/*
* fscrypt_ddar.c
*
* Created on: Oct 15, 2018
* Author: olic.moon
*/
#include <linux/bio.h>
#include "fscrypt_private.h"
extern int dd_submit_bio(struct dd_info *info, struct bio *bio);
int update_encryption_context_with_dd_policy(
struct inode *inode,
const struct dd_policy *policy)
{
union fscrypt_context ctx;
int ret;
dd_info("update encryption context with dd policy ino:%ld flag:%x\n", inode->i_ino, policy->flags);
/**
* i_rwsem needs to be acquired while setting policy so that new files
* cannot be created in the directory during or after the empty_dir() check
*/
inode_lock(inode);
ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx));
switch (ctx.version) {
case FSCRYPT_CONTEXT_V1: {
if (ret == offsetof(struct fscrypt_context_v1, knox_flags)) {
ctx.v1.knox_flags = 0;
ret = sizeof(ctx.v1);
}
break;
}
case FSCRYPT_CONTEXT_V2: {
if (ret == offsetof(struct fscrypt_context_v2, knox_flags)) {
ctx.v2.knox_flags = 0;
ret = sizeof(ctx.v2);
}
break;
}
}
if (ret == -ENODATA) {
dd_error("failed to set dd policy. empty fscrypto context\n");
ret = -EFAULT;
} else if (ret == fscrypt_context_size(&ctx)) {
struct fscrypt_info *ci = inode->i_crypt_info;
if (ci && ci->ci_policy.version == FSCRYPT_POLICY_V1) {
ctx.v1.knox_flags |= policy->flags << FSCRYPT_KNOX_FLG_DDAR_SHIFT & FSCRYPT_KNOX_FLG_DDAR_MASK;
dd_verbose("fscrypt_context.knox_flag:0x%08x\n", ctx.v1.knox_flags);
} else if (ci && ci->ci_policy.version == FSCRYPT_POLICY_V2) {
ctx.v2.knox_flags |= policy->flags << FSCRYPT_KNOX_FLG_DDAR_SHIFT & FSCRYPT_KNOX_FLG_DDAR_MASK;
dd_verbose("fscrypt_context.knox_flag:0x%08x\n", ctx.v2.knox_flags);
}
// ctx.knox_flags |= policy->flags << FSCRYPT_KNOX_FLG_DDAR_SHIFT & FSCRYPT_KNOX_FLG_DDAR_MASK;
// dd_verbose("fscrypt_context.knox_flag:0x%08x\n", ctx.knox_flags);
ret = ((int (*)(struct inode*, const char*, const void*, size_t, void *))(inode->i_sb->s_cop->android_oem_data1[1]))(inode, NULL, &ctx, fscrypt_context_size(&ctx), NULL);
dd_info("result of set knox context for ino(%ld) : %d\n", inode->i_ino, ret);
} else {
dd_error("failed to set dd policy. get_context rc:%d\n", ret);
ret = -EEXIST;
}
ret = dd_create_crypt_context(inode, policy, NULL);
inode_unlock(inode);
if (!ret) {
struct dd_crypt_context crypt_context;
struct fscrypt_info *ci = inode->i_crypt_info;
if (!ci) {
dd_error("failed to alloc dd_info: no fbe policy found\n");
ret = -EINVAL;
} else {
if (dd_read_crypt_context(inode, &crypt_context) != sizeof(struct dd_crypt_context)) {
dd_error("update_encryption_context_with_dd_policy: failed to read dd crypt context ino:%ld\n", inode->i_ino);
ret = -EINVAL;
} else {
struct ext_fscrypt_info *ext_ci = GET_EXT_CI(ci);
ext_ci->ci_dd_info = alloc_dd_info(inode, policy, &crypt_context);
if (IS_ERR(ext_ci->ci_dd_info)) {
dd_error("failed to alloc dd info:%ld\n", inode->i_ino);
ret = -ENOMEM;
ext_ci->ci_dd_info = NULL;
} else {
fscrypt_dd_inc_count();
}
}
}
}
return ret;
}
int dd_oem_page_crypto_inplace(struct dd_info *info, struct page *page, int dir)
{
return fscrypt_crypt_block(info->inode,
(dir == WRITE) ? FS_ENCRYPT:FS_DECRYPT, 0, page, page, PAGE_SIZE, 0, GFP_NOFS);
}
/* { KNOX_SUPPORT_DAR_DUAL_DO */
int fscrypt_dd_has_policy(const struct inode *inode)
{
struct fscrypt_info *ci = NULL;
if (!inode)
return 0;
ci = inode->i_crypt_info;
if (ci) {
struct ext_fscrypt_info *ext_ci = GET_EXT_CI(ci);
if (ext_ci->ci_dd_info) {
if (dd_policy_encrypted(ext_ci->ci_dd_info->policy.flags))
return 1;
}
}
return 0;
}
/* } KNOX_SUPPORT_DAR_DUAL_DO */
int fscrypt_dd_encrypted_inode(const struct inode *inode)
{
struct fscrypt_info *ci = NULL;
if (!inode)
return 0;
ci = inode->i_crypt_info;
if (!S_ISREG(inode->i_mode))
return 0;
if (ci) {
struct ext_fscrypt_info *ext_ci = GET_EXT_CI(ci);
if (ext_ci->ci_dd_info) {
if (dd_policy_encrypted(ext_ci->ci_dd_info->policy.flags))
return 1;
}
}
return 0;
}
EXPORT_SYMBOL(fscrypt_dd_encrypted_inode);
#ifdef CONFIG_SDP_KEY_DUMP
int fscrypt_dd_is_traced_inode(const struct inode *inode)
{
struct fscrypt_info *ci = NULL;
if (!inode)
return 0;
ci = inode->i_crypt_info;
if (!S_ISREG(inode->i_mode))
return 0;
if (ci) {
struct ext_fscrypt_info *ext_ci = GET_EXT_CI(ci);
if (ext_ci->ci_dd_info) {
if (dd_policy_trace_file(ext_ci->ci_dd_info->policy.flags))
return 1;
}
}
return 0;
}
EXPORT_SYMBOL(fscrypt_dd_is_traced_inode);
void fscrypt_dd_trace_inode(const struct inode *inode)
{
struct fscrypt_info *ci = NULL;
if (!inode)
return;
ci = inode->i_crypt_info;
if (ci) {
struct ext_fscrypt_info *ext_ci = GET_EXT_CI(ci);
if (ext_ci->ci_dd_info) {
dd_info("update dd trace policy ino:%ld\n", inode->i_ino);
ext_ci->ci_dd_info->policy.flags |= DD_POLICY_TRACE_FILE;
}
}
}
EXPORT_SYMBOL(fscrypt_dd_trace_inode);
#endif
struct inode *fscrypt_bio_get_inode(const struct bio *bio)
{
if (!bio)
return NULL;
if (!bio_has_data((struct bio *)bio))
return NULL;
if (!bio->bi_io_vec)
return NULL;
if (!bio->bi_io_vec->bv_page)
return NULL;
if (PageAnon(bio->bi_io_vec->bv_page)) {
struct inode *inode = NULL;
/* Using direct-io (O_DIRECT) without page cache */
// SDP - START BLOCK
// inode = dio_bio_get_inode((struct bio *)bio);
// dd_verbose("inode on direct-io, inode = 0x%pK.\n", inode);
// SDP - END BLOCK
return inode;
}
if (!page_mapping(bio->bi_io_vec->bv_page))
return NULL;
return page_mapping(bio->bi_io_vec->bv_page)->host;
}
/**
* prevent merging bios from different files when either is ddar enabled
*/
bool fscrypt_dd_can_merge_bio(struct bio *bio, struct address_space *mapping)
{
struct dd_info *info1, *info2;
if (!bio)
return true;
info1 = dd_get_info(fscrypt_bio_get_inode(bio));
info2 = dd_get_info(mapping->host);
if (info1 || info2) {
// either is ddar protected
if (!info1)
goto err_out;
if (!info2)
goto err_out;
if (info1->ino == info2->ino) {
dd_verbose("allowing bio merge ino:%ld\n", info1->ino);
return true;
}
err_out:
dd_verbose("disallowing bio merge ino1:%ld ino2:%ld\n",
info1 ? info1->ino : -1, info2 ? info2->ino : -1);
return false;
}
// none is ddar enabled
return true;
}
void *dd_get_info(const struct inode *inode)
{
struct ext_fscrypt_info *ext_ci;
if (!inode)
return NULL;
if (!inode->i_crypt_info)
return NULL;
ext_ci = GET_EXT_CI(inode->i_crypt_info);
return ext_ci->ci_dd_info;
}
int fscrypt_dd_decrypt_page(struct inode *inode, struct page *page)
{
struct ext_fscrypt_info *ext_ci = GET_EXT_CI(inode->i_crypt_info);
return dd_page_crypto(ext_ci->ci_dd_info, DD_DECRYPT, page, page);
}
void fscrypt_dd_set_count(long count)
{
set_ddar_count(count);
}
long fscrypt_dd_get_count(void)
{
return get_ddar_count();
}
void fscrypt_dd_inc_count(void)
{
inc_ddar_count();
}
void fscrypt_dd_dec_count(void)
{
dec_ddar_count();
}
int fscrypt_dd_is_locked(void)
{
return dd_is_user_deamon_locked();
}
long fscrypt_dd_ioctl(unsigned int cmd, unsigned long *arg, struct inode *inode)
{
if (inode && S_ISDIR(inode->i_mode) && !fscrypt_has_encryption_key(inode)
&& (cmd != FS_IOC_GET_DD_INODE_COUNT)) {
if (fscrypt_prepare_readdir(inode)) {
return -ENOTTY;
}
}
switch (cmd) {
case FS_IOC_GET_DD_POLICY: {
struct dd_info *info;
if (!fscrypt_dd_encrypted_inode(inode))
return -ENOENT;
info = dd_get_info(inode);
if (copy_to_user((void __user *) (*arg), &info->policy,
sizeof(struct dd_policy)))
return -EFAULT;
return 0;
}
case FS_IOC_SET_DD_POLICY: {
struct dd_policy policy;
if (fscrypt_dd_encrypted_inode(inode))
return -EEXIST;
if (copy_from_user(&policy, (struct dd_policy __user *) (*arg),
sizeof(policy))) {
return -EFAULT;
}
return update_encryption_context_with_dd_policy(inode, &policy);
}
case FS_IOC_GET_DD_INODE_COUNT: {
long ret = fscrypt_dd_get_count();
dd_info("FS_IOC_GET_DD_INODE_COUNT - dd_count : %ld", ret);
if (copy_to_user((void __user *) (*arg), &ret, sizeof(long)))
return -EFAULT;
return 0;
}
/* { KNOX_SUPPORT_DAR_DUAL_DO */
case FS_IOC_HAS_DD_POLICY: {
if (!fscrypt_dd_has_policy(inode)) {
dd_error("dd policy is not applied (ino:%ld)\n", inode->i_ino);
return -ENOENT;
}
dd_info("dd policy is applied (ino:%ld)\n", inode->i_ino);
return 0;
}
/* } KNOX_SUPPORT_DAR_DUAL_DO */
}
return 0;
}
int fscrypt_dd_submit_bio(struct inode *inode, struct bio *bio)
{
return dd_submit_bio(dd_get_info(inode), bio);
}
int fscrypt_dd_may_submit_bio(struct bio *bio)
{
struct inode *inode = fscrypt_bio_get_inode(bio);
if (!fscrypt_dd_encrypted_inode(inode))
return -EOPNOTSUPP;
return fscrypt_dd_submit_bio(inode, bio);
}
long fscrypt_dd_get_ino(struct bio *bio)
{
struct inode *inode = fscrypt_bio_get_inode(bio);
if (fscrypt_dd_encrypted_inode(inode))
return inode->i_ino;
return 0;
}
int fscrypt_dd_encrypted(struct bio *bio)
{
struct inode *inode = fscrypt_bio_get_inode(bio);
return fscrypt_dd_encrypted_inode(inode);
}
EXPORT_SYMBOL(fscrypt_dd_encrypted);