<xsd:element name="fileeffectiverights_test" substitutionGroup="oval:test">
<xsd:annotation>
<xsd:documentation>This test looks at the effective rights of a given file that a discretionary access control list (DACL) structure grants to a specified trustee. The trustee's effective rights are determined by checking all access-allowed and access-denied access control entries (ACEs) in the DACL. Note that the rights expressed in this test correspond to the diffent bits allocated to access mask for a file. This means that certain rights that represent combinations of other rights are not expressed. For example STANDARD_RIGHTS_ALL and FILE_ALL_ACCESS. For help with this test see the GetEffectiveRightsFromAcl() api.</xsd:documentation>
<xsd:appinfo>
<test_name>File Effective Rights Test</test_name>
<extends>standardTestType</extends>
<valid_sections>notes, object, data</valid_sections>
<example>
<fileeffectiverights_test id="wet-0" check="at least one" comment="a file exists with the specified rights" xmlns="http://oval.mitre.org/XMLSchema/oval#windows">
<oval:notes xmlns:oval="http://oval.mitre.org/XMLSchema/oval">
<oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note>
</oval:notes>
<object>
<path>
<component type="registry_value">HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot</component>
<component type="literal">\system32\mshtml.dll</component>
</path>
<trustee_name>SYSTEM</trustee_name>
</object>
<data operation="AND">
<trustee_domain>NT AUTHORITY</trustee_domain>
<trustee_sid>S-1-5-18</trustee_sid>
<standard_delete datatype="boolean">0</standard_delete>
<standard_read_control datatype="boolean">1</standard_read_control>
<file_read_attributes datatype="boolean">true</file_read_attributes>
<file_write_attributes datatype="boolean">false</file_write_attributes>
</data>
</fileeffectiverights_test>
</example>
</xsd:appinfo>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval:standardTestType">
<xsd:sequence>
<xsd:element name="object" minOccurs="1" maxOccurs="1">
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval:objectType">
<xsd:sequence>
<xsd:element name="path" type="windows:componentType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Specifies the absolute path to a file on the machine. This path can be created from multiple components that are added together. When a pattern match operator is used, the corresponding regular expression is matched against the set of absolute path strings. These string would not include the '.' and '..' notations. This means that a '.*' component of a regular expression will not only match all files in the specified directories, but all subdirectories, their subdirectories, etc.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>1</cardinality>
<content>none</content>
<valid_datatypes>component</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_name" type="oval:subtestStringType" minOccurs="1" maxOccurs="1" nillable="true">
<xsd:annotation>
<xsd:documentation>This element specifies the trustee name associated with a particular DACL. A trustee can be a user, group, or program (such as a Windows service)</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<xsd:element name="data" minOccurs="0" maxOccurs="1">
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval:dataType">
<xsd:sequence>
<xsd:element name="trustee_domain" type="oval:subtestStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The domain of the specified trustee name.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_sid" type="oval:subtestStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The security identifier (SID) of the specified trustee name.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>string</content>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal, pattern match</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_delete" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to delete the object.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_read_control" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_write_dac" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_write_owner" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_synchronize" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Windows NT/2000: The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="access_system_security" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_read" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Read access.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_write" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Write access.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_execute" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Execute access.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_all" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Read, write, and execute access.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_read_data" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to read data from the file</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_write_data" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to write data to the file.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_append_data" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to append data to the file.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_read_ea" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to read extended attributes.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_write_ea" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to write extended attributes.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_execute" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to execute a file.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_delete_child" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Right to delete a directory and all the files it contains (its children), even if the files are read-only.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_read_attributes" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to read file attributes.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_write_attributes" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to change file attributes.</xsd:documentation>
<xsd:appinfo>
<parent_test>File Effective Rights Test</parent_test>
<cardinality>0-1</cardinality>
<content>boolean</content>
<valid_datatypes>boolean</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
|
XSD Schema Diagram:
