Integrity and Posture profiles (API)
Integrity and Posture parameters
Use these parameters in the JSON data structure when you apply the Integrity and Posture policy (POLICY_CODE_DEVICE_POSTURE) to the app with app-market/policy.
Device posture
| android_min_version | Specifies the minimum-allowed version of Android that end users must have on their devices. Values: integers 14–26. These values correspond to the Android API level. (See http://developer.android.com/guide/topics/manifest/uses-sdk-element.html#ApiLevels). The default value is 23 (that is, Android 6.0, "Marshmallow"). |
| ios_min_version | Specifies the minimum-allowed version of iOS that end users must have on their devices. Blue Cedar supports iOS 9 and later. |
| device_pin_required | 1: The app requires a device-level PIN or password to be configured on the device. (Default.) 0: The app does not require a device-level PIN or password to be configured. |
| jailbreak_detection | 1: Disables the app when the mobile device is compromised by jailbreaking or rooting. 0: Do not check for jailbreaking or rooting. (Default.) |
Integrity verification
| block_on_tamper_detected | 1: Disables the app if files included in the app (the Blue Cedar injectable and the configured security policies) have been modified since the app was secured. 0: Do not disable the app even if modifications are detected. Report the list of tampered files to the gateway to allow the gateway to decide whether to connect or deny. |
| protected_files | Specifies which files to verify:
|
| integrity_p12 | Optional. A custom certificate (base64 encoded string) to verify that the app has not been tampered with since it was last signed. If a custom certificate is not provided, the policy console generates and uses a default certificate. |
| integrity_p12_password | The password used to generate the custom certificate. |
Integrity and Posture API resources
To manage Integrity and Posture profiles:
- profile: Use type="device_posture" to create an Integrity and Posture profile. See example below.
- profile/catalog/{policytype}: Use "device_posture" for "{type}". GET returns an array of details for all policy profiles of the specified type.
- profile/{GUID}: Use the profile ID to specify a policy profile. GET returns details for the specified profile, PUT updates the details in the specified profile, and DELETE archives the profile.
- settings/device-posture-default-profile (settings/{policytype}-default-profile: POST sets one of the Integrity and Posture profiles as the default. GET returns the GUID of the current default profile. DELETE archives the current default.
To retrieve details for the policy:
- app-policy/{GUID} : Use the policy ID to specify a policy. GET returns details for the specified policy.
- app-policy/code/{code} : Use POLICY_CODE_DEVICE_POSTURE to specify the policy. GET returns details for the specified policy.
To secure apps with the Integrity and Posture policy:
- app-market/policy : Use the policy GUID to apply the policy to an app.
Creating a Integrity and Posture profile
This example creates an Integrity and Posture profile with the profile API, specifying all options.
Request
BASH
curl -k -v -L -b c.txt -c c.txt -X POST http://bc.qwe.com/mocana-app-control/rest/profile \
-F name="TestProfile" \
-F type="device_posture" \
-F desc="Default Profile" \
-F data="{\"jailbreak_detection\":\"1\",\"device_pin_required\":\"1\", \
\"android_min_version\":\"23\",\"ios_min_version\":\"9.3\", \
\"integrity_p12_password\":\"abc123\", \
\"integrity_p12\":\"MIIQeQIBAzCCED8GC....3zDgCAggA\", \
\"protected_files\":\"policy\",\"block_on_tamper_detected\":\"1\"}"Response
JS
{
"profiles": {
"profile_name": "sd",
"profile_type": "device_posture",
"data": {
"profile_data_stamp": "2018-02-02 18:49:48.0",
"profile_data": "{\"jailbreak_detection\":\"1\",
\"protected_files\":\"policy\",\"android_min_version\":\"14\",
\"ios_min_version\":\"9.0\",\"integrity_p12_password\":\"abc123\",
\"block_on_tamper_detected\":\"1\",
\"integrity_cert_thumbprint\":\"d2abc71385d742b9b6e179934424278552fd47ac7dd96b43ecf39d44b911170f30a944826819afe6f1f1827579be17e8539fd7505c45c356f9390394c01660ed\",\"integrity_p12\":\"MIIQeQIBAzCCED8GCSqGSIb3DQEHAaCCEDAEghAsMIIQKDCCBl8GCSqGSIb3DQEHBqCCBlAwggZMAgEAMIIGRQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIalv0zHFv/S4CAggAgIIGGAotNKV68XZwA2evcPlJLQIE9bO1aPCJ9z1Z2znjUlhBVl39Pw3x6aro4szej6SH7WhWhopSEzFiGgrA1PZ9Kuu/TcGQr3Te0ep0HSbG51NPU5hVH5zlWKPyJAULs94L/HVCcnsDSLQZLRSnnAor9XoGBF66af57JCaZb6ds4Poylhf+aVWzol0C7p7lDZuWlC4IsO3zGuRlCwV5ogxhGp0mqnE3hcydzzIm7ElnzX23/5cImWhCgK1mtCqoq0JJHvoqwx9VMkS3VGi/mcajyOSanoaJv66PCpqVo+AElYt3EjChn6Rzrl7Swgm3D8UblvLdBBGuL8B2qBPJB0/4gan/YlBgVI4s/M73GtNzNfCt9V6ckDRj1VrdU1ikHmo2MXYEr22bGFk8GUHaHgAMw7GHGbvRBqifaFZEqWXjeszspcNMIXu0SQmtkz8dRnZjNbD4ZmxxSgomH26hZdp7yVN3DYKBDV/Ur2u8vOxhenHSaP5mxKr9tg3+Bo6SeFjxhW3Y/QkIjt3NiY0149EZbTubZNIyupZu7L1Wiv5ZgHDR7hYdC68b49H1EbKWMYL+bS5ZQsn6G78B62KcmBXZt5hTn7JhfMlvK0Qthy7mVEvHpVQqmRX1AikJY20mdIC3FWE0P7ymC7WpL1DAc3yFnn/PU/2VoJQ1la9i3sp5zM+MM7IE3Y0fKOBaVLIlLTFQsf7DppiRvO2HBUENPlbYmGk9s43W6dRIs5Vd2s6/42IbPZQwxdzn4wKBi0JnGh/IvSERd7EQOD+t5lRZsEFZds3HkXhLqKvmHdamuzLkC9dbC0pBZQ8xlvzLamu5/G+aRrbpjIOhxu+xBA4ovh/Jq/XqZpGwS+Pm3SqfQEVQzEUnrYxr3/jIV78fAoTlJ6WIRYnO1jlppE5bCrkzN1h6XCdwqy6Qs7WnHRQeLFRFL6iQ9LXJdd7u/U+0Qbm6iGVLd3o+CEZaAluUt4OW/wMknLQntxhhWKSNFBnGGxigioFPA/FDH7WY+DRHFY5fSMJ5KYRyvLuSZklMhK5BzUzzpfhxxeIV1CBSWsyKngLhYnn/d4P+9pjRjuD46ENuTERom2TBD0vcM+VpsRCul3FdTstJX3XsCyjaoCLSdaBNy5MqYBNYeFuU+20OB7AMOHCPwJqO6sDe2hERUa7LspKNfrWBzW9K/o8PvNNp5ZLzggTdemecd43ErPPARw39PkmP0LQEPAmvaG91MR2BfG18IR+6J37wUTeSQIrxbaYLa3zMovkVFlCBEarsc9IOmUWcSUzaeJNvzKtTS4SOgThTR+0lCLvhuoHf9nAubG7+sbvNYByXKOw4hCYmbkDu3N/txQWNWrkZ049imc0DWhKqaEANfrjB6U77vCNURRKMknmuc90DfjJOXccPLXQZ2zzT2iPiN2LceKkeIQsDqSwvmHnHhj3WcE7KkLfOHLF4H/x0jLYaxZ74iefDZP1QUO84BxwrxRhNd/1Qkyrevt21aQGCicItGh8E2kiMY7+mFKpIVkLUq7uuOtr6cpT0a8UbSlPEPFIci1iw4lMhF9SSUbpvDUiNO5uoC2it3PReileDB4WaQv34LjTd5a1Fle5O2inu1zPElJ5/PpkQDGVfK/I6ARDDtoUlOos6j3iIIXJ9XIaSLQxemc71w7lGS2gYbAZK2usLit5pm6NyGeqgkriYh+Ua2/Fcs68ggCm9SAtyKioy5y9sGaH3ct9jWFEgmAOOsLeBy1MtB7AgTXQzMez8tAs2P5+qS94YGgjVygI4fcIysg0uwjo2cWcShP0ZJMmEu0TTgqet22dlRg2ebPR5KGjCVHEeARGssQtsZpUeRcBH7R38zroyhC4lnoVf80+uJhzckjAHpQGmwtr7pWTycbn6eXT9r2EI4RILFSzE5rFHU9MFrGDHKPDJaatOKkLzWefKuIUDB8ARrD8yAJImxvF93g7I+9HKbyly05G3mxhvzYZem/fghZC/w2c0V6O9F8w0y3H7Vz2HV/uobe2EuEep42jMdJnVbuXeSVev9BeIlc1pecIdNhMC6n+HrmG9K0L5Ec6miHNcR2Rzl0XdX/ZH/2webTCCCcEGCSqGSIb3DQEHAaCCCbIEggmuMIIJqjCCCaYGCyqGSIb3DQEMCgECoIIJbjCCCWowHAYKKoZIhvcNAQwBAzAOBAj24aj1CIZ4MQICCAAEgglIvnMklYPsvbgb3Sx6TWSRvcfZGB/7CbD2lcZ7kRKrRDMY4Ffxx/03U01Z1igaqE0ZgVssUKQJ7zYsJpegBcF+g6JFyPbzCZeTOXI7xNhx3Z8mg3rw2mY4RrnG7sV2bMGgJV2cYFcxO6ImHcK2bXb0JYDcXefMpoCfMjtnMk5AIGVqpdF9W1x5wrHlSCH5o8clw/gX+X2ECsk9NKg7XEvgi+DOcTKWmZ7QYfjl6985l7DcLI+1Z6hXnktJpw4Kig2rCut/3Bl9kUCVHm9qeSvfrhEF+EgOld86sCj2N6+oMxDwaBABN6qWhKMpoRr+XwWEyZ5z/IBJrQArPaIx11HaNyo/CJ9AU11GHjLYbFb9reKnXB/J0u0u07L4T5taxGYUeezckgu2LCEDbwPoez0Zd2/CTEZUBhoQXLQUjz86NxQzLx96CZ7xuYmoVaJHkcizVXGkPFWakEW/2GTsxQ42p2XEpvAik0JV0LxjvEIlCm7zpy1G6d5heN834xs9IZcydhMJ0FtF8KOk2TRgzDME0RaNOz1/ESPYuoqz0fx3xkflvRmG3HSYT/z/6JzmTNPT4kVyJV8khOvTFQ6jTCuNvacwJLiuoKTWJfBPYa4/SeatMxf8o5b9vyaSJqapiFHhXiCOGdY4A3xBm2ml74z/Fucq8SXdxh3Dd/lUMis5/k87SQPSweU2h9AVd4DczEyrJW6AWHuZU1uuvrPtK6/3e/jqjSVgmycdyZqbK3/aFpOzZ27rjhpbHrMkEdbnaC39cpjOj41cT6HzbQOGsAAb50OZZUECZJldAHKqj/3g+OyQ2g9M+qeIkhJbWi3YJjmKGGG70SRIy0mSWX5zQCpxlqpuTy1TrevLPvxREDDLlFFsXY2M1tbzK3B3uYKj1P0kMEYETFMhXcmILm8yRttRq6f7UCU4c5D1f6K8ZPjr5yWX+UKxNYZQ8HFBwYnPO0cFtgvpsRRk8XTwcgfhs6rEDypQeZ5HaXwyziNahFCnNLeYJbzl2zr4WgOCBmA4x+Vi17ZjAmzdUGFz22gR1Y/v25fd1LDUIUzZNFOgbf/zDXU/gs6EosP+PnSBxpLvSAiEEPUNLTZjLn6klJfLibKXJaooF7V4wYk1Vm+0U1GoCH9TNQnPAzr0imxhZNcnSY8l6VEXwTa/tlI760Q6SP+Z5GFhERSjPOOGOVdfPHVd2pzp6CFN/dQue0Orhq6ZWo2//U5nX/fy8B0sIXNNfmPbeLT5sLzlefqBTbDT+eKXWgfOw8ZYnCKtMkDWwPXPEZ+6wmhlXZ4EuBNytWSLTUcq8yjEWFujrVF7oAT48kwsnzL+A/QF9Ay6ih6Ce8rBgAnAge5S6e3UBv6y64ctvj75sO3Lj1BZoQZ7TCN+TCacIBMjQjYZUHFrWbHi48FiHuxPsp52OkfuUaT+8x0oS8OegbBSa32pWTxVZyHk6Bz/z6gZg8LzEJThzmpQngIpvxLFEu68O3PDjiSGLus3vSaZiBEB+ES842SKANOmNyeUSKz1iGhcF98olVySr/R0RPVKOHt7BN58wBQmitEZlHcb0gO8siVx2lLQiZyQvFt2EjFBYKPTKMoHy+a+VhWrv8/v7KVhPv6wYpwdy+zztzrwlohf8ywO3nxsIW+FVnND7jdkBMaeB1fjqNSSpioLD/YwnOttaKSrCvY7RLrDMtt1sqqI+N5aIXttKfjNrej/AJNat+Hs+Yx4tFh82UfO9QSWh2G9UHSCCMRpMctzrQ8IY0+KTpPZBfLVA4mFLWbJJZQd1BGrW7ohOiy1EW99X5BZ/+xQeoyDE2Eiv5+glk2T3FwNt9+TVZ9+t4qw1T3zQcT4uYFlOoaTBM4YMwnglAYndAeCtFvQ2i4xUnbf/pMYa4xbiYhDWjH00gXoqkiT+ZEPTexc0g6BqLRlUQnQqigdSPjd+cUUPgjIrKlTWwph3nQhoQJWw2yPTLGZJnN6RYfJeOSXP7gSZJ+JoFAIHdNBjyuBcq2ef4obI0M1nhxCCQ14zFlDfN4D47odwgRCOZYOlNxGmLVvb9it7XWTAgOs1KrMMumJuiqgWjewSF+8Fcqw7mI+64ksBcwQj20aKA+eqJk3P2JLDnibvLQUoLL/pSoZlp7bXxmx4DN0x+oA1l/+2qTCNr6XY+Sff9VWRV9E4if0ZL7FVTMaShY3HYaIAdtdD53OJd1KeASEomDJ4jmHZWd5iBNCUp76Raxj7Zo2KCRsYbmxg0vVNdBv51f/usymu2bElm76yj349a8s8Sh08U4Pn1Js0m0+Pa1ZeLZd1f5R+eWCKskkpN45b3mEk2i/jzGGz9gXJbN7SrM58phGDzur39P/E3ud5Y35KPUAhBzCyf89cmTRiIy9qR0neMPwvICtj29FQfI7TH8lp3us5LOtqW1+eh0MDIsmh9WSgbuowzgNnae3kyTqoqs+dGn3r0/xFfh28R659ALzq+6HOih1GRhGPhaQoi02GBCu3q3b4HtHW6HFuEZal1a8I5MHmcZrwtUblDlYsIOsrAw9UE07aim6jFYShHEw6mEZ0H1ErPS0WEFi4N694Wqu4dDw9ignt/P2HirTl8AYCRgBozKjBgr+NyEI24CaQv73Ox3IEnJBK3EvwBRAFHqIl0EIScU+MYbckw/lbMXcjB3uhC5F27+ApsiUr0qygmzTQBHEkH5IM7YtF6INlmooHuf7yki2rl4uYT5Sv9va8Foa2RytOGEG1KXNgYDcCzva253vlWJhxMr+9vRZ+7rtpX9amofj2WS4uoA1Y27iRkoigr76cx2l+Q8SaB3Zt0gUXGQCJVep6YcBfzY9WkxT5DwBtP0Uwk7vC/NCfnrAqOhKL2YQewPC294QSj4FF1Efdyp7a6AZ8bsLSvjDnxROeHviI5M5dq/7gbfEevkMal1lfomRBef7ATNhv8FdDjXCp1rIlj/s5jOztkxJoLFxDVBoCHbaVAqcMa7t8XM/rCOVTH9Qkm34rFfzORbuYRZ8gXmKfm6mfyV8CVm6HbGjgpYTarizPv42xFtJ/z66/hoduGf9AR1g9PDRwjPCGGpT988rX8jquv4auw1mYVHD81cpkW7BT3ggLXoHw/9wcenOMJgp5jhYiKUHwvGpnMwXLztZMgMBay+1jNS3goOVr4oS2kmUfynMO2A/dVwO7EcQz4lHVbz2MSUwIwYJKoZIhvcNAQkVMRYEFACu24St/YvZiq4vp3Z0lpg5hvo4MDEwITAJBgUrDgMCGgUABBSX3tTllYdfFd5NHJTljxE+9MI4ZwQIk3SHgb/3zDgCAggA\"}",
"profile_data_id": "40a0a27b-520c-4edb-b4dc-57de6fb73854"
},
"profile_url": "https://localhost:8443/mocana-app-control/rest/profile/d3d37266-9606-45b7-865e-09528ccdd32c",
"profile_id": "d3d37266-9606-45b7-865e-09528ccdd32c",
"profile_desc": ""
},
"message": "",
"status": "OK"
}