2.4.4.17.7 Logical Operator Tokens

Artigo
04/04/2023

Logical operators test the logical value of operands and produce TRUE, FALSE, or UNKNOWN according to the defined behavior of the operator. The operands of logical operators must be conditional expressions and/or expression terms. The logical value of an operand is the tri-state logical value it receives when evaluated according to the following:

If the type of the operand is "Literal" then the operation returns an error.
If the type of the operand is "Local Attribute", "Resource Attribute", "Device Attribute" or "User Attribute" and the value is null then the logical value of the operand is UNKNOWN.
If an operand is a "Local Attribute", "Resource Attribute", "Device Attribute" or "User Attribute" and the value is an integer, the logical value of the operand is TRUE if the value is nonzero, and FALSE otherwise.
If an operand is a "Local Attribute", "Resource Attribute", "Device Attribute" or "User Attribute" and the value is string, the logical value of the operand is TRUE if the length of the string is nonzero, and FALSE otherwise.
If the type of an operand is "Result Value", the logical value of the operand is the value of the operand.
If any processing rule returns an error, then the entire conditional expression evaluates to UNKNOWN regardless of the rest of the expression.

Unary Logical Operators

The operand for unary operators is the variable on the top of the evaluation stack as specified in the EvaluateAceCondition algorithm in section 2.5.3.1.5.

Token Type	Byte-Code	Processing
Exists	0x87	SDDL Form: Exists operand If the type of the operand is "Local Attribute" If the value is non-null return TRUE Else return FALSE Else if the type of the operand is "Resource Attribute" Return TRUE if value is non-null; FALSE otherwise. Else return Error
Not_Exists <70>	0x8d	SDDL Form: Not_Exists operand Logical inverse of Exists.
Logical NOT (!)	0xa2	If the logical value of the operand is TRUE Return FALSE If the logical value of the operand is FALSE Return TRUE If the logical value of the operand is UNKNOWN Return UNKNOWN

Token Type

Byte-Code

Processing

Exists

0x87

SDDL Form: Exists operand

 If   the type of the operand is "Local Attribute"
     If the value is non-null return TRUE
     Else return FALSE
 Else   if the type of the operand is "Resource Attribute"
     Return  TRUE if value is non-null; FALSE otherwise.
 Else   return Error

Not_Exists <70>

0x8d

SDDL Form: Not_Exists operand

Logical inverse of Exists.

Logical NOT (!)

0xa2

 If   the logical value of the operand is TRUE 
     Return FALSE
 If   the logical value of the operand is FALSE
     Return TRUE
 If   the logical value of the operand is UNKNOWN
     Return UNKNOWN

Binary Logical Operators

In the processing rules that follow, the LHS is the second element on the stack and the RHS is the top of the stack as specified in the EvaluateAceCondition algorithm in section 2.5.3.1.5.

Token Type	Byte-Code	Processing
logical AND (&&)	0xa0	SDDL Form: LHS && RHS If the logical value of either operand is FALSE Return FALSE Else if the logical value of either operand is UNKNOWN Return UNKNOWN Else Return TRUE
logical OR (\|\|)	0xa1	SDDL Form: LHS \|\| RHS If the logical value of either operand is TRUE Return TRUE Else if the logical value of either operand is UNKNOWN Return UNKNOWN Else Return FALSE

Token Type

Byte-Code

Processing

logical AND (&&)

0xa0

SDDL Form: LHS && RHS

 If   the logical value of either operand is FALSE
     Return FALSE
 Else   if the logical value of either operand is UNKNOWN 
     Return UNKNOWN
 Else   Return TRUE

logical OR (||)

0xa1

SDDL Form: LHS || RHS

 If   the logical value of either operand is TRUE
     Return TRUE
 Else   if the logical value of either operand is UNKNOWN 
     Return UNKNOWN
 Else   Return FALSE

Compartilhar via

2.4.4.17.7 Logical Operator Tokens

Recursos adicionais