1 package iotruntime.master;
3 import java.io.InputStream;
4 import java.io.InputStreamReader;
5 import java.io.BufferedReader;
6 import java.io.BufferedWriter;
7 import java.io.FileWriter;
8 import java.io.PrintWriter;
9 import java.io.IOException;
10 import java.nio.file.Files;
11 import java.nio.file.Paths;
12 import java.nio.charset.StandardCharsets;
13 import java.util.HashMap;
16 /** Class ProcessJailConfig is a class that configures the compute
17 * nodes in our network with the relevant process jail policies;
19 * We use Tomoyo 2.5 as a Mandatory Access Control (MAC) that is
20 * simple, easy to maintain, and lightweight (suitable for embedded
23 * @author Rahmadi Trimananda <rahmadi.trimananda @ uci.edu>
27 public final class ProcessJailConfig {
30 * ProcessJailConfig constants
32 private static final String STR_SSH_USERNAME_ROUTER = "root";
33 private static final String STR_SSH_USERNAME_HOST = "iotuser";
34 private static final String STR_TCP_PROTOCOL = "tcp";
35 private static final String STR_UDP_PROTOCOL = "udp";
36 private static final String STR_TCPGW_PROTOCOL = "tcpgw";
37 private static final String STR_NO_PROTOCOL = "nopro";
39 private static final String STR_MAC_POLICY_EXT = ".tomoyo.pol";
40 private static final String STR_OBJECT_NAME = "<object-name>";
41 private static final String STR_OBJECT_CLASS_NAME = "<object-class-name>";
42 private static final String STR_MASTER_IP_ADDRESS = "<master-ip-address>";
43 private static final String STR_MASTER_COM_PORT = "<master-com-port>";
44 private static final String STR_RMI_REG_PORT = "<rmi-reg-port>";
45 private static final String STR_RMI_STUB_PORT = "<rmi-stub-port>";
46 private static final String STR_DEV_IP_ADDRESS = "<dev-ip-address>";
47 private static final String STR_DEV_COM_PORT = "<dev-com-port>";
48 private static final String STR_DEV_PORT = "<dev-port>";
50 private static final int INT_HTTP_PORT = 80;
51 private static final int INT_DNS_PORT = 53;
55 * ProcessJailConfig properties
57 private Map<String, PrintWriter> mapHostToFile;
58 private Map<String, String> mapMACtoIPAdd;
64 public ProcessJailConfig() {
65 // This maps hostname to file PrintWriter
66 mapHostToFile = new HashMap<String, PrintWriter>();
72 * renewPrintWriter() renews the mapHostToFile object that lists all PrintWriters
76 public void renewPrintWriter() {
78 mapHostToFile = new HashMap<String, PrintWriter>();
83 * getPrintWriter() gets the right PrintWriter object to print policies to the right file
85 * @param strConfigHost String hostname to be configured
88 private PrintWriter getPrintWriter(String strConfigHost) {
90 // Return object if existing
91 if (mapHostToFile.containsKey(strConfigHost)) {
92 return mapHostToFile.get(strConfigHost);
94 // Simply create a new one if it doesn't exist
97 fw = new FileWriter(strConfigHost + STR_MAC_POLICY_EXT);
98 } catch (IOException ex) {
101 PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
102 mapHostToFile.put(strConfigHost, pwConfig);
109 * close() closes all PrintWriter objects
113 public void close() {
115 for(PrintWriter pwConfig: mapHostToFile.values()) {
122 * sendMACPolicies() deploys policies on MAC implementation for process jailing
124 * @param strConfigHost String hostname to be configured
127 public void sendMACPolicies(String strConfigHost) {
129 String strCmdSend = "scp " + strConfigHost + STR_MAC_POLICY_EXT + " " +
130 STR_SSH_USERNAME_HOST + "@" + strConfigHost + ":~;";
131 System.out.println(strCmdSend);
132 runCommand(strCmdSend);
133 String strCmdDeploy = "ssh " + STR_SSH_USERNAME_HOST + "@" + strConfigHost +
134 " sudo tomoyo-loadpolicy -df < ~/" + strConfigHost + STR_MAC_POLICY_EXT + "; rm ~/" + strConfigHost +
135 STR_MAC_POLICY_EXT + ";";
136 System.out.println(strCmdDeploy);
137 runCommand(strCmdDeploy);
142 * deployPolicies() method configures the policies
144 * @param strCommand String that contains command line
147 private void deployPolicies(String strCommand) {
150 Runtime runtime = Runtime.getRuntime();
151 Process process = runtime.exec(strCommand);
153 } catch (IOException ex) {
154 System.out.println("RouterConfig: IOException: " + ex.getMessage());
155 ex.printStackTrace();
156 } catch (InterruptedException ex) {
157 System.out.println("RouterConfig: InterruptException: " + ex.getMessage());
158 ex.printStackTrace();
164 * setAddressListObject() method sets the map for IP and MAC addresses
166 * This method gets the mapping from RouterConfig
168 public void setAddressListObject(Map<String, String> _mapMACtoIPAdd) {
170 mapMACtoIPAdd = _mapMACtoIPAdd;
175 * runCommand() method runs shell command
177 * @param strCommand String that contains command line
180 private void runCommand(String strCommand) {
183 Runtime runtime = Runtime.getRuntime();
184 Process process = runtime.exec(strCommand);
186 } catch (IOException ex) {
187 System.out.println("RouterConfig: IOException: " + ex.getMessage());
188 ex.printStackTrace();
189 } catch (InterruptedException ex) {
190 System.out.println("RouterConfig: InterruptException: " + ex.getMessage());
191 ex.printStackTrace();
197 * getAddressList() method gets list of IP addresses
199 * This method sends an inquiry to the router to look for
200 * the list of DHCP leased addresses and their mapping to MAC
203 * @param strRouterAddress String that contains address of router
205 public void getAddressList(String strRouterAddress) {
207 //HashMap<String,String> hmMACToIPAdd = new HashMap<String,String>();
209 // We can replace "cat /tmp/dhcp.leases" with "cat /proc/net/arp"
210 String cmd = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strRouterAddress +
211 " cat /tmp/dhcp.leases";
212 Runtime runtime = Runtime.getRuntime();
213 Process process = runtime.exec(cmd);
215 InputStream inStream = process.getInputStream();
216 InputStreamReader isReader = new InputStreamReader(inStream);
217 BufferedReader bReader = new BufferedReader(isReader);
218 String strRead = null;
219 while((strRead = bReader.readLine()) != null){
220 String[] str = strRead.split(" ");
221 mapMACtoIPAdd.put(str[1], str[2]);
223 } catch (IOException ex) {
224 System.out.println("RouterConfig: IOException: " + ex.getMessage());
225 ex.printStackTrace();
231 * getIPFromMACAddress() method gets IP from MAC address
233 * @return String String that contains IP address from the MAC-IP mapping
235 public String getIPFromMACAddress(String strMACAddress) {
237 String strIPAddress = mapMACtoIPAdd.get(strMACAddress);
238 if (strIPAddress == null) {
239 throw new Error("RouterConfig: MAC address " + strMACAddress +
240 " not found on the list! Please check if device is present in /tmp/dhcp.leases!");
247 * readFile() read the entire file and return a string
249 * @return String String that contains the content of the file
251 public String readFile(String filePath) {
253 String retStr = null;
255 retStr = new String(Files.readAllBytes(Paths.get(filePath)), StandardCharsets.UTF_8);
256 } catch (IOException ex) {
257 ex.printStackTrace();
264 * configureProcessJailDeviceDriverPolicies() method configures the main MAC policies
266 * This method configures the main policies between controller and device driver
268 * @param strConfigHost String hostname to be configured
269 * @param strObjectName String object name
270 * @param strObjectClassName String object class name
271 * @param strFileName String policy file path and name
272 * @param strMasterIPAddress String master IP address
273 * @param iComPort Integer communication port (controller-driver)
274 * @param iRMIRegPort Integer RMI registry port
275 * @param iRMIStubPort Integer RMI stub port
278 public void configureProcessJailDeviceDriverPolicies(String strConfigHost, String strObjectName, String strObjectClassName,
279 String strFileName, String strMasterIPAddress, int iComPort, int iRMIRegPort, int iRMIStubPort) {
281 PrintWriter pwConfig = getPrintWriter(strConfigHost);
282 String strPolicyList = readFile(strFileName);
283 // Replace the strings with the actual values
284 String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strObjectName).
285 replace(STR_OBJECT_CLASS_NAME, strObjectClassName).
286 replace(STR_MASTER_IP_ADDRESS, strMasterIPAddress).
287 replace(STR_MASTER_COM_PORT, String.valueOf(iComPort));
288 //replace(STR_RMI_REG_PORT, String.valueOf(iRMIRegPort)).
289 //replace(STR_RMI_STUB_PORT, String.valueOf(iRMIStubPort));
290 pwConfig.println("\n");
291 pwConfig.print(strNewPolicyList);
292 pwConfig.println("network inet stream bind/listen :: " + iRMIRegPort);
293 pwConfig.println("network inet stream bind/listen :: " + iRMIStubPort);
298 * configureProcessJailDevicePolicies() method configures the device MAC policies
300 * This method configures the device policies between device driver and device
302 * @param strConfigHost String hostname to be configured
303 * @param strProtocol String protocol name
304 * @param iDeviceComPort Integer device communication port
305 * @param strDeviceIPAddress String device IP address
306 * @param iDevicePort Integer device port
309 public void configureProcessJailDevicePolicies(String strConfigHost, String strProtocol,
310 int iDeviceComPort, String strDeviceIPAddress, int iDevicePort) {
312 PrintWriter pwConfig = getPrintWriter(strConfigHost);
313 if (strProtocol.equals(STR_TCP_PROTOCOL)) {
314 pwConfig.println("network inet stream connect ::ffff:" + strDeviceIPAddress + " " + String.valueOf(iDevicePort));
316 pwConfig.println("network inet dgram bind :: " + String.valueOf(iDeviceComPort));
317 pwConfig.println("network inet dgram send ::ffff:" + strDeviceIPAddress + " " + String.valueOf(iDevicePort));
323 * configureProcessJailDevicePolicies() method configures the device MAC policies
325 * This method configures the device policies between device driver and device
327 * @param strConfigHost String hostname to be configured
328 * @param strRouterAddress String router address
329 * @param iPort Integer port
332 public void configureProcessJailGWDevicePolicies(String strConfigHost, String strRouterAddress, String strDeviceIPAddress, int iPort) {
334 PrintWriter pwConfig = getPrintWriter(strConfigHost);
335 pwConfig.println("file read /home/iotuser/iot2/iotjava/iotruntime/\\*.jks");
336 pwConfig.println("file read /etc/resolv.conf");
337 pwConfig.println("file read /etc/hosts");
338 pwConfig.println("network inet stream connect ::ffff:" + strDeviceIPAddress + " " + String.valueOf(INT_HTTP_PORT)); // HTTP access for this address
339 pwConfig.println("network inet dgram send " + strRouterAddress + " " + String.valueOf(iPort));
344 * configureProcessJailDeviceDriverInetAddressPolicies() method configures the device MAC policies
347 * @param strConfigHost String hostname to be configured
348 * @param strAddress String device IP address
351 public void configureProcessJailInetAddressPolicies(String strConfigHost, String strRouterAddress, String strAddress) {
353 PrintWriter pwConfig = getPrintWriter(strConfigHost);
354 //System.out.println("\n\nDEBUG: Writing the config host address setup!!!\n\n");
355 pwConfig.println("file read /etc/resolv.conf");
356 pwConfig.println("file read /etc/hosts");
357 pwConfig.println("file read /etc/host.conf");
358 pwConfig.println("network inet dgram send " + strRouterAddress + " " + String.valueOf(INT_DNS_PORT)); // TCP/UDP access through router
359 pwConfig.println("network inet stream connect ::ffff:" + strAddress + " " + String.valueOf(INT_HTTP_PORT)); // HTTP access for this address
364 * configureProcessJailControllerPolicies() method configures the main MAC policies for controller
366 * @param strControllerName String controller name to be configured
367 * @param strFileName String policy file path and name
368 * @param strMasterIPAddress String master IP address
369 * @param iComPort Integer communication port (controller-driver)
372 public void configureProcessJailControllerPolicies(String strControllerName, String strFileName,
373 String strMasterIPAddress, int iComPort) {
375 PrintWriter pwConfig = getPrintWriter(strControllerName);
376 String strPolicyList = readFile(strFileName);
377 // Replace the strings with the actual values
378 String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strControllerName).
379 replace(STR_OBJECT_CLASS_NAME, strControllerName).
380 replace(STR_MASTER_IP_ADDRESS, strMasterIPAddress).
381 replace(STR_MASTER_COM_PORT, String.valueOf(iComPort));
382 pwConfig.println("\n");
383 pwConfig.print(strNewPolicyList);
388 * configureProcessJailContRMIPolicies() method configures the MAC policies for RMI ports of controller
390 * @param strControllerName String controller name to be configured
391 * @param strFileName String policy file path and name
392 * @param strMasterIPAddress String master IP address
393 * @param iComPort Integer communication port (controller-driver)
396 public void configureProcessJailContRMIPolicies(String strControllerName, String strDeviceDriverIPAddress,
397 int iRMIRegPort, int iRMIStubPort) {
399 PrintWriter pwConfig = getPrintWriter(strControllerName);
400 // Replace the strings with the actual values
401 pwConfig.println("network inet stream connect ::ffff:" + strDeviceDriverIPAddress + " " + String.valueOf(iRMIRegPort));
402 pwConfig.println("network inet stream connect ::ffff:" + strDeviceDriverIPAddress + " " + String.valueOf(iRMIStubPort));
407 * combineControllerMACPolicies() method combines the controller MAC policies into the right host policy file
409 * @param strConfigHost String hostname to be configured
410 * @param strFileName String policy file path and name
413 public void combineControllerMACPolicies(String strConfigHost, String strObjectControllerName, String strFileName) {
415 PrintWriter pwConfig = getPrintWriter(strConfigHost);
416 PrintWriter pwCont = getPrintWriter(strObjectControllerName);
418 String strPolicyList = readFile(strFileName);
419 pwConfig.println(strPolicyList);
420 runCommand("rm -rf " + strFileName);