KasperskyOS Community Edition 1.2
English
Developing security policies  >  Using the system programs Klog and KlogStorage to perform a security audit  >  Example of adding the system program Klog to a solution

Example of adding the system program Klog to a solution

Source code of the program

einit/src/klog_entity.c

#include <klog/system_audit.h> #include <klog_storage/client.h> #include <ping/KlogEntity.edl.h> int main(int argc, char *argv[]) { /* This function call creates a thread * that receives audit data from the kernel, decodes it and forwards it * via IPC to the KlogStorage program. * (The constant ping_KlogEntity_klog_audit_iid is defined in the header * file KlogEntity.edl.h, which contains the automatically generated * transport code.) */ return klog_system_audit_run(KLOG_SERVER_CONNECTION_ID ": " KLOG_STORAGE_SERVER_CONNECTION_ID, ping_KlogEntity_klog_audit_iid); }

Building a program

einit/CMakeLists.txt

... # Import Klog libraries from the # KasperskyOS SDK find_package (klog REQUIRED) include_directories (${klog_INCLUDE}) # Generate transport code based on the formal specification of the # Klog program nk_build_edl_files (klog_edl_files NK_MODULE "ping" # The KlogEntity.edl file and other files # in the formal specification of the Klog program # are provided in the KasperskyOS SDK. EDL "${RESOURCES}/edl/KlogEntity.edl") # Create the executable file of the Klog program for the hardware platform add_executable (KlogEntityHw "src/klog_entity.c") target_link_libraries (KlogEntityHw ${klog_SYSTEM_AUDIT_LIB}) add_dependencies (KlogEntityHw klog_edl_files) # Create the executable file of the Klog program for QEMU. # (Identical to creating the executable file of the Klog program for # the hardware platform, except for the build target name. # Requires two build targets for the executable file of the # Klog program with different names because the KLOG_ENTITY parameter of the # CMake commands build_kos_hw_image() and build_kos_qemu_image() # must specify different build targets.) add_executable (KlogEntityQemu "src/klog_entity.c") target_link_libraries (KlogEntityQemu ${klog_SYSTEM_AUDIT_LIB}) add_dependencies (KlogEntityQemu klog_edl_files) # The Klog program does not need to be specified together with other programs # to be included in the solution image. To include the Klog program # in a solution, you must define the name of the build target for the executable file of this # program via the KLOG_ENTITY parameter of the CMake commands # build_kos_hw_image() and build_kos_qemu_image(). set (ENTITIES Client Server KlogStorageEntity FileVfs) ... # The INIT_KlogEntity_PATH variable is used in the init.yaml.in file # to define the name of the Klog program executable file. (The executable # files of the Klog program for QEMU and for the hardware platform have # different names that match the names of the build targets # of these files by default.) set (INIT_KlogEntity_PATH "KlogEntityHw") # You must define the KLOG_ENTITY parameter build_kos_hw_image (kos-image EINIT_ENTITY EinitHw ... KLOG_ENTITY KlogEntityHw IMAGE_FILES ${ENTITIES}) # The INIT_KlogEntity_PATH variable is used in the init.yaml.in file # to define the name of the Klog program executable file. (The executable # files of the Klog program for QEMU and for the hardware platform have # different names that match the names of the build targets # of these files by default.) set (INIT_KlogEntity_PATH "KlogEntityQemu") # You must define the KLOG_ENTITY parameter build_kos_qemu_image (kos-qemu-image EINIT_ENTITY EinitQemu ... KLOG_ENTITY KlogEntityQemu IMAGE_FILES ${ENTITIES})

Program process dictionary in the init description template

einit/src/init.yaml.in

... - name: ping.KlogEntity # The variable INIT_KlogEntity_PATH is defined in the file einit/CMakeLists.txt. path: @INIT_KlogEntity_PATH@ connections: - target: ping.KlogStorageEntity id: {var: KLOG_STORAGE_SERVER_CONNECTION_ID, include: klog_storage/client.h} ...

Policy description for the program

einit/src/security.psl.in

... use nk.base._ ... use EDL kl.core.Core ... use EDL ping.KlogEntity use EDL ping.KlogStorageEntity ... use audit_profile._ use core._ ... /* Interaction with the KlogStorage program */ request dst=ping.KlogStorageEntity { match endpoint=klogStorage.storage { match method=write { match src=ping.KlogEntity { grant () } } } } response src=ping.KlogStorageEntity { match endpoint=klogStorage.storage { match method=write { match dst=ping.KlogEntity { grant () } } } } error src=ping.KlogStorageEntity { match endpoint=klogStorage.storage { match method=write { match dst=ping.KlogEntity { grant () } } } } ...

einit/src/core.psl

... /* Interaction with the kernel */ request dst=kl.core.Core { match endpoint=sync.Sync { match method=Wake { ... match src=ping.KlogEntity { grant () } ... } match method=Wait { ... match src=ping.KlogEntity { grant () } ... } } match endpoint=task.Task { match method=FreeSelfEnv { ... match src=ping.KlogEntity { grant () } ... } match method=GetPath { ... match src=ping.KlogEntity { grant () } ... } match method=GetName { ... match src=ping.KlogEntity { grant () } ... } match method=Exit { ... match src=ping.KlogEntity { grant () } ... } } match endpoint=vmm.VMM { match method=Allocate { ... match src=ping.KlogEntity { grant () } ... } match method=Commit { ... match src=ping.KlogEntity { grant () } ... } match method=Protect { ... match src=ping.KlogEntity { grant () } ... } match method=Free { ... match src=ping.KlogEntity { grant () } ... } } match endpoint=thread.Thread { match method=SetTls { ... match src=ping.KlogEntity { grant () } ... } match method=Create { ... match src=ping.KlogEntity { grant () } ... } match method=Resume { ... match src=ping.KlogEntity { grant () } ... } match method=Attach { ... match src=ping.KlogEntity { grant () } ... } match method=Exit { ... match src=ping.KlogEntity { grant () } ... } match method=GetSchedPolicy { ... match src=ping.KlogEntity { grant () } ... } match method=SetSchedPolicy { ... match src=ping.KlogEntity { grant () } ... } } match endpoint=hal.HAL { match method=GetEntropy { ... match src=ping.KlogEntity { grant () } ... } match method=DebugWrite { ... match src=ping.KlogEntity { grant () } ... } match method=GetEnv { ... match src=ping.KlogEntity { grant () } ... } } match endpoint=handle.Handle { match method=Close { ... match src=ping.KlogEntity { grant () } ... } } match endpoint=audit.Audit { match src=ping.KlogEntity { grant () } } } response src=kl.core.Core { ... match dst=ping.KlogEntity { grant () } ... } error src=kl.core.Core { ... match dst=ping.KlogEntity { grant () } ... } ...
Article ID: klog_usage_example, Last review: May 21, 2024
Page top