keylime/0013-Set-generator-and-timestamp-in-create-policy.patch

diff --git a/keylime/cloud_verifier_common.py b/keylime/cloud_verifier_common.py
index a7399d2..c0f416d 100644
--- a/keylime/cloud_verifier_common.py
+++ b/keylime/cloud_verifier_common.py
@@ -8,7 +8,7 @@ from keylime.agentstates import AgentAttestState, AgentAttestStates, TPMClockInf
 from keylime.common import algorithms
 from keylime.db.verifier_db import VerfierMain
 from keylime.failure import Component, Event, Failure
-from keylime.ima import file_signatures
+from keylime.ima import file_signatures, ima
 from keylime.ima.types import RuntimePolicyType
 from keylime.tpm import tpm_util
 from keylime.tpm.tpm_main import Tpm
@@ -271,7 +271,7 @@ def process_get_status(agent: VerfierMain) -> Dict[str, Any]:
         logger.debug('The contents of the agent %s attribute "mb_refstate" are %s', agent.agent_id, agent.mb_refstate)
 
     has_runtime_policy = 0
-    if agent.ima_policy.generator and agent.ima_policy.generator > 1:
+    if agent.ima_policy.generator and agent.ima_policy.generator > ima.RUNTIME_POLICY_GENERATOR.EmptyAllowList:
         has_runtime_policy = 1
 
     response = {
diff --git a/keylime/cmd/create_policy.py b/keylime/cmd/create_policy.py
index 0841d64..086b92a 100755
--- a/keylime/cmd/create_policy.py
+++ b/keylime/cmd/create_policy.py
@@ -6,6 +6,7 @@ import argparse
 import binascii
 import collections
 import copy
+import datetime
 import gzip
 import json
 import multiprocessing
@@ -580,6 +581,9 @@ def main() -> None:
     policy["excludes"] = sorted(list(set(policy["excludes"])))
     policy["ima"]["ignored_keyrings"] = sorted(list(set(policy["ima"]["ignored_keyrings"])))
 
+    policy["meta"]["generator"] = ima.RUNTIME_POLICY_GENERATOR.LegacyAllowList
+    policy["meta"]["timestamp"] = str(datetime.datetime.now())
+
     try:
         ima.validate_runtime_policy(policy)
     except ima.ImaValidationError as ex:
Set generator and timestamp in create_policy.py Related: RHEL-11866 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> 2023-10-17 11:47:05 +00:00			`diff --git a/keylime/cloud_verifier_common.py b/keylime/cloud_verifier_common.py`
			`index a7399d2..c0f416d 100644`
			`--- a/keylime/cloud_verifier_common.py`
			`+++ b/keylime/cloud_verifier_common.py`
			`@@ -8,7 +8,7 @@ from keylime.agentstates import AgentAttestState, AgentAttestStates, TPMClockInf`
			`from keylime.common import algorithms`
			`from keylime.db.verifier_db import VerfierMain`
			`from keylime.failure import Component, Event, Failure`
			`-from keylime.ima import file_signatures`
			`+from keylime.ima import file_signatures, ima`
			`from keylime.ima.types import RuntimePolicyType`
			`from keylime.tpm import tpm_util`
			`from keylime.tpm.tpm_main import Tpm`
			`@@ -271,7 +271,7 @@ def process_get_status(agent: VerfierMain) -> Dict[str, Any]:`
			`logger.debug('The contents of the agent %s attribute "mb_refstate" are %s', agent.agent_id, agent.mb_refstate)`

			`has_runtime_policy = 0`
			`- if agent.ima_policy.generator and agent.ima_policy.generator > 1:`
			`+ if agent.ima_policy.generator and agent.ima_policy.generator > ima.RUNTIME_POLICY_GENERATOR.EmptyAllowList:`
			`has_runtime_policy = 1`

			`response = {`
			`diff --git a/keylime/cmd/create_policy.py b/keylime/cmd/create_policy.py`
			`index 0841d64..086b92a 100755`
			`--- a/keylime/cmd/create_policy.py`
			`+++ b/keylime/cmd/create_policy.py`
			`@@ -6,6 +6,7 @@ import argparse`
			`import binascii`
			`import collections`
			`import copy`
			`+import datetime`
			`import gzip`
			`import json`
			`import multiprocessing`
			`@@ -580,6 +581,9 @@ def main() -> None:`
			`policy["excludes"] = sorted(list(set(policy["excludes"])))`
			`policy["ima"]["ignored_keyrings"] = sorted(list(set(policy["ima"]["ignored_keyrings"])))`

			`+ policy["meta"]["generator"] = ima.RUNTIME_POLICY_GENERATOR.LegacyAllowList`
			`+ policy["meta"]["timestamp"] = str(datetime.datetime.now())`
			`+`
			`try:`
			`ima.validate_runtime_policy(policy)`
			`except ima.ImaValidationError as ex:`