KasperskyOS Community Edition 1.1
English

Contents

Mic security model create rule

create { source : <Sid>

, target : <Sid>

, container : <Sid | ()>

, driver : <Sid>

, level : <Level | ... | ()>

}

Assign the specified integrity level to the target resource in the following situation:

  • The source process initiates creation of the target resource.
  • The target resource is managed by the driver subject, which is the resource provider or the KasperskyOS kernel.
  • The container resource is a container for the target resource (for example, a directory is a container for files and/or other directories).

If the container value is not defined (container : ()), the target resource is considered to be the root resource, which means that it has no container.

To define the integrity level, values of the Level type are used:

type Level = LevelFull | LevelNoCategory

type LevelFull =

{ degree : Text | ()

, categories : List<Text> | ()

}

type LevelNoCategory = Text

The rule returns the "granted" result if a specific integrity level was assigned to the target resource.

The rule returns the "denied" result in the following cases:

  • The level value exceeds the integrity level of the source process, driver subject or container resource.
  • The level value is incomparable to the integrity level of the source process, driver subject or container resource.
  • An integrity level was not assigned to the source process, driver subject, or container resource.
  • The value of source, target, container or driver is outside of the permissible range.

Example:

/* A server of the updater.Realmserv class will be allowed to respond to

* queries of any client in the solution calling the resolve method

* of the realm.Reader endpoint if the resource whose creation is requested

* by the client will be assigned the LOW integrity level during response initiation.

* Otherwise a server of the updater.Realmserv class will be prohibited from responding to

* queries of any client calling the resolve method of the realm.Reader endpoint. */

response src=updater.Realmserv,

endpoint=realm.Reader {

match method=resolve {

mic.create { source : dst_sid

, target : message.handle.handle

, container : ()

, driver : src_sid

, level : "LOW"

}

}

}

Page top
[Topic ssp_descr_security_models_mic_create]