IMA: Move requirement check to ima_setup.sh

Link: https://lore.kernel.org/ltp/[email protected]/
Reviewed-by: Mimi Zohar <[email protected]>
Signed-off-by: Petr Vorel <[email protected]>

Author: pevik

testcases/kernel/security/integrity/ima/tests/evm_overlay.sh

@@ -9,6 +9,7 @@
 TST_SETUP="setup"
 TST_CLEANUP="cleanup"
 TST_CNT=4
+REQUIRED_BUILTIN_POLICY="appraise_tcb"
 
 setup()
 {
@@ -17,8 +18,6 @@ setup()
 	[ -f "$EVM_FILE" ] || tst_brk TCONF "EVM not enabled in kernel"
 	[ $(cat $EVM_FILE) -eq 1 ] || tst_brk TCONF "EVM not enabled for this boot"
 
-	require_ima_policy_cmdline "appraise_tcb"
-
 	lower="$TST_MNTPOINT/lower"
 	upper="$TST_MNTPOINT/upper"
 	work="$TST_MNTPOINT/work"

testcases/kernel/security/integrity/ima/tests/ima_measurements.sh

@@ -1,19 +1,19 @@
 #!/bin/sh
 # SPDX-License-Identifier: GPL-2.0-or-later
 # Copyright (c) 2009 IBM Corporation
-# Copyright (c) 2018-2021 Petr Vorel <[email protected]>
+# Copyright (c) 2018-2025 Petr Vorel <[email protected]>
 # Author: Mimi Zohar <[email protected]>
 #
 # Verify that measurements are added to the measurement list based on policy.
+# Test requires ima_policy=tcb.
 
 TST_NEEDS_CMDS="awk cut sed"
 TST_SETUP="setup"
 TST_CNT=3
+REQUIRED_BUILTIN_POLICY="tcb"
 
 setup()
 {
-	require_ima_policy_cmdline "tcb"
-
 	TEST_FILE="$PWD/test.txt"
 	[ -f "$IMA_POLICY" ] || tst_res TINFO "not using default policy"
 }

testcases/kernel/security/integrity/ima/tests/ima_setup.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 # SPDX-License-Identifier: GPL-2.0-or-later
 # Copyright (c) 2009 IBM Corporation
-# Copyright (c) 2018-2020 Petr Vorel <[email protected]>
+# Copyright (c) 2018-2025 Petr Vorel <[email protected]>
 # Author: Mimi Zohar <[email protected]>
 
 TST_TESTFUNC="test"
@@ -181,6 +181,10 @@ ima_setup()
 		cd "$TST_MNTPOINT"
 	fi
 
+	if [ "$REQUIRED_BUILTIN_POLICY" ]; then
+		require_ima_policy_cmdline "$REQUIRED_BUILTIN_POLICY"
+	fi
+
 	[ -n "$TST_SETUP_CALLER" ] && $TST_SETUP_CALLER
 }