struct group_info *groups_alloc(int gidsetsize){ struct group_info *group_info; int nblocks; int i; nblocks = (gidsetsize + NGROUPS_PER_BLOCK - 1) / NGROUPS_PER_BLOCK; /* Make sure we always allocate at least one indirect block pointer */ nblocks = nblocks ? : 1; group_info = kmalloc(sizeof(*group_info) + nblocks*sizeof(gid_t *), GFP_USER); if (!group_info) return NULL; group_info->ngroups = gidsetsize; group_info->nblocks = nblocks; atomic_set(&group_info->usage, 1); if (gidsetsize <= NGROUPS_SMALL) group_info->blocks[0] = group_info->small_block; else { for (i = 0; i < nblocks; i++) { gid_t *b; b = (void *)__get_free_page(GFP_USER); if (!b) goto out_undo_partial_alloc; group_info->blocks[i] = b; } } return group_info; out_undo_partial_alloc: while (--i >= 0) { free_page((unsigned long)group_info->blocks[i]); } kfree(group_info); return NULL; } EXPORT_SYMBOL(groups_alloc); void groups_free(struct group_info *group_info) { if (group_info->blocks[0] != group_info->small_block) { int i; for (i = 0; i < group_info->nblocks; i++) free_page((unsigned long)group_info->blocks[i]); } kfree(group_info); } EXPORT_SYMBOL(groups_free); /* export the group_info to a user-space array */ static int groups_to_user(gid_t __user *grouplist, const struct group_info *group_info) { int i; unsigned int count = group_info->ngroups; for (i = 0; i < group_info->nblocks; i++) { unsigned int cp_count = min(NGROUPS_PER_BLOCK, count); unsigned int len = cp_count * sizeof(*grouplist); if (copy_to_user(grouplist, group_info->blocks[i], len)) return -EFAULT; grouplist += NGROUPS_PER_BLOCK; count -= cp_count; } return 0; } /* fill a group_info from a user-space array - it must be allocated already */ static int groups_from_user(struct group_info *group_info, gid_t __user *grouplist) { int i; unsigned int count = group_info->ngroups; for (i = 0; i < group_info->nblocks; i++) { unsigned int cp_count = min(NGROUPS_PER_BLOCK, count); unsigned int len = cp_count * sizeof(*grouplist); if (copy_from_user(group_info->blocks[i], grouplist, len)) return -EFAULT; grouplist += NGROUPS_PER_BLOCK; count -= cp_count; } return 0; } /* a simple Shell sort */ static void groups_sort(struct group_info *group_info) { int base, max, stride; int gidsetsize = group_info->ngroups; for (stride = 1; stride < gidsetsize; stride = 3 * stride + 1) ; /* nothing */ stride /= 3; while (stride) { max = gidsetsize - stride; for (base = 0; base < max; base++) { int left = base; int right = left + stride; gid_t tmp = GROUP_AT(group_info, right); while (left >= 0 && GROUP_AT(group_info, left) > tmp) { GROUP_AT(group_info, right) = GROUP_AT(group_info, left); right = left; left -= stride; } GROUP_AT(group_info, right) = tmp; } stride /= 3; } } /* a simple bsearch */ int groups_search(const struct group_info *group_info, gid_t grp) { unsigned int left, right; if (!group_info) return 0; left = 0; right = group_info->ngroups; while (left < right) { unsigned int mid = left + (right - left)/2; if (grp > GROUP_AT(group_info, mid)) left = mid + 1; else if (grp < GROUP_AT(group_info, mid)) right = mid; else return 1; } return 0; } /** * set_groups - Change a group subscription in a set of credentials * @new: The newly prepared set of credentials to alter * @group_info: The group list to install * * Validate a group subscription and, if valid, insert it into a set * of credentials. */ int set_groups(struct cred *new, struct group_info *group_info) { put_group_info(new->group_info); groups_sort(group_info); get_group_info(group_info); new->group_info = group_info; return 0; } EXPORT_SYMBOL(set_groups); /** * set_current_groups - Change current's group subscription * @group_info: The group list to impose * * Validate a group subscription and, if valid, impose it upon current's task * security record. */ int set_current_groups(struct group_info *group_info) { struct cred *new; int ret; new = prepare_creds(); if (!new) return -ENOMEM; ret = set_groups(new, group_info); if (ret < 0) { abort_creds(new); return ret; } return commit_creds(new); } EXPORT_SYMBOL(set_current_groups); SYSCALL_DEFINE2(getgroups, int, gidsetsize, gid_t __user *, grouplist) { const struct cred *cred = current_cred(); int i; if (gidsetsize < 0) return -EINVAL; /* no need to grab task_lock here; it cannot change */ i = cred->group_info->ngroups; if (gidsetsize) { if (i > gidsetsize) { i = -EINVAL; goto out; } if (groups_to_user(grouplist, cred->group_info)) { i = -EFAULT; goto out; } } out: return i; } /* * SMP: Our groups are copy-on-write. We can set them safely * without another task interfering. */ SYSCALL_DEFINE2(setgroups, int, gidsetsize, gid_t __user *, grouplist) { struct group_info *group_info; int retval; if (!nsown_capable(CAP_SETGID)) return -EPERM; if ((unsigned)gidsetsize > NGROUPS_MAX) return -EINVAL; group_info = groups_alloc(gidsetsize); if (!group_info) return -ENOMEM; retval = groups_from_user(group_info, grouplist); if (retval) { put_group_info(group_info); return retval; } retval = set_current_groups(group_info); put_group_info(group_info); return retval; } /* * Check whether we're fsgid/egid or in the supplemental group.. */ int in_group_p(gid_t grp) { const struct cred *cred = current_cred(); int retval = 1; if (grp != cred->fsgid) retval = groups_search(cred->group_info, grp); return retval; } EXPORT_SYMBOL(in_group_p); int in_egroup_p(gid_t grp) { const struct cred *cred = current_cred(); int retval = 1; if (grp != cred->egid) retval = groups_search(cred->group_info, grp); return retval; }

Zero knowledge client side end-to-end encryption

Find out how our user controlled zero knowledge end-to-end encryption works under the hood and what we do to protect your data.

Security and privacy

What we do to protect your data.

AES-GCM 256-bit

Cipher

Advanced Encryption Standard

Our encryption process is based on our implementation of the highly secure symmetric encryption algorithm AES-256. AES is widely considered to be one of the strongest encryption methods available today.

Quantum resistant

The latest research has shown that the AES 256-bit file encryption used is considered to be quantum resistant.

AES Analysis PDF

🇩🇪  National data protection law

Our headquarters and all of our servers are located in Germany and fall under all strict European & german data protection laws.

“The right to informational privacy, i.e. the right of every person to determine how their personal data is used or disclosed, is part of the general right to free development of one's personality under Article 2 (1) in conjunction with Article 1 (1) of the Basic Law.”

German Federal Ministry of the Interior and Community, 2024

Physical and digital security

All of our servers actually belong to us. They are located exclusively in Tier III-IV ISO27001 certified colocation data centers spread across Germany.

Datacenter

Transparency

Client side encryption is only as safe as the code behind it. Verify yourself how our encryption works under the hood.

Open source

Paradoxically, security and privacy do not work without transparency. To show everyone how our encryption works, we released all our apps under the AGPL v3 open source license.

img

Trusted by people all over the world

We are a constantly growing team of experienced privacy enthusiast, developers, entrepreneurs, marketing and sales experts.

4+

Years in the business trying to make the world a little more private.

625K+

People used our products and gave us their trust.

23 PB+

of data stored on our in-house servers located in Germany.

0

Data leaks and financiers in the background.

Frequently asked Questions

Where is Filen based?
When was Filen founded?
What values does Filen prioritize?
What sets Filen apart from other cloud storage providers?
Is Filen safe, private and secure?
How can I get in touch with Filen?
Does Filen have a transparency policy?
What is Filen's mission?

Ready to take back your privacy?

Join us today and experience the power of true data privacy. Secure your files with industry-leading encryption and gain full control over your information. Your privacy is in your hands — get started now!

This site uses cookies to measure and improve your experience.

Opt out
Only needed
Accept