upgrade { source : <Sid>
, target : <Sid>
, container : <Sid | ()>
, driver : <Sid>
, level : <Level | ...>
}
This elevates the previously assigned integrity level of the target
resource to the specified level
in the following situation:
source
process initiates elevation of the integrity level of the target
resource.target
resource is managed by the driver
subject, which is the resource provider or the KasperskyOS kernel.container
resource is a container for the target
resource (for example, a directory is a container for files and/or other directories).If the container
value is not defined (container : ()
), the target
resource is considered to be the root resource, which means that it has no container.
To define the integrity level
, values of the Level
type are used. For the definition of the Level
type, see "Mic security model create rule".
The rule returns the "granted" result if it elevated the previously assigned integrity level of the target
resource to the level
value.
The rule returns the "denied" result in the following cases:
level
value does not exceed the integrity level of the target
resource.level
value exceeds the integrity level of the source
process, driver
subject or container
resource.target
resource exceeds the integrity level of the source
process.source
process, driver
subject, or container
resource.source
, target
, container
or driver
is outside of the permissible range.