Creating the resource access policy

Edit online

You configure the resource access policy for the Trustee policy engine. This policy determines which resources Trustee can access.

Note: The Trustee policy engine is different from the Attestation Service policy engine, which determines the validity of TEE evidence.

Procedure

  1. Create a policy.rego file.
    cat << EOF > policy.rego
package policy
default allow = false
allow {
  input["tee"] == "se"
}
EOF
  2. Move policy.rego file to the kbs directory by running the following command:
    $ mv policy.rego kbs/data/policy.rego