ima_policy_simple: add another sample policy

Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2019-05-25 23:04:32 -0700
committer: Armin Kuster <akuster808@gmail.com> 2019-05-26 21:58:11 -0700
commit: cc754f8e8fc67ebae3dcd5e170cecd1c3b7fc60f (patch)
tree: a1970071ea4a8c419a9404d4ec0aadad2514cb0b
parent: e6162d49f9f0c98826550a6ba85f9ec0865be94c (diff)
download: meta-security-cc754f8e8fc67ebae3dcd5e170cecd1c3b7fc60f.tar.gz
2 files changed, 22 insertions, 0 deletions
diff --git a/meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple b/meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple
new file mode 100644
index 0000000..38ca8f5
--- /dev/null
+++ b/meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple
@@ -0,0 +1,4 @@
+# Very simple policy demonstrating the systemd policy loading bug
+# (policy with one line works, two lines don't).
+dont_appraise fsmagic=0x9fa0
+dont_appraise fsmagic=0x62656572
diff --git a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
new file mode 100644
index 0000000..17132aa
--- /dev/null
+++ b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
@@ -0,0 +1,18 @@
+SUMMARY = "IMA sample simple policy"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+# This policy file will get installed as /etc/ima/ima-policy.
+# It is located via the normal file search path, so a .bbappend
+# to this recipe can just point towards one of its own files.
+IMA_POLICY ?= "ima_policy_simple"
+SRC_URI = " file://${IMA_POLICY}"
+do_install () {
+    install -d ${D}/${sysconfdir}/ima
+    install ${WORKDIR}/${IMA_POLICY}  ${D}/${sysconfdir}/ima/ima-policy
+}
+FILES_${PN} = "${sysconfdir}/ima"
+RDEPENDS_${PN} = "ima-evm-utils"
author	Armin Kuster <akuster808@gmail.com>	2019-05-25 23:04:32 -0700
committer	Armin Kuster <akuster808@gmail.com>	2019-05-26 21:58:11 -0700
commit	cc754f8e8fc67ebae3dcd5e170cecd1c3b7fc60f (patch)
tree	a1970071ea4a8c419a9404d4ec0aadad2514cb0b
parent	e6162d49f9f0c98826550a6ba85f9ec0865be94c (diff)
download	meta-security-cc754f8e8fc67ebae3dcd5e170cecd1c3b7fc60f.tar.gz

diff --git a/meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple b/meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple new file mode 100644 index 0000000..38ca8f5 --- /dev/null +++ b/meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple
@@ -0,0 +1,4 @@
	1	# Very simple policy demonstrating the systemd policy loading bug
	2	# (policy with one line works, two lines don't).
	3	dont_appraise fsmagic=0x9fa0
	4	dont_appraise fsmagic=0x62656572


diff --git a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb new file mode 100644 index 0000000..17132aa --- /dev/null +++ b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
@@ -0,0 +1,18 @@
	1	SUMMARY = "IMA sample simple policy"
	2	LICENSE = "MIT"
	3	LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
	4
	5	# This policy file will get installed as /etc/ima/ima-policy.
	6	# It is located via the normal file search path, so a .bbappend
	7	# to this recipe can just point towards one of its own files.
	8	IMA_POLICY ?= "ima_policy_simple"
	9
	10	SRC_URI = " file://${IMA_POLICY}"
	11
	12	do_install () {
	13	install -d ${D}/${sysconfdir}/ima
	14	install ${WORKDIR}/${IMA_POLICY} ${D}/${sysconfdir}/ima/ima-policy
	15	}
	16
	17	FILES_${PN} = "${sysconfdir}/ima"
	18	RDEPENDS_${PN} = "ima-evm-utils"