[PATCH 0/3] Append line feed to files in securityfs

[PATCH 0/3] Append line feed to files in securityfs

[Wang Weiyang]

This patchset add line feed to files in securityfs which lack LF.

Wang Weiyang (3):
  securityfs: Append line feed to /sys/kernel/security/lsm
  evm: Append line feed to /sys/kernel/security/evm
  ima: Append line feed to ima/binary_runtime_measurements

 security/inode.c                   | 16 ++++++++++++++--
 security/integrity/evm/evm_secfs.c |  2 +-
 security/integrity/ima/ima_fs.c    |  1 +
 3 files changed, 16 insertions(+), 3 deletions(-)

-- 
2.17.1

[PATCH 1/3] securityfs: Append line feed to /sys/kernel/security/lsm

[Wang Weiyang]

There is no LF in /sys/kerne/security/lsm output. It is a little weird,
so append LF to it.

Example:

/ # cat /sys/kernel/security/lsm
capability,selinux/ #

Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
---
 security/inode.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/security/inode.c b/security/inode.c
index 6c326939750d..bfd5550fa129 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -318,8 +318,20 @@ static struct dentry *lsm_dentry;
 static ssize_t lsm_read(struct file *filp, char __user *buf, size_t count,
 			loff_t *ppos)
 {
-	return simple_read_from_buffer(buf, count, ppos, lsm_names,
-		strlen(lsm_names));
+	char *tmp;
+	ssize_t len = strlen(lsm_names);
+	ssize_t rc;
+
+	tmp = kmalloc(len + 2, GFP_KERNEL);
+	if (!tmp)
+		return -ENOMEM;
+
+	scnprintf(tmp, len + 2, "%s\n", lsm_names);
+	rc = simple_read_from_buffer(buf, count, ppos, tmp, strlen(tmp));
+
+	kfree(tmp);
+
+	return rc;
 }
 
 static const struct file_operations lsm_ops = {
-- 
2.17.1

[PATCH 2/3] evm: Append line feed to /sys/kernel/security/evm

[Wang Weiyang]

There is no LF in /sys/kerne/security/evm output. It is little weird,
so append LF to it.

Example:

/ # cat /sys/kernel/security/evm
0/ #

Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
---
 security/integrity/evm/evm_secfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index 8a9db7dfca7e..6a46b62aabd4 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -45,7 +45,7 @@ static ssize_t evm_read_key(struct file *filp, char __user *buf,
 	if (*ppos != 0)
 		return 0;
 
-	sprintf(temp, "%d", (evm_initialized & ~EVM_SETUP_COMPLETE));
+	sprintf(temp, "%d\n", (evm_initialized & ~EVM_SETUP_COMPLETE));
 	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
 
 	return rc;
-- 
2.17.1

[PATCH 3/3] ima: Append line feed to ima/binary_runtime_measurements

[Wang Weiyang]

There is no LF in binary_runtime_measurements output. It is little weird,
so append LF to it.

Example:

/ # cat /sys/kernel/security/ima/binary_runtime_measurements
...imaboot_aggregate/ #

Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
---
 security/integrity/ima/ima_fs.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index cd1683dad3bf..0a2f9cb25b20 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -183,6 +183,7 @@ int ima_measurements_show(struct seq_file *m, void *v)
 			show = IMA_SHOW_BINARY_OLD_STRING_FMT;
 		field->field_show(m, show, &e->template_data[i]);
 	}
+	seq_puts(m, "\n");
 	return 0;
 }
 
-- 
2.17.1

Re: [PATCH 1/3] securityfs: Append line feed to /sys/kernel/security/lsm

[Casey Schaufler]

On 5/5/2022 6:22 AM, Wang Weiyang wrote:
> There is no LF in /sys/kerne/security/lsm output. It is a little weird,
> so append LF to it.

NAK: The existing behavior is consistent with long standing LSM convention.

>
> Example:
>
> / # cat /sys/kernel/security/lsm
> capability,selinux/ #
>
> Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
> ---
>   security/inode.c | 16 ++++++++++++++--
>   1 file changed, 14 insertions(+), 2 deletions(-)
>
> diff --git a/security/inode.c b/security/inode.c
> index 6c326939750d..bfd5550fa129 100644
> --- a/security/inode.c
> +++ b/security/inode.c
> @@ -318,8 +318,20 @@ static struct dentry *lsm_dentry;
>   static ssize_t lsm_read(struct file *filp, char __user *buf, size_t count,
>   			loff_t *ppos)
>   {
> -	return simple_read_from_buffer(buf, count, ppos, lsm_names,
> -		strlen(lsm_names));
> +	char *tmp;
> +	ssize_t len = strlen(lsm_names);
> +	ssize_t rc;
> +
> +	tmp = kmalloc(len + 2, GFP_KERNEL);
> +	if (!tmp)
> +		return -ENOMEM;
> +
> +	scnprintf(tmp, len + 2, "%s\n", lsm_names);
> +	rc = simple_read_from_buffer(buf, count, ppos, tmp, strlen(tmp));
> +
> +	kfree(tmp);
> +
> +	return rc;
>   }
>   
>   static const struct file_operations lsm_ops = {

Re: [PATCH 3/3] ima: Append line feed to ima/binary_runtime_measurements

[Mimi Zohar]

On Thu, 2022-05-05 at 21:23 +0800, Wang Weiyang wrote:
> There is no LF in binary_runtime_measurements output. It is little weird,
> so append LF to it.
> 
> Example:
> 
> / # cat /sys/kernel/security/ima/binary_runtime_measurements
> ...imaboot_aggregate/ #

Why would you cat a binary file?!.  Doesn't make sense.

Mimi

> 
> Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>

Re: [PATCH 3/3] ima: Append line feed to ima/binary_runtime_measurements

[wangweiyang]

Hi Mimi,

Sorry I didn't think thoroughly. Just ignore this patch.

Thanks.

在 2022/5/6 19:16, Mimi Zohar 写道:
> On Thu, 2022-05-05 at 21:23 +0800, Wang Weiyang wrote:
>> There is no LF in binary_runtime_measurements output. It is little weird,
>> so append LF to it.
>>
>> Example:
>>
>> / # cat /sys/kernel/security/ima/binary_runtime_measurements
>> ...imaboot_aggregate/ #
> 
> Why would you cat a binary file?!.  Doesn't make sense.
> 
> Mimi
> 
>>
>> Signed-off-by: Wang Weiyang <wangweiyang2@huawei.com>
> 
> .
>