static long dek_do_ioctl_evt(unsigned int minor, unsigned int cmd,
unsigned long arg) {
long ret = 0;
void __user *ubuf = (void __user *)arg;
void *cleanup = NULL;
switch (cmd) {
/*
* Event while booting.
*
* This event comes per persona, the driver is responsible to
* verify things good whether it's compromised.
*/
case DEK_ON_BOOT: {
dek_arg_on_boot *evt = kzalloc(sizeof(dek_arg_on_boot), GFP_KERNEL);
cleanup = evt;
printk("dek: DEK_ON_BOOT\n");
//memset(&evt, 0, sizeof(dek_arg_on_boot));
if(copy_from_user(evt, ubuf, sizeof(dek_arg_on_boot))) {
printk("dek: can't copy from user\n");
ret = -EFAULT;
goto err;
}
if (!dek_is_persona(evt->persona_id)) {
ret = -EFAULT;
goto err;
}
ret = dek_on_boot(evt);
if (ret < 0) {
dek_add_to_log(evt->persona_id, "Boot failed");
goto err;
}
dek_add_to_log(evt->persona_id, "Booted");
break;
}
/*
* Event when device is locked.
*
* Nullify private key which prevents decryption.
*/
case DEK_ON_DEVICE_LOCKED: {
//dek_arg_on_device_locked evt;
dek_arg_on_device_locked *evt = kzalloc(sizeof(dek_arg_on_device_locked), GFP_KERNEL);
cleanup = evt;
printk("dek: DEK_ON_DEVICE_LOCKED\n");
//memset(&evt, 0, sizeof(dek_arg_on_device_locked));
if(copy_from_user(evt, ubuf, sizeof(dek_arg_on_device_locked))) {
printk("dek: can't copy from user\n");
ret = -EFAULT;
goto err;
}
if (!dek_is_persona(evt->persona_id)) {
ret = -EFAULT;
goto err;
}
ret = dek_on_device_locked(evt);
if (ret < 0) {
dek_add_to_log(evt->persona_id, "Lock failed");
goto err;
}
dek_add_to_log(evt->persona_id, "Locked");
printk("dek: after locked for id: %d\n", evt->persona_id);
break;
}
/*
* Event when device unlocked.
*
* Read private key and decrypt with user password.
*/
case DEK_ON_DEVICE_UNLOCKED: {
//dek_arg_on_device_unlocked evt;
dek_arg_on_device_unlocked *evt = kzalloc(sizeof(dek_arg_on_device_unlocked), GFP_KERNEL);
cleanup = evt;
printk("dek: DEK_ON_DEVICE_UNLOCKED\n");
//memset(&evt, 0, sizeof(dek_arg_on_device_unlocked));
if(copy_from_user(evt, ubuf, sizeof(dek_arg_on_device_unlocked))) {
printk("dek: can't copy from user\n");
ret = -EFAULT;
goto err;
}
if (!dek_is_persona(evt->persona_id)) {
ret = -EFAULT;
goto err;
}
ret = dek_on_device_unlocked(evt);
if (ret < 0) {
dek_add_to_log(evt->persona_id, "Unlock failed");
goto err;
}
dek_add_to_log(evt->persona_id, "Unlocked");
memset(evt, 0, sizeof(dek_arg_on_device_unlocked));
break;
}
/*
* Event when new user(persona) added.
*
* Generate RSA public key and encrypt private key with given
* password. Also pub-key and encryped priv-key have to be stored
* in a file system.
*/
case DEK_ON_USER_ADDED: {
//dek_arg_on_user_added evt;
dek_arg_on_user_added *evt = kzalloc(sizeof(dek_arg_on_user_added), GFP_KERNEL);
cleanup = evt;
printk("dek: DEK_ON_USER_ADDED\n");
//memset(&evt, 0, sizeof(dek_arg_on_user_added));
if(copy_from_user(evt, ubuf, sizeof(dek_arg_on_user_added))) {
printk("dek: can't copy from user\n");
ret = -EFAULT;
goto err;
}
if (!dek_is_persona(evt->persona_id)) {
ret = -EFAULT;
goto err;
}
ret = dek_on_user_added(evt);
if (ret < 0) {
dek_add_to_log(evt->persona_id, "Add user failed");
goto err;
}
dek_add_to_log(evt->persona_id, "Added user");
break;
}
/*
* Event when user is removed.
*
* Remove pub-key file & encrypted priv-key file.
*/
case DEK_ON_USER_REMOVED: {
dek_arg_on_user_removed evt;
printk("dek: DEK_ON_USER_REMOVED\n");
memset(&evt, 0, sizeof(dek_arg_on_user_removed));
if(copy_from_user(&evt, ubuf, sizeof(evt))) {
printk("dek: can't copy from user\n");
ret = -EFAULT;
goto err;
}
if (!dek_is_persona(evt.persona_id)) {
ret = -EFAULT;
goto err;
}
ret = dek_on_user_removed(&evt);
if (ret < 0) {
dek_add_to_log(evt.persona_id, "Remove user failed");
goto err;
}
dek_add_to_log(evt.persona_id, "Removed user");
break;
}
/*
* Event when password changed.
*
* Encrypt priv_key with new password and store it.
*/
case DEK_ON_CHANGE_PASSWORD: {
printk("dek: DEK_ON_CHANGE_PASSWORD << deprecated. SKIP\n");
ret = 0;
dek_add_to_log(0, "Changed password << deprecated");
break;
}
default:
printk("dek: case default\n");
ret = -EINVAL;
break;
}
err:
if (cleanup) {
kfree(cleanup);
}
return ret;
}
static long dek_do_ioctl_evt(unsigned int minor, unsigned int cmd,
unsigned long arg) {
long ret = 0;
void __user *ubuf = (void __user *)arg;
void *cleanup = NULL;
unsigned int size;
switch (cmd) {
/*
* Event while booting.
*
* This event comes per persona, the driver is responsible to
* verify things good whether it's compromised.
*/
case DEK_ON_BOOT: {
dek_arg_on_boot *evt = kzalloc(sizeof(dek_arg_on_boot), GFP_KERNEL);
DEK_LOGD("DEK_ON_BOOT\n");
if (evt == NULL) {
ret = -ENOMEM;
goto err;
}
cleanup = evt;
size = sizeof(dek_arg_on_boot);
if(copy_from_user(evt, ubuf, size)) {
DEK_LOGE("can't copy from user evt\n");
ret = -EFAULT;
goto err;
}
ret = dek_on_boot(evt);
if (ret < 0) {
dek_add_to_log(evt->userid, "Boot failed");
goto err;
}
dek_add_to_log(evt->userid, "Booted");
break;
}
/*
* Event when device is locked.
*
* Nullify private key which prevents decryption.
*/
case DEK_ON_DEVICE_LOCKED: {
dek_arg_on_device_locked *evt = kzalloc(sizeof(dek_arg_on_device_locked), GFP_KERNEL);
DEK_LOGD("DEK_ON_DEVICE_LOCKED\n");
if (evt == NULL) {
ret = -ENOMEM;
goto err;
}
cleanup = evt;
size = sizeof(dek_arg_on_device_locked);
if(copy_from_user(evt, ubuf, size)) {
DEK_LOGE("can't copy from user evt\n");
ret = -EFAULT;
goto err;
}
ret = dek_on_device_locked(evt);
if (ret < 0) {
dek_add_to_log(evt->userid, "Lock failed");
goto err;
}
dek_add_to_log(evt->userid, "Locked");
break;
}
/*
* Event when device unlocked.
*
* Read private key and decrypt with user password.
*/
case DEK_ON_DEVICE_UNLOCKED: {
dek_arg_on_device_unlocked *evt = kzalloc(sizeof(dek_arg_on_device_unlocked), GFP_KERNEL);
DEK_LOGD("DEK_ON_DEVICE_UNLOCKED\n");
if (evt == NULL) {
ret = -ENOMEM;
goto err;
}
cleanup = evt;
size = sizeof(dek_arg_on_device_unlocked);
if(copy_from_user(evt, ubuf, size)) {
DEK_LOGE("can't copy from user evt\n");
ret = -EFAULT;
goto err;
}
ret = dek_on_device_unlocked(evt);
if (ret < 0) {
dek_add_to_log(evt->userid, "Unlock failed");
goto err;
}
dek_add_to_log(evt->userid, "Unlocked");
break;
}
/*
* Event when new user(persona) added.
*
* Generate RSA public key and encrypt private key with given
* password. Also pub-key and encryped priv-key have to be stored
* in a file system.
*/
case DEK_ON_USER_ADDED: {
dek_arg_on_user_added *evt = kzalloc(sizeof(dek_arg_on_user_added), GFP_KERNEL);
DEK_LOGD("DEK_ON_USER_ADDED\n");
if (evt == NULL) {
ret = -ENOMEM;
goto err;
}
cleanup = evt;
size = sizeof(dek_arg_on_user_added);
if(copy_from_user(evt, ubuf, size)) {
DEK_LOGE("can't copy from user evt\n");
ret = -EFAULT;
goto err;
}
ret = dek_on_user_added(evt);
if (ret < 0) {
dek_add_to_log(evt->userid, "Add user failed");
goto err;
}
dek_add_to_log(evt->userid, "Added user");
break;
}
/*
* Event when user is removed.
*
* Remove pub-key file & encrypted priv-key file.
*/
case DEK_ON_USER_REMOVED: {
dek_arg_on_user_removed *evt = kzalloc(sizeof(dek_arg_on_user_removed), GFP_KERNEL);
DEK_LOGD("DEK_ON_USER_REMOVED\n");
if (evt == NULL) {
ret = -ENOMEM;
goto err;
}
cleanup = evt;
size = sizeof(dek_arg_on_user_removed);
if(copy_from_user(evt, ubuf, size)) {
DEK_LOGE("can't copy from user evt\n");
ret = -EFAULT;
goto err;
}
ret = dek_on_user_removed(evt);
if (ret < 0) {
dek_add_to_log(evt->userid, "Remove user failed");
goto err;
}
dek_add_to_log(evt->userid, "Removed user");
break;
}
/*
* Event when password changed.
*
* Encrypt SDPK_Rpri with new password and store it.
*/
case DEK_ON_CHANGE_PASSWORD: {
DEK_LOGD("DEK_ON_CHANGE_PASSWORD << deprecated. SKIP\n");
ret = 0;
dek_add_to_log(0, "Changed password << deprecated");
break;
}
case DEK_DISK_CACHE_CLEANUP: {
dek_arg_disk_cache_cleanup *evt = kzalloc(sizeof(dek_arg_disk_cache_cleanup), GFP_KERNEL);
DEK_LOGD("DEK_DISK_CACHE_CLEANUP\n");
if (evt == NULL) {
ret = -ENOMEM;
goto err;
}
cleanup = evt;
size = sizeof(dek_arg_on_user_removed);
if(copy_from_user(evt, ubuf, size)) {
DEK_LOGE("can't copy from user evt\n");
ret = -EFAULT;
goto err;
}
if (!dek_is_persona(evt->userid)) {
DEK_LOGE("%s invalid userid %d\n", __func__, evt->userid);
ret = -EFAULT;
goto err;
}
ecryptfs_mm_drop_cache(evt->userid);
ret = 0;
dek_add_to_log(evt->userid, "Disk cache clean up");
break;
}
default:
DEK_LOGE("%s case default\n", __func__);
ret = -EINVAL;
break;
}
err:
if (cleanup) {
zero_out((char *)cleanup, size);
kfree(cleanup);
}
return ret;
}
