1 /* 2 * Encryption policy functions for per-file encryption support. 3 * 4 * Copyright (C) 2015, Google, Inc. 5 * Copyright (C) 2015, Motorola Mobility. 6 * 7 * Written by Michael Halcrow, 2015. 8 * Modified by Jaegeuk Kim, 2015. 9 */ 10 11 #include <linux/random.h> 12 #include <linux/string.h> 13 #include <linux/mount.h> 14 #include "fscrypt_private.h" 15 16 static int inode_has_encryption_context(struct inode *inode) 17 { 18 if (!inode->i_sb->s_cop->get_context) 19 return 0; 20 return (inode->i_sb->s_cop->get_context(inode, NULL, 0L) > 0); 21 } 22 23 /* 24 * check whether the policy is consistent with the encryption context 25 * for the inode 26 */ 27 static int is_encryption_context_consistent_with_policy(struct inode *inode, 28 const struct fscrypt_policy *policy) 29 { 30 struct fscrypt_context ctx; 31 int res; 32 33 if (!inode->i_sb->s_cop->get_context) 34 return 0; 35 36 res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); 37 if (res != sizeof(ctx)) 38 return 0; 39 40 return (memcmp(ctx.master_key_descriptor, policy->master_key_descriptor, 41 FS_KEY_DESCRIPTOR_SIZE) == 0 && 42 (ctx.flags == policy->flags) && 43 (ctx.contents_encryption_mode == 44 policy->contents_encryption_mode) && 45 (ctx.filenames_encryption_mode == 46 policy->filenames_encryption_mode)); 47 } 48 49 static int create_encryption_context_from_policy(struct inode *inode, 50 const struct fscrypt_policy *policy) 51 { 52 struct fscrypt_context ctx; 53 int res; 54 55 if (!inode->i_sb->s_cop->set_context) 56 return -EOPNOTSUPP; 57 58 if (inode->i_sb->s_cop->prepare_context) { 59 res = inode->i_sb->s_cop->prepare_context(inode); 60 if (res) 61 return res; 62 } 63 64 ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; 65 memcpy(ctx.master_key_descriptor, policy->master_key_descriptor, 66 FS_KEY_DESCRIPTOR_SIZE); 67 68 if (!fscrypt_valid_contents_enc_mode( 69 policy->contents_encryption_mode)) { 70 printk(KERN_WARNING 71 "%s: Invalid contents encryption mode %d\n", __func__, 72 policy->contents_encryption_mode); 73 return -EINVAL; 74 } 75 76 if (!fscrypt_valid_filenames_enc_mode( 77 policy->filenames_encryption_mode)) { 78 printk(KERN_WARNING 79 "%s: Invalid filenames encryption mode %d\n", __func__, 80 policy->filenames_encryption_mode); 81 return -EINVAL; 82 } 83 84 if (policy->flags & ~FS_POLICY_FLAGS_VALID) 85 return -EINVAL; 86 87 ctx.contents_encryption_mode = policy->contents_encryption_mode; 88 ctx.filenames_encryption_mode = policy->filenames_encryption_mode; 89 ctx.flags = policy->flags; 90 BUILD_BUG_ON(sizeof(ctx.nonce) != FS_KEY_DERIVATION_NONCE_SIZE); 91 get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); 92 93 return inode->i_sb->s_cop->set_context(inode, &ctx, sizeof(ctx), NULL); 94 } 95 96 int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg) 97 { 98 struct fscrypt_policy policy; 99 struct inode *inode = file_inode(filp); 100 int ret; 101 102 if (copy_from_user(&policy, arg, sizeof(policy))) 103 return -EFAULT; 104 105 if (!inode_owner_or_capable(inode)) 106 return -EACCES; 107 108 if (policy.version != 0) 109 return -EINVAL; 110 111 ret = mnt_want_write_file(filp); 112 if (ret) 113 return ret; 114 115 inode_lock(inode); 116 117 if (!inode_has_encryption_context(inode)) { 118 if (!S_ISDIR(inode->i_mode)) 119 ret = -EINVAL; 120 else if (!inode->i_sb->s_cop->empty_dir) 121 ret = -EOPNOTSUPP; 122 else if (!inode->i_sb->s_cop->empty_dir(inode)) 123 ret = -ENOTEMPTY; 124 else 125 ret = create_encryption_context_from_policy(inode, 126 &policy); 127 } else if (!is_encryption_context_consistent_with_policy(inode, 128 &policy)) { 129 printk(KERN_WARNING 130 "%s: Policy inconsistent with encryption context\n", 131 __func__); 132 ret = -EINVAL; 133 } 134 135 inode_unlock(inode); 136 137 mnt_drop_write_file(filp); 138 return ret; 139 } 140 EXPORT_SYMBOL(fscrypt_ioctl_set_policy); 141 142 int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg) 143 { 144 struct inode *inode = file_inode(filp); 145 struct fscrypt_context ctx; 146 struct fscrypt_policy policy; 147 int res; 148 149 if (!inode->i_sb->s_cop->get_context || 150 !inode->i_sb->s_cop->is_encrypted(inode)) 151 return -ENODATA; 152 153 res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); 154 if (res != sizeof(ctx)) 155 return -ENODATA; 156 if (ctx.format != FS_ENCRYPTION_CONTEXT_FORMAT_V1) 157 return -EINVAL; 158 159 policy.version = 0; 160 policy.contents_encryption_mode = ctx.contents_encryption_mode; 161 policy.filenames_encryption_mode = ctx.filenames_encryption_mode; 162 policy.flags = ctx.flags; 163 memcpy(policy.master_key_descriptor, ctx.master_key_descriptor, 164 FS_KEY_DESCRIPTOR_SIZE); 165 166 if (copy_to_user(arg, &policy, sizeof(policy))) 167 return -EFAULT; 168 return 0; 169 } 170 EXPORT_SYMBOL(fscrypt_ioctl_get_policy); 171 172 int fscrypt_has_permitted_context(struct inode *parent, struct inode *child) 173 { 174 struct fscrypt_info *parent_ci, *child_ci; 175 int res; 176 177 if ((parent == NULL) || (child == NULL)) { 178 printk(KERN_ERR "parent %p child %p\n", parent, child); 179 BUG_ON(1); 180 } 181 182 /* No restrictions on file types which are never encrypted */ 183 if (!S_ISREG(child->i_mode) && !S_ISDIR(child->i_mode) && 184 !S_ISLNK(child->i_mode)) 185 return 1; 186 187 /* no restrictions if the parent directory is not encrypted */ 188 if (!parent->i_sb->s_cop->is_encrypted(parent)) 189 return 1; 190 /* if the child directory is not encrypted, this is always a problem */ 191 if (!parent->i_sb->s_cop->is_encrypted(child)) 192 return 0; 193 res = fscrypt_get_encryption_info(parent); 194 if (res) 195 return 0; 196 res = fscrypt_get_encryption_info(child); 197 if (res) 198 return 0; 199 parent_ci = parent->i_crypt_info; 200 child_ci = child->i_crypt_info; 201 if (!parent_ci && !child_ci) 202 return 1; 203 if (!parent_ci || !child_ci) 204 return 0; 205 206 return (memcmp(parent_ci->ci_master_key, 207 child_ci->ci_master_key, 208 FS_KEY_DESCRIPTOR_SIZE) == 0 && 209 (parent_ci->ci_data_mode == child_ci->ci_data_mode) && 210 (parent_ci->ci_filename_mode == child_ci->ci_filename_mode) && 211 (parent_ci->ci_flags == child_ci->ci_flags)); 212 } 213 EXPORT_SYMBOL(fscrypt_has_permitted_context); 214 215 /** 216 * fscrypt_inherit_context() - Sets a child context from its parent 217 * @parent: Parent inode from which the context is inherited. 218 * @child: Child inode that inherits the context from @parent. 219 * @fs_data: private data given by FS. 220 * @preload: preload child i_crypt_info 221 * 222 * Return: Zero on success, non-zero otherwise 223 */ 224 int fscrypt_inherit_context(struct inode *parent, struct inode *child, 225 void *fs_data, bool preload) 226 { 227 struct fscrypt_context ctx; 228 struct fscrypt_info *ci; 229 int res; 230 231 if (!parent->i_sb->s_cop->set_context) 232 return -EOPNOTSUPP; 233 234 res = fscrypt_get_encryption_info(parent); 235 if (res < 0) 236 return res; 237 238 ci = parent->i_crypt_info; 239 if (ci == NULL) 240 return -ENOKEY; 241 242 ctx.format = FS_ENCRYPTION_CONTEXT_FORMAT_V1; 243 if (fscrypt_dummy_context_enabled(parent)) { 244 ctx.contents_encryption_mode = FS_ENCRYPTION_MODE_AES_256_XTS; 245 ctx.filenames_encryption_mode = FS_ENCRYPTION_MODE_AES_256_CTS; 246 ctx.flags = 0; 247 memset(ctx.master_key_descriptor, 0x42, FS_KEY_DESCRIPTOR_SIZE); 248 res = 0; 249 } else { 250 ctx.contents_encryption_mode = ci->ci_data_mode; 251 ctx.filenames_encryption_mode = ci->ci_filename_mode; 252 ctx.flags = ci->ci_flags; 253 memcpy(ctx.master_key_descriptor, ci->ci_master_key, 254 FS_KEY_DESCRIPTOR_SIZE); 255 } 256 get_random_bytes(ctx.nonce, FS_KEY_DERIVATION_NONCE_SIZE); 257 res = parent->i_sb->s_cop->set_context(child, &ctx, 258 sizeof(ctx), fs_data); 259 if (res) 260 return res; 261 return preload ? fscrypt_get_encryption_info(child): 0; 262 } 263 EXPORT_SYMBOL(fscrypt_inherit_context); 264