HashSet security model contains expression
contains {sid : <Sid>, entry : <Entry>}
It checks whether the entry value is in the table associated with the resource that has the security ID sid.
It returns a value of the Boolean type. If the entry value is in the table, it returns true. Otherwise it returns false.
It runs incorrectly in the following cases:
- The resource with the security ID
sidis not associated with a table from the tables pool of the HashSet security model object being used. - Security ID
sidis out of the permissible range.
If the expression runs incorrectly, the Kaspersky Security Module returns the "denied" decision.
Example:
/* An entity of the Server class will receive the "allowed" decision
* from the Kaspersky Security Module by calling the method
* of the Check security interface if the value 42
* is in the table associated with this entity.
* Otherwise the entity of the Server class will receive the "denied" decision
* from the security module by calling the method of the
* Check security interface. */
security src=Server, method=Check {
assert(S.contains {sid : src_sid, entry : 42})
}