KasperskyOS Community Edition 1.0
English

Contents

Flow security model allow rule

allow {sid : <Sid>, states : <Set<State>>}

It verifies that the state of the finite-state machine associated with the resource that has the security ID sid is in the set of defined states.

It returns the "allowed" result if the state of the finite-state machine is in the set of defined states.

It returns the "denied" result in the following cases:

  • The state of the finite-state machine is not in the set of defined states.
  • The resource with the security ID sid is not associated with a finite-state machine of the Flow security model object being used.
  • Security ID sid is out of the permissible range.

Example:

/* Any client in the solution is allowed to query a server

* of the Server class if the finite-state machine associated with this server

* is in the started or stopped state. Otherwise any client

* in the solution will be prohibited from querying a server of the Server class. */

request dst=Server {

service_flow.allow {sid : dst_sid, states : ["started", "stopped"]}

}

Page top
[Topic ssp_descr_security_models_flow_allow]