Mic security model delete rule

delete { source : <Sid>

, target : <Sid>

, container : <Sid | ()>

, driver : <Sid>

}

Unassigns the integrity level from the target resource in the following situation:

• The source process initiates deletion of the target resource.
• The target resource is managed by the driver subject, which is the resource provider or the KasperskyOS kernel.
• The container resource is a container for the target resource (for example, a directory is a container for files and/or other directories).

If the container field has the value (), the target resource is considered to be the root resource, which means that it has no container.

The rule returns the "granted" result if it unassigned the integrity level from the target resource.

The rule returns the "denied" result in the following cases:

• The integrity level of the target resource exceeds the integrity level of the source process or driver subject.
• The integrity level of the target resource is incomparable to the integrity level of the source process or driver subject.
• An integrity level was not assigned to the source process, driver subject, target resource or container resource.
• The value of source, target, container or driver is outside of the permissible range.

Example:

/* Any client in the solution will be allowed to query a server of the foo class

* updater.Realmserv class by calling the del method of the realm.Reader endpoint if the

* integrity level will be unassigned from the resource whose deletion is requested by the client.

* Otherwise, any client in the solution will be prohibited from querying a server of the

* updater.Realmserv class by calling the del method of the realm.Reader endpoint. */

request dst=updater.Realmserv,

endpoint=realm.Reader {

match method=del {

mic.delete { source : src_sid

, target : message.handle.handle

, container : ()

, driver : dst_sid

}

}

}

Page top