blob: 91b9c0d58da489bd828b3104a52df72d09ad44c3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
The syntax of the default statement
-----------------------------------
The default statement is interesting. It has no behaviour at runtime,
but at compile time it alters the behaviour of the compiler with
respect to the end of the ruleset.
If, when the ruleset has finished compiling, the last allow or deny
was not unconditional, then the compiler will, in the absence of a
'default' statement, inject a terminal allow/deny of the opposite
sense of the last explicit operation, unconditionally and with a
reason of the empty string.
If a 'default' statement was encountered during processing then it
will be used instead.
The syntax of the 'default' statement is:
'default' 'allow' <reason>?
or
'default' 'deny' <reason>?
If reasons are not provided, the string "Default behaviour" is
substituted.
Once a single 'default' statement has been encountered during
compilation it is an error, and the compiler WILL cease, if it
encounters an additional 'default' statement.
Since it's common for rulesets to stem from a single core point, it's
recommended that the application define a policy at the start of these
core statements.
|
