diff options
author | Richard Weinberger <richard@nod.at> | 2016-10-20 16:47:56 +0200 |
---|---|---|
committer | Richard Weinberger <richard@nod.at> | 2016-12-12 23:07:38 +0100 |
commit | d475a507457b5cafa428871a473d0dcc828c5f68 (patch) | |
tree | 7f6608195cfc421e6d3d7975cc8b916a55e4a914 /fs/ubifs/dir.c | |
parent | ubifs: Define UBIFS crypto context xattr (diff) | |
download | linux-d475a507457b5cafa428871a473d0dcc828c5f68.tar.xz linux-d475a507457b5cafa428871a473d0dcc828c5f68.zip |
ubifs: Add skeleton for fscrypto
This is the first building block to provide file level
encryption on UBIFS.
Signed-off-by: Richard Weinberger <richard@nod.at>
Diffstat (limited to 'fs/ubifs/dir.c')
-rw-r--r-- | fs/ubifs/dir.c | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 14a226d47f4c..2315cb864c39 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -85,11 +85,26 @@ static int inherit_flags(const struct inode *dir, umode_t mode) * initializes it. Returns new inode in case of success and an error code in * case of failure. */ -struct inode *ubifs_new_inode(struct ubifs_info *c, const struct inode *dir, +struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir, umode_t mode) { + int err; struct inode *inode; struct ubifs_inode *ui; + bool encrypted = false; + + if (ubifs_crypt_is_encrypted(dir)) { + err = fscrypt_get_encryption_info(dir); + if (err) { + ubifs_err(c, "fscrypt_get_encryption_info failed: %i", err); + return ERR_PTR(err); + } + + if (!fscrypt_has_encryption_key(dir)) + return ERR_PTR(-EPERM); + + encrypted = true; + } inode = new_inode(c->vfs_sb); ui = ubifs_inode(inode); @@ -165,6 +180,17 @@ struct inode *ubifs_new_inode(struct ubifs_info *c, const struct inode *dir, */ ui->creat_sqnum = ++c->max_sqnum; spin_unlock(&c->cnt_lock); + + if (encrypted) { + err = fscrypt_inherit_context(dir, inode, &encrypted, true); + if (err) { + ubifs_err(c, "fscrypt_inherit_context failed: %i", err); + make_bad_inode(inode); + iput(inode); + return ERR_PTR(err); + } + } + return inode; } |