1 package iotruntime.master;
3 import java.io.InputStream;
4 import java.io.InputStreamReader;
5 import java.io.BufferedReader;
6 import java.io.BufferedWriter;
7 import java.io.FileWriter;
8 import java.io.PrintWriter;
9 import java.io.IOException;
10 import java.nio.file.Files;
11 import java.nio.file.Paths;
12 import java.nio.charset.StandardCharsets;
13 import java.util.HashMap;
16 /** Class ProcessJailConfig is a class that configures the compute
17 * nodes in our network with the relevant process jail policies;
19 * We use Tomoyo 2.5 as a Mandatory Access Control (MAC) that is
20 * simple, easy to maintain, and lightweight (suitable for embedded
23 * @author Rahmadi Trimananda <rahmadi.trimananda @ uci.edu>
27 public final class ProcessJailConfig {
30 * ProcessJailConfig constants
32 private static final String STR_SSH_USERNAME_ROUTER = "root";
33 private static final String STR_SSH_USERNAME_HOST = "iotuser";
34 private static final String STR_TCP_PROTOCOL = "tcp";
35 private static final String STR_UDP_PROTOCOL = "udp";
36 private static final String STR_TCPGW_PROTOCOL = "tcpgw";
37 private static final String STR_NO_PROTOCOL = "nopro";
39 private static final String STR_MAC_POLICY_EXT = ".tomoyo.pol";
40 private static final String STR_OBJECT_NAME = "<object-name>";
41 private static final String STR_OBJECT_CLASS_NAME = "<object-class-name>";
42 private static final String STR_MASTER_IP_ADDRESS = "<master-ip-address>";
43 private static final String STR_MASTER_COM_PORT = "<master-com-port>";
44 private static final String STR_RMI_REG_PORT = "<rmi-reg-port>";
45 private static final String STR_RMI_STUB_PORT = "<rmi-stub-port>";
46 private static final String STR_DEV_IP_ADDRESS = "<dev-ip-address>";
47 private static final String STR_DEV_COM_PORT = "<dev-com-port>";
48 private static final String STR_DEV_PORT = "<dev-port>";
52 * ProcessJailConfig properties
54 private Map<String, PrintWriter> mapHostToFile;
55 private Map<String, String> mapMACtoIPAdd;
61 public ProcessJailConfig() {
62 // This maps hostname to file PrintWriter
63 mapHostToFile = new HashMap<String, PrintWriter>();
69 * renewPrintWriter() renews the mapHostToFile object that lists all PrintWriters
73 public void renewPrintWriter() {
75 mapHostToFile = new HashMap<String, PrintWriter>();
80 * getPrintWriter() gets the right PrintWriter object to print policies to the right file
82 * @param strConfigHost String hostname to be configured
85 private PrintWriter getPrintWriter(String strConfigHost) {
87 // Return object if existing
88 if (mapHostToFile.containsKey(strConfigHost)) {
89 return mapHostToFile.get(strConfigHost);
91 // Simply create a new one if it doesn't exist
94 fw = new FileWriter(strConfigHost + STR_MAC_POLICY_EXT);
95 } catch (IOException ex) {
98 PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
99 mapHostToFile.put(strConfigHost, pwConfig);
106 * close() closes all PrintWriter objects
110 public void close() {
112 for(PrintWriter pwConfig: mapHostToFile.values()) {
119 * sendMACPolicies() deploys policies on MAC implementation for process jailing
121 * @param strConfigHost String hostname to be configured
124 public void sendMACPolicies(String strConfigHost) {
126 String strCmdSend = "scp " + strConfigHost + STR_MAC_POLICY_EXT + " " +
127 STR_SSH_USERNAME_HOST + "@" + strConfigHost + ":~;";
128 System.out.println(strCmdSend);
129 runCommand(strCmdSend);
130 String strCmdDeploy = "ssh " + STR_SSH_USERNAME_HOST + "@" + strConfigHost +
131 " sudo tomoyo-loadpolicy -df < ~/" + strConfigHost + STR_MAC_POLICY_EXT + "; rm ~/" + strConfigHost +
132 STR_MAC_POLICY_EXT + ";";
133 System.out.println(strCmdDeploy);
134 runCommand(strCmdDeploy);
139 * deployPolicies() method configures the policies
141 * @param strCommand String that contains command line
144 private void deployPolicies(String strCommand) {
147 Runtime runtime = Runtime.getRuntime();
148 Process process = runtime.exec(strCommand);
150 } catch (IOException ex) {
151 System.out.println("RouterConfig: IOException: " + ex.getMessage());
152 ex.printStackTrace();
153 } catch (InterruptedException ex) {
154 System.out.println("RouterConfig: InterruptException: " + ex.getMessage());
155 ex.printStackTrace();
161 * setAddressListObject() method sets the map for IP and MAC addresses
163 * This method gets the mapping from RouterConfig
165 public void setAddressListObject(Map<String, String> _mapMACtoIPAdd) {
167 mapMACtoIPAdd = _mapMACtoIPAdd;
172 * runCommand() method runs shell command
174 * @param strCommand String that contains command line
177 private void runCommand(String strCommand) {
180 Runtime runtime = Runtime.getRuntime();
181 Process process = runtime.exec(strCommand);
183 } catch (IOException ex) {
184 System.out.println("RouterConfig: IOException: " + ex.getMessage());
185 ex.printStackTrace();
186 } catch (InterruptedException ex) {
187 System.out.println("RouterConfig: InterruptException: " + ex.getMessage());
188 ex.printStackTrace();
194 * getAddressList() method gets list of IP addresses
196 * This method sends an inquiry to the router to look for
197 * the list of DHCP leased addresses and their mapping to MAC
200 * @param strRouterAddress String that contains address of router
202 public void getAddressList(String strRouterAddress) {
204 //HashMap<String,String> hmMACToIPAdd = new HashMap<String,String>();
206 // We can replace "cat /tmp/dhcp.leases" with "cat /proc/net/arp"
207 String cmd = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strRouterAddress +
208 " cat /tmp/dhcp.leases";
209 Runtime runtime = Runtime.getRuntime();
210 Process process = runtime.exec(cmd);
212 InputStream inStream = process.getInputStream();
213 InputStreamReader isReader = new InputStreamReader(inStream);
214 BufferedReader bReader = new BufferedReader(isReader);
215 String strRead = null;
216 while((strRead = bReader.readLine()) != null){
217 String[] str = strRead.split(" ");
218 mapMACtoIPAdd.put(str[1], str[2]);
220 } catch (IOException ex) {
221 System.out.println("RouterConfig: IOException: " + ex.getMessage());
222 ex.printStackTrace();
228 * getIPFromMACAddress() method gets IP from MAC address
230 * @return String String that contains IP address from the MAC-IP mapping
232 public String getIPFromMACAddress(String strMACAddress) {
234 String strIPAddress = mapMACtoIPAdd.get(strMACAddress);
235 if (strIPAddress == null) {
236 throw new Error("RouterConfig: MAC address " + strMACAddress +
237 " not found on the list! Please check if device is present in /tmp/dhcp.leases!");
244 * readFile() read the entire file and return a string
246 * @return String String that contains the content of the file
248 public String readFile(String filePath) {
250 String retStr = null;
252 retStr = new String(Files.readAllBytes(Paths.get(filePath)), StandardCharsets.UTF_8);
253 } catch (IOException ex) {
254 ex.printStackTrace();
261 * configureProcessJailDeviceDriverPolicies() method configures the main MAC policies
263 * This method configures the main policies between controller and device driver
265 * @param strConfigHost String hostname to be configured
266 * @param strObjectName String object name
267 * @param strObjectClassName String object class name
268 * @param strFileName String policy file path and name
269 * @param strMasterIPAddress String master IP address
270 * @param iComPort Integer communication port (controller-driver)
271 * @param iRMIRegPort Integer RMI registry port
272 * @param iRMIStubPort Integer RMI stub port
275 public void configureProcessJailDeviceDriverPolicies(String strConfigHost, String strObjectName, String strObjectClassName,
276 String strFileName, String strMasterIPAddress, int iComPort, int iRMIRegPort, int iRMIStubPort) {
278 PrintWriter pwConfig = getPrintWriter(strConfigHost);
279 String strPolicyList = readFile(strFileName);
280 // Replace the strings with the actual values
281 String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strObjectName).
282 replace(STR_OBJECT_CLASS_NAME, strObjectClassName).
283 replace(STR_MASTER_IP_ADDRESS, strMasterIPAddress).
284 replace(STR_MASTER_COM_PORT, String.valueOf(iComPort));
285 //replace(STR_RMI_REG_PORT, String.valueOf(iRMIRegPort)).
286 //replace(STR_RMI_STUB_PORT, String.valueOf(iRMIStubPort));
287 pwConfig.println("\n");
288 pwConfig.print(strNewPolicyList);
289 pwConfig.println("network inet stream bind/listen :: " + iRMIRegPort);
290 pwConfig.println("network inet stream bind/listen :: " + iRMIStubPort);
295 * configureProcessJailDevicePolicies() method configures the device MAC policies
297 * This method configures the device policies between device driver and device
299 * @param strConfigHost String hostname to be configured
300 * @param strProtocol String protocol name
301 * @param iDeviceComPort Integer device communication port
302 * @param strDeviceIPAddress String device IP address
303 * @param iDevicePort Integer device port
306 public void configureProcessJailDevicePolicies(String strConfigHost, String strProtocol,
307 int iDeviceComPort, String strDeviceIPAddress, int iDevicePort) {
309 PrintWriter pwConfig = getPrintWriter(strConfigHost);
310 if (strProtocol.equals(STR_TCP_PROTOCOL)) {
311 pwConfig.println("network inet stream connect ::ffff:" + strDeviceIPAddress + " " + String.valueOf(iDevicePort));
313 pwConfig.println("network inet dgram bind :: " + String.valueOf(iDeviceComPort));
314 pwConfig.println("network inet dgram send ::ffff:" + strDeviceIPAddress + " " + String.valueOf(iDevicePort));
320 * configureProcessJailControllerPolicies() method configures the main MAC policies for controller
322 * @param strControllerName String controller name to be configured
323 * @param strFileName String policy file path and name
324 * @param strMasterIPAddress String master IP address
325 * @param iComPort Integer communication port (controller-driver)
328 public void configureProcessJailControllerPolicies(String strControllerName, String strFileName,
329 String strMasterIPAddress, int iComPort) {
331 PrintWriter pwConfig = getPrintWriter(strControllerName);
332 String strPolicyList = readFile(strFileName);
333 // Replace the strings with the actual values
334 String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strControllerName).
335 replace(STR_OBJECT_CLASS_NAME, strControllerName).
336 replace(STR_MASTER_IP_ADDRESS, strMasterIPAddress).
337 replace(STR_MASTER_COM_PORT, String.valueOf(iComPort));
338 pwConfig.println("\n");
339 pwConfig.print(strNewPolicyList);
344 * configureProcessJailContRMIPolicies() method configures the MAC policies for RMI ports of controller
346 * @param strControllerName String controller name to be configured
347 * @param strFileName String policy file path and name
348 * @param strMasterIPAddress String master IP address
349 * @param iComPort Integer communication port (controller-driver)
352 public void configureProcessJailContRMIPolicies(String strControllerName, String strDeviceDriverIPAddress,
353 int iRMIRegPort, int iRMIStubPort) {
355 PrintWriter pwConfig = getPrintWriter(strControllerName);
356 // Replace the strings with the actual values
357 pwConfig.println("network inet stream connect ::ffff:" + strDeviceDriverIPAddress + " " + String.valueOf(iRMIRegPort));
358 pwConfig.println("network inet stream connect ::ffff:" + strDeviceDriverIPAddress + " " + String.valueOf(iRMIStubPort));
363 * combineControllerMACPolicies() method combines the controller MAC policies into the right host policy file
365 * @param strConfigHost String hostname to be configured
366 * @param strFileName String policy file path and name
369 public void combineControllerMACPolicies(String strConfigHost, String strObjectControllerName, String strFileName) {
371 PrintWriter pwConfig = getPrintWriter(strConfigHost);
372 PrintWriter pwCont = getPrintWriter(strObjectControllerName);
374 String strPolicyList = readFile(strFileName);
375 pwConfig.println(strPolicyList);
376 runCommand("rm -rf " + strFileName);