Initial commit

meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/files/ima_policy_appraise_all

@@ -0,0 +1,36 @@
+#
+# Integrity measure policy (http://sourceforge.net/p/linux-ima/wiki/Home/#measure-nothing-appraise-everything)
+# 
+# Do not measure anything, but appraise everything
+#
+# PROC_SUPER_MAGIC
+dont_appraise fsmagic=0x9fa0
+# SYSFS_MAGIC
+dont_appraise fsmagic=0x62656572
+# DEBUGFS_MAGIC
+dont_appraise fsmagic=0x64626720
+# TMPFS_MAGIC
+dont_appraise fsmagic=0x01021994
+# RAMFS_MAGIC
+dont_appraise fsmagic=0x858458f6
+# DEVPTS_SUPER_MAGIC
+dont_appraise fsmagic=0x1cd1
+# BIFMT
+dont_appraise fsmagic=0x42494e4d
+# SECURITYFS_MAGIC
+dont_appraise fsmagic=0x73636673
+# SELINUXFS_MAGIC
+dont_appraise fsmagic=0xf97cff8c
+# NSFS_MAGIC (introduced in 3.19, see cd025f7 and e149ed2 in the upstream Linux kernel)
+dont_appraise fsmagic=0x6e736673
+# EFIVARFS_MAGIC
+dont_appraise fsmagic=0xde5e81e4
+# Cgroup
+dont_appraise fsmagic=0x27e0eb
+# Cgroup2
+dont_appraise fsmagic=0x63677270
+
+# Appraise libraries
+appraise func=MMAP_CHECK mask=MAY_EXEC
+# Appraise executables
+appraise func=BPRM_CHECK

meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb

@@ -0,0 +1,16 @@
+SUMMARY = "IMA sample simple appraise policy "
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+SRC_URI = " file://ima_policy_appraise_all"
+
+inherit features_check
+REQUIRED_DISTRO_FEATURES = "ima"
+
+do_install () {
+    install -d ${D}/${sysconfdir}/ima
+    install ${WORKDIR}/ima_policy_appraise_all ${D}/${sysconfdir}/ima/ima-policy
+}
+
+FILES:${PN} = "${sysconfdir}/ima"
+RDEPENDS:${PN} = "ima-evm-utils"