[yocto] [meta-security][PATCH 09/14] ima_policy_simple: add another sample policy

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 .../ima_policy_simple/files/ima_policy_simple  |  4 ++++
 .../ima_policy_simple/ima-policy-simple_1.0.bb | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple
 create mode 100644 meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb

diff --git a/meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple b/meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple
new file mode 100644
index 0000000..38ca8f5
--- /dev/null
+++ b/meta-integrity/recipes-security/ima_policy_simple/files/ima_policy_simple
@@ -0,0 +1,4 @@
+# Very simple policy demonstrating the systemd policy loading bug
+# (policy with one line works, two lines don't).
+dont_appraise fsmagic=0x9fa0
+dont_appraise fsmagic=0x62656572
diff --git a/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
new file mode 100644
index 0000000..17132aa
--- /dev/null
+++ b/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
@@ -0,0 +1,18 @@
+SUMMARY = "IMA sample simple policy"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+# This policy file will get installed as /etc/ima/ima-policy.
+# It is located via the normal file search path, so a .bbappend
+# to this recipe can just point towards one of its own files.
+IMA_POLICY ?= "ima_policy_simple"
+
+SRC_URI = " file://${IMA_POLICY}"
+
+do_install () {
+    install -d ${D}/${sysconfdir}/ima
+    install ${WORKDIR}/${IMA_POLICY}  ${D}/${sysconfdir}/ima/ima-policy
+}
+
+FILES_${PN} = "${sysconfdir}/ima"
+RDEPENDS_${PN} = "ima-evm-utils"
-- 
2.17.1