ubifs: Enforce crypto policy in mmap
authorRichard Weinberger <richard@nod.at>
Thu, 29 Sep 2016 18:44:05 +0000 (20:44 +0200)
committerRichard Weinberger <richard@nod.at>
Mon, 12 Dec 2016 22:07:38 +0000 (23:07 +0100)
We need this extra check in mmap because a process could
gain an already opened fd.

Signed-off-by: Richard Weinberger <richard@nod.at>
fs/ubifs/file.c

index a9c5cc6c0bc58950cf9f57cff8c89d9ce33b9c43..60e789a9cac85f142d093b472a51aeee7cbf08c4 100644 (file)
@@ -1594,6 +1594,15 @@ static const struct vm_operations_struct ubifs_file_vm_ops = {
 static int ubifs_file_mmap(struct file *file, struct vm_area_struct *vma)
 {
        int err;
+       struct inode *inode = file->f_mapping->host;
+
+       if (ubifs_crypt_is_encrypted(inode)) {
+               err = fscrypt_get_encryption_info(inode);
+               if (err)
+                       return -EACCES;
+               if (!fscrypt_has_encryption_key(inode))
+                       return -ENOKEY;
+       }
 
        err = generic_file_mmap(file, vma);
        if (err)