diff options
author | Richard Weinberger <richard@nod.at> | 2016-09-29 20:44:05 +0200 |
---|---|---|
committer | Richard Weinberger <richard@nod.at> | 2016-12-12 23:07:38 +0100 |
commit | 959c2de2b30bd09582392105889f68a96cb94fa4 (patch) | |
tree | 27766bc06529b2f197bc591e4e176e8d63f7999e | |
parent | 700eada82a349f0aeadd43ce4b182b32e4adc5b5 (diff) | |
download | op-kernel-dev-959c2de2b30bd09582392105889f68a96cb94fa4.zip op-kernel-dev-959c2de2b30bd09582392105889f68a96cb94fa4.tar.gz |
ubifs: Enforce crypto policy in mmap
We need this extra check in mmap because a process could
gain an already opened fd.
Signed-off-by: Richard Weinberger <richard@nod.at>
-rw-r--r-- | fs/ubifs/file.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c index a9c5cc6..60e789a 100644 --- a/fs/ubifs/file.c +++ b/fs/ubifs/file.c @@ -1594,6 +1594,15 @@ static const struct vm_operations_struct ubifs_file_vm_ops = { static int ubifs_file_mmap(struct file *file, struct vm_area_struct *vma) { int err; + struct inode *inode = file->f_mapping->host; + + if (ubifs_crypt_is_encrypted(inode)) { + err = fscrypt_get_encryption_info(inode); + if (err) + return -EACCES; + if (!fscrypt_has_encryption_key(inode)) + return -ENOKEY; + } err = generic_file_mmap(file, vma); if (err) |