Example of a basic solution security policy
Below is a basic solution security policy in which "everything is allowed" for a solution consisting of Client and Server user entities, an Einit entity, and the KasperskyOS kernel provided by the kl.core.Core entity.
This policy allows the following:
- All interactions between entities (sending any requests and responses)
- Startup of all entities
Use of this security policy is unacceptable in real solutions. A more complex solution security policy is shown in the ping example.
security.psl
execute: kl.core.Execute
use nk.base._
use EDL Einit
use EDL kl.core.Core
use EDL Client
use EDL Server
/* Startup of entities is allowed */
execute {
grant ()
}
/* Sending and receiving requests, responses and errors is allowed.
This means that any entity can call the methods of other entities and the kernel. */
request {
grant ()
}
response {
grant ()
}
error {
grant ()
}
/* Whenever the Kaspersky Security Module is queried,
* the "allowed" decision will always be received. */
security {
grant ()
}