;
DEK_LOGE("Either the lower file "
"is not in a valid eCryptfs format, "
"or the key could not be retrieved. "
"Plaintext passthrough mode is not "
"enabled; returning -EIO\n");
mutex_unlock(&crypt_stat->cs_mutex);
DEK_LOGD("ecryptfs_write_metadata rc=%d\n", rc);
goto out;
}
rc = 0;
crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
}
rc = ecryptfs_write_inode_size_to_metadata(inode);
if (rc) {
mutex_unlock(&crypt_stat->cs_mutex);
DEK_LOGE("Problem with "
"ecryptfs_write_inode_size_to_metadata; "
"rc = [%d]\n", rc);
goto out;
}
ecryptfs_put_lower_file(inode);
mutex_unlock(&crypt_stat->cs_mutex);
out:
fsstack_copy_attr_all(inode, lower_inode);
return rc;
}
/**
* ecryptfs_lookup
* @dir: inode
* @dentry: The dentry
* @nd: nameidata, may be NULL
*
* Find a file on disk. If the file does not exist, then we'll add it to the
* dentry cache and continue on to read it from the disk.
*/
static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry,
struct nameidata *nd)
{
int rc = 0;
struct dentry *lower_dir_dentry;
struct dentry *lower_dentry;
struct vfsmount *lower_mnt;
char *encoded_name;
int encoded_namelen;
struct ecryptfs_crypt_stat *crypt_stat = NULL;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
char *page_virt = NULL;
struct inode *lower_inode;
u64 file_size;
lower_dir_dentry = ecryptfs_dentry_to_lower(dentry->d_parent);
dentry->d_op = &ecryptfs_dops;
if ((dentry->d_name.len == 1 && !strcmp(dentry->d_name.name, "."))
|| (dentry->d_name.len == 2
&& !strcmp(dentry->d_name.name, ".."))) {
d_drop(dentry);
goto out;
}
encoded_namelen = ecryptfs_encode_filename(crypt_stat,
dentry->d_name.name,
dentry->d_name.len,
&encoded_name);
if (encoded_namelen < 0) {
rc = encoded_namelen;
d_drop(dentry);
goto out;
}
ecryptfs_printk(KERN_DEBUG, "encoded_name = [%s]; encoded_namelen "
"= [%d]\n", encoded_name, encoded_namelen);
lower_dentry = lookup_one_len(encoded_name, lower_dir_dentry,
encoded_namelen - 1);
kfree(encoded_name);
if (IS_ERR(lower_dentry)) {
ecryptfs_printk(KERN_ERR, "ERR from lower_dentry\n");
rc = PTR_ERR(lower_dentry);
d_drop(dentry);
goto out;
}
lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent));
ecryptfs_printk(KERN_DEBUG, "lower_dentry = [%p]; lower_dentry->"
"d_name.name = [%s]\n", lower_dentry,
lower_dentry->d_name.name);
lower_inode = lower_dentry->d_inode;
fsstack_copy_attr_atime(dir, lower_dir_dentry->d_inode);
BUG_ON(!atomic_read(&lower_dentry->d_count));
ecryptfs_set_dentry_private(dentry,
kmem_cache_alloc(ecryptfs_dentry_info_cache,
GFP_KERNEL));
if (!ecryptfs_dentry_to_private(dentry)) {
rc = -ENOMEM;
ecryptfs_printk(KERN_ERR, "Out of memory whilst attempting "
"to allocate ecryptfs_dentry_info struct\n");
goto out_dput;
}
ecryptfs_set_dentry_lower(dentry, lower_dentry);
ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt);
if (!lower_dentry->d_inode) {
/* We want to add because we couldn't find in lower */
d_add(dentry, NULL);
goto out;
}
rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb,
ECRYPTFS_INTERPOSE_FLAG_D_ADD);
if (rc) {
ecryptfs_printk(KERN_ERR, "Error interposing\n");
goto out;
}
if (S_ISDIR(lower_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "Is a directory; returning\n");
goto out;
}
if (S_ISLNK(lower_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "Is a symlink; returning\n");
goto out;
}
if (special_file(lower_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "Is a special file; returning\n");
goto out;
}
if (!nd) {
ecryptfs_printk(KERN_DEBUG, "We have a NULL nd, just leave"
"as we *think* we are about to unlink\n");
goto out;
}
/* Released in this function */
page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2,
GFP_USER);
if (!page_virt) {
rc = -ENOMEM;
ecryptfs_printk(KERN_ERR,
"Cannot ecryptfs_kmalloc a page\n");
goto out;
}
crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
ecryptfs_set_default_sizes(crypt_stat);
if (!ecryptfs_inode_to_private(dentry->d_inode)->lower_file) {
rc = ecryptfs_init_persistent_file(dentry);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the persistent file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
dentry->d_name.name, rc);
goto out;
}
}
rc = ecryptfs_read_and_validate_header_region(page_virt,
dentry->d_inode);
if (rc) {
rc = ecryptfs_read_and_validate_xattr_region(page_virt, dentry);
if (rc) {
printk(KERN_DEBUG "Valid metadata not found in header "
"region or xattr region; treating file as "
"unencrypted\n");
rc = 0;
kmem_cache_free(ecryptfs_header_cache_2, page_virt);
goto out;
}
crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
}
mount_crypt_stat = &ecryptfs_superblock_to_private(
dentry->d_sb)->mount_crypt_stat;
if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
file_size = (crypt_stat->num_header_bytes_at_front
+ i_size_read(lower_dentry->d_inode));
else
file_size = i_size_read(lower_dentry->d_inode);
} else {
file_size = get_unaligned_be64(page_virt);
}
i_size_write(dentry->d_inode, (loff_t)file_size);
kmem_cache_free(ecryptfs_header_cache_2, page_virt);
goto out;
out_dput:
dput(lower_dentry);
d_drop(dentry);
out:
return ERR_PTR(rc);
}
/**
* ecryptfs_readdir
* @file: The eCryptfs directory file
* @ctx: The actor to feed the entries to
*/
static int ecryptfs_readdir(struct file *file, struct dir_context *ctx)
{
int rc;
struct file *lower_file;
struct inode *inode = file_inode(file);
struct ecryptfs_getdents_callback buf = {
.ctx.actor = ecryptfs_filldir,
.caller = ctx,
.sb = inode->i_sb,
};
lower_file = ecryptfs_file_to_lower(file);
lower_file->f_pos = ctx->pos;
rc = iterate_dir(lower_file, &buf.ctx);
ctx->pos = buf.ctx.pos;
if (rc < 0)
goto out;
if (buf.filldir_called && !buf.entries_written)
goto out;
if (rc >= 0)
fsstack_copy_attr_atime(inode,
file_inode(lower_file));
out:
return rc;
}
struct kmem_cache *ecryptfs_file_info_cache;
static int read_or_initialize_metadata(struct dentry *dentry)
{
struct inode *inode = dentry->d_inode;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
struct ecryptfs_crypt_stat *crypt_stat;
int rc;
crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
mount_crypt_stat = &ecryptfs_superblock_to_private(
inode->i_sb)->mount_crypt_stat;
mutex_lock(&crypt_stat->cs_mutex);
if (crypt_stat->flags & ECRYPTFS_POLICY_APPLIED &&
crypt_stat->flags & ECRYPTFS_KEY_VALID) {
rc = 0;
goto out;
}
rc = ecryptfs_read_metadata(dentry);
if (!rc)
goto out;
if (mount_crypt_stat->flags & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED) {
crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
rc = 0;
goto out;
}
if (!(mount_crypt_stat->flags & ECRYPTFS_XATTR_METADATA_ENABLED) &&
!i_size_read(ecryptfs_inode_to_lower(inode))) {
rc = ecryptfs_initialize_file(dentry, inode);
if (!rc)
goto out;
}
rc = -EIO;
out:
mutex_unlock(&crypt_stat->cs_mutex);
return rc;
}
/**
* ecryptfs_open
* @inode: inode speciying file to open
* @file: Structure to return filled in
*
* Opens the file specified by inode.
*
* Returns zero on success; non-zero otherwise
*/
static int ecryptfs_open(struct inode *inode, struct file *file)
{
int rc = 0;
struct ecryptfs_crypt_stat *crypt_stat = NULL;
struct dentry *ecryptfs_dentry = file->f_path.dentry;
/* Private value of ecryptfs_dentry allocated in
* ecryptfs_lookup() */
struct ecryptfs_file_info *file_info;
/* Released in ecryptfs_release or end of function if failure */
file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL);
ecryptfs_set_file_private(file, file_info);
if (!file_info) {
ecryptfs_printk(KERN_ERR,
"Error attempting to allocate memory\n");
rc = -ENOMEM;
goto out;
}
crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
mutex_lock(&crypt_stat->cs_mutex);
if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) {
ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n");
/* Policy code enabled in future release */
crypt_stat->flags |= (ECRYPTFS_POLICY_APPLIED
| ECRYPTFS_ENCRYPTED);
}
mutex_unlock(&crypt_stat->cs_mutex);
rc = ecryptfs_get_lower_file(ecryptfs_dentry, inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out_free;
}
if ((ecryptfs_inode_to_private(inode)->lower_file->f_flags & O_ACCMODE)
== O_RDONLY && (file->f_flags & O_ACCMODE) != O_RDONLY) {
rc = -EPERM;
printk(KERN_WARNING "%s: Lower file is RO; eCryptfs "
"file must hence be opened RO\n", __func__);
goto out_put;
}
ecryptfs_set_file_lower(
file, ecryptfs_inode_to_private(inode)->lower_file);
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
mutex_lock(&crypt_stat->cs_mutex);
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
mutex_unlock(&crypt_stat->cs_mutex);
rc = 0;
goto out;
}
rc = read_or_initialize_metadata(ecryptfs_dentry);
if (rc)
goto out_put;
ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = "
"[0x%.16lx] size: [0x%.16llx]\n", inode, inode->i_ino,
(unsigned long long)i_size_read(inode));
goto out;
out_put:
ecryptfs_put_lower_file(inode);
out_free:
kmem_cache_free(ecryptfs_file_info_cache,
ecryptfs_file_to_private(file));
out:
return rc;
}
/**
* ecryptfs_open
* @inode: inode speciying file to open
* @file: Structure to return filled in
*
* Opens the file specified by inode.
*
* Returns zero on success; non-zero otherwise
*/
static int ecryptfs_open(struct inode *inode, struct file *file)
{
int rc = 0;
struct ecryptfs_crypt_stat *crypt_stat = NULL;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
struct dentry *ecryptfs_dentry = file->f_path.dentry;
/* Private value of ecryptfs_dentry allocated in
* ecryptfs_lookup() */
struct dentry *lower_dentry;
struct ecryptfs_file_info *file_info;
mount_crypt_stat = &ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
&& ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR)
|| (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC)
|| (file->f_flags & O_APPEND))) {
printk(KERN_WARNING "Mount has encrypted view enabled; "
"files may only be read\n");
rc = -EPERM;
goto out;
}
/* Released in ecryptfs_release or end of function if failure */
file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL);
ecryptfs_set_file_private(file, file_info);
if (!file_info) {
ecryptfs_printk(KERN_ERR,
"Error attempting to allocate memory\n");
rc = -ENOMEM;
goto out;
}
lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
mutex_lock(&crypt_stat->cs_mutex);
if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) {
ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n");
/* Policy code enabled in future release */
crypt_stat->flags |= (ECRYPTFS_POLICY_APPLIED
| ECRYPTFS_ENCRYPTED);
}
mutex_unlock(&crypt_stat->cs_mutex);
rc = ecryptfs_get_lower_file(ecryptfs_dentry, inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out_free;
}
if ((ecryptfs_inode_to_private(inode)->lower_file->f_flags & O_ACCMODE)
== O_RDONLY && (file->f_flags & O_ACCMODE) != O_RDONLY) {
rc = -EPERM;
printk(KERN_WARNING "%s: Lower file is RO; eCryptfs "
"file must hence be opened RO\n", __func__);
goto out_put;
}
ecryptfs_set_file_lower(
file, ecryptfs_inode_to_private(inode)->lower_file);
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
mutex_lock(&crypt_stat->cs_mutex);
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
mutex_unlock(&crypt_stat->cs_mutex);
rc = 0;
goto out;
}
#ifdef CONFIG_WTL_ENCRYPTION_FILTER
if (crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED
&& crypt_stat->flags & ECRYPTFS_POLICY_APPLIED
&& crypt_stat->flags & ECRYPTFS_ENCRYPTED
&& !(crypt_stat->flags & ECRYPTFS_KEY_VALID)
&& !(crypt_stat->flags & ECRYPTFS_KEY_SET)
&& crypt_stat->flags & ECRYPTFS_I_SIZE_INITIALIZED) {
crypt_stat->flags |= ECRYPTFS_ENCRYPTED_OTHER_DEVICE;
}
mutex_lock(&crypt_stat->cs_mutex);
if ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_NEW_PASSTHROUGH)
&& (crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
if (ecryptfs_read_metadata(ecryptfs_dentry)) {
crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
mutex_unlock(&crypt_stat->cs_mutex);
goto out;
}
} else if ((mount_crypt_stat->flags & ECRYPTFS_ENABLE_FILTERING)
&& (crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
struct dentry *fp_dentry =
ecryptfs_inode_to_private(inode)->lower_file->f_dentry;
char filename[NAME_MAX+1] = {0};
if (fp_dentry->d_name.len <= NAME_MAX)
memcpy(filename, fp_dentry->d_name.name,
fp_dentry->d_name.len + 1);
if (is_file_name_match(mount_crypt_stat, fp_dentry)
|| is_file_ext_match(mount_crypt_stat, filename)) {
if (ecryptfs_read_metadata(ecryptfs_dentry))
crypt_stat->flags &=
~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
mutex_unlock(&crypt_stat->cs_mutex);
goto out;
}
}
mutex_unlock(&crypt_stat->cs_mutex);
#endif
mutex_lock(&crypt_stat->cs_mutex);
if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
|| !(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
rc = ecryptfs_read_metadata(ecryptfs_dentry);
if (rc) {
ecryptfs_printk(KERN_DEBUG,
"Valid headers not found\n");
if (!(mount_crypt_stat->flags
& ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
rc = -EIO;
printk(KERN_WARNING "Either the lower file "
"is not in a valid eCryptfs format, "
"or the key could not be retrieved. "
"Plaintext passthrough mode is not "
"enabled; returning -EIO\n");
mutex_unlock(&crypt_stat->cs_mutex);
goto out_put;
}
rc = 0;
crypt_stat->flags &= ~(ECRYPTFS_I_SIZE_INITIALIZED
| ECRYPTFS_ENCRYPTED);
mutex_unlock(&crypt_stat->cs_mutex);
goto out;
}
}
mutex_unlock(&crypt_stat->cs_mutex);
ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = "
"[0x%.16lx] size: [0x%.16llx]\n", inode, inode->i_ino,
(unsigned long long)i_size_read(inode));
goto out;
out_put:
ecryptfs_put_lower_file(inode);
out_free:
kmem_cache_free(ecryptfs_file_info_cache,
ecryptfs_file_to_private(file));
out:
return rc;
}
/**
* ecryptfs_lookup
* @ecryptfs_dir_inode: The eCryptfs directory inode
* @ecryptfs_dentry: The eCryptfs dentry that we are looking up
* @ecryptfs_nd: nameidata; may be NULL
*
* Find a file on disk. If the file does not exist, then we'll add it to the
* dentry cache and continue on to read it from the disk.
*/
static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
struct dentry *ecryptfs_dentry,
struct nameidata *ecryptfs_nd)
{
char *encrypted_and_encoded_name = NULL;
size_t encrypted_and_encoded_name_size;
struct ecryptfs_crypt_stat *crypt_stat = NULL;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL;
struct ecryptfs_inode_info *inode_info;
struct dentry *lower_dir_dentry, *lower_dentry;
int rc = 0;
ecryptfs_dentry->d_op = &ecryptfs_dops;
if ((ecryptfs_dentry->d_name.len == 1
&& !strcmp(ecryptfs_dentry->d_name.name, "."))
|| (ecryptfs_dentry->d_name.len == 2
&& !strcmp(ecryptfs_dentry->d_name.name, ".."))) {
goto out_d_drop;
}
lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent);
lower_dentry = lookup_one_len(ecryptfs_dentry->d_name.name,
lower_dir_dentry,
ecryptfs_dentry->d_name.len);
if (IS_ERR(lower_dentry)) {
rc = PTR_ERR(lower_dentry);
printk(KERN_ERR "%s: lookup_one_len() returned [%d] on "
"lower_dentry = [%s]\n", __func__, rc,
ecryptfs_dentry->d_name.name);
goto out_d_drop;
}
if (lower_dentry->d_inode)
goto lookup_and_interpose;
inode_info = ecryptfs_inode_to_private(ecryptfs_dentry->d_inode);
if (inode_info) {
crypt_stat = &inode_info->crypt_stat;
/* TODO: lock for crypt_stat comparison */
if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
ecryptfs_set_default_sizes(crypt_stat);
}
if (crypt_stat)
mount_crypt_stat = crypt_stat->mount_crypt_stat;
else
mount_crypt_stat = &ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
if (!(crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCRYPT_FILENAMES))
&& !(mount_crypt_stat && (mount_crypt_stat->flags
& ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)))
goto lookup_and_interpose;
dput(lower_dentry);
rc = ecryptfs_encrypt_and_encode_filename(
&encrypted_and_encoded_name, &encrypted_and_encoded_name_size,
crypt_stat, mount_crypt_stat, ecryptfs_dentry->d_name.name,
ecryptfs_dentry->d_name.len);
if (rc) {
printk(KERN_ERR "%s: Error attempting to encrypt and encode "
"filename; rc = [%d]\n", __func__, rc);
goto out_d_drop;
}
lower_dentry = lookup_one_len(encrypted_and_encoded_name,
lower_dir_dentry,
encrypted_and_encoded_name_size - 1);
if (IS_ERR(lower_dentry)) {
rc = PTR_ERR(lower_dentry);
printk(KERN_ERR "%s: lookup_one_len() returned [%d] on "
"lower_dentry = [%s]\n", __func__, rc,
encrypted_and_encoded_name);
goto out_d_drop;
}
lookup_and_interpose:
rc = ecryptfs_lookup_and_interpose_lower(ecryptfs_dentry, lower_dentry,
crypt_stat, ecryptfs_dir_inode,
ecryptfs_nd);
goto out;
out_d_drop:
d_drop(ecryptfs_dentry);
out:
kfree(encrypted_and_encoded_name);
return ERR_PTR(rc);
}
/**
* ecryptfs_open
* @inode: inode speciying file to open
* @file: Structure to return filled in
*
* Opens the file specified by inode.
*
* Returns zero on success; non-zero otherwise
*/
static int ecryptfs_open(struct inode *inode, struct file *file)
{
int rc = 0;
struct ecryptfs_crypt_stat *crypt_stat = NULL;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
struct dentry *ecryptfs_dentry = file->f_path.dentry;
/* Private value of ecryptfs_dentry allocated in
* ecryptfs_lookup() */
struct dentry *lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
struct inode *lower_inode = NULL;
struct file *lower_file = NULL;
struct vfsmount *lower_mnt;
struct ecryptfs_file_info *file_info;
int lower_flags;
/* Released in ecryptfs_release or end of function if failure */
file_info = kmem_cache_alloc(ecryptfs_file_info_cache, GFP_KERNEL);
ecryptfs_set_file_private(file, file_info);
if (!file_info) {
ecryptfs_printk(KERN_ERR,
"Error attempting to allocate memory\n");
rc = -ENOMEM;
goto out;
}
memset(file_info, 0, sizeof(*file_info));
lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
mount_crypt_stat = &ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
mutex_lock(&crypt_stat->cs_mutex);
if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED)) {
ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n");
/* Policy code enabled in future release */
ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED);
ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED);
}
mutex_unlock(&crypt_stat->cs_mutex);
lower_flags = file->f_flags;
if ((lower_flags & O_ACCMODE) == O_WRONLY)
lower_flags = (lower_flags & O_ACCMODE) | O_RDWR;
if (file->f_flags & O_APPEND)
lower_flags &= ~O_APPEND;
lower_mnt = ecryptfs_dentry_to_lower_mnt(ecryptfs_dentry);
/* Corresponding fput() in ecryptfs_release() */
if ((rc = ecryptfs_open_lower_file(&lower_file, lower_dentry, lower_mnt,
lower_flags))) {
ecryptfs_printk(KERN_ERR, "Error opening lower file\n");
goto out_puts;
}
ecryptfs_set_file_lower(file, lower_file);
/* Isn't this check the same as the one in lookup? */
lower_inode = lower_dentry->d_inode;
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED);
rc = 0;
goto out;
}
mutex_lock(&crypt_stat->cs_mutex);
if (i_size_read(lower_inode) < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE) {
if (!(mount_crypt_stat->flags
& ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
rc = -EIO;
printk(KERN_WARNING "Attempt to read file that is "
"not in a valid eCryptfs format, and plaintext "
"passthrough mode is not enabled; returning "
"-EIO\n");
mutex_unlock(&crypt_stat->cs_mutex);
goto out_puts;
}
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
rc = 0;
mutex_unlock(&crypt_stat->cs_mutex);
goto out;
} else if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags,
ECRYPTFS_POLICY_APPLIED)
|| !ECRYPTFS_CHECK_FLAG(crypt_stat->flags,
ECRYPTFS_KEY_VALID)) {
rc = ecryptfs_read_headers(ecryptfs_dentry, lower_file);
if (rc) {
ecryptfs_printk(KERN_DEBUG,
"Valid headers not found\n");
if (!(mount_crypt_stat->flags
& ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
rc = -EIO;
printk(KERN_WARNING "Attempt to read file that "
"is not in a valid eCryptfs format, "
"and plaintext passthrough mode is not "
"enabled; returning -EIO\n");
mutex_unlock(&crypt_stat->cs_mutex);
goto out_puts;
}
ECRYPTFS_CLEAR_FLAG(crypt_stat->flags,
ECRYPTFS_ENCRYPTED);
rc = 0;
mutex_unlock(&crypt_stat->cs_mutex);
goto out;
}
}
mutex_unlock(&crypt_stat->cs_mutex);
ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = [0x%.16x] "
"size: [0x%.16x]\n", inode, inode->i_ino,
i_size_read(inode));
ecryptfs_set_file_lower(file, lower_file);
goto out;
out_puts:
mntput(lower_mnt);
dput(lower_dentry);
kmem_cache_free(ecryptfs_file_info_cache,
ecryptfs_file_to_private(file));
out:
return rc;
}
/**
* ecryptfs_open
* @inode: inode speciying file to open
* @file: Structure to return filled in
*
* Opens the file specified by inode.
*
* Returns zero on success; non-zero otherwise
*/
static int ecryptfs_open(struct inode *inode, struct file *file)
{
int rc = 0;
struct ecryptfs_crypt_stat *crypt_stat = NULL;
struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
struct dentry *ecryptfs_dentry = file->f_path.dentry;
/* Private value of ecryptfs_dentry allocated in
* ecryptfs_lookup() */
struct ecryptfs_file_info *file_info;
mount_crypt_stat = &ecryptfs_superblock_to_private(
ecryptfs_dentry->d_sb)->mount_crypt_stat;
if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
&& ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR)
|| (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC)
|| (file->f_flags & O_APPEND))) {
printk(KERN_WARNING "Mount has encrypted view enabled; "
"files may only be read\n");
rc = -EPERM;
goto out;
}
/* Released in ecryptfs_release or end of function if failure */
file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL);
ecryptfs_set_file_private(file, file_info);
if (!file_info) {
ecryptfs_printk(KERN_ERR,
"Error attempting to allocate memory\n");
rc = -ENOMEM;
goto out;
}
crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
mutex_lock(&crypt_stat->cs_mutex);
if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) {
ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n");
/* Policy code enabled in future release */
crypt_stat->flags |= (ECRYPTFS_POLICY_APPLIED
| ECRYPTFS_ENCRYPTED);
}
mutex_unlock(&crypt_stat->cs_mutex);
rc = ecryptfs_get_lower_file(ecryptfs_dentry, inode);
if (rc) {
printk(KERN_ERR "%s: Error attempting to initialize "
"the lower file for the dentry with name "
"[%s]; rc = [%d]\n", __func__,
ecryptfs_dentry->d_name.name, rc);
goto out_free;
}
if ((ecryptfs_inode_to_private(inode)->lower_file->f_flags & O_ACCMODE)
== O_RDONLY && (file->f_flags & O_ACCMODE) != O_RDONLY) {
rc = -EPERM;
printk(KERN_WARNING "%s: Lower file is RO; eCryptfs "
"file must hence be opened RO\n", __func__);
goto out_put;
}
ecryptfs_set_file_lower(
file, ecryptfs_inode_to_private(inode)->lower_file);
if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
#ifdef CONFIG_SDP
/*
* it's possible to have a sensitive directory. (vault)
*/
if (mount_crypt_stat->flags & ECRYPTFS_MOUNT_SDP_ENABLED)
crypt_stat->flags |= ECRYPTFS_DEK_SDP_ENABLED;
#endif
ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
mutex_lock(&crypt_stat->cs_mutex);
crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
mutex_unlock(&crypt_stat->cs_mutex);
rc = 0;
goto out;
}
rc = read_or_initialize_metadata(ecryptfs_dentry);
if (rc)
goto out_put;
#ifdef CONFIG_SDP
if (crypt_stat->flags & ECRYPTFS_DEK_IS_SENSITIVE) {
if (ecryptfs_is_persona_locked(crypt_stat->userid)) {
ecryptfs_printk(KERN_INFO, "ecryptfs_open: persona is locked, rc=%d\n", rc);
#if 0
if (file->f_flags & O_SDP) {
ecryptfs_printk(KERN_INFO, "ecryptfs_open: O_SDP is set, allow open, rc=%d\n", rc);
mutex_lock(&crypt_stat->cs_mutex);
crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);
mutex_unlock(&crypt_stat->cs_mutex);
} else {
mutex_lock(&crypt_stat->cs_mutex);
crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);
mutex_unlock(&crypt_stat->cs_mutex);
rc = -EACCES;
goto out_put;
}
#endif
} else {
int dek_type = crypt_stat->sdp_dek.type;
ecryptfs_printk(KERN_INFO, "ecryptfs_open: persona is unlocked, rc=%d\n", rc);
if(dek_type != DEK_TYPE_AES_ENC) {
ecryptfs_printk(KERN_DEBUG, "converting dek...\n");
rc = ecryptfs_sdp_convert_dek(ecryptfs_dentry);
ecryptfs_printk(KERN_DEBUG, "conversion ready, rc=%d\n", rc);
rc = 0; // TODO: Do we need to return error if conversion fails?
/*
if(!(file->f_flags & O_SDP)){
ecryptfs_printk(KERN_WARNING, "Busy sensitive file (try again later)\n");
rc = -EBUSY;
goto out_put;
}
*/
}
}
}
#if ECRYPTFS_DEK_DEBUG
else {
ecryptfs_printk(KERN_INFO, "ecryptfs_open: dek_file_type is protected");
}
#endif
#endif
ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = "
"[0x%.16lx] size: [0x%.16llx]\n", inode, inode->i_ino,
(unsigned long long)i_size_read(inode));
goto out;
out_put:
ecryptfs_put_lower_file(inode);
out_free:
kmem_cache_free(ecryptfs_file_info_cache,
ecryptfs_file_to_private(file));
out:
return rc;
}
