ANDROID: Incremental fs: Add FS_IOC_MEASURE_VERITY (c1d7e8c5) · Commits · e / devices / android_kernel_teracube_mt6765

fs/incfs/verity.c

+35 −0

Original line number	Diff line number	Diff line
		@@ -460,3 +460,38 @@ int incfs_fsverity_file_open(struct inode inode, struct file filp)

		return 0;
		}

		int incfs_ioctl_measure_verity(struct file filp, void __user _uarg)
		{
		struct inode *inode = file_inode(filp);
		struct mem_range verity_file_digest = incfs_get_verity_digest(inode);
		struct fsverity_digest __user *uarg = _uarg;
		struct fsverity_digest arg;

		if (!verity_file_digest.data \|\| !verity_file_digest.len)
		return -ENODATA; /* not a verity file */

		/*
		* The user specifies the digest_size their buffer has space for; we can
		* return the digest if it fits in the available space. We write back
		* the actual size, which may be shorter than the user-specified size.
		*/

		if (get_user(arg.digest_size, &uarg->digest_size))
		return -EFAULT;
		if (arg.digest_size < verity_file_digest.len)
		return -EOVERFLOW;

		memset(&arg, 0, sizeof(arg));
		arg.digest_algorithm = FS_VERITY_HASH_ALG_SHA256;
		arg.digest_size = verity_file_digest.len;

		if (copy_to_user(uarg, &arg, sizeof(arg)))
		return -EFAULT;

		if (copy_to_user(uarg->digest, verity_file_digest.data,
		verity_file_digest.len))
		return -EFAULT;

		return 0;
		}

+7 −0

Original line number	Diff line number	Diff line
		@@ -12,6 +12,7 @@
		#ifdef CONFIG_FS_VERITY

		int incfs_ioctl_enable_verity(struct file filp, const void __user uarg);
		int incfs_ioctl_measure_verity(struct file filp, void __user _uarg);

		int incfs_fsverity_file_open(struct inode inode, struct file filp);

		@@ -23,6 +24,12 @@ static inline int incfs_ioctl_enable_verity(struct file *filp,
		return -EOPNOTSUPP;
		}

		static inline int incfs_ioctl_measure_verity(struct file *filp,
		void __user *_uarg)
		{
		return -EOPNOTSUPP;
		}

		static inline int incfs_fsverity_file_open(struct inode *inode,
		struct file *filp)
		{

+3 −0

Original line number	Diff line number	Diff line
		@@ -847,6 +847,8 @@ static long dispatch_ioctl(struct file *f, unsigned int req, unsigned long arg)
		return incfs_ioctl_enable_verity(f, (const void __user *)arg);
		case FS_IOC_GETFLAGS:
		return incfs_ioctl_get_flags(f, (void __user *) arg);
		case FS_IOC_MEASURE_VERITY:
		return incfs_ioctl_measure_verity(f, (void __user *)arg);
		default:
		return -EINVAL;
		}
		@@ -865,6 +867,7 @@ static long incfs_compat_ioctl(struct file *file, unsigned int cmd,
		case INCFS_IOC_GET_FILLED_BLOCKS:
		case INCFS_IOC_GET_BLOCK_COUNT:
		case FS_IOC_ENABLE_VERITY:
		case FS_IOC_MEASURE_VERITY:
		break;
		default:
		return -ENOIOCTLCMD;

+8 −0

Original line number	Diff line number	Diff line
		@@ -3859,16 +3859,24 @@ static int validate_verity(const char mount_dir, struct test_file file)
		char *filename = concat_file_name(mount_dir, file->name);
		int fd = -1;
		uint64_t flags;
		struct fsverity_digest *digest;

		TEST(digest = malloc(sizeof(struct fsverity_digest) +
		INCFS_MAX_HASH_SIZE), digest != NULL);
		TEST(filename = concat_file_name(mount_dir, file->name), filename);
		TEST(fd = open(filename, O_RDONLY \| O_CLOEXEC), fd != -1);
		TESTEQUAL(ioctl(fd, FS_IOC_GETFLAGS, &flags), 0);
		TESTEQUAL(flags & FS_VERITY_FL, FS_VERITY_FL);
		digest->digest_size = INCFS_MAX_HASH_SIZE;
		TESTEQUAL(ioctl(fd, FS_IOC_MEASURE_VERITY, digest), 0);
		TESTEQUAL(digest->digest_algorithm, FS_VERITY_HASH_ALG_SHA256);
		TESTEQUAL(digest->digest_size, 32);

		result = TEST_SUCCESS;
		out:
		close(fd);
		free(filename);
		free(digest);
		return result;
		}