kpa_example

This example demonstrates how to work with KPA packages in a KasperskyOS-based solution:

• Downloading a KPA package from an HTTP server
• Building a KPA package from source components using functions of the kpa library
• Pre-installing a KPA package into a built image of a KasperskyOS-based solution using the cas-pm tool
• Installing a KPA package into an operational KasperskyOS-based solution using the PackageManager component
• Getting data on a KPA package manifest
• Starting a process from an executable file installed from a KPA package and getting information about the process and stopping it using the ExecutionManager component

Example directory in the SDK

The code of the example and build scripts are available at the following path:

/opt/KasperskyOS-Community-Edition-<platform>-<version>/examples/kpa_example

List of programs

• Client – application that works with three KPA packages: DownloadedApp.kpa (downloaded from an HTTP server), Application.kpa (built from source components and installed into an operational solution), PreinstalledApp.kpa (built from source components and pre-installed into a built solution image).
• Server – system program that implements a log server to which other programs forward messages. To send messages to the log server, programs use the logrr_cpp library, which filters messages by log level. The log server forwards the received messages to the output channel named FsOutputChannel.
• FsOutputChannel – system program that implements an output channel for the Server program. The output channel saves messages received from the log server to a file.
• PkgMgrEntity – system program that provides functionality for managing KPA packages.
• ExecMgrEntity – system program that manages the life cycle of processes via IPC mechanisms.
• BlobContainer – system program that is designed to load binary data into memory and is used by the Execution Manager program to start processes.
• EntropyEntity – system program that implements random number generation.
• Dhcpcd – system program that implements a DHCP client, which gets network interface parameters from an external DHCP server in the background and passes them to a virtual file system.
• VfsSdCardFs – system program that supports the file system of SD cards.
• VfsNet – system program that supports network protocols.
• DCM – system program that lets you dynamically create IPC channels.
• SDCard – SD card driver.
• DNetSrv – network card driver.

When you build an example for the target hardware platform, platform-specific drivers are automatically included in the solution:

• BSP is a hardware platform support package (Board Support Package). Provides cross-platform configuration of peripherals for the Radxa ROCK 3A and Raspberry Pi 4 B.
• Bcm2711MboxArmToVc – driver for working with the VideoCore (VC6) coprocessor via mailbox technology for Raspberry Pi 4 B.

Initialization description

The solution initialization description file named init.yaml is generated during the solution build process based on the ./einit/src/init.yaml.in template. Macros in @INIT_*@‌ ‌format contained in the template are automatically expanded in the resulting init.yaml file. For more details, refer to init.yaml.in template.

Security policy description

The security.psl file contains a description of a security policy for a KasperskyOS-based solution and is located in the ./einit/src directory. The declarations in the PSL file are provided with comments that explain the purpose of these declarations.

The solution security policy description in this example allows any interaction between different processes and between processes and the kernel. This policy can be used only as a stub during the early stages of a solution development so that the security module does not interfere with interactions. It would be unacceptable to apply such a policy in a real-world KasperskyOS-based solution.

Resource

• The ./resources/xdl/kpa_example directory contains the Application.edl, Client.edl, DownloadedApp.edl, and PreinstalledApp.edl files, which are EDL descriptions of programs.
• The directory ./resources/hdd/etc contains the configuration files for the VfsNet and Dhcpcd programs: hosts and dhcpcd.conf, respectively.
• The text.txt file is located in the ./resources/packages/application/files directory. This file is a resource for the KPA package named Application.kpa.

Operating scenario

The Client program performs the following actions:

1. Checks the availability of the network. If the network is not available, it sends a message to the log using the LOG macro of the LogRR component and terminates.
2. Downloads the KPA package named DownloadedApp.kpa from an HTTP server.
3. Sends a message to the log containing a list of available KPA packages: Application.kpa and DownloadedApp.kpa. The KPA package named Application.kpa is built when a solution is built in the ./application/CMakeLists.txt file.
4. Uses the CreatePackageManager() and GetPackageController() functions to get pointers to instances of the IPackageManager and IPackageController interfaces, respectively, which are required for working with the PackageManager component.
5. Installs the KPA package named Application.kpa using the InstallPackage() function of the IPackageController interface.
6. Sends a message to the log containing a list of unique identifiers of the installed KPA packages: kpa_example.application and kpa_example.preinstalled_app. The KPA package named PreinstalledApp.kpa is built and pre-installed into the built solution image in the ./preinstalled_app/CMakeLists.txt file.
7. Sends a message to the log regarding the receipt of data about the Application.kpa package manifest by using the GetManifest() function of the IPackageController interface.
8. Gets the pointer to an instance of the IExecutionManager interface by using the DcmConnect() function. The DCM system program is used to connect to the ExecutionManager process.
9. Gets access to the IProcessControl interface using a pointer to an instance of the IExecutionManager interface.
10. Starts a process from an executable file supplied in the Application.kpa package. Receives the states of the running process in a loop using the GetProcessState() function of the IProcessControl interface and sends messages about the received states to the log. The process terminates on its own.
11. Starts a process from an executable file supplied in the Application.kpa package with a delay of 60 seconds.
12. Gets access to the ISystemController interface using a pointer to an instance of the IExecutionManager interface. Gets information about the processes started using the ExecutionManager component using the GetSystemInfo() function of the ISystemController interface and sends messages containing the received information to the log. After 5 seconds, forcibly terminates the running process by using the StopProcess() function of the IProcessControl interface.

Building and running the example

The CMake system, which is included with KasperskyOS Community Edition, is used to build and run the example.

For the QEMU emulator, you must do the following after building the example but before running it:

1. Additionally build the KPA package named DownloadedApp.kpa. (The source code for the build is in the file named ./downloaded_kpa/CMakeLists.txt.) To build the KPA package, run the following command:

   cmake --build build --target DownloadedKpa

2. Start an HTTP server that will provide access to files from the ./build/kpa/ directory on port 8080. To do so, in a separate terminal session, run the following command:

   python3 -m http.server -d ./build/kpa/ 8080

   To check the availability of the KPA package named DownloadedApp.kpa, open the page http://localhost:8080 in your browser and make sure that the file is listed there.

For target hardware platforms, you must start the HTTP server before running the image containing the example.

See Building and running examples section.

Page top