Each instance of the te family implements an access control model based on the permissions matrix and the inheritance matrix defined in Type Enforcement terms. These matrices are defined in the configuration of the te family instance.
Family instance configuration
<family-configuration> ::= "{"
<permissions> ","
<types> ","
<images> ","
<allows> ","
<transitions>
"}"
<types> ::= "types" ":" "[" <type> {"," <type>} "]"
<permissions>::= "permissions" ":" "[" <permission>
{"," <permission>} "]"
<images> ::= "images" ":" "[" <image> {"," <image>} "]"
<allows> ::= "allows" ":" "[" <allow> {"," <allow>} "]"
<allow> ::= "{" <source> ":" "{"
<target> ":" <source-permissions> "}"
<source ::= <type>
<target> ::= <type>
<source-permissions> ::= "[ ]" | "[" <permission>
{"," <permission>} "]"
<transitions>::= "transitions" ":" "[" <transition>
{"," <transition>} "]"
<transition> ::= "{" <ancestor> ":" "{"
<child-image> ":" <descendants>
"}"
<ancestor> ::= <type> | "*"
<child-image> ::= <image> | "*"
<descendants> ::= "[ ]" | "[" <descendant> {"," <descendants>} "]"
<descendant> ::= <type> | "*"
Family instance configuration elements
|
List of possible permissions. |
|
List of possible types. |
|
List of possible images. |
|
Permissions matrix. |
|
Type of subject calling the object. |
|
Type of object that is called. |
|
Array of the subject's permissions for the specified object. This can be blank. |
|
Inheritance matrix. |
|
Type inheritance rule. |
|
Parent type. This must be specified in |
|
Image of the inheritor for the specified parent type. The special character |
|
Array of child types for the specified image and parent type. This can be blank. |
|
Possible child type. If the special character |