securitypolicy: Handle SCITT envelope and transparent fragments

go.mod

@@ -21,7 +21,7 @@ tool (
 )
 
 require (
-	github.com/Microsoft/cosesign1go v1.5.0
+	github.com/Microsoft/cosesign1go v1.6.0
 	github.com/Microsoft/didx509go v0.0.3
 	github.com/Microsoft/go-winio v0.6.3-0.20251027160822-ad3df93bed29
 	github.com/blang/semver/v4 v4.0.0

go.sum

@@ -362,8 +362,8 @@ github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapp
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.50.0/go.mod h1:otE2jQekW/PqXk1Awf5lmfokJx4uwuqcj1ab5SpGeW0=
 github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0/go.mod h1:otE2jQekW/PqXk1Awf5lmfokJx4uwuqcj1ab5SpGeW0=
 github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk=
-github.com/Microsoft/cosesign1go v1.5.0 h1:YmQCF8z7dGp50Rp/+rLTLFOFgIfZ1GSUHXPgLLlOlNk=
-github.com/Microsoft/cosesign1go v1.5.0/go.mod h1:s7E3nBWxb//ZLhuLAU5u9EZ1qMGBdgZzrKIUW1H/OIY=
+github.com/Microsoft/cosesign1go v1.6.0 h1:/dGDBxrrbqdkUDOgUDvFAKBou85XmSrB58G3sfYaAMk=
+github.com/Microsoft/cosesign1go v1.6.0/go.mod h1:7x+fdYtZ4ureEgfVtl2K+nY4MMfujMsCIb5kRuncpmg=
 github.com/Microsoft/didx509go v0.0.3 h1:n/owuFOXVzCEzSyzivMEolKEouBm9G0NrEDgoTekM8A=
 github.com/Microsoft/didx509go v0.0.3/go.mod h1:wWt+iQsLzn3011+VfESzznLIp/Owhuj7rLF7yLglYbk=
 github.com/Microsoft/go-winio v0.6.3-0.20251027160822-ad3df93bed29 h1:0kQAzHq8vLs7Pptv+7TxjdETLf/nIqJpIB4oC6Ba4vY=

internal/protocol/guestresource/resources.go

@@ -240,4 +240,8 @@ type ConfidentialOptions struct {
 
 type SecurityPolicyFragment struct {
 	Fragment string `json:"Fragment,omitempty"`
+	// MediaType is the media type of the blob carried in Fragment. An empty
+	// value is treated by the guest as the default "application/cose-x509+rego"
+	// for backward compatibility with older hosts that do not set this field.
+	MediaType string `json:"MediaType,omitempty"`
 }

internal/regopolicyinterpreter/regopolicyinterpreter.go

@@ -513,6 +513,19 @@ func (r RegoQueryResult) Object(key string) (map[string]interface{}, error) {
 	}
 }
 
+// Array attempts to interpret the result value as an array.
+func (r RegoQueryResult) Array(key string) ([]interface{}, error) {
+	if value, ok := r[key]; ok {
+		if arr, ok := value.([]interface{}); ok {
+			return arr, nil
+		} else {
+			return nil, fmt.Errorf("value for '%s' is not an array", key)
+		}
+	} else {
+		return nil, fmt.Errorf("unable to find value for key '%s'", key)
+	}
+}
+
 // Bool attempts to interpret a result value as a boolean.
 func (r RegoQueryResult) Bool(key string) (bool, error) {
 	if value, ok := r[key]; ok {

internal/uvm/security_policy.go

@@ -130,7 +130,8 @@ func (uvm *UtilityVM) InjectPolicyFragment(ctx context.Context, fragment *ctrdta
 			ResourceType: guestresource.ResourceTypePolicyFragment,
 			RequestType:  guestrequest.RequestTypeAdd,
 			Settings: guestresource.SecurityPolicyFragment{
-				Fragment: fragment.Fragment,
+				Fragment:  fragment.Fragment,
+				MediaType: fragment.MediaType,
 			},
 		},
 	}

pkg/ctrdtaskapi/update.go

@@ -15,6 +15,12 @@ type PolicyFragment struct {
 	// The value is a base64 encoded COSE_Sign1 document that contains the
 	// fragment and any additional information required for validation.
 	Fragment string `json:"fragment,omitempty"`
+	// MediaType is the media type of the blob carried in Fragment. It allows
+	// the same delivery mechanism to carry payloads other than Rego policy
+	// fragments (e.g. a Transparency Trust List). An empty value is treated by
+	// the guest as the default "application/cose-x509+rego" for backward
+	// compatibility with older hosts that do not set this field.
+	MediaType string `json:"mediaType,omitempty"`
 }
 
 type ContainerMount struct {

pkg/securitypolicy/api.rego

@@ -24,4 +24,5 @@ enforcement_points := {
     "load_fragment": {"introducedVersion": "0.9.0", "default_results": {"allowed": false, "add_module": false}, "use_framework": false},
     "scratch_mount": {"introducedVersion": "0.10.0", "default_results": {"allowed": true}, "use_framework": false},
     "scratch_unmount": {"introducedVersion": "0.10.0", "default_results": {"allowed": true}, "use_framework": false},
+    "load_transparency_trust_list": {"introducedVersion": "0.12.0", "default_results": {"allowed": false}, "use_framework": false},
 }