Merge remote-tracking branch 'origin/upstream-f2fs-stable-linux-4.9.y' into android-4.9

- ``ENOTEMPTY``: the file is unencrypted and is a nonempty directory

- ``ENOTTY``: this type of filesystem does not implement encryption

- ``EOPNOTSUPP``: the kernel was not configured with encryption

  support for this filesystem, or the filesystem superblock has not

  support for filesystems, or the filesystem superblock has not

  had encryption enabled on it.  (For example, to use encryption on an

  ext4 filesystem, CONFIG_EXT4_ENCRYPTION must be enabled in the

  ext4 filesystem, CONFIG_FS_ENCRYPTION must be enabled in the

  kernel config, and the superblock must have had the "encrypt"

  feature flag enabled using ``tune2fs -O encrypt`` or ``mkfs.ext4 -O

  encrypt``.)

- Unencrypted files, or files encrypted with a different encryption

  policy (i.e. different key, modes, or flags), cannot be renamed or

  linked into an encrypted directory; see `Encryption policy

  enforcement`_.  Attempts to do so will fail with EPERM.  However,

  enforcement`_.  Attempts to do so will fail with EXDEV.  However,

  encrypted files can be renamed within an encrypted directory, or

  into an unencrypted directory.

  Note: "moving" an unencrypted file into an encrypted directory, e.g.

  with the `mv` program, is implemented in userspace by a copy

  followed by a delete.  Be aware that the original unencrypted data

  may remain recoverable from free space on the disk; prefer to keep

  all files encrypted from the very beginning.  The `shred` program

  may be used to overwrite the source files but isn't guaranteed to be

  effective on all filesystems and storage devices.

- Direct I/O is not supported on encrypted files.  Attempts to use

  direct I/O on such files will fall back to buffered I/O.

Except for those special files, it is forbidden to have unencrypted

files, or files encrypted with a different encryption policy, in an

encrypted directory tree.  Attempts to link or rename such a file into

an encrypted directory will fail with EPERM.  This is also enforced

an encrypted directory will fail with EXDEV.  This is also enforced

during ->lookup() to provide limited protection against offline

attacks that try to disable or downgrade encryption in known locations

where applications may later write sensitive data.  It is recommended

CONFIG_EXT4_FS=y

CONFIG_EXT4_FS_POSIX_ACL=y

CONFIG_EXT4_FS_SECURITY=y

CONFIG_EXT4_ENCRYPTION=y

CONFIG_FS_ENCRYPTION=y

CONFIG_FANOTIFY=y

CONFIG_FUSE_FS=y

CONFIG_CUSE=y

config FS_ENCRYPTION

	tristate "FS Encryption (Per-file encryption)"

	bool "FS Encryption (Per-file encryption)"

	select CRYPTO

	select CRYPTO_AES

	select CRYPTO_CBC

	select CRYPTO_ECB

	select CRYPTO_XTS

	select CRYPTO_CTS

	select CRYPTO_CTR

	select CRYPTO_SHA256

	select KEYS

	help

	  Enable encryption of files and directories.  This

	  feature is similar to ecryptfs, but it is more memory

	  efficient since it avoids caching the encrypted and

	  decrypted pages in the page cache.

	  decrypted pages in the page cache.  Currently Ext4,

	  F2FS and UBIFS make use of this feature.

#ifndef _FSCRYPT_PRIVATE_H

#define _FSCRYPT_PRIVATE_H

#define __FS_HAS_ENCRYPTION 1

#include <linux/fscrypt.h>

#include <crypto/hash.h>

		return err;

	if (!fscrypt_has_permitted_context(dir, inode))

		return -EPERM;

		return -EXDEV;

	return 0;

}

		if (IS_ENCRYPTED(new_dir) &&

		    !fscrypt_has_permitted_context(new_dir,

						   d_inode(old_dentry)))

			return -EPERM;

			return -EXDEV;

		if ((flags & RENAME_EXCHANGE) &&

		    IS_ENCRYPTED(old_dir) &&

		    !fscrypt_has_permitted_context(old_dir,

						   d_inode(new_dentry)))

			return -EPERM;

			return -EXDEV;

	}

	return 0;

}