KasperskyOS Community Edition 1.0
English

Contents

Flow security model query expression

query {sid : <Sid>}

It is intended to be used as an expression that verifies fulfillment of the conditions in the choice construct (for details on the choice construct, see "Binding methods of security models to security events"). It checks the state of the finite-state machine associated with the resource that has the security ID sid. Depending on the results of this check, various options for security event processing can be performed.

It runs incorrectly in the following cases:

  • The resource with the security ID sid is not associated with a finite-state machine of the Flow security model object being used.
  • Security ID sid is out of the permissible range.

If the expression runs incorrectly, the Kaspersky Security Module returns the "denied" decision.

Example:

/* Any client in the solution is allowed to

* query a server of the ResourceDriver class

* if the finite-state machine associated with this

* server is in the started or

* stopped state. Otherwise any client in the solution

* is prohibited from querying a server in the class of

*ResourceDriver. */

request dst=ResourceDriver {

choice (service_flow.query {sid : dst_sid}) {

"started" : grant ()

"stopped" : grant ()

_ : deny ()

}

}

Page top
[Topic ssp_descr_security_models_flow_query]