1 /* 2 * Encryption policy functions for per-file encryption support. 3 * 4 * Copyright (C) 2015, Google, Inc. 5 * Copyright (C) 2015, Motorola Mobility. 6 * 7 * Written by Michael Halcrow, 2015. 8 * Modified by Jaegeuk Kim, 2015. 9 */ 10 11 #include <linux/random.h> 12 #include <linux/string.h> 13 #include <linux/mount.h> 14 #include "fscrypt_private.h" 15 16 /* 17 * check whether an encryption policy is consistent with an encryption context 18 */ 19 static bool is_encryption_context_consistent_with_policy( 20 const struct fscrypt_context *ctx, 21 const struct fscrypt_policy *policy) 22 { 23 return memcmp(ctx->master_key_descriptor, policy->master_key_descriptor, 24 FS_KEY_DESCRIPTOR_SIZE) == 0 && 25 (ctx->flags == policy->flags) && 26 (ctx->contents_encryption_mode == 27 policy->contents_encryption_mode) && 28 (ctx->filenames_encryption_mode == 29 policy->filenames_encryption_mode); 30 } 31 32 static int create_encryption_context_from_policy(struct inode *inode, 33 const struct fscrypt_policy *policy) 34 { 35 struct fscrypt_context ctx; 36 int res; 37 38 if (!inode->i_sb->s_cop->set_context) 39 return -EOPNOTSUPP; 40 41 if (inode->i_sb->s_cop->prepare_context) { 42 res = inode->i_sb->s_cop->prepare_context(inode); 43 if (res) 44 return res; 45 } 46 47 ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; 48 memcpy(ctx.master_key_descriptor, policy->master_key_descriptor, 49 FS_KEY_DESCRIPTOR_SIZE); 50 51 if (!fscrypt_valid_contents_enc_mode( 52 policy->contents_encryption_mode)) 53 return -EINVAL; 54 55 if (!fscrypt_valid_filenames_enc_mode( 56 policy->filenames_encryption_mode)) 57 return -EINVAL; 58 59 if (policy->flags & ~FS_POLICY_FLAGS_VALID) 60 return -EINVAL; 61 62 ctx.contents_encryption_mode = policy->contents_encryption_mode; 63 ctx.filenames_encryption_mode = policy->filenames_encryption_mode; 64 ctx.flags = policy->flags; 65 BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE); 66 get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); 67 68 return inode->i_sb->s_cop->set_context(inode, &ctx, sizeof(ctx), NULL); 69 } 70 71 int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg) 72 { 73 struct fscrypt_policy policy; 74 struct inode *inode = file_inode(filp); 75 int ret; 76 struct fscrypt_context ctx; 77 78 if (copy_from_user(&policy, arg, sizeof(policy))) 79 return -EFAULT; 80 81 if (!inode_owner_or_capable(inode)) 82 return -EACCES; 83 84 if (policy.version != 0) 85 return -EINVAL; 86 87 ret = mnt_want_write_file(filp); 88 if (ret) 89 return ret; 90 91 inode_lock(inode); 92 93 ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); 94 if (ret == -ENODATA) { 95 if (!S_ISDIR(inode->i_mode)) 96 ret = -ENOTDIR; 97 else if (!inode->i_sb->s_cop->empty_dir) 98 ret = -EOPNOTSUPP; 99 else if (!inode->i_sb->s_cop->empty_dir(inode)) 100 ret = -ENOTEMPTY; 101 else 102 ret = create_encryption_context_from_policy(inode, 103 &policy); 104 } else if (ret == sizeof(ctx) && 105 is_encryption_context_consistent_with_policy(&ctx, 106 &policy)) { 107 /* The file already uses the same encryption policy. */ 108 ret = 0; 109 } else if (ret >= 0 || ret == -ERANGE) { 110 /* The file already uses a different encryption policy. */ 111 ret = -EEXIST; 112 } 113 114 inode_unlock(inode); 115 116 mnt_drop_write_file(filp); 117 return ret; 118 } 119 EXPORT_SYMBOL(fscrypt_ioctl_set_policy); 120 121 int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg) 122 { 123 struct inode *inode = file_inode(filp); 124 struct fscrypt_context ctx; 125 struct fscrypt_policy policy; 126 int res; 127 128 if (!inode->i_sb->s_cop->get_context || 129 !inode->i_sb->s_cop->is_encrypted(inode)) 130 return -ENODATA; 131 132 res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); 133 if (res < 0 && res != -ERANGE) 134 return res; 135 if (res != sizeof(ctx)) 136 return -EINVAL; 137 if (ctx.format != FS_ENCRYPTION_CONTEXT_FORMAT_V1) 138 return -EINVAL; 139 140 policy.version = 0; 141 policy.contents_encryption_mode = ctx.contents_encryption_mode; 142 policy.filenames_encryption_mode = ctx.filenames_encryption_mode; 143 policy.flags = ctx.flags; 144 memcpy(policy.master_key_descriptor, ctx.master_key_descriptor, 145 FS_KEY_DESCRIPTOR_SIZE); 146 147 if (copy_to_user(arg, &policy, sizeof(policy))) 148 return -EFAULT; 149 return 0; 150 } 151 EXPORT_SYMBOL(fscrypt_ioctl_get_policy); 152 153 int fscrypt_has_permitted_context(struct inode *parent, struct inode *child) 154 { 155 struct fscrypt_info *parent_ci, *child_ci; 156 int res; 157 158 if ((parent == NULL) || (child == NULL)) { 159 printk(KERN_ERR "parent %p child %p\n", parent, child); 160 BUG_ON(1); 161 } 162 163 /* No restrictions on file types which are never encrypted */ 164 if (!S_ISREG(child->i_mode) && !S_ISDIR(child->i_mode) && 165 !S_ISLNK(child->i_mode)) 166 return 1; 167 168 /* no restrictions if the parent directory is not encrypted */ 169 if (!parent->i_sb->s_cop->is_encrypted(parent)) 170 return 1; 171 /* if the child directory is not encrypted, this is always a problem */ 172 if (!parent->i_sb->s_cop->is_encrypted(child)) 173 return 0; 174 res = fscrypt_get_encryption_info(parent); 175 if (res) 176 return 0; 177 res = fscrypt_get_encryption_info(child); 178 if (res) 179 return 0; 180 parent_ci = parent->i_crypt_info; 181 child_ci = child->i_crypt_info; 182 if (!parent_ci && !child_ci) 183 return 1; 184 if (!parent_ci || !child_ci) 185 return 0; 186 187 return (memcmp(parent_ci->ci_master_key, 188 child_ci->ci_master_key, 189 FS_KEY_DESCRIPTOR_SIZE) == 0 && 190 (parent_ci->ci_data_mode == child_ci->ci_data_mode) && 191 (parent_ci->ci_filename_mode == child_ci->ci_filename_mode) && 192 (parent_ci->ci_flags == child_ci->ci_flags)); 193 } 194 EXPORT_SYMBOL(fscrypt_has_permitted_context); 195 196 /** 197 * fscrypt_inherit_context() - Sets a child context from its parent 198 * @parent: Parent inode from which the context is inherited. 199 * @child: Child inode that inherits the context from @parent. 200 * @fs_data: private data given by FS. 201 * @preload: preload child i_crypt_info if true 202 * 203 * Return: 0 on success, -errno on failure 204 */ 205 int fscrypt_inherit_context(struct inode *parent, struct inode *child, 206 void *fs_data, bool preload) 207 { 208 struct fscrypt_context ctx; 209 struct fscrypt_info *ci; 210 int res; 211 212 if (!parent->i_sb->s_cop->set_context) 213 return -EOPNOTSUPP; 214 215 res = fscrypt_get_encryption_info(parent); 216 if (res < 0) 217 return res; 218 219 ci = parent->i_crypt_info; 220 if (ci == NULL) 221 return -ENOKEY; 222 223 ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; 224 ctx.contents_encryption_mode = ci->ci_data_mode; 225 ctx.filenames_encryption_mode = ci->ci_filename_mode; 226 ctx.flags = ci->ci_flags; 227 memcpy(ctx.master_key_descriptor, ci->ci_master_key, 228 FS_KEY_DESCRIPTOR_SIZE); 229 get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); 230 res = parent->i_sb->s_cop->set_context(child, &ctx, 231 sizeof(ctx), fs_data); 232 if (res) 233 return res; 234 return preload ? fscrypt_get_encryption_info(child): 0; 235 } 236 EXPORT_SYMBOL(fscrypt_inherit_context); 237