[PATCH RFC 3/4] fscrypt: add fscrypt_have_same_policy() to check inode's compatibility

From: Sweet Tea Dorminy
Date: Sat Jul 23 2022 - 20:52:54 EST

Next message: Sweet Tea Dorminy: "[PATCH RFC 4/4] fscrypt: Add new encryption policy for btrfs."
Previous message: Sweet Tea Dorminy: "[PATCH RFC 2/4] fscrypt: add flag allowing partially-encrypted directories"
In reply to: Sweet Tea Dorminy: "[PATCH RFC 2/4] fscrypt: add flag allowing partially-encrypted directories"
Next in thread: Sweet Tea Dorminy: "[PATCH RFC 4/4] fscrypt: Add new encryption policy for btrfs."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Omar Sandoval <osandov@xxxxxxxxxxx>

btrfs will have the possibility of encrypted and unencrypted files in
the same directory, and it's important to not allow these two files to
become linked together. Therefore, add a function which allows checking
the encryption policies of two inodes to ensure they are compatible.

Signed-off-by: Omar Sandoval <osandov@xxxxxxxxxxx>
Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@xxxxxxxxxx>
---
fs/crypto/policy.c | 26 ++++++++++++++++++++++++++
include/linux/fscrypt.h | 1 +
2 files changed, 27 insertions(+)

diff --git a/fs/crypto/policy.c b/fs/crypto/policy.c
index 5f858cee1e3b..5763462af9e8 100644
--- a/fs/crypto/policy.c
+++ b/fs/crypto/policy.c
@@ -407,6 +407,32 @@ static int fscrypt_get_policy(struct inode *inode, union fscrypt_policy *policy)
return fscrypt_policy_from_context(policy, &ctx, ret);
}

+/**
+ * fscrypt_have_same_policy() - check whether two inodes have the same policy
+ * @inode1: the first inode
+ * @inode2: the second inode
+ *
+ * Return: %true if equal, else %false
+ */
+int fscrypt_have_same_policy(struct inode *inode1, struct inode *inode2)
+{
+ union fscrypt_policy policy1, policy2;
+ int err;
+
+ if (!IS_ENCRYPTED(inode1) && !IS_ENCRYPTED(inode2))
+ return true;
+ else if (!IS_ENCRYPTED(inode1) || !IS_ENCRYPTED(inode2))
+ return false;
+ err = fscrypt_get_policy(inode1, &policy1);
+ if (err)
+ return err;
+ err = fscrypt_get_policy(inode2, &policy2);
+ if (err)
+ return err;
+ return fscrypt_policies_equal(&policy1, &policy2);
+}
+EXPORT_SYMBOL(fscrypt_have_same_policy);
+
static int set_encryption_policy(struct inode *inode,
const union fscrypt_policy *policy)
{
diff --git a/include/linux/fscrypt.h b/include/linux/fscrypt.h
index fb48961c46f6..1686b25f6d9c 100644
--- a/include/linux/fscrypt.h
+++ b/include/linux/fscrypt.h
@@ -318,6 +318,7 @@ static inline struct page *fscrypt_pagecache_page(struct page *bounce_page)
void fscrypt_free_bounce_page(struct page *bounce_page);

/* policy.c */
+int fscrypt_have_same_policy(struct inode *inode1, struct inode *inode2);
int fscrypt_ioctl_set_policy(struct file *filp, const void __user *arg);
int fscrypt_ioctl_get_policy(struct file *filp, void __user *arg);
int fscrypt_ioctl_get_policy_ex(struct file *filp, void __user *arg);
--
2.35.1

Next message: Sweet Tea Dorminy: "[PATCH RFC 4/4] fscrypt: Add new encryption policy for btrfs."
Previous message: Sweet Tea Dorminy: "[PATCH RFC 2/4] fscrypt: add flag allowing partially-encrypted directories"
In reply to: Sweet Tea Dorminy: "[PATCH RFC 2/4] fscrypt: add flag allowing partially-encrypted directories"
Next in thread: Sweet Tea Dorminy: "[PATCH RFC 4/4] fscrypt: Add new encryption policy for btrfs."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]