Mic security model read rule

read {source : <Sid>, target : <Sid>}

This verifies that the source resource consumer is allowed to read data from the target resource.

It returns the "allowed" result in the following cases:

• The integrity level of the source resource consumer does not exceed the integrity level of the target resource.
• The integrity level of the source resource consumer exceeds the integrity level of the target resource, but the minimum integrity level of subjects and resources from which the source resource consumer can receive data does not exceed the integrity level of the target resource.
• The integrity level of the source resource consumer is incomparable to the integrity level of the target resource, but the minimum integrity level of subjects and resources from which the source resource consumer can receive data does not exceed the integrity level of the target resource.

It returns the "denied" result in the following cases:

• The integrity level of the source resource consumer exceeds the integrity level of the target resource, and the minimum integrity level of subjects and resources from which the source resource consumer can receive data exceeds the integrity level of the target resource.
• The integrity level of the source resource consumer exceeds the integrity level of the target resource, and the minimum integrity level of subjects and resources from which the source resource consumer can receive data is incomparable to the integrity level of the target resource.
• The integrity level of the source resource consumer is incomparable to the integrity level of the target resource, and the minimum integrity level of subjects and resources from which the source resource consumer can receive data exceeds the integrity level of the target resource.
• The integrity level of the source resource consumer is incomparable to the integrity level of the target resource, and the minimum integrity level of subjects and resources from which the source resource consumer can receive data is incomparable to the integrity level of the target resource.
• An integrity level was not assigned to the source resource consumer or to the target resource.
• The source or target value is outside of the permissible range.

Example:

/* Any client in the solution is allowed to query a server of

* the updater.Realmserv class by calling the read method of the

* realm.Reader service if the Mic security model permits

* this client to read data from the resource needed by

* this client. Otherwise any client in the solution is prohibited from

* querying a server of the updater.Realmserv class by calling

* the read method of the realm.Reader endpoint. */

request dst=updater.Realmserv,

endpoint=realm.Reader {

match method=read {

mic.read { source : src_sid

, target : message.handle.handle

}

}

}

Page top