Support

Support for KasperskyOS

KasperskyOS Community Edition

Developing security policies

Using the system programs Klog and KlogStorage to perform a security audit

Example of adding the system program Klog to a solution

KasperskyOS Community Edition
Online Help
FAQ Download Forum Contact support

Example of adding the system program Klog to a solution

May 21, 2024

ID klog_usage_example

Get as PDF

Source code of the program

einit/src/klog_entity.c

#include <klog/system_audit.h>

#include <klog_storage/client.h>

#include <ping/KlogEntity.edl.h>

int main(int argc, char *argv[])

{

/* This function call creates a thread

* that receives audit data from the kernel, decodes it and forwards it

* via IPC to the KlogStorage program.

* (The constant ping_KlogEntity_klog_audit_iid is defined in the header

* file KlogEntity.edl.h, which contains the automatically generated

* transport code.) */

return klog_system_audit_run(KLOG_SERVER_CONNECTION_ID ":

" KLOG_STORAGE_SERVER_CONNECTION_ID,

ping_KlogEntity_klog_audit_iid);

}

Building a program

einit/CMakeLists.txt

...

# Import Klog libraries from the

# KasperskyOS SDK

find_package (klog REQUIRED)

include_directories (${klog_INCLUDE})

# Generate transport code based on the formal specification of the

# Klog program

nk_build_edl_files (klog_edl_files

NK_MODULE "ping"

# The KlogEntity.edl file and other files

# in the formal specification of the Klog program

# are provided in the KasperskyOS SDK.

EDL "${RESOURCES}/edl/KlogEntity.edl")

# Create the executable file of the Klog program for the hardware platform

add_executable (KlogEntityHw "src/klog_entity.c")

target_link_libraries (KlogEntityHw ${klog_SYSTEM_AUDIT_LIB})

add_dependencies (KlogEntityHw klog_edl_files)

# Create the executable file of the Klog program for QEMU.

# (Identical to creating the executable file of the Klog program for

# the hardware platform, except for the build target name.

# Requires two build targets for the executable file of the

# Klog program with different names because the KLOG_ENTITY parameter of the

# CMake commands build_kos_hw_image() and build_kos_qemu_image()

# must specify different build targets.)

add_executable (KlogEntityQemu "src/klog_entity.c")

target_link_libraries (KlogEntityQemu ${klog_SYSTEM_AUDIT_LIB})

add_dependencies (KlogEntityQemu klog_edl_files)

# The Klog program does not need to be specified together with other programs

# to be included in the solution image. To include the Klog program

# in a solution, you must define the name of the build target for the executable file of this

# program via the KLOG_ENTITY parameter of the CMake commands

# build_kos_hw_image() and build_kos_qemu_image().

set (ENTITIES Client Server KlogStorageEntity FileVfs)

...

# The INIT_KlogEntity_PATH variable is used in the init.yaml.in file

# to define the name of the Klog program executable file. (The executable

# files of the Klog program for QEMU and for the hardware platform have

# different names that match the names of the build targets

# of these files by default.)

set (INIT_KlogEntity_PATH "KlogEntityHw")

# You must define the KLOG_ENTITY parameter

build_kos_hw_image (kos-image

EINIT_ENTITY EinitHw

...

KLOG_ENTITY KlogEntityHw

IMAGE_FILES ${ENTITIES})

# The INIT_KlogEntity_PATH variable is used in the init.yaml.in file

# to define the name of the Klog program executable file. (The executable

# files of the Klog program for QEMU and for the hardware platform have

# different names that match the names of the build targets

# of these files by default.)

set (INIT_KlogEntity_PATH "KlogEntityQemu")

# You must define the KLOG_ENTITY parameter

build_kos_qemu_image (kos-qemu-image

EINIT_ENTITY EinitQemu

...

KLOG_ENTITY KlogEntityQemu

IMAGE_FILES ${ENTITIES})

Program process dictionary in the init description template

einit/src/init.yaml.in

...

- name: ping.KlogEntity

# The variable INIT_KlogEntity_PATH is defined in the file einit/CMakeLists.txt.

path: @INIT_KlogEntity_PATH@

connections:

- target: ping.KlogStorageEntity

id: {var: KLOG_STORAGE_SERVER_CONNECTION_ID, include: klog_storage/client.h}

...

Policy description for the program

einit/src/security.psl.in

...

use nk.base._

...

use EDL kl.core.Core

...

use EDL ping.KlogEntity

use EDL ping.KlogStorageEntity

...

use audit_profile._

use core._

...

/* Interaction with the KlogStorage program */

request dst=ping.KlogStorageEntity {

match endpoint=klogStorage.storage {

match method=write {

match src=ping.KlogEntity { grant () }

}

}

}

response src=ping.KlogStorageEntity {

match endpoint=klogStorage.storage {

match method=write {

match dst=ping.KlogEntity { grant () }

}

}

}

error src=ping.KlogStorageEntity {

match endpoint=klogStorage.storage {

match method=write {

match dst=ping.KlogEntity { grant () }

}

}

}

...

einit/src/core.psl

...

/* Interaction with the kernel */

request dst=kl.core.Core {

match endpoint=sync.Sync {

match method=Wake {

...

match src=ping.KlogEntity { grant () }

...

}

match method=Wait {

...

match src=ping.KlogEntity { grant () }

...

}

}

match endpoint=task.Task {

match method=FreeSelfEnv {

...

match src=ping.KlogEntity { grant () }

...

}

match method=GetPath {

...

match src=ping.KlogEntity { grant () }

...

}

match method=GetName {

...

match src=ping.KlogEntity { grant () }

...

}

match method=Exit {

...

match src=ping.KlogEntity { grant () }

...

}

}

match endpoint=vmm.VMM {

match method=Allocate {

...

match src=ping.KlogEntity { grant () }

...

}

match method=Commit {

...

match src=ping.KlogEntity { grant () }

...

}

match method=Protect {

...

match src=ping.KlogEntity { grant () }

...

}

match method=Free {

...

match src=ping.KlogEntity { grant () }

...

}

}

match endpoint=thread.Thread {

match method=SetTls {

...

match src=ping.KlogEntity { grant () }

...

}

match method=Create {

...

match src=ping.KlogEntity { grant () }

...

}

match method=Resume {

...

match src=ping.KlogEntity { grant () }

...

}

match method=Attach {

...

match src=ping.KlogEntity { grant () }

...

}

match method=Exit {

...

match src=ping.KlogEntity { grant () }

...

}

match method=GetSchedPolicy {

...

match src=ping.KlogEntity { grant () }

...

}

match method=SetSchedPolicy {

...

match src=ping.KlogEntity { grant () }

...

}

}

match endpoint=hal.HAL {

match method=GetEntropy {

...

match src=ping.KlogEntity { grant () }

...

}

match method=DebugWrite {

...

match src=ping.KlogEntity { grant () }

...

}

match method=GetEnv {

...

match src=ping.KlogEntity { grant () }

...

}

}

match endpoint=handle.Handle {

match method=Close {

...

match src=ping.KlogEntity { grant () }

...

}

}

match endpoint=audit.Audit {

match src=ping.KlogEntity { grant () }

}

}

response src=kl.core.Core {

...

match dst=ping.KlogEntity { grant () }

...

}

error src=kl.core.Core {

...

match dst=ping.KlogEntity { grant () }

...

}

...

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.