projects / iot2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Adding options to disable/enable firewall policy and choose MAC/IP translation methods
[iot2.git] / iotjava / iotruntime / master / IoTMaster.java
diff --git a/iotjava/iotruntime/master/IoTMaster.java b/iotjava/iotruntime/master/IoTMaster.java
index 2d5b44f799ff6e01856df452d81fc59e37acf2a2..15948bf633de21d17394055eccc2dcbf9bfc6953 100644 (file)
--- a/iotjava/iotruntime/master/IoTMaster.java
+++ b/iotjava/iotruntime/master/IoTMaster.java
@@ -103,6 +103,8 @@ public final class IoTMaster {
        private static String STR_SKEL_CLASS_SUFFIX;
        private static String STR_STUB_CLASS_SUFFIX;
        private static String STR_ACTIVATE_SANDBOXING;
+       private static String STR_POLICY_ON;
+       private static String STR_MAC_TO_IP_TRANSLATION;
        private static boolean BOOL_VERBOSE;
 
        /**
@@ -127,6 +129,7 @@ public final class IoTMaster {
        private static final String STR_INT_STUB_CLS_CFG = "INTERFACE_STUB_CLASS";
        private static final String STR_FILE_TRF_CFG = "ADDITIONAL_ZIP_FILE";
        private static final String STR_LANGUAGE = "LANGUAGE";
+       private static final String STR_ADD_MAC_POL = "ADDITIONAL_MAC_POLICY";
        private static final String STR_YES = "Yes";
        private static final String STR_NO = "No";
        private static final String STR_JAVA = "Java";
@@ -137,6 +140,8 @@ public final class IoTMaster {
        private static final String STR_SHELL_HEADER = "#!/bin/sh";
        private static final String STR_JAVA_PATH = "/usr/bin/java";
        private static final String STR_MAC_POL_PATH = "tomoyo/";
+        private static final String STR_TMP = "tmp";
+        private static final String STR_ARP = "arp";
 
        private static int INT_SIZE = 4;        // send length in the size of integer (4 bytes)
        private static final int INT_DNS_PORT = 53;
@@ -200,6 +205,8 @@ public final class IoTMaster {
                STR_JVM_MAX_HEAP_SIZE = null;
                STR_LANGUAGE_CONTROLLER = null;
                STR_ACTIVATE_SANDBOXING = null;
+               STR_POLICY_ON = null;
+               STR_MAC_TO_IP_TRANSLATION = null;
                BOOL_VERBOSE = false;
        }
 
@@ -214,7 +221,13 @@ public final class IoTMaster {
                lbIoT = new LoadBalancer(BOOL_VERBOSE);
                lbIoT.setupLoadBalancer();
                routerConfig = new RouterConfig();
-               routerConfig.getAddressList(STR_ROUTER_ADD);
+               // Get MAC to IP translation either from /tmp/dhcp.leases or arp command
+               if (STR_MAC_TO_IP_TRANSLATION.equals(STR_TMP))
+                       routerConfig.getAddressListTmp(STR_ROUTER_ADD);
+               else if (STR_MAC_TO_IP_TRANSLATION.equals(STR_ARP))
+                       routerConfig.getAddressListArp(STR_ROUTER_ADD);
+               else
+                       throw new Error("IoTMaster: Unknown value for STR_MAC_TO_IP_TRANSLATION: " + STR_MAC_TO_IP_TRANSLATION);
                processJailConfig = new ProcessJailConfig();
                //processJailConfig.setAddressListObject(routerConfig.getAddressListObject());
                objInitHand = new ObjectInitHandler(BOOL_VERBOSE);
@@ -280,6 +293,8 @@ public final class IoTMaster {
                STR_SKEL_CLASS_SUFFIX = prop.getProperty("SKEL_CLASS_SUFFIX");
                STR_STUB_CLASS_SUFFIX = prop.getProperty("STUB_CLASS_SUFFIX");
                STR_ACTIVATE_SANDBOXING = prop.getProperty("ACTIVATE_SANDBOXING");
+               STR_POLICY_ON = prop.getProperty("POLICY_ON");
+               STR_MAC_TO_IP_TRANSLATION = prop.getProperty("MAC_TO_IP_TRANSLATION");
                if(prop.getProperty("VERBOSE").equals(STR_YES)) {
                        BOOL_VERBOSE = true;
                }
@@ -305,6 +320,8 @@ public final class IoTMaster {
                RuntimeOutput.print("STR_SKEL_CLASS_SUFFIX=" + STR_SKEL_CLASS_SUFFIX, BOOL_VERBOSE);
                RuntimeOutput.print("STR_STUB_CLASS_SUFFIX=" + STR_STUB_CLASS_SUFFIX, BOOL_VERBOSE);
                RuntimeOutput.print("STR_ACTIVATE_SANDBOXING=" + STR_ACTIVATE_SANDBOXING, BOOL_VERBOSE);
+               RuntimeOutput.print("STR_POLICY_ON=" + STR_POLICY_ON, BOOL_VERBOSE);
+               RuntimeOutput.print("STR_MAC_TO_IP_TRANSLATION=" + STR_MAC_TO_IP_TRANSLATION, BOOL_VERBOSE);
                RuntimeOutput.print("BOOL_VERBOSE=" + BOOL_VERBOSE, BOOL_VERBOSE);
                RuntimeOutput.print("IoTMaster: Information extracted successfully!", BOOL_VERBOSE);
        }
@@ -645,6 +662,12 @@ public final class IoTMaster {
                                processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, strObjClassName,
                                        strFileName, strIoTMasterHostAdd, commHan.getComPort(strObjName), commHan.getRMIRegPort(strObjName), 
                                        commHan.getRMIStubPort(strObjName));
+                   // Check for additional MAC policy
+                   String strMACConfigPath = STR_IOT_CODE_PATH + strObjClassName + "/";
+                   String strCfgFile = strMACConfigPath + strObjClassName + STR_CFG_FILE_EXT;
+                       String strAddMACPolicy = parseConfigFile(strCfgFile, STR_ADD_MAC_POL);
+                   if (strAddMACPolicy != null && strAddMACPolicy.equals("Yes"))
+                       processJailConfig.combineAdditionalMACPolicy(strMACConfigPath, strObjClassName, strIoTSlaveObjectHostAdd);
                                processJailConfig.configureProcessJailContRMIPolicies(strObjControllerName, strIoTSlaveObjectHostAdd, 
                                        commHan.getRMIRegPort(strObjName), commHan.getRMIStubPort(strObjName));
                        }
@@ -1996,6 +2019,7 @@ public final class IoTMaster {
                        strIoTMasterHostAdd = routerConfig.getIPFromMACAddress(STR_MASTER_MAC_ADD);
                    // Assign a new list of PrintWriter objects
            routerConfig.renewPrintWriter();
+           HashSet<String> setAddresses = null;
                        // Loop as we can still find controller/device classes
                        for(int i=0; i<strObjectNames.length; i++) {
                                // PROFILING
@@ -2081,6 +2105,12 @@ public final class IoTMaster {
                                        String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
                                        processJailConfig.configureProcessJailControllerPolicies(strObjControllerName, strFileName, 
                                                strIoTMasterHostAdd, commHan.getComPort(strObjControllerName));
+                               // Whether or not we need additional Tomoyo policy?
+                                   String strAddMACPolicy = parseConfigFile(strControllerCfg, STR_ADD_MAC_POL);
+                                   if (strAddMACPolicy != null && strAddMACPolicy.equals("Yes")) {
+                                   String strContMACCfg = STR_CONT_PATH + strObjControllerName + "/";
+                                       processJailConfig.combineAdditionalMACPolicy(strContMACCfg, strObjControllerName, strObjControllerName);
+                                   }
                                }
                                // PROFILING
                                result = System.currentTimeMillis()-start;
@@ -2146,7 +2176,7 @@ public final class IoTMaster {
                                // Combine controller MAC policies with the main policy file for the host
                                String strTempFileName = "./" + strObjControllerName + STR_MAC_POLICY_EXT;
                                processJailConfig.combineControllerMACPolicies(strIoTSlaveControllerHostAdd, strObjControllerName, strTempFileName);
-                               processJailConfig.close();
+                               processJailConfig.flush();
 
                                // PROFILING
                                result = System.currentTimeMillis()-start;
@@ -2165,9 +2195,11 @@ public final class IoTMaster {
                                setRouterBasicPolicies(STR_ROUTER_ADD);
                                routerConfig.closeMain();
                                // Deploy the policy
-                               HashSet<String> setAddresses = new HashSet<String>(commHan.getHosts());
+                               setAddresses = new HashSet<String>(commHan.getHosts());
                                setAddresses.add(strIoTMasterHostAdd);
-                               createPolicyThreads(STR_ROUTER_ADD, setAddresses);
+                               // See if firewall policy is configured to be "on" or "off"
+                               if (STR_POLICY_ON.equals(STR_YES))
+                                       createPolicyThreads(STR_ROUTER_ADD, setAddresses);
 
                                // PROFILING
                                result = System.currentTimeMillis()-start;
@@ -2214,11 +2246,12 @@ public final class IoTMaster {
                                commHan.printLists();
                                commHan.clearCommunicationHandler();
                                lbIoT.printHostInfo();
-                               if (STR_ACTIVATE_SANDBOXING.equals("Yes"))
-                                       createMACPolicyThreads(setAddresses);
                        }
                        // Close access to policy files and deploy policies
                        routerConfig.close();
+                       processJailConfig.close();
+                       if (STR_ACTIVATE_SANDBOXING.equals("Yes"))
+                               createMACPolicyThreads(setAddresses);
 
                } catch (IOException          |
                                 InterruptedException |
The source code and documentation of Vigilia