The policy statement lets you define a new alias for a policy with a defined configuration. You can define aliases for the same policy with different configurations. Aliases are top-level declarations; they are visible within the entire configuration file.
You can redefine the configuration of an alias in the following ways:
The new configuration is based on the configuration of the parent alias according to the following rules:
key: value pair is added for each new key.Examples of redefining a configuration are shown below.
Syntax
<alias-policy-entry> ::= "policy" <alias-policy-name> "="
<related-policy> [<configuration>] ";"
<related-policy> ::= <alias-policy-name>
| <family-instance-name> "." <policy-name>
Elements
|
Alias of the configured instance of the security policy. |
|
Link to a policy or to another alias for which a new alias is declared. |
|
Name of the family instance. |
|
Name of the policy. |
|
JSON configuration of the policy instance. The configuration is processed by the parser specified in the |
Example
policy tl_action = tl_instance.control [action];
/* tl_stop is equivalent to tl_stop_ because the configuration
of a policy consists of an array that will be overwritten. */
policy tl_stop = tl_instance.control [stop];
policy tl_stop_ = tl_action [stop];
/* The alias "initApp" is used to define the type
of app by default. The aliases "initReadOnly" and
"initRW" additionally define access rights. */
policy initApp = ocap_instance.initR {type: Application};
policy initReadOnly = initApp {rights: [Read]};
policy initRW = initApp {rights: [Read,Write]};
/* Create an alias for the file system by redefining
the type of capability in the "initRW" alias configuration. */
policy initFS = initRW {type: FS};
Page top