Mic security model upgrade rule

upgrade { source : <Sid>

, target : <Sid>

, container : <Sid | ()>

, driver : <Sid>

, level : <Level | ...>

}

This elevates the previously assigned integrity level of the target resource to the specified level in the following situation:

• The source process initiates elevation of the integrity level of the target resource.
• The target resource is managed by the driver subject, which is the resource provider or the KasperskyOS kernel.
• The container resource is a container for the target resource (for example, a directory is a container for files and/or other directories).

If the container value is not defined (container : ()), the target resource is considered to be the root resource, which means that it has no container.

To define the integrity level, values of the Level type are used. For the definition of the Level type, see "Mic security model create rule".

The rule returns the "granted" result if it elevated the previously assigned integrity level of the target resource to the level value.

The rule returns the "denied" result in the following cases:

• The level value does not exceed the integrity level of the target resource.
• The level value exceeds the integrity level of the source process, driver subject or container resource.
• The integrity level of the target resource exceeds the integrity level of the source process.
• An integrity level was not assigned to the source process, driver subject, or container resource.
• The value of source, target, container or driver is outside of the permissible range.