From a9e266c4810d46b0f844b326c74541982fe921f1 Mon Sep 17 00:00:00 2001
From: Lans Zhang <jia.zhang@windriver.com>
Date: Tue, 4 Jul 2017 17:21:48 +0800
Subject: ima-policy: enable policy check

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
---
 meta-integrity/recipes-support/ima-policy/files/ima_policy.default | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-integrity/recipes-support/ima-policy/files/ima_policy.default b/meta-integrity/recipes-support/ima-policy/files/ima_policy.default
index 5d4ae47..d81c5b1 100644
--- a/meta-integrity/recipes-support/ima-policy/files/ima_policy.default
+++ b/meta-integrity/recipes-support/ima-policy/files/ima_policy.default
@@ -22,3 +22,6 @@ appraise func=BPRM_CHECK euid=0 appraise_type=imasig
 appraise func=MODULE_CHECK euid=0 appraise_type=imasig
 
 appraise func=FIRMWARE_CHECK euid=0 appraise_type=imasig
+
+# Enforce the coming policy write to be verified by IMA appraisal
+appraise func=POLICY_CHECK euid=0 appraise_type=imasig
-- 
cgit v1.2.3-54-g00ecf