1 package iotruntime.master;
3 import java.io.InputStream;
4 import java.io.InputStreamReader;
5 import java.io.BufferedReader;
6 import java.io.BufferedWriter;
7 import java.io.FileWriter;
8 import java.io.PrintWriter;
9 import java.io.IOException;
10 import java.nio.file.Files;
11 import java.nio.file.Paths;
12 import java.nio.charset.StandardCharsets;
13 import java.util.HashMap;
16 /** Class ProcessJailConfig is a class that configures the compute
17 * nodes in our network with the relevant process jail policies;
19 * We use Tomoyo 2.5 as a Mandatory Access Control (MAC) that is
20 * simple, easy to maintain, and lightweight (suitable for embedded
23 * @author Rahmadi Trimananda <rahmadi.trimananda @ uci.edu>
27 public final class ProcessJailConfig {
30 * ProcessJailConfig constants
32 private static final String STR_SSH_USERNAME_ROUTER = "root";
33 private static final String STR_SSH_USERNAME_HOST = "iotuser";
34 private static final String STR_TCP_PROTOCOL = "tcp";
35 private static final String STR_UDP_PROTOCOL = "udp";
36 private static final String STR_TCPGW_PROTOCOL = "tcpgw";
37 private static final String STR_NO_PROTOCOL = "nopro";
39 private static final String STR_ADD_MAC_EXT = ".tomoyo";
40 private static final String STR_MAC_POLICY_EXT = ".tomoyo.pol";
41 private static final String STR_OBJECT_NAME = "<object-name>";
42 private static final String STR_OBJECT_CLASS_NAME = "<object-class-name>";
43 private static final String STR_MASTER_IP_ADDRESS = "<master-ip-address>";
44 private static final String STR_MASTER_COM_PORT = "<master-com-port>";
45 private static final String STR_RMI_REG_PORT = "<rmi-reg-port>";
46 private static final String STR_RMI_STUB_PORT = "<rmi-stub-port>";
47 private static final String STR_DEV_IP_ADDRESS = "<dev-ip-address>";
48 private static final String STR_DEV_COM_PORT = "<dev-com-port>";
49 private static final String STR_DEV_PORT = "<dev-port>";
51 private static final int INT_HTTP_PORT = 80;
52 private static final int INT_DNS_PORT = 53;
56 * ProcessJailConfig properties
58 private Map<String, PrintWriter> mapHostToFile;
59 private Map<String, String> mapMACtoIPAdd;
65 public ProcessJailConfig() {
66 // This maps hostname to file PrintWriter
67 mapHostToFile = new HashMap<String, PrintWriter>();
73 * renewPrintWriter() renews the mapHostToFile object that lists all PrintWriters
77 public void renewPrintWriter() {
79 mapHostToFile = new HashMap<String, PrintWriter>();
84 * getPrintWriter() gets the right PrintWriter object to print policies to the right file
86 * @param strConfigHost String hostname to be configured
89 private PrintWriter getPrintWriter(String strConfigHost) {
91 // Return object if existing
92 if (mapHostToFile.containsKey(strConfigHost)) {
93 return mapHostToFile.get(strConfigHost);
95 // Simply create a new one if it doesn't exist
98 fw = new FileWriter(strConfigHost + STR_MAC_POLICY_EXT);
99 } catch (IOException ex) {
100 ex.printStackTrace();
102 PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
103 mapHostToFile.put(strConfigHost, pwConfig);
110 * flush() flushes all PrintWriter objects
114 public void flush() {
116 for(PrintWriter pwConfig: mapHostToFile.values()) {
123 * close() closes all PrintWriter objects
127 public void close() {
129 for(PrintWriter pwConfig: mapHostToFile.values()) {
136 * sendMACPolicies() deploys policies on MAC implementation for process jailing
138 * @param strConfigHost String hostname to be configured
141 public void sendMACPolicies(String strConfigHost) {
143 String strCmdSend = "scp " + strConfigHost + STR_MAC_POLICY_EXT + " " +
144 STR_SSH_USERNAME_HOST + "@" + strConfigHost + ":~;";
145 System.out.println(strCmdSend);
146 runCommand(strCmdSend);
147 String strCmdDeploy = "ssh " + STR_SSH_USERNAME_HOST + "@" + strConfigHost +
148 " sudo tomoyo-loadpolicy -df < ~/" + strConfigHost + STR_MAC_POLICY_EXT + "; rm ~/" + strConfigHost +
149 STR_MAC_POLICY_EXT + ";";
150 System.out.println(strCmdDeploy);
151 runCommand(strCmdDeploy);
156 * deployPolicies() method configures the policies
158 * @param strCommand String that contains command line
161 private void deployPolicies(String strCommand) {
164 Runtime runtime = Runtime.getRuntime();
165 Process process = runtime.exec(strCommand);
167 } catch (IOException ex) {
168 System.out.println("RouterConfig: IOException: " + ex.getMessage());
169 ex.printStackTrace();
170 } catch (InterruptedException ex) {
171 System.out.println("RouterConfig: InterruptException: " + ex.getMessage());
172 ex.printStackTrace();
178 * setAddressListObject() method sets the map for IP and MAC addresses
180 * This method gets the mapping from RouterConfig
182 public void setAddressListObject(Map<String, String> _mapMACtoIPAdd) {
184 mapMACtoIPAdd = _mapMACtoIPAdd;
189 * runCommand() method runs shell command
191 * @param strCommand String that contains command line
194 private void runCommand(String strCommand) {
197 Runtime runtime = Runtime.getRuntime();
198 Process process = runtime.exec(strCommand);
200 } catch (IOException ex) {
201 System.out.println("RouterConfig: IOException: " + ex.getMessage());
202 ex.printStackTrace();
203 } catch (InterruptedException ex) {
204 System.out.println("RouterConfig: InterruptException: " + ex.getMessage());
205 ex.printStackTrace();
211 * getAddressList() method gets list of IP addresses
213 * This method sends an inquiry to the router to look for
214 * the list of DHCP leased addresses and their mapping to MAC
217 * @param strRouterAddress String that contains address of router
219 public void getAddressList(String strRouterAddress) {
221 //HashMap<String,String> hmMACToIPAdd = new HashMap<String,String>();
223 // We can replace "cat /tmp/dhcp.leases" with "cat /proc/net/arp"
224 String cmd = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strRouterAddress +
225 " cat /tmp/dhcp.leases";
226 Runtime runtime = Runtime.getRuntime();
227 Process process = runtime.exec(cmd);
229 InputStream inStream = process.getInputStream();
230 InputStreamReader isReader = new InputStreamReader(inStream);
231 BufferedReader bReader = new BufferedReader(isReader);
232 String strRead = null;
233 while((strRead = bReader.readLine()) != null){
234 String[] str = strRead.split(" ");
235 mapMACtoIPAdd.put(str[1], str[2]);
237 } catch (IOException ex) {
238 System.out.println("RouterConfig: IOException: " + ex.getMessage());
239 ex.printStackTrace();
245 * getIPFromMACAddress() method gets IP from MAC address
247 * @return String String that contains IP address from the MAC-IP mapping
249 public String getIPFromMACAddress(String strMACAddress) {
251 String strIPAddress = mapMACtoIPAdd.get(strMACAddress);
252 if (strIPAddress == null) {
253 throw new Error("RouterConfig: MAC address " + strMACAddress +
254 " not found on the list! Please check if device is present in /tmp/dhcp.leases!");
261 * readFile() read the entire file and return a string
263 * @return String String that contains the content of the file
265 public String readFile(String filePath) {
267 String retStr = null;
269 retStr = new String(Files.readAllBytes(Paths.get(filePath)), StandardCharsets.UTF_8);
270 } catch (IOException ex) {
271 ex.printStackTrace();
278 * configureProcessJailDeviceDriverPolicies() method configures the main MAC policies
280 * This method configures the main policies between controller and device driver
282 * @param strConfigHost String hostname to be configured
283 * @param strObjectName String object name
284 * @param strObjectClassName String object class name
285 * @param strFileName String policy file path and name
286 * @param strMasterIPAddress String master IP address
287 * @param iComPort Integer communication port (controller-driver)
288 * @param iRMIRegPort Integer RMI registry port
289 * @param iRMIStubPort Integer RMI stub port
292 public void configureProcessJailDeviceDriverPolicies(String strConfigHost, String strObjectName, String strObjectClassName,
293 String strFileName, String strMasterIPAddress, int iComPort, int iRMIRegPort, int iRMIStubPort) {
295 PrintWriter pwConfig = getPrintWriter(strConfigHost);
296 String strPolicyList = readFile(strFileName);
297 // Replace the strings with the actual values
298 String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strObjectName).
299 replace(STR_OBJECT_CLASS_NAME, strObjectClassName).
300 replace(STR_MASTER_IP_ADDRESS, strMasterIPAddress).
301 replace(STR_MASTER_COM_PORT, String.valueOf(iComPort));
302 //replace(STR_RMI_REG_PORT, String.valueOf(iRMIRegPort)).
303 //replace(STR_RMI_STUB_PORT, String.valueOf(iRMIStubPort));
304 pwConfig.println("\n");
305 pwConfig.print(strNewPolicyList);
306 pwConfig.println("network inet stream bind/listen :: " + iRMIRegPort);
307 pwConfig.println("network inet stream bind/listen :: " + iRMIStubPort);
312 * configureProcessJailDevicePolicies() method configures the device MAC policies
314 * This method configures the device policies between device driver and device
316 * @param strConfigHost String hostname to be configured
317 * @param strProtocol String protocol name
318 * @param iDeviceComPort Integer device communication port
319 * @param strDeviceIPAddress String device IP address
320 * @param iDevicePort Integer device port
323 public void configureProcessJailDevicePolicies(String strConfigHost, String strProtocol,
324 int iDeviceComPort, String strDeviceIPAddress, int iDevicePort) {
326 PrintWriter pwConfig = getPrintWriter(strConfigHost);
327 if (strProtocol.equals(STR_TCP_PROTOCOL)) {
328 pwConfig.println("network inet stream connect ::ffff:" + strDeviceIPAddress + " " + String.valueOf(iDevicePort));
330 pwConfig.println("network inet dgram bind :: " + String.valueOf(iDeviceComPort));
331 pwConfig.println("network inet dgram send ::ffff:" + strDeviceIPAddress + " " + String.valueOf(iDevicePort));
337 * configureProcessJailDevicePolicies() method configures the device MAC policies
339 * This method configures the device policies between device driver and device
341 * @param strConfigHost String hostname to be configured
342 * @param strRouterAddress String router address
343 * @param iPort Integer port
346 public void configureProcessJailGWDevicePolicies(String strConfigHost, String strRouterAddress, String strDeviceIPAddress, int iPort) {
348 PrintWriter pwConfig = getPrintWriter(strConfigHost);
349 pwConfig.println("file read /home/iotuser/iot2/iotjava/iotruntime/\\*.jks");
350 pwConfig.println("file read /etc/resolv.conf");
351 pwConfig.println("file read /etc/hosts");
352 pwConfig.println("network inet stream connect ::ffff:" + strDeviceIPAddress + " " + String.valueOf(INT_HTTP_PORT)); // HTTP access for this address
353 pwConfig.println("network inet dgram send " + strRouterAddress + " " + String.valueOf(iPort));
358 * configureProcessJailDeviceDriverInetAddressPolicies() method configures the device MAC policies
361 * @param strConfigHost String hostname to be configured
362 * @param strAddress String device IP address
365 public void configureProcessJailInetAddressPolicies(String strConfigHost, String strRouterAddress, String strAddress) {
367 PrintWriter pwConfig = getPrintWriter(strConfigHost);
368 //System.out.println("\n\nDEBUG: Writing the config host address setup!!!\n\n");
369 pwConfig.println("file read /etc/resolv.conf");
370 pwConfig.println("file read /etc/hosts");
371 pwConfig.println("file read /etc/host.conf");
372 pwConfig.println("network inet dgram send " + strRouterAddress + " " + String.valueOf(INT_DNS_PORT)); // TCP/UDP access through router
373 pwConfig.println("network inet stream connect ::ffff:" + strAddress + " " + String.valueOf(INT_HTTP_PORT)); // HTTP access for this address
378 * configureProcessJailControllerPolicies() method configures the main MAC policies for controller
380 * @param strControllerName String controller name to be configured
381 * @param strFileName String policy file path and name
382 * @param strMasterIPAddress String master IP address
383 * @param iComPort Integer communication port (controller-driver)
386 public void configureProcessJailControllerPolicies(String strControllerName, String strFileName,
387 String strMasterIPAddress, int iComPort) {
389 PrintWriter pwConfig = getPrintWriter(strControllerName);
390 String strPolicyList = readFile(strFileName);
391 // Replace the strings with the actual values
392 String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strControllerName).
393 replace(STR_OBJECT_CLASS_NAME, strControllerName).
394 replace(STR_MASTER_IP_ADDRESS, strMasterIPAddress).
395 replace(STR_MASTER_COM_PORT, String.valueOf(iComPort));
396 pwConfig.println("\n");
397 pwConfig.print(strNewPolicyList);
402 * configureProcessJailContRMIPolicies() method configures the MAC policies for RMI ports of controller
404 * @param strControllerName String controller name to be configured
405 * @param strFileName String policy file path and name
406 * @param strMasterIPAddress String master IP address
407 * @param iComPort Integer communication port (controller-driver)
410 public void configureProcessJailContRMIPolicies(String strControllerName, String strDeviceDriverIPAddress,
411 int iRMIRegPort, int iRMIStubPort) {
413 PrintWriter pwConfig = getPrintWriter(strControllerName);
414 // Replace the strings with the actual values
415 pwConfig.println("network inet stream connect ::ffff:" + strDeviceDriverIPAddress + " " + String.valueOf(iRMIRegPort));
416 pwConfig.println("network inet stream connect ::ffff:" + strDeviceDriverIPAddress + " " + String.valueOf(iRMIStubPort));
421 * combineAdditionalMACPolicy() method combines the additional MAC policies into the right host policy file
423 * @param strConfigHost String hostname to be configured
424 * @param strFileName String policy file path and name
427 public void combineAdditionalMACPolicy(String strMACCfgPath, String strObjectName, String strConfigHost) {
429 PrintWriter pwConfig = getPrintWriter(strConfigHost);
430 String strPolicyList = readFile(strMACCfgPath + strObjectName + STR_ADD_MAC_EXT);
431 pwConfig.println(strPolicyList);
436 * combineControllerMACPolicies() method combines the controller MAC policies into the right host policy file
438 * @param strConfigHost String hostname to be configured
439 * @param strFileName String policy file path and name
442 public void combineControllerMACPolicies(String strConfigHost, String strObjectControllerName, String strFileName) {
444 PrintWriter pwConfig = getPrintWriter(strConfigHost);
445 PrintWriter pwCont = getPrintWriter(strObjectControllerName);
447 String strPolicyList = readFile(strFileName);
448 pwConfig.println(strPolicyList);
449 runCommand("rm -rf " + strFileName);