allow policy

Determines whether the current state of the security domain is on the states list specified in the policy configuration.

In contrast to the deny policy, the allow policy allows event if the current state is on the passed list.

Type: call policy

Syntax

allow <configuration> (in SID sid)

Parameters

sid	SID of the security domain associated with the finite-state machine.

Policy configuration

<configuration> ::= <states>

<states> ::= "[" <state> {"," <state>} "]"

Configuration elements

<states>	JSON array of states to check.
<state>	State name

Returned value

KSS_GRANT, if the current state is included in <states>.

KSS_DENY in the following cases:

• The current state is not included in <states>.
• The finite-state machine has not been initialized for the specified SID.
• The specified SID of the domain is incorrect.

Example

...

policy if_started = service_flow.allow [started];

entity service {

security call use [self] = if_started(self);

}

Page top