From 959c2de2b30bd09582392105889f68a96cb94fa4 Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Thu, 29 Sep 2016 20:44:05 +0200 Subject: ubifs: Enforce crypto policy in mmap We need this extra check in mmap because a process could gain an already opened fd. Signed-off-by: Richard Weinberger --- fs/ubifs/file.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'fs') diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c index a9c5cc6c0bc5..60e789a9cac8 100644 --- a/fs/ubifs/file.c +++ b/fs/ubifs/file.c @@ -1594,6 +1594,15 @@ static const struct vm_operations_struct ubifs_file_vm_ops = { static int ubifs_file_mmap(struct file *file, struct vm_area_struct *vma) { int err; + struct inode *inode = file->f_mapping->host; + + if (ubifs_crypt_is_encrypted(inode)) { + err = fscrypt_get_encryption_info(inode); + if (err) + return -EACCES; + if (!fscrypt_has_encryption_key(inode)) + return -ENOKEY; + } err = generic_file_mmap(file, vma); if (err) -- cgit v1.2.3