Example of adding the system program KlogStorage to a solution to write audit data to a file

Source code of the program

klog_storage/src/klog_storage_entity.c

#include <klog_storage/server.h>

#include <klog_storage/file_storage.h>

#include <ping/KlogStorageEntity.edl.h>

int main(int argc, char *argv[])

{

/* This function call starts the IPC request processing loop.

* The audit data will be written to the file /etc/klog_storage.log, which can

* hold no more than 100 entries. When the file is completely full, the previous

* entries will be replaced by new entries starting at the beginning of the file. If the last parameter

* of the function has a value other than 1, the KlogStorage program at startup

* opens the existing file and begins to write audit data at the specific position

* that was set in the file after the previous write operation. If the last

* parameter of the function has a value of 1, a new empty file will be created.

* (The constants ping_KlogStorageEntity_klogStorage_iidOffset and

* ping_KlogStorageEntity_klogStorage_storage_iid are defined in the header

* file KlogStorageEntity.edl.h, which contains the automatically generated

* transport code.) */

return klog_storage_file_storage_run(KLOG_STORAGE_SERVER_CONNECTION_ID,

"/etc/klog_storage.log",

ping_KlogStorageEntity_klogStorage_iidOffset,

ping_KlogStorageEntity_klogStorage_storage_iid,

100,

0);

}

Building a program

The difference between the CMake commands for building the KlogStorage program that writes audit data to a file and the CMake commands for building the version of this program that sends audit data to standard error comprises the following modification:

klog_storage/CMakeLists.txt

...

# When creating the executable file of the KlogStorage program, you must

# link it to the klog_storage_file_storage library.

target_link_libraries (KlogStorageEntity ${klog_storage_FILE_STORAGE_LIB})

...

Program process dictionary in the init description template

einit/src/init.yaml.in

...

- name: ping.KlogStorageEntity

connections:

- target: file_vfs.FileVfs

id: {var: _VFS_CONNECTION_ID, include: vfs/defs.h}

...

Security policy description for the program

The difference between a policy description for a KlogStorage program that writes audit data to a file and a policy description for a version of this program that sends audit data to standard error comprises the following addition:

einit/src/security.psl.in

...

use EDL file_vfs.FileVfs

...

use vfs._

...

einit/src/vfs.psl

...

/* Interaction with the VFS program */

request dst=file_vfs.FileVfs {

match src=ping.KlogStorageEntity { grant () }

}

response src=file_vfs.FileVfs {

match dst=ping.KlogStorageEntity { grant () }

}

error src=file_vfs.FileVfs {

match dst=ping.KlogStorageEntity { grant () }

}

...

Forwarding audit data to other programs

To forward file-written audit data via IPC, the KlogStorage program provides the read and readRange interface methods defined in the file sysroot-*-kos/include/kl/KlogStorage.idl from the KasperskyOS SDK.

The executable file of the program that needs to receive the audit data must be linked to the client library of the KlogStorage program:

klog_reader/CMakeLists.txt

# Import KlogStorage libraries from the

# KasperskyOS SDK

find_package (klog_storage REQUIRED)

include_directories (${klog_storage_INCLUDE})

...

# Create the executable file of the program that needs to

# receive audit data from the KlogStorage program.

add_executable (KlogReader "src/klog_reader.c")

target_link_libraries (KlogReader ${klog_storage_CLIENT_LIB})

...

Source code for receiving audit data from the KlogStorage program:

klog_reader/src/klog_reader.c

#include <klog_storage/client.h>

...

int main(int argc, char *argv[])

{

...

struct Klog_storage_ctx *storage =

klog_storage_init(KLOG_STORAGE_SERVER_CONNECTION_ID);

struct kl_KlogStorage_Entry first_entries[10], latest_entries [10];

/* Read the first ten entries */

int f_count = klog_storage_read_range(klog_storage_IKlog_storage(storage),

1,

10,

first_entries);

/* Read the last ten entries */

int l_count = klog_storage_read(klog_storage_IKlog_storage(storage),

10,

latest_entries);

...

}