[PATCH v3 04/10] IMA: Add example policy for ima_violations.sh

Tue, 14 Jan 2025 03:29:37 -0800 

Suggested-by: Mimi Zohar <[email protected]>
Signed-off-by: Petr Vorel <[email protected]>
---
 .../kernel/security/integrity/ima/datafiles/Makefile  |  2 +-
 .../integrity/ima/datafiles/ima_violations/Makefile   | 11 +++++++++++
 .../ima/datafiles/ima_violations/violations.policy    |  2 ++
 3 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 
testcases/kernel/security/integrity/ima/datafiles/ima_violations/Makefile
 create mode 100644 
testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy

diff --git a/testcases/kernel/security/integrity/ima/datafiles/Makefile 
b/testcases/kernel/security/integrity/ima/datafiles/Makefile
index 0f2b4fdb11..2013bfc918 100644
--- a/testcases/kernel/security/integrity/ima/datafiles/Makefile
+++ b/testcases/kernel/security/integrity/ima/datafiles/Makefile
@@ -8,6 +8,6 @@ top_srcdir      ?= ../../../../../..
 
 include        $(top_srcdir)/include/mk/env_pre.mk
 
-SUBDIRS        := ima_kexec ima_keys ima_measurements ima_policy ima_selinux
+SUBDIRS        := ima_kexec ima_keys ima_measurements ima_policy ima_selinux 
ima_violations
 
 include $(top_srcdir)/include/mk/generic_trunk_target.mk
diff --git 
a/testcases/kernel/security/integrity/ima/datafiles/ima_violations/Makefile 
b/testcases/kernel/security/integrity/ima/datafiles/ima_violations/Makefile
new file mode 100644
index 0000000000..58d474f076
--- /dev/null
+++ b/testcases/kernel/security/integrity/ima/datafiles/ima_violations/Makefile
@@ -0,0 +1,11 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+# Copyright (c) Linux Test Project, 2025
+
+top_srcdir     ?= ../../../../../../..
+
+include        $(top_srcdir)/include/mk/env_pre.mk
+
+INSTALL_DIR            := testcases/data/ima_violations
+INSTALL_TARGETS        := *.policy
+
+include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git 
a/testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy
 
b/testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy
new file mode 100644
index 0000000000..466b8c5a64
--- /dev/null
+++ 
b/testcases/kernel/security/integrity/ima/datafiles/ima_violations/violations.policy
@@ -0,0 +1,2 @@
+measure func=FILE_CHECK mask=^MAY_READ euid=0
+measure func=FILE_CHECK mask=^MAY_READ uid=0
-- 
2.47.1

Reply via email to