The execute statement is intended for specifying the system execute-interface that describes the entity start variants.
An entity start variant is a Kaspersky Security System interface method that is queried when an entity is started. By binding entity start variants to policies, you can initialize a security context in various ways.
Entity start variants are not bound to an entry point, which is the main function by default.
Entity start variants from the specified execute-interface are top-level declarations: they are visible within the entire configuration file.
Each entity start variant is described by a method in the system execute-interface using the IDL language.
The KasperskyOS Starter Kit uses the execute.execute execute-interface, which contains one entity start variant – the main method without parameters.
Syntax
<execute-interface-entry> ::=
"execute" "=" <full-interface-name> ";"
Elements
|
Full name of the interface described in the IDL language. It has the following format:
|
Example
security.cfg
/* Use the IExecute interface as the system execute-interface. */
execute = PExecute.IExecute;
...
entity foo {
/* Allow start of "foo" using the "main" method. */
execute call main = grant;
}
entity foo1 {
/* When starting "foo1" using the "main" method, assign the "some_role" to it. */
execute call main [parent, self] = rbac_instance.setRole "some_role" (self);
}
...
PExecute.idl
package PExecute
/* Description of the execute interface. */
interface IExecute{
main();
}
Page top