alistair23-linux/fs/crypto/hooks.c

/*
 * fs/crypto/hooks.c
 *
 * Encryption hooks for higher-level filesystem operations.
 */

#include <linux/ratelimit.h>
#include "fscrypt_private.h"

/**
 * fscrypt_file_open - prepare to open a possibly-encrypted regular file
 * @inode: the inode being opened
 * @filp: the struct file being set up
 *
 * Currently, an encrypted regular file can only be opened if its encryption key
 * is available; access to the raw encrypted contents is not supported.
 * Therefore, we first set up the inode's encryption key (if not already done)
 * and return an error if it's unavailable.
 *
 * We also verify that if the parent directory (from the path via which the file
 * is being opened) is encrypted, then the inode being opened uses the same
 * encryption policy.  This is needed as part of the enforcement that all files
 * in an encrypted directory tree use the same encryption policy, as a
 * protection against certain types of offline attacks.  Note that this check is
 * needed even when opening an *unencrypted* file, since it's forbidden to have
 * an unencrypted file in an encrypted directory.
 *
 * Return: 0 on success, -ENOKEY if the key is missing, or another -errno code
 */
int fscrypt_file_open(struct inode *inode, struct file *filp)
{
	int err;
	struct dentry *dir;

	err = fscrypt_require_key(inode);
	if (err)
		return err;

	dir = dget_parent(file_dentry(filp));
	if (IS_ENCRYPTED(d_inode(dir)) &&
	    !fscrypt_has_permitted_context(d_inode(dir), inode)) {
		pr_warn_ratelimited("fscrypt: inconsistent encryption contexts: %lu/%lu",
				    d_inode(dir)->i_ino, inode->i_ino);
		err = -EPERM;
	}
	dput(dir);
	return err;
}
EXPORT_SYMBOL_GPL(fscrypt_file_open);

int __fscrypt_prepare_link(struct inode *inode, struct inode *dir)
{
	int err;

	err = fscrypt_require_key(dir);
	if (err)
		return err;

	if (!fscrypt_has_permitted_context(dir, inode))
		return -EPERM;

	return 0;
}
EXPORT_SYMBOL_GPL(__fscrypt_prepare_link);
fscrypt: new helper function - fscrypt_file_open() Add a helper function which prepares to open a regular file which may be encrypted. It handles setting up the file's encryption key, then checking that the file's encryption policy matches that of its parent directory (if the parent directory is encrypted). It may be set as the ->open() method or it can be called from another ->open() method. Acked-by: Dave Chinner <dchinner@redhat.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> 2017-10-09 13:15:40 -06:00			`/*`
			`* fs/crypto/hooks.c`
			`*`
			`* Encryption hooks for higher-level filesystem operations.`
			`*/`

			`#include <linux/ratelimit.h>`
			`#include "fscrypt_private.h"`

			`/**`
			`* fscrypt_file_open - prepare to open a possibly-encrypted regular file`
			`* @inode: the inode being opened`
			`* @filp: the struct file being set up`
			`*`
			`* Currently, an encrypted regular file can only be opened if its encryption key`
			`* is available; access to the raw encrypted contents is not supported.`
			`* Therefore, we first set up the inode's encryption key (if not already done)`
			`* and return an error if it's unavailable.`
			`*`
			`* We also verify that if the parent directory (from the path via which the file`
			`* is being opened) is encrypted, then the inode being opened uses the same`
			`* encryption policy. This is needed as part of the enforcement that all files`
			`* in an encrypted directory tree use the same encryption policy, as a`
			`* protection against certain types of offline attacks. Note that this check is`
			`* needed even when opening an unencrypted file, since it's forbidden to have`
			`* an unencrypted file in an encrypted directory.`
			`*`
			`* Return: 0 on success, -ENOKEY if the key is missing, or another -errno code`
			`*/`
			`int fscrypt_file_open(struct inode inode, struct file filp)`
			`{`
			`int err;`
			`struct dentry *dir;`

			`err = fscrypt_require_key(inode);`
			`if (err)`
			`return err;`

			`dir = dget_parent(file_dentry(filp));`
			`if (IS_ENCRYPTED(d_inode(dir)) &&`
			`!fscrypt_has_permitted_context(d_inode(dir), inode)) {`
			`pr_warn_ratelimited("fscrypt: inconsistent encryption contexts: %lu/%lu",`
			`d_inode(dir)->i_ino, inode->i_ino);`
			`err = -EPERM;`
			`}`
			`dput(dir);`
			`return err;`
			`}`
			`EXPORT_SYMBOL_GPL(fscrypt_file_open);`
fscrypt: new helper function - fscrypt_prepare_link() Introduce a helper function which prepares to link an inode into a possibly-encrypted directory. It handles setting up the target directory's encryption key, then verifying that the link won't violate the constraint that all files in an encrypted directory tree use the same encryption policy. Acked-by: Dave Chinner <dchinner@redhat.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> 2017-10-09 13:15:41 -06:00
			`int __fscrypt_prepare_link(struct inode inode, struct inode dir)`
			`{`
			`int err;`

			`err = fscrypt_require_key(dir);`
			`if (err)`
			`return err;`

			`if (!fscrypt_has_permitted_context(dir, inode))`
			`return -EPERM;`

			`return 0;`
			`}`
			`EXPORT_SYMBOL_GPL(__fscrypt_prepare_link);`