Before analyzing examples, you need to become familiar with the Base security model.
Processing the initiation of process startups
/* The KasperskyOS kernel and any process
* in the solution is allowed to start any
* process. */
execute { grant () }
/* The kernel is allowed to start a process
* of the Einit class. */
execute src=kl.core.Core, dst=Einit { grant () }
/* An Einit-class process is allowed
* to start any process in the solution. */
execute src=Einit { grant () }
Handling the startup of the KasperskyOS kernel
/* The KasperskyOS kernel is allowed to start.
* (This binding is necessary so that the security
* module can be notified of the kernel SID. The kernel starts irrespective
* of whether this is allowed by the solution security policy
* or denied. If the solution security policy denies the
* startup of the kernel, after startup the kernel will terminate its
* execution.) */
execute src=kl.core.Core, dst=kl.core.Core { grant () }
Handling IPC request forwarding
/* Any client in the solution is allowed to query
* any server and the KasperskyOS kernel. */
request { grant () }
/* A client of the Client class is allowed to query
* any server in the solution and the kernel. */
request src=Client { grant () }
/* Any client in the solution is allowed to query
* a server of the Server class. */
request dst=Server { grant () }
/* A client of the Client class is not allowed to
* query a server of the Server class. */
request src=Client dst=Server { deny () }
/* A client of the Client class is allowed to
* query a server of the Server class
* by calling the Ping method of the net.Net endpoint. */
request src=Client dst=Server endpoint=net.Net method=Ping {
grant ()
}
/* Any client in the solution is allowed to query
* a server of the Server class by calling the Send method
* of the endpoint with the MessExch interface. */
request dst=Server interface=MessExch method=Send {
grant ()
}
Handling IPC response forwarding
/* A server of the Server class is allowed to respond to
* queries of a Client-class client that
* calls the Ping method of the net.Net endpoint. */
response src=Server, dst=Client, endpoint=net.Net, method=Ping {
grant ()
}
/* The server containing the kl.drivers.KIDF component
* that provide endpoints with the monitor interface is allowed to
* respond to queries of a DriverManager-class client
* that uses these endpoints. */
response dst=DriverManager component=kl.drivers.KIDF interface=monitor {
grant ()
}
Handling the transmission of IPC responses containing error information
/* A server of the Server class is not allowed to notify a client
* of the Client class regarding errors that occur
* when the client queries the server by calling the
* Ping method of the net.Net endpoint. */
error src=Server, dst=Client, endpoint=net.Net, method=Ping {
deny ()
}
Handling queries sent by processes to the Kaspersky Security Module
/* A process of the Sdcard class will receive the
* "granted" decision from the Kaspersky Security Module
/* by calling the Register method of the security interface.
* (Using the security interface defined
* in the EDL description.) */
security src=Sdcard, method=Register {
grant ()
}
/* A process of the Sdcard class will receive the "denied" decision
* from the security module when calling the Comp.Register method
* of the security interface. (Using the security interface
* defined in the CDL description.) */
security src=Sdcard, method=Comp.Register {
deny ()
}
Using match sections
/* A client of the Client class is allowed to query
* a server of the Server class by calling the Send
* and Receive methods of the net endpoint. */
request src=Client, dst=Server, endpoint=net {
match method=Send { grant () }
match method=Receive { grant () }
}
/* A client of the Client class is allowed to query
* a server of the Server class by calling the Send
* and Receive methods of the sn.Net endpoint and the Write and
* Read methods of the sn.Storage endpoint. */
request src=Client, dst=Server {
match endpoint=sn.Net {
match method=Send { grant () }
match method=Receive { grant () }
}
match endpoint=sn.Storage {
match method=Write { grant () }
match method=Read { grant () }
}
}
Setting audit profiles
/* Set the default global audit profile
* and initial audit runtime-level of 0 */
audit default = global 0
request src=Client, dst=Server {
/* Set the parent audit profile at the level of
* binding methods of security models to
* security events */
audit parent
match endpoint=net.Net, method=Send {
/* Set a child audit profile at the
* match section level */
audit child
grant ()
}
/* This match section applies a
* parent audit profile. */
match endpoint=net.Net, method=Receive {
grant ()
}
}
/* This binding of the security model method
* to the security event utilizes the
* global audit profile. */
response src=Client, dst=Server {
grant ()
}
Page top