Lines Matching +full:parent +full:- +full:child
1 // SPDX-License-Identifier: GPL-2.0
3 * Encryption policy functions for per-file encryption support.
24 return memcmp(ctx->master_key_descriptor, policy->master_key_descriptor, in is_encryption_context_consistent_with_policy()
26 (ctx->flags == policy->flags) && in is_encryption_context_consistent_with_policy()
27 (ctx->contents_encryption_mode == in is_encryption_context_consistent_with_policy()
28 policy->contents_encryption_mode) && in is_encryption_context_consistent_with_policy()
29 (ctx->filenames_encryption_mode == in is_encryption_context_consistent_with_policy()
30 policy->filenames_encryption_mode); in is_encryption_context_consistent_with_policy()
39 memcpy(ctx.master_key_descriptor, policy->master_key_descriptor, in create_encryption_context_from_policy()
42 if (!fscrypt_valid_enc_modes(policy->contents_encryption_mode, in create_encryption_context_from_policy()
43 policy->filenames_encryption_mode)) in create_encryption_context_from_policy()
44 return -EINVAL; in create_encryption_context_from_policy()
46 if (policy->flags & ~FS_POLICY_FLAGS_VALID) in create_encryption_context_from_policy()
47 return -EINVAL; in create_encryption_context_from_policy()
49 ctx.contents_encryption_mode = policy->contents_encryption_mode; in create_encryption_context_from_policy()
50 ctx.filenames_encryption_mode = policy->filenames_encryption_mode; in create_encryption_context_from_policy()
51 ctx.flags = policy->flags; in create_encryption_context_from_policy()
55 return inode->i_sb->s_cop->set_context(inode, &ctx, sizeof(ctx), NULL); in create_encryption_context_from_policy()
66 return -EFAULT; in fscrypt_ioctl_set_policy()
69 return -EACCES; in fscrypt_ioctl_set_policy()
72 return -EINVAL; in fscrypt_ioctl_set_policy()
80 ret = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); in fscrypt_ioctl_set_policy()
81 if (ret == -ENODATA) { in fscrypt_ioctl_set_policy()
82 if (!S_ISDIR(inode->i_mode)) in fscrypt_ioctl_set_policy()
83 ret = -ENOTDIR; in fscrypt_ioctl_set_policy()
85 ret = -ENOENT; in fscrypt_ioctl_set_policy()
86 else if (!inode->i_sb->s_cop->empty_dir(inode)) in fscrypt_ioctl_set_policy()
87 ret = -ENOTEMPTY; in fscrypt_ioctl_set_policy()
96 } else if (ret >= 0 || ret == -ERANGE) { in fscrypt_ioctl_set_policy()
98 ret = -EEXIST; in fscrypt_ioctl_set_policy()
116 return -ENODATA; in fscrypt_ioctl_get_policy()
118 res = inode->i_sb->s_cop->get_context(inode, &ctx, sizeof(ctx)); in fscrypt_ioctl_get_policy()
119 if (res < 0 && res != -ERANGE) in fscrypt_ioctl_get_policy()
122 return -EINVAL; in fscrypt_ioctl_get_policy()
124 return -EINVAL; in fscrypt_ioctl_get_policy()
134 return -EFAULT; in fscrypt_ioctl_get_policy()
140 * fscrypt_has_permitted_context() - is a file's encryption policy permitted
143 * @parent: inode for parent directory
144 * @child: inode for file being looked up, opened, or linked into @parent
147 * situation where the parent directory is encrypted (either before allowing
148 * ->lookup() to succeed, or for a regular file before allowing it to be opened)
152 * same encryption policy. The pre-access check is needed to detect potentially
158 int fscrypt_has_permitted_context(struct inode *parent, struct inode *child) in fscrypt_has_permitted_context() argument
160 const struct fscrypt_operations *cops = parent->i_sb->s_cop; in fscrypt_has_permitted_context()
166 if (!S_ISREG(child->i_mode) && !S_ISDIR(child->i_mode) && in fscrypt_has_permitted_context()
167 !S_ISLNK(child->i_mode)) in fscrypt_has_permitted_context()
170 /* No restrictions if the parent directory is unencrypted */ in fscrypt_has_permitted_context()
171 if (!IS_ENCRYPTED(parent)) in fscrypt_has_permitted_context()
175 if (!IS_ENCRYPTED(child)) in fscrypt_has_permitted_context()
179 * Both parent and child are encrypted, so verify they use the same in fscrypt_has_permitted_context()
185 * Performance-wise this is not a big deal because we already don't in fscrypt_has_permitted_context()
193 res = fscrypt_get_encryption_info(parent); in fscrypt_has_permitted_context()
196 res = fscrypt_get_encryption_info(child); in fscrypt_has_permitted_context()
199 parent_ci = parent->i_crypt_info; in fscrypt_has_permitted_context()
200 child_ci = child->i_crypt_info; in fscrypt_has_permitted_context()
203 return memcmp(parent_ci->ci_master_key, child_ci->ci_master_key, in fscrypt_has_permitted_context()
205 (parent_ci->ci_data_mode == child_ci->ci_data_mode) && in fscrypt_has_permitted_context()
206 (parent_ci->ci_filename_mode == in fscrypt_has_permitted_context()
207 child_ci->ci_filename_mode) && in fscrypt_has_permitted_context()
208 (parent_ci->ci_flags == child_ci->ci_flags); in fscrypt_has_permitted_context()
211 res = cops->get_context(parent, &parent_ctx, sizeof(parent_ctx)); in fscrypt_has_permitted_context()
215 res = cops->get_context(child, &child_ctx, sizeof(child_ctx)); in fscrypt_has_permitted_context()
231 * fscrypt_inherit_context() - Sets a child context from its parent
232 * @parent: Parent inode from which the context is inherited.
233 * @child: Child inode that inherits the context from @parent.
235 * @preload: preload child i_crypt_info if true
237 * Return: 0 on success, -errno on failure
239 int fscrypt_inherit_context(struct inode *parent, struct inode *child, in fscrypt_inherit_context() argument
246 res = fscrypt_get_encryption_info(parent); in fscrypt_inherit_context()
250 ci = parent->i_crypt_info; in fscrypt_inherit_context()
252 return -ENOKEY; in fscrypt_inherit_context()
255 ctx.contents_encryption_mode = ci->ci_data_mode; in fscrypt_inherit_context()
256 ctx.filenames_encryption_mode = ci->ci_filename_mode; in fscrypt_inherit_context()
257 ctx.flags = ci->ci_flags; in fscrypt_inherit_context()
258 memcpy(ctx.master_key_descriptor, ci->ci_master_key, in fscrypt_inherit_context()
262 res = parent->i_sb->s_cop->set_context(child, &ctx, in fscrypt_inherit_context()
266 return preload ? fscrypt_get_encryption_info(child): 0; in fscrypt_inherit_context()