KasperskyOS Community Edition includes the pal_tests example, which demonstrates use of the Policy Assertion Language (PAL) when writing tests for a solution security policy. For more details, refer to pal_tests example.
Example 1
/* Test set that includes only one test. */
assert "some tests" {
/* Test that includes six test cases. */
sequence "first sequence" {
/* It is expected that startup of the KasperskyOS kernel is allowed.
* If this is true, the core variable will be assigned the SID value
* of the started kernel process. */
core <- execute dst=kl.core.Core
/* It is expected that the KasperskyOS kernel is allowed to start a process of the Einit class.
* If this is true, the einit variable will be assigned the SID value
* of the started Einit-class process. */
einit <- execute src=core dst=Einit
/* It is expected that an Einit-class process is allowed to start a process of the pal_tests.WebServer class.
* If this is true, the ws variable will be assigned the SID value
* of the started pal_tests.WebServer-class process. */
ws <- execute src=einit dst=pal_tests.WebServer
/* It is expected that an Einit-class process is allowed to start a process of the pal_tests.UserManager class.
* If this is true, the usrmngr variable will be assigned the SID value
* of the started process of the pal_tests.UserManager class. */
usrmngr <- execute src=einit dst=pal_tests.UserManager
/* It is expected that a client of the pal_tests.WebServer-class is not allowed to query
* a server of the pal_tests.UserManager class by calling the Login method of the auth service
* if the userName parameter contains an empty string (default value for
* an unspecified parameter of the string type). */
deny "Web server calls Login without user name" request src=ws dst=usrmngr endpoint=auth method=Login { }
/* It is expected that a client of the pal_tests.WebServer-class is allowed to query
* a server of the pal_tests.UserManager class by calling the Login method of the auth service
* if the userName parameter is defined. */
grant "Web server calls Login with user name" request src=ws dst=usrmngr endpoint=auth method=Login { userName : "Somebody" }
}
}
Example 2
/* Test set that includes two tests. */
assert "login tests"{
/* Initial part of each of the two tests
* that includes four test cases. */
setup {
/* It is expected that startup of the KasperskyOS kernel is allowed.
* If this is true, the core variable will be assigned the SID value
* of the started kernel process. */
core <- execute dst=kl.core.Core
/* It is expected that the KasperskyOS kernel is allowed to start a process of the Einit class.
* If this is true, the einit variable will be assigned the SID value
* of the started Einit-class process. */
einit <- execute src=core dst=Einit
/* It is expected that an Einit-class process is allowed to start a process of the pal_tests.WebServer class.
* If this is true, the ws variable will be assigned the SID value
* of the started pal_tests.WebServer-class process. */
ws <- execute src=einit dst=pal_tests.WebServer
/* It is expected that an Einit-class process is allowed to start a process of the pal_tests.UserManager class.
* If this is true, the usrmngr variable will be assigned the SID value
* of the started process of the pal_tests.UserManager class. */
usrmngr <- execute src=einit dst=pal_tests.UserManager
}
/* Test that includes seven test cases: four test cases
* in the initial part and three test cases in the main part.*/
sequence "login after login is denied" {
/* It is expected that a client of the pal_tests.WebServer-class is allowed to query
* a server of the pal_tests.UserManager class by calling the Login method of the auth service
* if the userName parameter is defined. */
ws ~> usrmngr : auth.Login { userName: "Somebody" }
/* It is expected that a server of the pal_tests.UserManager class is allowed to respond to
* a client of the pal_tests.WebServer class if the client calls the Login method of the auth service
* and this call is allowed. The value of the output parameter "role"
* is set to "user", which in this case indicates successful authorization of a
* user with ordinary user permissions. */
ws <~ usrmngr : auth.Login { role : "user" }
/* It is expected that a client of the pal_tests.WebServer-class is not allowed to query
* a server of the pal_tests.UserManager class by calling the Login method of the auth service
* if successful authorization was completed earlier. */
deny ws ~> usrmngr : auth.Login { userName: "SomebodyElse" }
}
/* Test that includes seven test cases: four test cases
* in the initial part and three test cases in the main part.*/
sequence "logout after login is granted" {
/* It is expected that a client of the pal_tests.WebServer-class is allowed to query
* a server of the pal_tests.UserManager class by calling the Login method of the auth service
* if the userName parameter is defined. */
ws ~> usrmngr : auth.Login { userName: "Somebody" }
/* It is expected that a server of the pal_tests.UserManager class is allowed to respond to
* a client of the pal_tests.WebServer class if the client calls the Login method of the auth service
* and this call is allowed. The value of the output parameter "role"
* is set to "user", which in this case indicates successful authorization of a
* user with ordinary user permissions. */
ws <~ usrmngr : auth.Login { role : "user" }
/* It is expected that a client of the pal_tests.WebServer-class is allowed to query
* a server of the pal_tests.UserManager class by calling the Logout method of the auth service
* if successful authorization was completed earlier. */
ws ~> usrmngr : auth.Logout {}
}
}
Example 3
/* Test set that includes only one test. */
assert {
/* Test that includes ten test cases. */
sequence {
/* It is expected that startup of the KasperskyOS kernel is allowed.
* If this is true, the core variable will be assigned the SID value
* of the started kernel process. */
core <- execute dst=kl.core.Core
/* It is expected that the KasperskyOS kernel is allowed to start a process of the Einit class.
* If this is true, the einit variable will be assigned the SID value
* of the started Einit-class process. */
einit <- execute src=core dst=Einit
/* It is expected that an Einit-class process is allowed to start a process of the pal_tests.WebServer class.
* If this is true, the ws variable will be assigned the SID value
* of the started pal_tests.WebServer-class process. */
ws <- execute src=einit dst=pal_tests.WebServer
/* It is expected that an Einit-class process is allowed to start a process of the pal_tests.UserManager class.
* If this is true, the usrmngr variable will be assigned the SID value
* of the started process of the pal_tests.UserManager class. */
usrmngr <- execute src=einit dst=pal_tests.UserManager
/* It is expected that an Einit-class process is allowed to start a process of the pal_tests.Service class.
* If this is true, the srvc variable will be assigned the SID value
* of the started process of the pal_tests.Service class. */
srvc <- execute src = einit dst = pal_tests.Service
/* It is expected that a client of the pal_tests.WebServer-class is not allowed to query
* a server of the pal_tests.Service class by calling the ProcessRequest method of the handler service
* if successful authorization was not completed earlier. */
deny ws ~> srvc : handler.ProcessRequest { }
/* It is expected that a client of the pal_tests.WebServer-class is allowed to query
* a server of the pal_tests.UserManager class by calling the Login method of the auth service
* if the userName parameter is defined. */
grant request src=ws dst=usrmngr endpoint=auth method=Login { userName : "Somebody" }
/* It is expected that a server of the pal_tests.UserManager class is allowed to respond to
* a client of the pal_tests.WebServer class if the client calls the Login method of the auth service
* and this call is allowed. The value of the output parameter "role"
* is set to "user", which in this case indicates successful authorization of a
* user with ordinary user permissions. */
grant ws <~ usrmngr : auth.Login { role : "user" }
/* It is expected that a client of the pal_tests.WebServer-class is allowed to query
* a server of the pal_tests.Service class by calling the ProcessRequest method of the handler service
* if successful authorization was completed earlier. */
grant ws ~> srvc : handler.ProcessRequest { }
/* It is expected that a client of the pal_tests.WebServer-class is not allowed to query
* a server of the pal_tests.UserManager class by calling the AddUser method of the user service
* if the user has not been authorized with administrator privileges. */
deny request src=ws dst=usrmngr endpoint=user method=AddUser { userName : "Anonymous" }
}
}
Page top