read {source : <Sid>, target : <Sid>}
This verifies that the source
resource consumer is allowed to read data from the target
resource.
It returns the "allowed" result in the following cases:
source
resource consumer does not exceed the integrity level of the target
resource.source
resource consumer exceeds the integrity level of the target
resource, but the minimum integrity level of subjects and resources from which the source
resource consumer can receive data does not exceed the integrity level of the target
resource.source
resource consumer is incomparable to the integrity level of the target
resource, but the minimum integrity level of subjects and resources from which the source
resource consumer can receive data does not exceed the integrity level of the target
resource.It returns the "denied" result in the following cases:
source
resource consumer exceeds the integrity level of the target
resource, and the minimum integrity level of subjects and resources from which the source
resource consumer can receive data exceeds the integrity level of the target
resource.source
resource consumer exceeds the integrity level of the target
resource, and the minimum integrity level of subjects and resources from which the source
resource consumer can receive data is incomparable to the integrity level of the target
resource.source
resource consumer is incomparable to the integrity level of the target
resource, and the minimum integrity level of subjects and resources from which the source
resource consumer can receive data exceeds the integrity level of the target
resource.source
resource consumer is incomparable to the integrity level of the target
resource, and the minimum integrity level of subjects and resources from which the source
resource consumer can receive data is incomparable to the integrity level of the target
resource.source
resource consumer or to the target
resource.source
or target
value is outside of the permissible range.Example:
/* Any client in the solution is allowed to query a server of
* the updater.Realmserv class by calling the read method of the
* realm.Reader service if the Mic security model permits
* this client to read data from the resource needed by
* this client. Otherwise any client in the solution is prohibited from
* querying a server of the updater.Realmserv class by calling
* the read method of the realm.Reader endpoint. */
request dst=updater.Realmserv,
endpoint=realm.Reader {
match method=read {
mic.read { source : src_sid,
, target : message.handle.handle
}
}
}
Page top