Example of adding the system program KlogStorage to a solution to forward audit data to standard error

Support

Support for KasperskyOS

KasperskyOS Community Edition

Developing security policies

Using the system programs Klog and KlogStorage to perform a security audit

Example of adding the system program KlogStorage to a solution to forward audit data to standard error

21 May 2024

ID klogstorage_usage_example_stderr

Get as PDF

Source code of the program

klog_storage/src/klog_storage_entity.c

#include <klog_storage/server.h>

#include <ping/KlogStorageEntity.edl.h>

#include <stdio.h>

/* Define the data type for a fictitious context.

* Required for defining functions that implement

* interface methods, and for dispatcher configuration. */

struct Context

{

int some_data;

};

/* Define the function that forwards audit data to

* standard error. (Use of the ctx parameter is not required, but a

* void* type parameter must be the first parameter in the function signature to

* match the type of pointer that is used by the dispatcher

* to call this function.) */

static int _write(struct Context *ctx, const struct kl_KlogStorage_Entry *entry)

{

fprintf(stderr, "%s\n", entry->msg);

return 0;

}

/* Define a fictitious function for reading audit data.

* (Required for dispatcher configuration to avoid errors

* if the interface method for reading audit data is called.) */

static int _read_range(struct Context *ctx, nk_uint64_t first_id,

nk_uint64_t last_id, struct kl_KlogStorage_Entry *entries)

{

return 0;

}

/* Define a fictitious function for reading audit data.

* (Required for dispatcher configuration to avoid errors

* if the interface method for reading audit data is called.) */

static int _read(struct Context *ctx, nk_uint32_t num_entries,

struct kl_KlogStorage_Entry *entries)

{

return 0;

}

int main(int argc, char *argv[])

{

/* Declaration of a fictitious context */

static struct Context ctx;

/* Configure the dispatcher so that when IPC requests

* containing audit data are received from the Klog program, the dispatcher calls the function that forwards

* this data to standard error. (The functions for reading audit data

* and the context are fictitious. However, you can create your own

* implementations of the _write(), _read() and _read_range() functions for working with

* audit data storage. In this case, the context may be

* used to store the storage state.) */

struct kl_KlogStorage *iface =

klog_storage_IKlog_storage_dispatcher(&ctx,

(kl_KlogStorage_write_func)_write,

(kl_KlogStorage_read_func)_read,

(kl_KlogStorage_read_range_func)_read_range);

struct kl_KlogStorage_component *comp =klog_storage_storage_component(iface);

/* This function call starts the IPC request processing loop.

* (The constants ping_KlogStorageEntity_klogStorage_iidOffset and

* ping_KlogStorageEntity_klogStorage_storage_iid are defined in the header file

* KlogStorageEntity.edl.h, which contains the automatically generated

* transport code.) */

return klog_storage_run(KLOG_STORAGE_SERVER_CONNECTION_ID,

ping_KlogStorageEntity_klogStorage_iidOffset,

ping_KlogStorageEntity_klogStorage_storage_iid,

comp);

}

Building a program

klog_storage/CMakeLists.txt

# Import KlogStorage libraries from the

# KasperskyOS SDK

find_package (klog_storage REQUIRED)

include_directories (${klog_storage_INCLUDE})

# Generate transport code based on the formal specification of the

# KlogStorage program

nk_build_edl_files (klog_storage_edl_files

NK_MODULE "ping"

# The KlogStorageEntity.edl file and other files

# in the formal specification of the KlogStorage program

# are provided in the KasperskyOS SDK.

EDL "${RESOURCES}/edl/KlogStorageEntity.edl")

# Create the executable file of the KlogStorage program

add_executable (KlogStorageEntity "src/klog_storage_entity.c")

target_link_libraries (KlogStorageEntity ${klog_storage_SERVER_LIB})

add_dependencies (KlogStorageEntity klog_edl_files klog_storage_edl_files)

Program process dictionary in the init description template

einit/src/init.yaml.in

...

- name: ping.KlogStorageEntity

...

Policy description for the program

einit/src/security.psl.in

...

use nk.base._

...

use EDL kl.core.Core

...

use EDL ping.KlogEntity

use EDL ping.KlogStorageEntity

...

use audit_profile._

use core._

...

/* Interaction with the Klog program */

request dst=ping.KlogStorageEntity {

match endpoint=klogStorage.storage {

match method=write {

match src=ping.KlogEntity { grant () }

}

response src=ping.KlogStorageEntity {

match endpoint=klogStorage.storage {

match method=write {

match dst=ping.KlogEntity { grant () }

}

error src=ping.KlogStorageEntity {

match endpoint=klogStorage.storage {

match method=write {

match dst=ping.KlogEntity { grant () }

}

...

einit/src/core.psl

...

/* Interaction with the kernel */

request dst=kl.core.Core {

match endpoint=sync.Sync {

match method=Wake {

...