The API is defined in the header file sysroot-*-kos/include/coresrv/nk/transport-kos-security.h from the KasperskyOS SDK.
The API initializes IPC transport for querying the Kaspersky Security Module via the security interface. Transport code works on top of IPC transport.
Information about API functions is provided in the table below.
This section contains an API usage example. In this example, the program that queries the security module has the following formal specification:
Verifier.edl
entity Verifier
security Approve
Approve.idl
package Approve
interface {
Check(in UInt32 port);
}
Fragment of the policy description in the example:
security.psl
...
security src=Verifier, method=Check { assert (message.port > 80) }
...
Using the API
To initialize IPC transport for querying the security module, call the NkKosSecurityTransport_Init() function.
Example use of the NkKosSecurityTransport_Init() function:
int main(void)
{
/* Declare the structure containing the IPC transport parameters for querying the
* security module */
NkKosSecurityTransport security_transport;
/* Declare the proxy object. (The type of proxy object is automatically
* generated transport code.) */
struct Approve_proxy security_proxy;
/* Declare the structures for saving the constant part of an IPC request and IPC response for the
* security interface method. (The types of structures are automatically generated
* transport code.) */
struct Approve_Check_req security_req;
struct Approve_Check_res security_res;
/* Initialize the structure containing the IPC transport parameters for querying the
* security module */
if (NkKosSecurityTransport_Init(&security_transport, NK_NULL, 0) == NK_EOK) {
/* Initialize the proxy object. (The proxy object initialization method and the
* security interface ID Verifier_securityIid are
* automatically generated transport code.) */
Approve_proxy_init(&security_proxy, &security_transport.base, Verifier_securityIid);
}
...
/* Call the security interface method. (The method is automatically generated
* transport code. The method does not pass any data through the security_res parameter.
* This parameter should be specified only if required by the method implementation.) */
security_req.port = 80;
nk_err_t result = Approve_Check(&security_proxy.base, &security_req,
NULL, &security_res, NULL);
if (result == NK_EOK)
fprintf(stderr, "Granted");
if (result == NK_EPERM)
fprintf(stderr, "Denied");
else
fprintf(stderr, "Error");
return EXIT_SUCCESS;
}
If a process needs to use several security interfaces, the same number of proxy objects must be initialized by specifying the same IPC transport and the unique IDs of the security interfaces.
Information about API functions
transport-kos-security.h functions
Function |
Information about the function |
|---|---|
|
Purpose Initializes IPC transport for querying the Kaspersky Security Module through the security interface. Parameters
Returned values If successful, the function returns |