KasperskyOS Community Edition 1.3

PackageManager component usage scenario

The PackageManager component provides an API for managing KPA packages in solutions that are based on KasperskyOS.

The PackageManager component API is built on top of IPC and helps simplify program development. PackageManager is a separate system program that is accessed through IPC. However, developers are provided with a client library that eliminates the necessity of directly using IPC calls.

The programming interface of the PackageManager component is described in the article titled "PackageManager component".

Adding the PackageManager component to a KasperskyOS-based solution

Hereinafter the "client" refers to the program that uses the PackageManager component API to manage KPA packages.

The typical usage scenario for the PackageManager component includes the following steps:

1. Add the PackageManager program to a solution. To add PackageManager to a solution:
   • Add the following commands to the CMakeLists.txt root file:
   find_package (package_manager REQUIRED) include_directories (${package_manager_INCLUDE}) add_subdirectory (package_manager)
   • The PackageManager component is provided in the SDK as a set of static libraries and header files, and is built for a specific solution by using the CMake command create_package_manager_entity() from the CMake library package_manager.

     To build the PackageManager program, create a directory named package_manager in the root directory of the project. In the new directory, create a CMakeLists.txt file containing the create_package_manager_entity() command.

     The CMake command create_package_manager_entity() takes the following parameters:

     Mandatory ENTITY parameter that specifies the name of the executable file for the PackageManager program.

     Optional parameters:

     • DEPENDS – additional dependencies for building the PackageManager program.
     • MAIN_CONN_NAME – name of the IPC channel for connecting to the PackageManager process. It must match the value of the mainConnection variable when calling the PackageManager API in the client code.
     • ROOT_PATH – path to the root directory for service files of the PackageManager program. The default value is "/ROOT".
     • PKGS_DIR – path to the directory containing the KPA packages to be installed.
     • PKG_EXTENSION – extension for the KPA package file.
     • DB_PATH – full name of the SQLite database file in the KasperskyOS-based solution image containing data on the installed KPA packages.
     • APPS_DIR – path to the directory where the KPA packages will be installed.
     • VFS_CLIENT_LIB – name of the client transport library used to connect the PackageManager program to the VFS program.
     • NK_MODULE_NAME – path for installing the header files of the PackageManager component in the SDK relative to the directory /opt/KasperskyOS-Community-Edition-<version>/sysroot-*-kos/include/. Default value: kl/package_manager.
     • AUDIT_CONN_NAME – name of the IPC channel for connecting to the AuditStorage process.
     • WITHOUT_SIGN_MODE – external signature verification mode: true – lack of an external signature is not considered an error, false – lack of an external signature is considered an error. The default value is false.
     • MANIFEST_SCHEMA_BUILD_STORE – path to the build directory of the KasperskyOS-based solution image containing the manifest schema.
     • MANIFEST_SCHEMA_RUNTIME_PATH – path to the directory of the started KasperskyOS-based solution containing the manifest schema.
     • PATH_TO_ADDITIONAL_EXTENSIONS_SCHEMAS – path to the directory containing additional manifest schemas for objects of an arbitrary format that are defined in the extentions key value of the KPA package manifest.
     • CUSTOM_LAYOUT – full name of the JSON file that is used to redefine the paths for installing KPA package components.
   include (package_manager/create_package_manager_entity) create_package_manager_entity( ENTITY PkgMgrEntity NK_MODULE_NAME "package_manager" MAIN_CONN_NAME "PkgMgrEntity" ROOT_PATH "/" PKGS_DIR "/packages" PKG_EXTENSION "kpa" DB_PATH "${DB_PATH}" APPS_DIR "${APPS_PATH}" MANIFEST_SCHEMA_BUILD_STORE "${CMAKE_BINARY_DIR}/rootdir/schema" MANIFEST_SCHEMA_RUNTIME_PATH "/schema" PATH_TO_ADDITIONAL_EXTENSIONS_SCHEMAS "${CMAKE_SOURCE_DIR}/resources/additional_extensions/" CUSTOM_LAYOUT "/custom_layout_schema.json" VFS_CLIENT_LIB vfs::client AUDIT_CONN_NAME "audit_storage" WITHOUT_SIGN_MODE TRUE)
   • When building a solution (CMakeLists.txt file for the Einit program), add the PackageManager program executable file to the KasperskyOS-based solution image:
2. Link the client executable file to the client proxy library of PackageManager by adding the following command to the CMakeLists.txt file for building the client:
   target_link_libraries (<name of the CMake target for building the client> ${package_manager_CLIENT_LIBS})
3. Add permissions for the necessary events to the solution security policy description:
   1. To enable the PackageManager program to manage KPA packages, the solution security policy must allow the following interactions for the package_manager.PkgMgrEntity process class:
      • Access to all endpoints of the VFS program.
      • Access to the core endpoints Sync, VMM, Thread, HAL, Handle, FS, Notice, CM and Profiler (their descriptions are located in the directory sysroot-*-kos/include/kl/core from the SDK).
   2. To enable a client to call the PackageManager program, the solution security policy must allow the following interactions for the client process class:
      • Access to the appropriate endpoints of the PackageManager program (their descriptions are located in the directory sysroot-*-kos/include/kl/package_manager from the SDK).
4. Use of the PackageManager program API in the client code.

   Use the header file component/package_manager/kos_ipc/package_manager_proxy.h for this. For more details, refer to PackageManager component.