KasperskyOS Community Edition 1.2
Mic security model delete rule
delete { source : <Sid>
, target : <Sid>
, container : <Sid | ()>
, driver : <Sid>
}
Unassigns the integrity level from the target resource in the following situation:
- The
sourceprocess initiates deletion of thetargetresource. - The
targetresource is managed by thedriversubject, which is the resource provider or the KasperskyOS kernel. - The
containerresource is a container for thetargetresource (for example, a directory is a container for files and/or other directories).
If the container field has the value (), the target resource is considered to be the root resource, which means that it has no container.
The rule returns the "granted" result if it unassigned the integrity level from the target resource.
The rule returns the "denied" result in the following cases:
- The integrity level of the
targetresource exceeds the integrity level of thesourceprocess ordriversubject. - The integrity level of the
targetresource is incomparable to the integrity level of thesourceprocess ordriversubject. - An integrity level was not assigned to the
sourceprocess,driversubject,targetresource orcontainerresource. - The value of
source,target,containerordriveris outside of the permissible range.
Example:
/* Any client in the solution will be allowed to query a server of the foo class
* updater.Realmserv class by calling the del method of the realm.Reader endpoint if the
* integrity level will be unassigned from the resource whose deletion is requested by the client.
* Otherwise, any client in the solution will be prohibited from querying a server of the
* updater.Realmserv class by calling the del method of the realm.Reader endpoint. */
request dst=updater.Realmserv,
endpoint=realm.Reader {
match method=del {
mic.delete { source : src_sid
, target : message.handle.handle
, container : ()
, driver : dst_sid
}
}
}
Article ID: ssp_descr_security_models_mic_delete, Last review: May 21, 2024