Source code of the program
klog_storage/src/klog_storage_entity.c
#include <klog_storage/server.h>
#include <ping/KlogStorageEntity.edl.h>
#include <stdio.h>
/* Define the data type for a fictitious context.
* Required for defining functions that implement
* interface methods, and for dispatcher configuration. */
struct Context
{
int some_data;
};
/* Define the function that forwards audit data to
* standard error. (Use of the ctx parameter is not required, but a
* void* type parameter must be the first parameter in the function signature to
* match the type of pointer that is used by the dispatcher
* to call this function.) */
static int _write(struct Context *ctx, const struct kl_KlogStorage_Entry *entry)
{
fprintf(stderr, "%s\n", entry->msg);
return 0;
}
/* Define a fictitious function for reading audit data.
* (Required for dispatcher configuration to avoid errors
* if the interface method for reading audit data is called.) */
static int _read_range(struct Context *ctx, nk_uint64_t first_id,
nk_uint64_t last_id, struct kl_KlogStorage_Entry *entries)
{
return 0;
}
/* Define a fictitious function for reading audit data.
* (Required for dispatcher configuration to avoid errors
* if the interface method for reading audit data is called.) */
static int _read(struct Context *ctx, nk_uint32_t num_entries,
struct kl_KlogStorage_Entry *entries)
{
return 0;
}
int main(int argc, char *argv[])
{
/* Declaration of a fictitious context */
static struct Context ctx;
/* Configure the dispatcher so that when IPC requests
* containing audit data are received from the Klog program, the dispatcher calls the function that forwards
* this data to standard error. (The functions for reading audit data
* and the context are fictitious. However, you can create your own
* implementations of the _write(), _read() and _read_range() functions for working with
* audit data storage. In this case, the context may be
* used to store the storage state.) */
struct kl_KlogStorage *iface =
klog_storage_IKlog_storage_dispatcher(&ctx,
(kl_KlogStorage_write_func)_write,
(kl_KlogStorage_read_func)_read,
(kl_KlogStorage_read_range_func)_read_range);
struct kl_KlogStorage_component *comp =klog_storage_storage_component(iface);
/* This function call starts the IPC request processing loop.
* (The constants ping_KlogStorageEntity_klogStorage_iidOffset and
* ping_KlogStorageEntity_klogStorage_storage_iid are defined in the header file
* KlogStorageEntity.edl.h, which contains the automatically generated
* transport code.) */
return klog_storage_run(KLOG_STORAGE_SERVER_CONNECTION_ID,
ping_KlogStorageEntity_klogStorage_iidOffset,
ping_KlogStorageEntity_klogStorage_storage_iid,
comp);
}
Building a program
klog_storage/CMakeLists.txt
# Import KlogStorage libraries from the
# KasperskyOS SDK
find_package (klog_storage REQUIRED)
include_directories (${klog_storage_INCLUDE})
# Generate transport code based on the formal specification of the
# KlogStorage program
nk_build_edl_files (klog_storage_edl_files
NK_MODULE "ping"
# The KlogStorageEntity.edl file and other files
# in the formal specification of the KlogStorage program
# are provided in the KasperskyOS SDK.
EDL "${RESOURCES}/edl/KlogStorageEntity.edl")
# Create the executable file of the KlogStorage program
add_executable (KlogStorageEntity "src/klog_storage_entity.c")
target_link_libraries (KlogStorageEntity ${klog_storage_SERVER_LIB})
add_dependencies (KlogStorageEntity klog_edl_files klog_storage_edl_files)
Program process dictionary in the init description template
einit/src/init.yaml.in
...
- name: ping.KlogStorageEntity
...
Policy description for the program
einit/src/security.psl.in
...
use nk.base._
...
use EDL kl.core.Core
...
use EDL ping.KlogEntity
use EDL ping.KlogStorageEntity
...
use audit_profile._
use core._
...
/* Interaction with the Klog program */
request dst=ping.KlogStorageEntity {
match endpoint=klogStorage.storage {
match method=write {
match src=ping.KlogEntity { grant () }
}
}
}
response src=ping.KlogStorageEntity {
match endpoint=klogStorage.storage {
match method=write {
match dst=ping.KlogEntity { grant () }
}
}
}
error src=ping.KlogStorageEntity {
match endpoint=klogStorage.storage {
match method=write {
match dst=ping.KlogEntity { grant () }
}
}
}
...
einit/src/core.psl
...
/* Interaction with the kernel */
request dst=kl.core.Core {
match endpoint=sync.Sync {
match method=Wake {
...
match src=ping.KlogStorageEntity { grant () }
...
}
match method=Wait {
...
match src=ping.KlogStorageEntity { grant () }
...
}
}
match endpoint=task.Task {
match method=FreeSelfEnv {
...
match src=ping.KlogStorageEntity { grant () }
...
}
match method=GetPath {
...
match src=ping.KlogStorageEntity { grant () }
...
}
match method=GetName {
...
match src=ping.KlogStorageEntity { grant () }
...
}
match method=Exit {
...
match src=ping.KlogStorageEntity { grant () }
...
}
}
match endpoint=vmm.VMM {
match method=Allocate {
...
match src=ping.KlogStorageEntity { grant () }
...
}
match method=Commit {
...
match src=ping.KlogStorageEntity { grant () }
...
}
match method=Protect {
...
match src=ping.KlogStorageEntity { grant () }
...
}
match method=Free {
...
match src=ping.KlogStorageEntity { grant () }
...
}
}
match endpoint=thread.Thread {
match method=SetTls {
...
match src=ping.KlogStorageEntity { grant () }
...
}
match method=Create {
...
match src=ping.KlogStorageEntity { grant () }
...
}
match method=Resume {
...
match src=ping.KlogStorageEntity { grant () }
...
}
}
match endpoint=hal.HAL {
match method=GetEntropy {
...
match src=ping.KlogStorageEntity { grant () }
...
}
match method=DebugWrite {
...
match src=ping.KlogStorageEntity { grant () }
...
}
match method=GetEnv {
...
match src=ping.KlogStorageEntity { grant () }
...
}
}
match endpoint=handle.Handle {
match method=Close {
...
match src=ping.KlogStorageEntity { grant () }
...
}
}
}
response src=kl.core.Core {
...
match dst=ping.KlogStorageEntity { grant () }
...
}
error src=kl.core.Core {
...
match dst=ping.KlogStorageEntity { grant () }
...
}
...
Page top