diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/blk_types.h | 7 | ||||
| -rw-r--r-- | include/linux/fs.h | 2 | ||||
| -rw-r--r-- | include/linux/lsm_hooks.h | 7 | ||||
| -rw-r--r-- | include/linux/pft.h | 96 | ||||
| -rw-r--r-- | include/linux/security.h | 21 | ||||
| -rw-r--r-- | include/uapi/linux/Kbuild | 1 | ||||
| -rw-r--r-- | include/uapi/linux/msm_pft.h | 134 |
7 files changed, 268 insertions, 0 deletions
diff --git a/include/linux/blk_types.h b/include/linux/blk_types.h index d32400f5402b..e897f4d3810c 100644 --- a/include/linux/blk_types.h +++ b/include/linux/blk_types.h @@ -88,6 +88,13 @@ struct bio { unsigned short bi_vcnt; /* how many bio_vec's */ /* + * When using dircet-io (O_DIRECT), we can't get the inode from a bio + * by walking bio->bi_io_vec->bv_page->mapping->host + * since the page is anon. + */ + struct inode *bi_dio_inode; + + /* * Everything starting with bi_max_vecs will be preserved by bio_reset() */ diff --git a/include/linux/fs.h b/include/linux/fs.h index 605454ccaa0e..522b582e61c7 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2734,6 +2734,8 @@ static inline void inode_dio_end(struct inode *inode) wake_up_bit(&inode->i_state, __I_DIO_WAKEUP); } +struct inode *dio_bio_get_inode(struct bio *bio); + extern void inode_set_flags(struct inode *inode, unsigned int flags, unsigned int mask); diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index ec3a6bab29de..1919b06f28f4 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1384,6 +1384,8 @@ union security_list_options { size_t *len); int (*inode_create)(struct inode *dir, struct dentry *dentry, umode_t mode); + int (*inode_post_create)(struct inode *dir, struct dentry *dentry, + umode_t mode); int (*inode_link)(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry); int (*inode_unlink)(struct inode *dir, struct dentry *dentry); @@ -1440,6 +1442,8 @@ union security_list_options { struct fown_struct *fown, int sig); int (*file_receive)(struct file *file); int (*file_open)(struct file *file, const struct cred *cred); + int (*file_close)(struct file *file); + bool (*allow_merge_bio)(struct bio *bio1, struct bio *bio2); int (*task_create)(unsigned long clone_flags); void (*task_free)(struct task_struct *task); @@ -1666,6 +1670,7 @@ struct security_hook_heads { struct list_head inode_free_security; struct list_head inode_init_security; struct list_head inode_create; + struct list_head inode_post_create; struct list_head inode_link; struct list_head inode_unlink; struct list_head inode_symlink; @@ -1702,6 +1707,8 @@ struct security_hook_heads { struct list_head file_send_sigiotask; struct list_head file_receive; struct list_head file_open; + struct list_head file_close; + struct list_head allow_merge_bio; struct list_head task_create; struct list_head task_free; struct list_head cred_alloc_blank; diff --git a/include/linux/pft.h b/include/linux/pft.h new file mode 100644 index 000000000000..f2173b89a2a0 --- /dev/null +++ b/include/linux/pft.h @@ -0,0 +1,96 @@ +/* Copyright (c) 2014-2015, The Linux Foundation. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 and + * only version 2 as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef PFT_H_ +#define PFT_H_ + +#include <linux/types.h> +#include <linux/fs.h> +#include <linux/bio.h> + +#ifdef CONFIG_PFT + +/* dm-req-crypt API */ +int pft_get_key_index(struct bio *bio, u32 *key_index, + bool *is_encrypted, bool *is_inplace); + +/* block layer API */ +bool pft_allow_merge_bio(struct bio *bio1, struct bio *bio2); + +/* --- security hooks , called from selinux --- */ +int pft_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode); + +int pft_inode_post_create(struct inode *dir, struct dentry *dentry, + umode_t mode); + +int pft_file_open(struct file *filp, const struct cred *cred); + +int pft_file_permission(struct file *file, int mask); + +int pft_file_close(struct file *filp); + +int pft_inode_unlink(struct inode *dir, struct dentry *dentry); + +int pft_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, + dev_t dev); + +int pft_inode_rename(struct inode *inode, struct dentry *dentry, + struct inode *new_inode, struct dentry *new_dentry); + +int pft_inode_set_xattr(struct dentry *dentry, const char *name, + const void *value, size_t size, int flags); + + +#else +static inline int pft_get_key_index(struct bio *bio, u32 *key_index, + bool *is_encrypted, bool *is_inplace) +{ return -ENODEV; } + +static inline bool pft_allow_merge_bio(struct bio *bio1, struct bio *bio2) +{ return true; } + +static inline int pft_file_permission(struct file *file, int mask) +{ return 0; } + +static inline int pft_inode_create( + struct inode *dir, struct dentry *dentry, umode_t mode) +{ return 0; } + +static inline int pft_inode_post_create( + struct inode *dir, struct dentry *dentry, umode_t mode) +{ return 0; } + +static inline int pft_file_open(struct file *filp, const struct cred *cred) +{ return 0; } + +static inline int pft_file_close(struct file *filp) +{ return 0; } + +static inline int pft_inode_unlink(struct inode *dir, struct dentry *dentry) +{ return 0; } + +static inline int pft_inode_mknod(struct inode *dir, struct dentry *dentry, + umode_t mode, dev_t dev) +{ return 0; } + +static inline int pft_inode_rename(struct inode *inode, struct dentry *dentry, + struct inode *new_inode, struct dentry *new_dentry) +{ return 0; } + +static inline int pft_inode_set_xattr(struct dentry *dentry, const char *name, + const void *value, size_t size, + int flags) +{ return 0; } + +#endif /* CONFIG_PFT */ + +#endif /* PFT_H */ diff --git a/include/linux/security.h b/include/linux/security.h index 2f4c1f7aa7db..3de0302aecf2 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -28,6 +28,7 @@ #include <linux/err.h> #include <linux/string.h> #include <linux/mm.h> +#include <linux/bio.h> struct linux_binprm; struct cred; @@ -244,6 +245,7 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir, const struct qstr *qstr, const char **name, void **value, size_t *len); int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode); +int security_inode_post_create(struct inode *dir, struct dentry *dentry, umode_t mode); int security_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry); int security_inode_unlink(struct inode *dir, struct dentry *dentry); @@ -290,6 +292,8 @@ int security_file_send_sigiotask(struct task_struct *tsk, struct fown_struct *fown, int sig); int security_file_receive(struct file *file); int security_file_open(struct file *file, const struct cred *cred); +int security_file_close(struct file *file); +bool security_allow_merge_bio(struct bio *bio1, struct bio *bio2); int security_task_create(unsigned long clone_flags); void security_task_free(struct task_struct *task); int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); @@ -605,6 +609,13 @@ static inline int security_inode_create(struct inode *dir, return 0; } +static inline int security_inode_post_create(struct inode *dir, + struct dentry *dentry, + umode_t mode) +{ + return 0; +} + static inline int security_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) @@ -810,6 +821,16 @@ static inline int security_file_open(struct file *file, return 0; } +static inline int security_file_close(struct file *file) +{ + return 0; +} + +static inline int security_allow_merge_bio(struct bio *bio1, struct bio *bio2) +{ + return true; +} + static inline int security_task_create(unsigned long clone_flags) { return 0; diff --git a/include/uapi/linux/Kbuild b/include/uapi/linux/Kbuild index 4c0fd6369a76..16b7e327818d 100644 --- a/include/uapi/linux/Kbuild +++ b/include/uapi/linux/Kbuild @@ -302,6 +302,7 @@ header-y += msm_audio_alac.h header-y += msm_audio_ape.h header-y += msm_ion.h header-y += msm_kgsl.h +header-y += msm_pft.h header-y += msm_mdp.h header-y += msm_mdp_ext.h header-y += msm_rmnet.h diff --git a/include/uapi/linux/msm_pft.h b/include/uapi/linux/msm_pft.h new file mode 100644 index 000000000000..1127337eb5de --- /dev/null +++ b/include/uapi/linux/msm_pft.h @@ -0,0 +1,134 @@ +/* Copyright (c) 2014-2015, The Linux Foundation. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 and + * only version 2 as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef MSM_PFT_H_ +#define MSM_PFT_H_ + +#include <linux/types.h> + +/** + * enum pft_command_opcode - PFT driver command ID + * + * @PFT_CMD_OPCODE_SET_STATE - + * command ID to set PFT driver state + * @PFT_CMD_OPCODE_UPDATE_REG_APP_UID - + * command ID to update the list of registered application + * UID + * @PFT_CMD_OPCODE_PERFORM_IN_PLACE_FILE_ENC - + * command ID to perfrom in-place file encryption + */ +enum pft_command_opcode { + PFT_CMD_OPCODE_SET_STATE, + PFT_CMD_OPCODE_UPDATE_REG_APP_UID, + PFT_CMD_OPCODE_PERFORM_IN_PLACE_FILE_ENC, + /* */ + PFT_CMD_OPCODE_MAX_COMMAND_INDEX +}; + +/** + * enum pft_state - PFT driver operational states + * + * @PFT_STATE_DEACTIVATED - driver is deativated. + * @PFT_STATE_DEACTIVATING - driver is in the process of being deativated. + * @PFT_STATE_KEY_REMOVED - driver is active but no encryption key is loaded. + * @PFT_STATE_REMOVING_KEY - driver is active, but the encryption key is being + * removed. + * @PFT_STATE_KEY_LOADED - driver is active, and the encryption key is loaded + * to encryption block, hence registered apps can perform file operations + * on encrypted files. + */ +enum pft_state { + PFT_STATE_DEACTIVATED, + PFT_STATE_DEACTIVATING, + PFT_STATE_KEY_REMOVED, + PFT_STATE_REMOVING_KEY, + PFT_STATE_KEY_LOADED, + /* Internal */ + PFT_STATE_MAX_INDEX +}; + +/** + * enum pft_command_response_code - PFT response on the previous + * command + * + * @PFT_CMD_RESP_SUCCESS - The command was properly processed + * without an error. + * @PFT_CMD_RESP_GENERAL_ERROR - + * Indicates an error that cannot be better described by a + * more specific errors below. + * @PFT_CMD_RESP_INVALID_COMMAND - Invalid or unsupported + * command id. + * @PFT_CMD_RESP_INVALID_CMD_PARAMS - Invalid command + * parameters. + * @PFT_CMD_RESP_INVALID_STATE - Invalid state + * @PFT_CMD_RESP_ALREADY_IN_STATE - Used to indicates that + * the new state is equal to the existing one. + * @PFT_CMD_RESP_INPLACE_FILE_IS_OPEN - Used to indicates + * that the file that should be encrypted is already open + * and can be encrypted. + * @PFT_CMD_RESP_ENT_FILES_CLOSING_FAILURE + * Indicates about failure of the PFT to close Enterprise files + * @PFT_CMD_RESP_MAX_INDEX + */ +enum pft_command_response_code { + PFT_CMD_RESP_SUCCESS, + PFT_CMD_RESP_GENERAL_ERROR, + PFT_CMD_RESP_INVALID_COMMAND, + PFT_CMD_RESP_INVALID_CMD_PARAMS, + PFT_CMD_RESP_INVALID_STATE, + PFT_CMD_RESP_ALREADY_IN_STATE, + PFT_CMD_RESP_INPLACE_FILE_IS_OPEN, + PFT_CMD_RESP_ENT_FILES_CLOSING_FAILURE, + /* Internal */ + PFT_CMD_RESP_MAX_INDEX +}; + +/** + * struct pft_command_response - response structure + * + * @command_id - see enum pft_command_response_code + * @error_codee - see enum pft_command_response_code + */ +struct pft_command_response { + __u32 command_id; + __u32 error_code; +}; + +/** + * struct pft_command - pft command + * + * @opcode - see enum pft_command_opcode. + * @set_state.state - see enum pft_state. + * @update_app_list.count - number of items in the + * registered applications list. + * @update_app_list.table - registered applications array + * @preform_in_place_file_enc.file_descriptor - file descriptor + * of the opened file to be in-placed encrypted. + */ +struct pft_command { + __u32 opcode; + union { + struct { + /* @see pft_state */ + __u32 state; + } set_state; + struct { + __u32 items_count; /* number of items */ + uid_t table[0]; /* array of UIDs */ + } update_app_list; + struct { + __u32 file_descriptor; + } preform_in_place_file_enc; + }; +}; + +#endif /* MSM_PFT_H_ */ |