kernel_samsung_a53x/fs/crypto/fscrypt_ddar.c

/*
 * fscrypt_ddar.c
 *
 *  Created on: Oct 15, 2018
 *      Author: olic.moon
 */

#include <linux/bio.h>
#include "fscrypt_private.h"

extern int dd_submit_bio(struct dd_info *info, struct bio *bio);

int update_encryption_context_with_dd_policy(
		struct inode *inode,
		const struct dd_policy *policy)
{
	union fscrypt_context ctx;
	int ret;

	dd_info("update encryption context with dd policy ino:%ld flag:%x\n", inode->i_ino, policy->flags);

	/**
	 * i_rwsem needs to be acquired while setting policy so that new files
	 * cannot be created in the directory during or after the empty_dir() check
	 */
	inode_lock(inode);

	ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
	switch (ctx.version) {
	case FSCRYPT_CONTEXT_V1: {
		if (ret == offsetof(struct fscrypt_context_v1, knox_flags)) {
			ctx.v1.knox_flags = 0;
			ret = sizeof(ctx.v1);
		}
		break;
	}
	case FSCRYPT_CONTEXT_V2: {
		if (ret == offsetof(struct fscrypt_context_v2, knox_flags)) {
			ctx.v2.knox_flags = 0;
			ret = sizeof(ctx.v2);
		}
		break;
	}
	}

	if (ret == -ENODATA) {
		dd_error("failed to set dd policy. empty fscrypto context\n");
		ret = -EFAULT;
	} else if (ret == fscrypt_context_size(&ctx)) {
		struct fscrypt_info	*ci = inode->i_crypt_info;
		if (ci && ci->ci_policy.version == FSCRYPT_POLICY_V1) {
			ctx.v1.knox_flags |= policy->flags << FSCRYPT_KNOX_FLG_DDAR_SHIFT & FSCRYPT_KNOX_FLG_DDAR_MASK;
			dd_verbose("fscrypt_context.knox_flag:0x%08x\n", ctx.v1.knox_flags);
		} else if (ci && ci->ci_policy.version == FSCRYPT_POLICY_V2) {
			ctx.v2.knox_flags |= policy->flags << FSCRYPT_KNOX_FLG_DDAR_SHIFT & FSCRYPT_KNOX_FLG_DDAR_MASK;
			dd_verbose("fscrypt_context.knox_flag:0x%08x\n", ctx.v2.knox_flags);
		}
//		ctx.knox_flags |= policy->flags << FSCRYPT_KNOX_FLG_DDAR_SHIFT & FSCRYPT_KNOX_FLG_DDAR_MASK;
//		dd_verbose("fscrypt_context.knox_flag:0x%08x\n", ctx.knox_flags);
		ret = ((int (*)(struct inode*, const char*, const void*, size_t, void *))(inode->i_sb->s_cop->android_oem_data1[1]))(inode, NULL, &ctx, fscrypt_context_size(&ctx), NULL);
		dd_info("result of set knox context for ino(%ld) : %d\n", inode->i_ino, ret);
	} else {
		dd_error("failed to set dd policy. get_context rc:%d\n", ret);
		ret = -EEXIST;
	}

	ret = dd_create_crypt_context(inode, policy, NULL);

	inode_unlock(inode);

	if (!ret) {
		struct dd_crypt_context crypt_context;
		struct fscrypt_info	*ci = inode->i_crypt_info;
		if (!ci) {
			dd_error("failed to alloc dd_info: no fbe policy found\n");
			ret = -EINVAL;
		} else {
			if (dd_read_crypt_context(inode, &crypt_context) != sizeof(struct dd_crypt_context)) {
				dd_error("update_encryption_context_with_dd_policy: failed to read dd crypt context ino:%ld\n", inode->i_ino);
				ret = -EINVAL;
			} else {
				struct ext_fscrypt_info *ext_ci = GET_EXT_CI(ci);
				ext_ci->ci_dd_info = alloc_dd_info(inode, policy, &crypt_context);
				if (IS_ERR(ext_ci->ci_dd_info)) {
					dd_error("failed to alloc dd info:%ld\n", inode->i_ino);
					ret = -ENOMEM;
					ext_ci->ci_dd_info = NULL;
				} else {
					fscrypt_dd_inc_count();
				}
			}
		}
	}
	return ret;
}

int dd_oem_page_crypto_inplace(struct dd_info *info, struct page *page, int dir)
{
	return fscrypt_crypt_block(info->inode,
			(dir == WRITE) ? FS_ENCRYPT:FS_DECRYPT, 0, page, page, PAGE_SIZE, 0, GFP_NOFS);
}

/* { KNOX_SUPPORT_DAR_DUAL_DO */
int fscrypt_dd_has_policy(const struct inode *inode)
{
	struct fscrypt_info *ci = NULL;
	if (!inode)
		return 0;

	ci = inode->i_crypt_info;
	if (ci) {
		struct ext_fscrypt_info *ext_ci = GET_EXT_CI(ci);
		if (ext_ci->ci_dd_info) {
			if (dd_policy_encrypted(ext_ci->ci_dd_info->policy.flags))
				return 1;
		}
	}

	return 0;
}
/* } KNOX_SUPPORT_DAR_DUAL_DO */

int fscrypt_dd_encrypted_inode(const struct inode *inode)
{
	struct fscrypt_info *ci = NULL;
	if (!inode)
		return 0;

	ci = inode->i_crypt_info;
	if (!S_ISREG(inode->i_mode))
		return 0;

	if (ci) {
		struct ext_fscrypt_info *ext_ci = GET_EXT_CI(ci);
		if (ext_ci->ci_dd_info) {
			if (dd_policy_encrypted(ext_ci->ci_dd_info->policy.flags))
				return 1;
		}
	}

	return 0;
}
EXPORT_SYMBOL(fscrypt_dd_encrypted_inode);

#ifdef CONFIG_SDP_KEY_DUMP
int fscrypt_dd_is_traced_inode(const struct inode *inode)
{
	struct fscrypt_info *ci = NULL;
	if (!inode)
		return 0;

	ci = inode->i_crypt_info;
	if (!S_ISREG(inode->i_mode))
		return 0;

	if (ci) {
		struct ext_fscrypt_info *ext_ci = GET_EXT_CI(ci);
		if (ext_ci->ci_dd_info) {
			if (dd_policy_trace_file(ext_ci->ci_dd_info->policy.flags))
				return 1;
		}
	}

	return 0;
}
EXPORT_SYMBOL(fscrypt_dd_is_traced_inode);

void fscrypt_dd_trace_inode(const struct inode *inode)
{
	struct fscrypt_info *ci = NULL;
	if (!inode)
		return;

	ci = inode->i_crypt_info;
	if (ci) {
		struct ext_fscrypt_info *ext_ci = GET_EXT_CI(ci);
		if (ext_ci->ci_dd_info) {
			dd_info("update dd trace policy ino:%ld\n", inode->i_ino);
			ext_ci->ci_dd_info->policy.flags |= DD_POLICY_TRACE_FILE;
		}
	}
}
EXPORT_SYMBOL(fscrypt_dd_trace_inode);
#endif

struct inode *fscrypt_bio_get_inode(const struct bio *bio)
{
	if (!bio)
		return NULL;
	if (!bio_has_data((struct bio *)bio))
		return NULL;
	if (!bio->bi_io_vec)
		return NULL;
	if (!bio->bi_io_vec->bv_page)
		return NULL;

	if (PageAnon(bio->bi_io_vec->bv_page)) {
		struct inode *inode = NULL;

		/* Using direct-io (O_DIRECT) without page cache */
		// SDP - START BLOCK
		// inode = dio_bio_get_inode((struct bio *)bio);
		// dd_verbose("inode on direct-io, inode = 0x%pK.\n", inode);
		// SDP - END BLOCK

		return inode;
	}

	if (!page_mapping(bio->bi_io_vec->bv_page))
		return NULL;

	return page_mapping(bio->bi_io_vec->bv_page)->host;
}

/**
 * prevent merging bios from different files when either is ddar enabled
 */
bool fscrypt_dd_can_merge_bio(struct bio *bio, struct address_space *mapping)
{
	struct dd_info *info1, *info2;

	if (!bio)
		return true;

	info1 = dd_get_info(fscrypt_bio_get_inode(bio));
	info2 = dd_get_info(mapping->host);

	if (info1 || info2) {
		// either is ddar protected
		if (!info1)
			goto err_out;
		if (!info2)
			goto err_out;

		if (info1->ino == info2->ino) {
			dd_verbose("allowing bio merge ino:%ld\n", info1->ino);
			return true;
		}

err_out:
		dd_verbose("disallowing bio merge ino1:%ld ino2:%ld\n",
				info1 ? info1->ino : -1, info2 ? info2->ino : -1);
		return false;
	}

	// none is ddar enabled
	return true;
}

void *dd_get_info(const struct inode *inode)
{
	struct ext_fscrypt_info *ext_ci;

	if (!inode)
		return NULL;

	if (!inode->i_crypt_info)
		return NULL;

	ext_ci = GET_EXT_CI(inode->i_crypt_info);
	return ext_ci->ci_dd_info;
}

int fscrypt_dd_decrypt_page(struct inode *inode, struct page *page)
{
	struct ext_fscrypt_info *ext_ci = GET_EXT_CI(inode->i_crypt_info);
	return dd_page_crypto(ext_ci->ci_dd_info, DD_DECRYPT, page, page);
}

void fscrypt_dd_set_count(long count)
{
	set_ddar_count(count);
}

long fscrypt_dd_get_count(void)
{
	return get_ddar_count();
}

void fscrypt_dd_inc_count(void)
{
	inc_ddar_count();
}

void fscrypt_dd_dec_count(void)
{
	dec_ddar_count();
}

int fscrypt_dd_is_locked(void)
{
	return dd_is_user_deamon_locked();
}

long fscrypt_dd_ioctl(unsigned int cmd, unsigned long *arg, struct inode *inode)
{
	if (inode && S_ISDIR(inode->i_mode) && !fscrypt_has_encryption_key(inode)
			&& (cmd != FS_IOC_GET_DD_INODE_COUNT)) {
		if (fscrypt_prepare_readdir(inode)) {
			return -ENOTTY;
		}
	}

	switch (cmd) {
	case FS_IOC_GET_DD_POLICY: {
		struct dd_info *info;

		if (!fscrypt_dd_encrypted_inode(inode))
			return -ENOENT;

		info = dd_get_info(inode);
		if (copy_to_user((void __user *) (*arg), &info->policy,
				sizeof(struct dd_policy)))
			return -EFAULT;
		return 0;
	}
	case FS_IOC_SET_DD_POLICY: {
		struct dd_policy policy;

		if (fscrypt_dd_encrypted_inode(inode))
			return -EEXIST;

		if (copy_from_user(&policy, (struct dd_policy __user *) (*arg),
				sizeof(policy))) {
			return -EFAULT;
		}

		return update_encryption_context_with_dd_policy(inode, &policy);
	}
	case FS_IOC_GET_DD_INODE_COUNT: {
		long ret = fscrypt_dd_get_count();
		dd_info("FS_IOC_GET_DD_INODE_COUNT - dd_count : %ld", ret);

		if (copy_to_user((void __user *) (*arg), &ret, sizeof(long)))
			return -EFAULT;
		return 0;
	}
	/* { KNOX_SUPPORT_DAR_DUAL_DO */
	case FS_IOC_HAS_DD_POLICY: {
		if (!fscrypt_dd_has_policy(inode)) {
			dd_error("dd policy is not applied (ino:%ld)\n", inode->i_ino);
			return -ENOENT;
		}

		dd_info("dd policy is applied (ino:%ld)\n", inode->i_ino);
		return 0;
	}
	/* } KNOX_SUPPORT_DAR_DUAL_DO */
	}
	return 0;
}

int fscrypt_dd_submit_bio(struct inode *inode, struct bio *bio)
{
	return dd_submit_bio(dd_get_info(inode), bio);
}

int fscrypt_dd_may_submit_bio(struct bio *bio)
{
	struct inode *inode = fscrypt_bio_get_inode(bio);
	if (!fscrypt_dd_encrypted_inode(inode))
		return -EOPNOTSUPP;

	return fscrypt_dd_submit_bio(inode, bio);
}

long fscrypt_dd_get_ino(struct bio *bio)
{
	struct inode *inode = fscrypt_bio_get_inode(bio);
	if (fscrypt_dd_encrypted_inode(inode))
		return inode->i_ino;

	return 0;
}

int fscrypt_dd_encrypted(struct bio *bio)
{
	struct inode *inode = fscrypt_bio_get_inode(bio);
	return fscrypt_dd_encrypted_inode(inode);
}
EXPORT_SYMBOL(fscrypt_dd_encrypted);
Import A536BXXU9EXDC 2024-06-15 21:02:09 +02:00			`/*`
			`* fscrypt_ddar.c`
			`*`
			`* Created on: Oct 15, 2018`
			`* Author: olic.moon`
			`*/`

			`#include <linux/bio.h>`
			`#include "fscrypt_private.h"`

			`extern int dd_submit_bio(struct dd_info info, struct bio bio);`

			`int update_encryption_context_with_dd_policy(`
			`struct inode *inode,`
			`const struct dd_policy *policy)`
			`{`
			`union fscrypt_context ctx;`
			`int ret;`

			`dd_info("update encryption context with dd policy ino:%ld flag:%x\n", inode->i_ino, policy->flags);`

			`/**`
			`* i_rwsem needs to be acquired while setting policy so that new files`
			`* cannot be created in the directory during or after the empty_dir() check`
			`*/`
			`inode_lock(inode);`

			`ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));`
			`switch (ctx.version) {`
			`case FSCRYPT_CONTEXT_V1: {`
			`if (ret == offsetof(struct fscrypt_context_v1, knox_flags)) {`
			`ctx.v1.knox_flags = 0;`
			`ret = sizeof(ctx.v1);`
			`}`
			`break;`
			`}`
			`case FSCRYPT_CONTEXT_V2: {`
			`if (ret == offsetof(struct fscrypt_context_v2, knox_flags)) {`
			`ctx.v2.knox_flags = 0;`
			`ret = sizeof(ctx.v2);`
			`}`
			`break;`
			`}`
			`}`

			`if (ret == -ENODATA) {`
			`dd_error("failed to set dd policy. empty fscrypto context\n");`
			`ret = -EFAULT;`
			`} else if (ret == fscrypt_context_size(&ctx)) {`
			`struct fscrypt_info *ci = inode->i_crypt_info;`
			`if (ci && ci->ci_policy.version == FSCRYPT_POLICY_V1) {`
			`ctx.v1.knox_flags \|= policy->flags << FSCRYPT_KNOX_FLG_DDAR_SHIFT & FSCRYPT_KNOX_FLG_DDAR_MASK;`
			`dd_verbose("fscrypt_context.knox_flag:0x%08x\n", ctx.v1.knox_flags);`
			`} else if (ci && ci->ci_policy.version == FSCRYPT_POLICY_V2) {`
			`ctx.v2.knox_flags \|= policy->flags << FSCRYPT_KNOX_FLG_DDAR_SHIFT & FSCRYPT_KNOX_FLG_DDAR_MASK;`
			`dd_verbose("fscrypt_context.knox_flag:0x%08x\n", ctx.v2.knox_flags);`
			`}`
			`// ctx.knox_flags \|= policy->flags << FSCRYPT_KNOX_FLG_DDAR_SHIFT & FSCRYPT_KNOX_FLG_DDAR_MASK;`
			`// dd_verbose("fscrypt_context.knox_flag:0x%08x\n", ctx.knox_flags);`
			`ret = ((int ()(struct inode, const char, const void, size_t, void *))(inode->i_sb->s_cop->android_oem_data1[1]))(inode, NULL, &ctx, fscrypt_context_size(&ctx), NULL);`
			`dd_info("result of set knox context for ino(%ld) : %d\n", inode->i_ino, ret);`
			`} else {`
			`dd_error("failed to set dd policy. get_context rc:%d\n", ret);`
			`ret = -EEXIST;`
			`}`

			`ret = dd_create_crypt_context(inode, policy, NULL);`

			`inode_unlock(inode);`

			`if (!ret) {`
			`struct dd_crypt_context crypt_context;`
			`struct fscrypt_info *ci = inode->i_crypt_info;`
			`if (!ci) {`
			`dd_error("failed to alloc dd_info: no fbe policy found\n");`
			`ret = -EINVAL;`
			`} else {`
			`if (dd_read_crypt_context(inode, &crypt_context) != sizeof(struct dd_crypt_context)) {`
			`dd_error("update_encryption_context_with_dd_policy: failed to read dd crypt context ino:%ld\n", inode->i_ino);`
			`ret = -EINVAL;`
			`} else {`
			`struct ext_fscrypt_info *ext_ci = GET_EXT_CI(ci);`
			`ext_ci->ci_dd_info = alloc_dd_info(inode, policy, &crypt_context);`
			`if (IS_ERR(ext_ci->ci_dd_info)) {`
			`dd_error("failed to alloc dd info:%ld\n", inode->i_ino);`
			`ret = -ENOMEM;`
			`ext_ci->ci_dd_info = NULL;`
			`} else {`
			`fscrypt_dd_inc_count();`
			`}`
			`}`
			`}`
			`}`
			`return ret;`
			`}`

			`int dd_oem_page_crypto_inplace(struct dd_info info, struct page page, int dir)`
			`{`
			`return fscrypt_crypt_block(info->inode,`
			`(dir == WRITE) ? FS_ENCRYPT:FS_DECRYPT, 0, page, page, PAGE_SIZE, 0, GFP_NOFS);`
			`}`

			`/* { KNOX_SUPPORT_DAR_DUAL_DO */`
			`int fscrypt_dd_has_policy(const struct inode *inode)`
			`{`
			`struct fscrypt_info *ci = NULL;`
			`if (!inode)`
			`return 0;`

			`ci = inode->i_crypt_info;`
			`if (ci) {`
			`struct ext_fscrypt_info *ext_ci = GET_EXT_CI(ci);`
			`if (ext_ci->ci_dd_info) {`
			`if (dd_policy_encrypted(ext_ci->ci_dd_info->policy.flags))`
			`return 1;`
			`}`
			`}`

			`return 0;`
			`}`
			`/* } KNOX_SUPPORT_DAR_DUAL_DO */`

			`int fscrypt_dd_encrypted_inode(const struct inode *inode)`
			`{`
			`struct fscrypt_info *ci = NULL;`
			`if (!inode)`
			`return 0;`

			`ci = inode->i_crypt_info;`
			`if (!S_ISREG(inode->i_mode))`
			`return 0;`

			`if (ci) {`
			`struct ext_fscrypt_info *ext_ci = GET_EXT_CI(ci);`
			`if (ext_ci->ci_dd_info) {`
			`if (dd_policy_encrypted(ext_ci->ci_dd_info->policy.flags))`
			`return 1;`
			`}`
			`}`

			`return 0;`
			`}`
			`EXPORT_SYMBOL(fscrypt_dd_encrypted_inode);`

			`#ifdef CONFIG_SDP_KEY_DUMP`
			`int fscrypt_dd_is_traced_inode(const struct inode *inode)`
			`{`
			`struct fscrypt_info *ci = NULL;`
			`if (!inode)`
			`return 0;`

			`ci = inode->i_crypt_info;`
			`if (!S_ISREG(inode->i_mode))`
			`return 0;`

			`if (ci) {`
			`struct ext_fscrypt_info *ext_ci = GET_EXT_CI(ci);`
			`if (ext_ci->ci_dd_info) {`
			`if (dd_policy_trace_file(ext_ci->ci_dd_info->policy.flags))`
			`return 1;`
			`}`
			`}`

			`return 0;`
			`}`
			`EXPORT_SYMBOL(fscrypt_dd_is_traced_inode);`

			`void fscrypt_dd_trace_inode(const struct inode *inode)`
			`{`
			`struct fscrypt_info *ci = NULL;`
			`if (!inode)`
			`return;`

			`ci = inode->i_crypt_info;`
			`if (ci) {`
			`struct ext_fscrypt_info *ext_ci = GET_EXT_CI(ci);`
			`if (ext_ci->ci_dd_info) {`
			`dd_info("update dd trace policy ino:%ld\n", inode->i_ino);`
			`ext_ci->ci_dd_info->policy.flags \|= DD_POLICY_TRACE_FILE;`
			`}`
			`}`
			`}`
			`EXPORT_SYMBOL(fscrypt_dd_trace_inode);`
			`#endif`

			`struct inode fscrypt_bio_get_inode(const struct bio bio)`
			`{`
			`if (!bio)`
			`return NULL;`
			`if (!bio_has_data((struct bio *)bio))`
			`return NULL;`
			`if (!bio->bi_io_vec)`
			`return NULL;`
			`if (!bio->bi_io_vec->bv_page)`
			`return NULL;`

			`if (PageAnon(bio->bi_io_vec->bv_page)) {`
			`struct inode *inode = NULL;`

			`/* Using direct-io (O_DIRECT) without page cache */`
			`// SDP - START BLOCK`
			`// inode = dio_bio_get_inode((struct bio *)bio);`
			`// dd_verbose("inode on direct-io, inode = 0x%pK.\n", inode);`
			`// SDP - END BLOCK`

			`return inode;`
			`}`

			`if (!page_mapping(bio->bi_io_vec->bv_page))`
			`return NULL;`

			`return page_mapping(bio->bi_io_vec->bv_page)->host;`
			`}`

			`/**`
			`* prevent merging bios from different files when either is ddar enabled`
			`*/`
			`bool fscrypt_dd_can_merge_bio(struct bio bio, struct address_space mapping)`
			`{`
			`struct dd_info info1, info2;`

			`if (!bio)`
			`return true;`

			`info1 = dd_get_info(fscrypt_bio_get_inode(bio));`
			`info2 = dd_get_info(mapping->host);`

			`if (info1 \|\| info2) {`
			`// either is ddar protected`
			`if (!info1)`
			`goto err_out;`
			`if (!info2)`
			`goto err_out;`

			`if (info1->ino == info2->ino) {`
			`dd_verbose("allowing bio merge ino:%ld\n", info1->ino);`
			`return true;`
			`}`

			`err_out:`
			`dd_verbose("disallowing bio merge ino1:%ld ino2:%ld\n",`
			`info1 ? info1->ino : -1, info2 ? info2->ino : -1);`
			`return false;`
			`}`

			`// none is ddar enabled`
			`return true;`
			`}`

			`void dd_get_info(const struct inode inode)`
			`{`
			`struct ext_fscrypt_info *ext_ci;`

			`if (!inode)`
			`return NULL;`

			`if (!inode->i_crypt_info)`
			`return NULL;`

			`ext_ci = GET_EXT_CI(inode->i_crypt_info);`
			`return ext_ci->ci_dd_info;`
			`}`

			`int fscrypt_dd_decrypt_page(struct inode inode, struct page page)`
			`{`
			`struct ext_fscrypt_info *ext_ci = GET_EXT_CI(inode->i_crypt_info);`
			`return dd_page_crypto(ext_ci->ci_dd_info, DD_DECRYPT, page, page);`
			`}`

			`void fscrypt_dd_set_count(long count)`
			`{`
			`set_ddar_count(count);`
			`}`

			`long fscrypt_dd_get_count(void)`
			`{`
			`return get_ddar_count();`
			`}`

			`void fscrypt_dd_inc_count(void)`
			`{`
			`inc_ddar_count();`
			`}`

			`void fscrypt_dd_dec_count(void)`
			`{`
			`dec_ddar_count();`
			`}`

			`int fscrypt_dd_is_locked(void)`
			`{`
			`return dd_is_user_deamon_locked();`
			`}`

			`long fscrypt_dd_ioctl(unsigned int cmd, unsigned long arg, struct inode inode)`
			`{`
			`if (inode && S_ISDIR(inode->i_mode) && !fscrypt_has_encryption_key(inode)`
			`&& (cmd != FS_IOC_GET_DD_INODE_COUNT)) {`
			`if (fscrypt_prepare_readdir(inode)) {`
			`return -ENOTTY;`
			`}`
			`}`

			`switch (cmd) {`
			`case FS_IOC_GET_DD_POLICY: {`
			`struct dd_info *info;`

			`if (!fscrypt_dd_encrypted_inode(inode))`
			`return -ENOENT;`

			`info = dd_get_info(inode);`
			`if (copy_to_user((void __user ) (arg), &info->policy,`
			`sizeof(struct dd_policy)))`
			`return -EFAULT;`
			`return 0;`
			`}`
			`case FS_IOC_SET_DD_POLICY: {`
			`struct dd_policy policy;`

			`if (fscrypt_dd_encrypted_inode(inode))`
			`return -EEXIST;`

			`if (copy_from_user(&policy, (struct dd_policy __user ) (arg),`
			`sizeof(policy))) {`
			`return -EFAULT;`
			`}`

			`return update_encryption_context_with_dd_policy(inode, &policy);`
			`}`
			`case FS_IOC_GET_DD_INODE_COUNT: {`
			`long ret = fscrypt_dd_get_count();`
			`dd_info("FS_IOC_GET_DD_INODE_COUNT - dd_count : %ld", ret);`

			`if (copy_to_user((void __user ) (arg), &ret, sizeof(long)))`
			`return -EFAULT;`
			`return 0;`
			`}`
			`/* { KNOX_SUPPORT_DAR_DUAL_DO */`
			`case FS_IOC_HAS_DD_POLICY: {`
			`if (!fscrypt_dd_has_policy(inode)) {`
			`dd_error("dd policy is not applied (ino:%ld)\n", inode->i_ino);`
			`return -ENOENT;`
			`}`

			`dd_info("dd policy is applied (ino:%ld)\n", inode->i_ino);`
			`return 0;`
			`}`
			`/* } KNOX_SUPPORT_DAR_DUAL_DO */`
			`}`
			`return 0;`
			`}`

			`int fscrypt_dd_submit_bio(struct inode inode, struct bio bio)`
			`{`
			`return dd_submit_bio(dd_get_info(inode), bio);`
			`}`

			`int fscrypt_dd_may_submit_bio(struct bio *bio)`
			`{`
			`struct inode *inode = fscrypt_bio_get_inode(bio);`
			`if (!fscrypt_dd_encrypted_inode(inode))`
			`return -EOPNOTSUPP;`

			`return fscrypt_dd_submit_bio(inode, bio);`
			`}`

			`long fscrypt_dd_get_ino(struct bio *bio)`
			`{`
			`struct inode *inode = fscrypt_bio_get_inode(bio);`
			`if (fscrypt_dd_encrypted_inode(inode))`
			`return inode->i_ino;`

			`return 0;`
			`}`

			`int fscrypt_dd_encrypted(struct bio *bio)`
			`{`
			`struct inode *inode = fscrypt_bio_get_inode(bio);`
			`return fscrypt_dd_encrypted_inode(inode);`
			`}`
			`EXPORT_SYMBOL(fscrypt_dd_encrypted);`