From a7bce25a54eba7c81826cd82db18ad103ac3a8c6 Mon Sep 17 00:00:00 2001
From: tesla59 <nishant@heim.id>
Date: Fri, 25 Oct 2024 12:54:33 +0000
Subject: [PATCH] core/proto: send PolicyDataList along with PolicyList in
 SetProbeContainerData

Signed-off-by: tesla59 <nishant@heim.id>
---
 KubeArmor/core/karmorprobedata.go |  49 +++++----
 protobuf/go.mod                   |   1 +
 protobuf/go.sum                   |   2 +
 protobuf/policy.pb.go             | 171 +++++++++++++++++-------------
 protobuf/policy.proto             |   4 +
 protobuf/policy_grpc.pb.go        |  44 ++++++--
 6 files changed, 167 insertions(+), 104 deletions(-)

diff --git a/KubeArmor/core/karmorprobedata.go b/KubeArmor/core/karmorprobedata.go
index 05b88ae9f8..d7fb536568 100644
--- a/KubeArmor/core/karmorprobedata.go
+++ b/KubeArmor/core/karmorprobedata.go
@@ -5,6 +5,7 @@ package core
 
 import (
 	"context"
+	"encoding/json"
 
 	"github.com/golang/protobuf/ptypes/empty"
 	kl "github.com/kubearmor/KubeArmor/KubeArmor/common"
@@ -28,7 +29,7 @@ type KarmorData struct {
 	HostVisibility          string
 }
 
-// Karmor provides structure to serve Policy gRPC service
+// Probe provides structure to serve Policy gRPC service
 type Probe struct {
 	pb.ProbeServiceServer
 	GetContainerData func() ([]string, map[string]*pb.ContainerData, map[string]*pb.HostSecurityPolicies)
@@ -73,12 +74,11 @@ func (dm *KubeArmorDaemon) SetKarmorData() {
 
 }
 
-// SetKarmorContainerData() keeps track of containers and the applied policies
+// SetProbeContainerData keeps track of containers and the applied policies
 func (dm *KubeArmorDaemon) SetProbeContainerData() ([]string, map[string]*pb.ContainerData, map[string]*pb.HostSecurityPolicies) {
 	var containerlist []string
 	dm.ContainersLock.Lock()
 	for _, value := range dm.Containers {
-
 		containerlist = append(containerlist, value.ContainerName)
 	}
 	dm.ContainersLock.Unlock()
@@ -87,57 +87,66 @@ func (dm *KubeArmorDaemon) SetProbeContainerData() ([]string, map[string]*pb.Con
 	dm.EndPointsLock.Lock()
 
 	for _, ep := range dm.EndPoints {
-
 		var policyNames []string
+		var policyData []*pb.Policy
 
 		for _, policy := range ep.SecurityPolicies {
-
 			policyNames = append(policyNames, policy.Metadata["policyName"])
-
+			policyEventData, err := json.Marshal(policy)
+			if err != nil {
+				dm.Logger.Errf("Error marshalling policy data (%s)", err.Error())
+			} else {
+				policyData = append(policyData, &pb.Policy{Policy: policyEventData})
+			}
 		}
 		containerMap[ep.EndPointName] = &pb.ContainerData{
-			PolicyList:    policyNames,
-			PolicyEnabled: int32(ep.PolicyEnabled),
+			PolicyList:     policyNames,
+			PolicyEnabled:  int32(ep.PolicyEnabled),
+			PolicyDataList: policyData,
 		}
 	}
 	dm.EndPointsLock.Unlock()
 
-	// Mapping Hostpolicies to their host hostName : HostPolicy
+	// Mapping HostPolicies to their host hostName : HostPolicy
 	hostMap := make(map[string]*pb.HostSecurityPolicies)
 
 	dm.HostSecurityPoliciesLock.Lock()
 	for _, hp := range dm.HostSecurityPolicies {
-
 		hostName := dm.Node.NodeName
 
 		if val, ok := hostMap[hostName]; ok {
-
 			val.PolicyList = append(val.PolicyList, hp.Metadata["policyName"])
+			policyEventData, err := json.Marshal(hp)
+			if err != nil {
+				dm.Logger.Errf("Error marshalling policy data (%s)", err.Error())
+			} else {
+				val.PolicyDataList = append(val.PolicyDataList, &pb.Policy{
+					Policy: policyEventData,
+				})
+			}
 			hostMap[hostName] = val
-
 		} else {
-
+			policyEventData, err := json.Marshal(hp)
+			if err != nil {
+				dm.Logger.Errf("Error marshalling policy data (%s)", err.Error())
+			}
 			hostMap[hostName] = &pb.HostSecurityPolicies{
-				PolicyList: []string{hp.Metadata["policyName"]},
+				PolicyList:     []string{hp.Metadata["policyName"]},
+				PolicyDataList: []*pb.Policy{{Policy: policyEventData}},
 			}
-
 		}
 	}
 	dm.HostSecurityPoliciesLock.Unlock()
-
 	return containerlist, containerMap, hostMap
-
 }
 
-// GetProbeData() sends policy data through grpc client
+// GetProbeData sends policy data through grpc client
 func (p *Probe) GetProbeData(c context.Context, in *empty.Empty) (*pb.ProbeResponse, error) {
-
 	containerList, containerMap, hostMap := p.GetContainerData()
 	res := &pb.ProbeResponse{
 		ContainerList: containerList,
 		ContainerMap:  containerMap,
 		HostMap:       hostMap,
 	}
-
 	return res, nil
 }
diff --git a/protobuf/go.mod b/protobuf/go.mod
index b0a1215b26..c74352f0ed 100644
--- a/protobuf/go.mod
+++ b/protobuf/go.mod
@@ -13,6 +13,7 @@ replace (
 )
 
 require (
+	github.com/golang/protobuf v1.5.4
 	google.golang.org/grpc v1.65.0
 	google.golang.org/protobuf v1.34.2
 )
diff --git a/protobuf/go.sum b/protobuf/go.sum
index d96fc2d2d8..dc06d5530f 100644
--- a/protobuf/go.sum
+++ b/protobuf/go.sum
@@ -1,3 +1,5 @@
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
diff --git a/protobuf/policy.pb.go b/protobuf/policy.pb.go
index 80879c28aa..52b0d4c53d 100644
--- a/protobuf/policy.pb.go
+++ b/protobuf/policy.pb.go
@@ -185,8 +185,9 @@ type ContainerData struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	PolicyList    []string `protobuf:"bytes,1,rep,name=policyList,proto3" json:"policyList,omitempty"`
-	PolicyEnabled int32    `protobuf:"varint,2,opt,name=policyEnabled,proto3" json:"policyEnabled,omitempty"`
+	PolicyList     []string  `protobuf:"bytes,1,rep,name=policyList,proto3" json:"policyList,omitempty"`
+	PolicyEnabled  int32     `protobuf:"varint,2,opt,name=policyEnabled,proto3" json:"policyEnabled,omitempty"`
+	PolicyDataList []*Policy `protobuf:"bytes,3,rep,name=policyDataList,proto3" json:"policyDataList,omitempty"`
 }
 
 func (x *ContainerData) Reset() {
@@ -235,12 +236,20 @@ func (x *ContainerData) GetPolicyEnabled() int32 {
 	return 0
 }
 
+func (x *ContainerData) GetPolicyDataList() []*Policy {
+	if x != nil {
+		return x.PolicyDataList
+	}
+	return nil
+}
+
 type HostSecurityPolicies struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	PolicyList []string `protobuf:"bytes,1,rep,name=policyList,proto3" json:"policyList,omitempty"`
+	PolicyList     []string  `protobuf:"bytes,1,rep,name=policyList,proto3" json:"policyList,omitempty"`
+	PolicyDataList []*Policy `protobuf:"bytes,2,rep,name=policyDataList,proto3" json:"policyDataList,omitempty"`
 }
 
 func (x *HostSecurityPolicies) Reset() {
@@ -282,6 +291,13 @@ func (x *HostSecurityPolicies) GetPolicyList() []string {
 	return nil
 }
 
+func (x *HostSecurityPolicies) GetPolicyDataList() []*Policy {
+	if x != nil {
+		return x.PolicyDataList
+	}
+	return nil
+}
+
 type ProbeResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -357,61 +373,68 @@ var file_policy_proto_rawDesc = []byte{
 	0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x20, 0x0a,
 	0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63,
 	0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22,
-	0x55, 0x0a, 0x0d, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61,
-	0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x18, 0x01,
-	0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x69, 0x73, 0x74,
-	0x12, 0x24, 0x0a, 0x0d, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
-	0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x45,
-	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x22, 0x36, 0x0a, 0x14, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65,
-	0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x12, 0x1e,
-	0x0a, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x18, 0x01, 0x20, 0x03,
-	0x28, 0x09, 0x52, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x22, 0xf2,
-	0x02, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4c, 0x69, 0x73,
-	0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e,
-	0x65, 0x72, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x4b, 0x0a, 0x0c, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69,
-	0x6e, 0x65, 0x72, 0x4d, 0x61, 0x70, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x70,
+	0x8d, 0x01, 0x0a, 0x0d, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x44, 0x61, 0x74,
+	0x61, 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x18,
+	0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4c, 0x69, 0x73,
+	0x74, 0x12, 0x24, 0x0a, 0x0d, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x45, 0x6e, 0x61, 0x62, 0x6c,
+	0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+	0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x36, 0x0a, 0x0e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x44, 0x61, 0x74, 0x61, 0x4c, 0x69, 0x73, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52,
+	0x0e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x44, 0x61, 0x74, 0x61, 0x4c, 0x69, 0x73, 0x74, 0x22,
+	0x6e, 0x0a, 0x14, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x4c, 0x69, 0x73, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x36, 0x0a, 0x0e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x44, 0x61, 0x74, 0x61, 0x4c, 0x69, 0x73, 0x74, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32,
+	0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52,
+	0x0e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x44, 0x61, 0x74, 0x61, 0x4c, 0x69, 0x73, 0x74, 0x22,
+	0xf2, 0x02, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4c, 0x69,
+	0x73, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69,
+	0x6e, 0x65, 0x72, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x4b, 0x0a, 0x0c, 0x63, 0x6f, 0x6e, 0x74, 0x61,
+	0x69, 0x6e, 0x65, 0x72, 0x4d, 0x61, 0x70, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e,
+	0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4d, 0x61,
+	0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65,
+	0x72, 0x4d, 0x61, 0x70, 0x12, 0x3c, 0x0a, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x4d, 0x61, 0x70, 0x18,
+	0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50,
+	0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x48, 0x6f, 0x73,
+	0x74, 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x4d,
+	0x61, 0x70, 0x1a, 0x56, 0x0a, 0x11, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4d,
+	0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2b, 0x0a, 0x05, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x52,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x58, 0x0a, 0x0c, 0x48, 0x6f,
+	0x73, 0x74, 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65,
+	0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x32, 0x0a, 0x05,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74,
+	0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x3a, 0x02, 0x38, 0x01, 0x2a, 0x6e, 0x0a, 0x0c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x53, 0x74,
+	0x61, 0x74, 0x75, 0x73, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x10,
+	0x00, 0x12, 0x0b, 0x0a, 0x07, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x65, 0x64, 0x10, 0x01, 0x12, 0x0b,
+	0x0a, 0x07, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x4d,
+	0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x64, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x4e, 0x6f, 0x74,
+	0x45, 0x78, 0x69, 0x73, 0x74, 0x10, 0x04, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x6e, 0x76, 0x61, 0x6c,
+	0x69, 0x64, 0x10, 0x05, 0x12, 0x0e, 0x0a, 0x0a, 0x4e, 0x6f, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c,
+	0x65, 0x64, 0x10, 0x06, 0x32, 0x4d, 0x0a, 0x0c, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x12, 0x3d, 0x0a, 0x0c, 0x67, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x62, 0x65,
+	0x44, 0x61, 0x74, 0x61, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x15, 0x2e, 0x70,
 	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4d, 0x61, 0x70,
-	0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72,
-	0x4d, 0x61, 0x70, 0x12, 0x3c, 0x0a, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x4d, 0x61, 0x70, 0x18, 0x03,
-	0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x72,
-	0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x48, 0x6f, 0x73, 0x74,
-	0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x68, 0x6f, 0x73, 0x74, 0x4d, 0x61,
-	0x70, 0x1a, 0x56, 0x0a, 0x11, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4d, 0x61,
-	0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x2b, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x44, 0x61, 0x74, 0x61, 0x52, 0x05,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x58, 0x0a, 0x0c, 0x48, 0x6f, 0x73,
-	0x74, 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x32, 0x0a, 0x05, 0x76,
-	0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x6f, 0x6c,
-	0x69, 0x63, 0x79, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79,
-	0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a,
-	0x02, 0x38, 0x01, 0x2a, 0x6e, 0x0a, 0x0c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x53, 0x74, 0x61,
-	0x74, 0x75, 0x73, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x10, 0x00,
-	0x12, 0x0b, 0x0a, 0x07, 0x41, 0x70, 0x70, 0x6c, 0x69, 0x65, 0x64, 0x10, 0x01, 0x12, 0x0b, 0x0a,
-	0x07, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x4d, 0x6f,
-	0x64, 0x69, 0x66, 0x69, 0x65, 0x64, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x4e, 0x6f, 0x74, 0x45,
-	0x78, 0x69, 0x73, 0x74, 0x10, 0x04, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69,
-	0x64, 0x10, 0x05, 0x12, 0x0e, 0x0a, 0x0a, 0x4e, 0x6f, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
-	0x64, 0x10, 0x06, 0x32, 0x4d, 0x0a, 0x0c, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x53, 0x65, 0x72, 0x76,
-	0x69, 0x63, 0x65, 0x12, 0x3d, 0x0a, 0x0c, 0x67, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x44,
-	0x61, 0x74, 0x61, 0x12, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x15, 0x2e, 0x70, 0x6f,
-	0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x32, 0x74, 0x0a, 0x0d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x53, 0x65, 0x72, 0x76,
-	0x69, 0x63, 0x65, 0x12, 0x33, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72,
-	0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
-	0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x10, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
-	0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2e, 0x0a, 0x0a, 0x68, 0x6f, 0x73, 0x74,
-	0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
-	0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x10, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e,
-	0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68,
-	0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x62, 0x65, 0x61, 0x72, 0x6d, 0x6f, 0x72,
-	0x2f, 0x4b, 0x75, 0x62, 0x65, 0x41, 0x72, 0x6d, 0x6f, 0x72, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x50, 0x00, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x6e, 0x73, 0x65, 0x32, 0x74, 0x0a, 0x0d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x12, 0x33, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65,
+	0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+	0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x10, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+	0x2e, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2e, 0x0a, 0x0a, 0x68, 0x6f, 0x73,
+	0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+	0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x10, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+	0x2e, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74,
+	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6b, 0x75, 0x62, 0x65, 0x61, 0x72, 0x6d, 0x6f,
+	0x72, 0x2f, 0x4b, 0x75, 0x62, 0x65, 0x41, 0x72, 0x6d, 0x6f, 0x72, 0x2f, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x50, 0x00, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -440,22 +463,24 @@ var file_policy_proto_goTypes = []any{
 	(*empty.Empty)(nil),          // 8: google.protobuf.Empty
 }
 var file_policy_proto_depIdxs = []int32{
-	0, // 0: policy.response.status:type_name -> policy.PolicyStatus
-	6, // 1: policy.ProbeResponse.containerMap:type_name -> policy.ProbeResponse.ContainerMapEntry
-	7, // 2: policy.ProbeResponse.hostMap:type_name -> policy.ProbeResponse.HostMapEntry
-	3, // 3: policy.ProbeResponse.ContainerMapEntry.value:type_name -> policy.ContainerData
-	4, // 4: policy.ProbeResponse.HostMapEntry.value:type_name -> policy.HostSecurityPolicies
-	8, // 5: policy.ProbeService.getProbeData:input_type -> google.protobuf.Empty
-	2, // 6: policy.PolicyService.containerPolicy:input_type -> policy.policy
-	2, // 7: policy.PolicyService.hostPolicy:input_type -> policy.policy
-	5, // 8: policy.ProbeService.getProbeData:output_type -> policy.ProbeResponse
-	1, // 9: policy.PolicyService.containerPolicy:output_type -> policy.response
-	1, // 10: policy.PolicyService.hostPolicy:output_type -> policy.response
-	8, // [8:11] is the sub-list for method output_type
-	5, // [5:8] is the sub-list for method input_type
-	5, // [5:5] is the sub-list for extension type_name
-	5, // [5:5] is the sub-list for extension extendee
-	0, // [0:5] is the sub-list for field type_name
+	0,  // 0: policy.response.status:type_name -> policy.PolicyStatus
+	2,  // 1: policy.ContainerData.policyDataList:type_name -> policy.policy
+	2,  // 2: policy.HostSecurityPolicies.policyDataList:type_name -> policy.policy
+	6,  // 3: policy.ProbeResponse.containerMap:type_name -> policy.ProbeResponse.ContainerMapEntry
+	7,  // 4: policy.ProbeResponse.hostMap:type_name -> policy.ProbeResponse.HostMapEntry
+	3,  // 5: policy.ProbeResponse.ContainerMapEntry.value:type_name -> policy.ContainerData
+	4,  // 6: policy.ProbeResponse.HostMapEntry.value:type_name -> policy.HostSecurityPolicies
+	8,  // 7: policy.ProbeService.getProbeData:input_type -> google.protobuf.Empty
+	2,  // 8: policy.PolicyService.containerPolicy:input_type -> policy.policy
+	2,  // 9: policy.PolicyService.hostPolicy:input_type -> policy.policy
+	5,  // 10: policy.ProbeService.getProbeData:output_type -> policy.ProbeResponse
+	1,  // 11: policy.PolicyService.containerPolicy:output_type -> policy.response
+	1,  // 12: policy.PolicyService.hostPolicy:output_type -> policy.response
+	10, // [10:13] is the sub-list for method output_type
+	7,  // [7:10] is the sub-list for method input_type
+	7,  // [7:7] is the sub-list for extension type_name
+	7,  // [7:7] is the sub-list for extension extendee
+	0,  // [0:7] is the sub-list for field type_name
 }
 
 func init() { file_policy_proto_init() }
diff --git a/protobuf/policy.proto b/protobuf/policy.proto
index dfac81e250..c365a2014b 100644
--- a/protobuf/policy.proto
+++ b/protobuf/policy.proto
@@ -27,10 +27,14 @@ message policy {
 message ContainerData {
   repeated string policyList = 1;
   int32 policyEnabled = 2;
+  repeated policy policyDataList = 3;
 }
+
 message HostSecurityPolicies {
   repeated string policyList = 1;
+  repeated policy policyDataList = 2;
 }
+
 message ProbeResponse {
    repeated string containerList = 1;
    map<string, ContainerData> containerMap = 2;
diff --git a/protobuf/policy_grpc.pb.go b/protobuf/policy_grpc.pb.go
index 7d64932b08..1bd5bd3ba4 100644
--- a/protobuf/policy_grpc.pb.go
+++ b/protobuf/policy_grpc.pb.go
@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
-// - protoc-gen-go-grpc v1.4.0
+// - protoc-gen-go-grpc v1.5.1
 // - protoc             v3.12.4
 // source: policy.proto
 
@@ -16,8 +16,8 @@ import (
 
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.62.0 or later.
-const _ = grpc.SupportPackageIsVersion8
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
 
 const (
 	ProbeService_GetProbeData_FullMethodName = "/policy.ProbeService/getProbeData"
@@ -50,18 +50,22 @@ func (c *probeServiceClient) GetProbeData(ctx context.Context, in *empty.Empty,
 
 // ProbeServiceServer is the server API for ProbeService service.
 // All implementations should embed UnimplementedProbeServiceServer
-// for forward compatibility
+// for forward compatibility.
 type ProbeServiceServer interface {
 	GetProbeData(context.Context, *empty.Empty) (*ProbeResponse, error)
 }
 
-// UnimplementedProbeServiceServer should be embedded to have forward compatible implementations.
-type UnimplementedProbeServiceServer struct {
-}
+// UnimplementedProbeServiceServer should be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedProbeServiceServer struct{}
 
 func (UnimplementedProbeServiceServer) GetProbeData(context.Context, *empty.Empty) (*ProbeResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetProbeData not implemented")
 }
+func (UnimplementedProbeServiceServer) testEmbeddedByValue() {}
 
 // UnsafeProbeServiceServer may be embedded to opt out of forward compatibility for this service.
 // Use of this interface is not recommended, as added methods to ProbeServiceServer will
@@ -71,6 +75,13 @@ type UnsafeProbeServiceServer interface {
 }
 
 func RegisterProbeServiceServer(s grpc.ServiceRegistrar, srv ProbeServiceServer) {
+	// If the following call pancis, it indicates UnimplementedProbeServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
 	s.RegisterService(&ProbeService_ServiceDesc, srv)
 }
 
@@ -151,15 +162,18 @@ func (c *policyServiceClient) HostPolicy(ctx context.Context, in *Policy, opts .
 
 // PolicyServiceServer is the server API for PolicyService service.
 // All implementations should embed UnimplementedPolicyServiceServer
-// for forward compatibility
+// for forward compatibility.
 type PolicyServiceServer interface {
 	ContainerPolicy(context.Context, *Policy) (*Response, error)
 	HostPolicy(context.Context, *Policy) (*Response, error)
 }
 
-// UnimplementedPolicyServiceServer should be embedded to have forward compatible implementations.
-type UnimplementedPolicyServiceServer struct {
-}
+// UnimplementedPolicyServiceServer should be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedPolicyServiceServer struct{}
 
 func (UnimplementedPolicyServiceServer) ContainerPolicy(context.Context, *Policy) (*Response, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method ContainerPolicy not implemented")
@@ -167,6 +181,7 @@ func (UnimplementedPolicyServiceServer) ContainerPolicy(context.Context, *Policy
 func (UnimplementedPolicyServiceServer) HostPolicy(context.Context, *Policy) (*Response, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method HostPolicy not implemented")
 }
+func (UnimplementedPolicyServiceServer) testEmbeddedByValue() {}
 
 // UnsafePolicyServiceServer may be embedded to opt out of forward compatibility for this service.
 // Use of this interface is not recommended, as added methods to PolicyServiceServer will
@@ -176,6 +191,13 @@ type UnsafePolicyServiceServer interface {
 }
 
 func RegisterPolicyServiceServer(s grpc.ServiceRegistrar, srv PolicyServiceServer) {
+	// If the following call pancis, it indicates UnimplementedPolicyServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
 	s.RegisterService(&PolicyService_ServiceDesc, srv)
 }