ext4 crypto: enforce crypto policy restrictions on cross-renames
authorTheodore Ts'o <tytso@mit.edu>
Sun, 31 May 2015 17:35:09 +0000 (13:35 -0400)
committerTheodore Ts'o <tytso@mit.edu>
Sun, 31 May 2015 17:35:09 +0000 (13:35 -0400)
Thanks to Chao Yu <chao2.yu@samsung.com> for pointing out the need for
this check.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
fs/ext4/namei.c

index 1e7d65d7e6d717562cb3b0cceafdcc0493f41386..401b099e3af3c5de4fd72ed549aa0bdc0ad65ce6 100644 (file)
@@ -3647,6 +3647,15 @@ static int ext4_cross_rename(struct inode *old_dir, struct dentry *old_dentry,
        u8 new_file_type;
        int retval;
 
+       if ((ext4_encrypted_inode(old_dir) ||
+            ext4_encrypted_inode(new_dir)) &&
+           (old_dir != new_dir) &&
+           (!ext4_is_child_context_consistent_with_parent(new_dir,
+                                                          old.inode) ||
+            !ext4_is_child_context_consistent_with_parent(old_dir,
+                                                          new.inode)))
+               return -EPERM;
+
        dquot_initialize(old.dir);
        dquot_initialize(new.dir);