This example demonstrates how to work with the KCFM component in a KasperskyOS-based solution. To create a basic Hello program, a control flow graph is built, and part of the solution security policy is automatically generated.
Example directory in the SDK
The code of the example and build scripts are available at the following path:
/opt/KasperskyOS-Community-Edition-<platform>-<version>/examples/kcfm_hello
List of programs
Hello: the application for which a control flow graph is built and part of the solution security policy automatically generated.Initialization description
The solution initialization description file named init.yaml is generated during the solution build process based on the ./einit/src/init.yaml.in template. Macros in @INIT_*@ format contained in the template are automatically expanded in the resulting init.yaml file. For more details, refer to init.yaml.in template.
Security policy description
The security.psl file contains the solution security policy description and is generated based on the following template during the solution build process:
./einit/src/security.psl.in
During the solution build, the @INIT_EXTERNAL_ENTITIES@ macro in the security.psl.in template is replaced with a list of system programs that are included in the KasperskyOS SDK.
For more details, refer to security.psl.in template.
The solution security policy description in this example allows any interaction between different processes and between processes and the kernel. This policy can be used only as a stub during the early stages of a solution development so that the security module does not interfere with interactions.
Additionally, the CMake command kcfm_generate_default_policy() has been added to the hello/CMakeLists.txt file for building the Hello program. This command automatically generates part of the solution security policy in the form of a PSL file based on the program source code. This PSL file lists and allows all IPC calls of core endpoints and VFS system program interfaces used in the program code. The security policy is formed so as to allow the program to access the IPC calls in use and deny access to all of the unused ones. The PSL file is created in the ./build/hello/Hello directory and included in the solution security policy description by using the following command in the security.psl.in file:
use hello.Hello.kcfmDefaultPolicy._
Resources
The ./resources/xdl/hello directory contains the Hello.edl file, which is the EDL description for the Hello program.
Operating scenario
hello/CMakeLists.txt file to build the Hello program:kcfm_generate_audit_policy() to automatically generate part of the solution security policy.kcfm_generate_signature() to build a control flow graph.Hello program, a part of the information policy is generated in the file ./build/_headers_/hello/Hello/kcfmDefaultPolicy.psl and the files containing the control flow graph are generated in the build/hello/kcfm_generated directory.Hello program prints a message to the terminal and exits.Building and running the example
The CMake system, which is included with KasperskyOS Community Edition, is used to build and run the example.
See Building and running examples section.
Page top