PSL data types

Support

Support for KasperskyOS

KasperskyOS Community Edition

Developing security policies

Describing a security policy for a KasperskyOS-based solution

PSL language syntax

PSL data types

August 2, 2023

ID ssp_descr_psl_syntax_data_types

Save as PDF

The data types supported in the PSL language are presented in the table below.

PSL data types

Designations of types	Description of types
`UInt8`, `UInt16`, `UInt32`, `UInt64`	Unsigned integer
`SInt8`, `SInt16`, `SInt32`, `SInt64`	Signed integer
`Boolean`	Boolean type The Boolean type includes two values: `true` and `false`.
`Text`	Text type
`()`	`Unit` type The `Unit` type includes one immutable value. It is used as a stub value in cases when PSL language syntax requires certain data formulation but this data is not actually required. For example, the Unit type can be used to declare a method that does not have any parameters (similar to how the `void` type is used in C/C++).
`"`[`type`]`"`	Text literal A text literal includes one immutable text value. Example definitions of text literals: `""` `"granted"`
<`type`>	Integer literal An integer literal includes one immutable integer value. Example definitions of integer literals: `12` `-5` `0xFFFF`
<`type 1 \| type 2`> [`\|`]`...`	Variant type A variant type combines two or more types and may perform the role of either of them. Examples of definitions of variant types: `Boolean \| ()` `UInt8 \| UInt16 \| UInt32 \| UInt64` `"granted" \| "denied"`
`{` [`field name : field type`] [`,`] `...` `...` `}`	Dictionary A dictionary consists of one or more types of fields. A dictionary can be empty. Examples of dictionary definitions: `{}` `{ handle : Handle` `, rights : UInt32` `}`
`[`[`type`] [`,`] `...]`	Tuple A tuple consists of fields of one or more types in the order in which the types are listed. A tuple can be empty. Examples of tuple definitions: `[]` `["granted"]` `[Boolean, Boolean]`
`Set<`<`type of elements`>`>`	Set A set includes zero or more unique elements of the same type. Examples of set definitions: `Set<"granted" \| "denied">` `Set<Text>`
`List<`<`type of elements`>`>`	List A list includes zero or more elements of the same type. Examples of list definitions: `List<Boolean>` `List<Text \| ()>`
`Map<`<`key type, value type`>`>`	Associative array An associative array includes zero or more entries of the "key-value" type with unique keys. Example of defining an associative array: `Map<UInt32, UInt32>`
`Array<`<`type of elements, number of elements`>`>`	Array An array includes a defined number of elements of the same type. Example of defining an array: `Array<UInt8, 42>`
`Sequence<`<`type of elements, number of elements`>`>`	Sequence A sequence includes from zero to the defined number of elements of the same type. Example of defining a sequence: `Sequence<SInt64, 58>`

Aliases of certain PSL types

The nk/base.psl file from the KasperskyOS SDK defines the data types that are used as the types of parameters (or structural elements of parameters) and returned values for methods of various security models. Aliases and definitions of these types are presented in the table below.

Aliases and definitions of certain data types in PSL

Type alias	Type definition
`Unsigned`	Unsigned integer `UInt8 \| UInt16 \| UInt32 \| UInt64`
`Signed`	Signed integer `SInt8 \| SInt16 \| SInt32 \| SInt64`
`Number`	Integer `Unsigned \| Signed`
`ScalarLiteral`	Scalar literal `() \| Boolean \| Number`
`Literal`	Literal `ScalarLiteral \| Text`
`Sid`	Type of security ID (SID) `UInt32`
`Handle`	Type of security ID (SID) `Sid`
`HandleDesc`	Dictionary containing fields for the SID and handle permissions mask `{ handle : Handle` `, rights : UInt32` `}`
`Cases`	Type of data received by expressions of security models called in the `choice` construct for verifying fulfillment of conditions `List<Text \| ()>`
`KSSAudit`	Type of data defining the conditions for conducting the security audit `Set<"granted" \| "denied">`

Mapping IDL types to PSL types

Data types of the IDL language are used to describe the parameters of interface methods. The input data for security model methods have types from the PSL language. The set of data types in the IDL language differs from the set of data types in the PSL language. Parameters of interface methods transmitted in IPC messages can be used as input data for methods of security models, so the policy description developer needs to understand how IDL types are mapped to PSL types.

Integer types of IDL are mapped to integer types of PSL and to variant types of PSL that combine these integer types (including with other types). For example, signed integer types of IDL are mapped to the Signed type in PSL, and integer types of IDL are mapped to the ScalarLiteral type in PSL.

The Handle type in IDL is mapped to the HandleDesc type in PSL.

Unions and structures of IDL are mapped to PSL dictionaries.

Arrays and sequences of IDL are mapped to arrays and sequences of PSL, respectively.

String buffers in IDL are mapped to the text type in PSL.

Byte buffers in IDL are not currently mapped to PSL types, so the data contained in byte buffers cannot be used as inputs for security model methods.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.