Initializing IPC transport for querying the security module (transport-kos-security.h)

The API is defined in the header file sysroot-*-kos/include/coresrv/nk/transport-kos-security.h from the KasperskyOS SDK.

The API initializes IPC transport for querying the Kaspersky Security Module via the security interface. Transport code works on top of IPC transport.

Information about API functions is provided in the table below.

This section contains an API usage example. In this example, the program that queries the security module has the following formal specification:

Verifier.edl

entity Verifier

security Approve

Approve.idl

package Approve

interface {

Check(in UInt32 port);

}

Fragment of the policy description in the example:

security.psl

...

security src=Verifier, method=Check { assert (message.port > 80) }

...

Using the API

To initialize IPC transport for querying the security module, call the NkKosSecurityTransport_Init() function.

Example use of the NkKosSecurityTransport_Init() function:

int main(void)

{

/* Declare the structure containing the IPC transport parameters for querying the

* security module */

NkKosSecurityTransport security_transport;

/* Declare the proxy object. (The type of proxy object is automatically

* generated transport code.) */

struct Approve_proxy security_proxy;

/* Declare the structures for saving the constant part of an IPC request and IPC response for the

* security interface method. (The types of structures are automatically generated

* transport code.) */

struct Approve_Check_req security_req;

struct Approve_Check_res security_res;

/* Initialize the structure containing the IPC transport parameters for querying the

* security module */

if (NkKosSecurityTransport_Init(&security_transport, NK_NULL, 0) == NK_EOK) {

/* Initialize the proxy object. (The proxy object initialization method and the

* security interface ID Verifier_securityIid are

* automatically generated transport code.) */

Approve_proxy_init(&security_proxy, &security_transport.base, Verifier_securityIid);

}

...

/* Call the security interface method. (The method is automatically generated

* transport code. The method does not pass any data through the security_res parameter.

* This parameter should be specified only if required by the method implementation.) */

security_req.port = 80;

nk_err_t result = Approve_Check(&security_proxy.base, &security_req,

NULL, &security_res, NULL);

if (result == NK_EOK)

fprintf(stderr, "Granted");

if (result == NK_EPERM)

fprintf(stderr, "Denied");

else

fprintf(stderr, "Error");

return EXIT_SUCCESS;

}

If a process needs to use several security interfaces, the same number of proxy objects must be initialized by specifying the same IPC transport and the unique IDs of the security interfaces.

Information about API functions

transport-kos-security.h functions

Function

Information about the function

NkKosSecurityTransport_Init()

Purpose

Initializes IPC transport for querying the Kaspersky Security Module through the security interface.

Parameters

  • [out] transport – pointer to the structure containing the IPC transport parameters for querying the security module.
  • [in] view – parameter that must have the value NK_NULL.
  • [in] size – parameter that must have the value 0.

Returned values

If successful, the function returns NK_EOK, otherwise it returns an error code.

Page top