Creating policy class objects

To use class policies, you need to first create an object of this class by using a modular policy object declaration:

policy object <object name> : <Class Name> { ... }

When creating a class object, you must define the types it contains and indicate its configuration.

For example, for a Flow class object (finite-state machine implementation):

• The States type describes all possible states of the finite-state machine.
• The configuration describes the initial state of the finite-state machine and the transitions between them.

  /* Creates a "Flow" class object. Name of the new object: request_state. */

  policy object request_state : Flow {

  type States = "ping_next" | "pong_next"

  config = {

  states : ["ping_next", "pong_next"],

  initial : "ping_next",

  transitions : {

  "not_sent" : ["pong_next"],

  "sent" : ["ping_next"]

  }

  }

  }

Each class object is an implementation of a security model with its own internal state. This state can be global or can be linked to a specific user resource. Some rule policies can change this state and define the rights to access a resource based on the current state.

Detailed descriptions of configurations for different classes are provided in the section titled "Security policy classes".

Page top