Flow class object

A Flow class object is an implementation of a finite-state machine whose description is given in the object configuration.

Object configuration

A Flow class object configuration contains the following elements:

• type States – type determining the set of permissible internal states.

  By default, any string values are permitted. When creating a class object, you must specify this type before the list of permissible string values combined with the | (OR) character.

• config
  • states – set of internal states.
  • initial – initial state.
  • transitions – table of transitions between states. For each current state, you can view the list of possible states that it can transition to.

All configuration parameters are required when creating a class object.

Audit configuration

When declaring an audit profile, a Flow class object contains the following fields for audit configuration:

{ <object name>:

{ kss: [ "granted", "denied" ]

, omit: [<states>] // list of an object's internal states in which the results of policy calls are not recorded in the audit log.

}

Example

security.psl

...

use nk.flow._

/* service_flow – example implementation of an abstract service

with a configuration comprised of four states.

Subsequent examples of using the Flow class are based on this example. */

policy object service_flow : Flow {

type States = "sleep" | "started" | "stopped" | "finished"

config = {

states : ["sleep", "started", "stopped", "finished"],

initial : "sleep",

transitions : {

"sleep" : ["started"],

"started" : ["stopped", "finished"],

"stopped" : ["started", "finished"]

}

}

}

Example of a finite-state machine used in this section

Page top