KasperskyOS Community Edition 1.3
English
Developing security policies  >  Describing a security policy for a KasperskyOS-based solution  >  PSL language syntax  >  Including EDL files in a KasperskyOS-based solution security policy description

Including EDL files in a KasperskyOS-based solution security policy description

To include an EDL file for the KasperskyOS kernel in a policy description, use any of the following declarations:

use EDL kl.core.Core task class kl.core.Core : kl.core.Core

To include an EDL file for a program (such as a driver or application) into a policy description, use one of the following declarations:

use EDL <process class name> task class <process class name> : <link to EDL file>

The process class name in the use EDL declaration and the link to the EDL file in the task class declaration represents the EDL file path (without the extension and dot before it) relative to the directory that is included in the set of directories where the nk-psl-gen-c compiler searches for PSL, IDL, CDL, and EDL files. (This set of directories is defined by the -I <path to the directory> parameters when starting the makekss script or the nk-psl-gen-c compiler.) A dot is used as a separator in a path description.

The process class name may differ from the link to the EDL file in the task class declaration. The task class declaration includes the EDL file in the policy description while ignoring the process class name in this file. The process class name specified in the EDL file is replaced by the process class name specified in the declaration. The same EDL file may be included in the policy description multiple times but with different process class names.

Example:

/* Include the UART.edl file that is located in * the KasperskyOS SDK at the path sysroot-*-kos/include/kl/drivers. */ use EDL kl.drivers.UART /* Include the VfsNet.edl file that is located in * the KasperskyOS SDK at the path sysroot-*-kos/include/kl. * The file is included four times with different process class names. */ task class VfsNet : kl.VfsNet task class kl.VfsNet : kl.VfsNet task class kl.VfsNet1 : kl.VfsNet task class kl.VfsNet2 : kl.VfsNet /* The nk-psl-gen-c compiler must be configured to search for * PSL, IDL, CDL, and EDL files in the sysroot-*-kos/include directory. */

In the task class declaration, you do not have to specify the link to the EDL file:

task class <process class name>

This declaration imitates inclusion of an EDL file that contains only the process class name. In other words, if you use this declaration, you don't have to create EDL files containing only the task class or entity declaration.

Example:

/* Imitate the inclusion of an EDL file that contains only * the task class start.Empty declaration. */ task class start.Empty /* Imitate the inclusion of an EDL file that contains only * the task class MyClient declaration. */ task class MyClient

The process class names in EDL file inclusion declarations must be unique within the same policy description irrespective of which of the potential EDL file inclusion declarations are being used.

The nk-psl-gen-c compiler finds IDL and CDL files via EDL files because EDL files contain the names of components and interfaces. CDL files also contain the names of components and interfaces for searching for IDL and CDL files.

Article ID: ssp_descr_psl_syntax_include_edl, Last review: Feb 20, 2025
Page top