From: rtrimana <rtrimana@uci.edu>
Date: Mon, 10 Apr 2017 21:47:52 +0000 (-0700)
Subject: Sentinel with process jailing using Tomoyo - works with the SmartLightsController... 
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=8b9f15dfaa9cf16deb2d5b91bba324739fdd3544;p=iot2.git

Sentinel with process jailing using Tomoyo - works with the SmartLightsController benchmark
---

diff --git a/benchmarks/Java/HomeSecurityController/Makefile b/benchmarks/Java/HomeSecurityController/Makefile
index 7094972..460b10a 100644
--- a/benchmarks/Java/HomeSecurityController/Makefile
+++ b/benchmarks/Java/HomeSecurityController/Makefile
@@ -22,12 +22,12 @@ PHONY += homesecurity
 homesecurity:
 	$(JAVAC) $(JFLAGS) *.java
 	cp HomeSecurityController.config $(BIN_DIR)/HomeSecurityController
-	cd $(BIN_DIR)/HomeSecurityController; $(JAR) $(JARFLAGS) HomeSecurityController.jar ../HomeSecurityController/HomeSecurityController*.class ../HomeSecurityController/MotionDetection*.class ../iotcode/interfaces/SmartthingsSensor*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Alarm*.class ../iotcode/interfaces/Room*.class  ../iotcode/interfaces/ZoneState*.class ../iotcode/interfaces/Resolution*.class
+	cd $(BIN_DIR)/HomeSecurityController; $(JAR) $(JARFLAGS) HomeSecurityController.jar ../HomeSecurityController/HomeSecurityController*.class ../HomeSecurityController/*.class ../iotcode/interfaces/SmartthingsSensor*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Alarm*.class ../iotcode/interfaces/Room*.class  ../iotcode/interfaces/ZoneState*.class ../iotcode/interfaces/Resolution*.class
 
 PHONY += check-homesecurity
 check-homesecurity:
 	$(JAVAC) $(JFLAGS) $(CHECKER_OPT) $(ASTUBS) *.java
 	cp HomeSecurityController.config $(BIN_DIR)/HomeSecurityController
-	cd $(BIN_DIR)/HomeSecurityController; $(JAR) $(JARFLAGS) HomeSecurityController.jar ../HomeSecurityController/HomeSecurityController*.class ../HomeSecurityController/MotionDetection*.class ../iotcode/interfaces/SmartthingsSensor*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Alarm*.class ../iotcode/interfaces/Room*.class  ../iotcode/interfaces/ZoneState*.class ../iotcode/interfaces/Resolution*.class
+	cd $(BIN_DIR)/HomeSecurityController; $(JAR) $(JARFLAGS) HomeSecurityController.jar ../HomeSecurityController/HomeSecurityController*.class ../HomeSecurityController/*.class ../iotcode/interfaces/SmartthingsSensor*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Alarm*.class ../iotcode/interfaces/Room*.class  ../iotcode/interfaces/ZoneState*.class ../iotcode/interfaces/Resolution*.class
 
 .PHONY: $(PHONY)
diff --git a/benchmarks/Java/SmartLightsController/Makefile b/benchmarks/Java/SmartLightsController/Makefile
index 69d132b..25baf35 100644
--- a/benchmarks/Java/SmartLightsController/Makefile
+++ b/benchmarks/Java/SmartLightsController/Makefile
@@ -22,12 +22,12 @@ PHONY += smartlights
 smartlights:
 	$(JAVAC) $(JFLAGS) *.java
 	cp SmartLightsController.config $(BIN_DIR)/SmartLightsController
-	cd $(BIN_DIR)/SmartLightsController; $(JAR) $(JARFLAGS) SmartLightsController.jar ../SmartLightsController/SmartLightsController*.class ../SmartLightsController/ColorTemperature*.class ../SmartLightsController/MotionDetection*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/LightBulb*.class ../iotcode/interfaces/Resolution*.class
+	cd $(BIN_DIR)/SmartLightsController; $(JAR) $(JARFLAGS) SmartLightsController.jar ../SmartLightsController/SmartLightsController*.class ../SmartLightsController/ColorTemperature*.class ../SmartLightsController/MotionDetection*.class ../SmartLightsController/*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/LightBulb*.class ../iotcode/interfaces/Resolution*.class
 
 PHONY += check-smartlights
 check-smartlights:
 	$(JAVAC) $(JFLAGS) $(CHECKER_OPT) $(ASTUBS) *.java
 	cp SmartLightsController.config $(BIN_DIR)/SmartLightsController
-	cd $(BIN_DIR)/SmartLightsController; $(JAR) $(JARFLAGS) SmartLightsController.jar ../SmartLightsController/SmartLightsController*.class ../SmartLightsController/ColorTemperature*.class ../SmartLightsController/MotionDetection*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/LightBulb*.class ../iotcode/interfaces/Resolution*.class
+	cd $(BIN_DIR)/SmartLightsController; $(JAR) $(JARFLAGS) SmartLightsController.jar ../SmartLightsController/SmartLightsController*.class ../SmartLightsController/ColorTemperature*.class ../SmartLightsController/MotionDetection*.class ../SmartLightsController/*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/LightBulb*.class ../iotcode/interfaces/Resolution*.class
 
 .PHONY: $(PHONY)
diff --git a/iotjava/iotruntime/master/IoTMaster.java b/iotjava/iotruntime/master/IoTMaster.java
index 8be2fe4..ed199d0 100644
--- a/iotjava/iotruntime/master/IoTMaster.java
+++ b/iotjava/iotruntime/master/IoTMaster.java
@@ -513,7 +513,7 @@ public class IoTMaster {
 		RuntimeOutput.print("IoTMaster: Number of rows for IoTZigbeeAddress: " + iRows, BOOL_VERBOSE);
 
 		// TODO: DEBUG!!!
-		System.out.println("\n\n DEBUG: InstrumentZigbeeDevice: Object Name: " + strObjName);
+		System.out.println("\n\nDEBUG: InstrumentZigbeeDevice: Object Name: " + strObjName);
 		System.out.println("DEBUG: InstrumentZigbeeDevice: Port number: " + commHan.getComPort(strZigbeeGWAddressKey));
 		System.out.println("DEBUG: InstrumentZigbeeDevice: Device address: " + strZigbeeGWAddress + "\n\n");
 
@@ -633,8 +633,9 @@ public class IoTMaster {
 			routerConfig.configureHostMainPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveControllerHostAdd,
 				strIoTSlaveObjectHostAdd, STR_TCP_PROTOCOL);
 			// Configure MAC policies for objects
-			String strFileName = STR_MAC_POL_PATH + strObjClassName + STR_MAC_POLICY_EXT;
-			processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, 
+			//String strFileName = STR_MAC_POL_PATH + strObjClassName + STR_MAC_POLICY_EXT;
+			String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
+			processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, strObjClassName,
 				strFileName, strIoTMasterHostAdd, commHan.getComPort(strObjName), commHan.getRMIRegPort(strObjName), 
 				commHan.getRMIStubPort(strObjName));
 			processJailConfig.configureProcessJailContRMIPolicies(strObjControllerName, strIoTSlaveObjectHostAdd, 
@@ -2050,7 +2051,8 @@ public class IoTMaster {
 					createMainObjectCpp(strObjControllerName, outStream, inStream);
 				}
 				// Write basic MAC policies for controller
-				String strFileName = STR_MAC_POL_PATH + strObjControllerName + STR_MAC_POLICY_EXT;
+				//String strFileName = STR_MAC_POL_PATH + strObjControllerName + STR_MAC_POLICY_EXT;
+				String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
 				processJailConfig.configureProcessJailControllerPolicies(strObjControllerName, strFileName, 
 					strIoTMasterHostAdd, commHan.getComPort(strObjControllerName));
 				// PROFILING
diff --git a/iotjava/iotruntime/master/ProcessJailConfig.java b/iotjava/iotruntime/master/ProcessJailConfig.java
index d76d130..7b080fd 100644
--- a/iotjava/iotruntime/master/ProcessJailConfig.java
+++ b/iotjava/iotruntime/master/ProcessJailConfig.java
@@ -38,6 +38,7 @@ public final class ProcessJailConfig {
 
 	private static final String STR_MAC_POLICY_EXT 		= ".tomoyo.pol";
 	private static final String STR_OBJECT_NAME   		= "<object-name>";
+	private static final String STR_OBJECT_CLASS_NAME	= "<object-class-name>";
 	private static final String STR_MASTER_IP_ADDRESS	= "<master-ip-address>";
 	private static final String STR_MASTER_COM_PORT		= "<master-com-port>";
 	private static final String STR_RMI_REG_PORT  		= "<rmi-reg-port>";
@@ -263,6 +264,7 @@ public final class ProcessJailConfig {
 	 *
 	 * @param   strConfigHost 	 		String hostname to be configured
 	 * @param   strObjectName 	 		String object name
+	 * @param   strObjectClassName 		String object class name
 	 * @param   strFileName 			String policy file path and name
 	 * @param   strMasterIPAddress		String master IP address
 	 * @param   iComPort				Integer communication port (controller-driver)
@@ -270,17 +272,22 @@ public final class ProcessJailConfig {
 	 * @param   iRMIStubPort			Integer RMI stub port
 	 * @return  void
 	 */
-	public void configureProcessJailDeviceDriverPolicies(String strConfigHost, String strObjectName, 
+	public void configureProcessJailDeviceDriverPolicies(String strConfigHost, String strObjectName, String strObjectClassName, 
 			String strFileName, String strMasterIPAddress, int iComPort, int iRMIRegPort, int iRMIStubPort) {
 
 		PrintWriter pwConfig = getPrintWriter(strConfigHost);
 		String strPolicyList = readFile(strFileName);
 		// Replace the strings with the actual values
-		String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strObjectName).replace(STR_MASTER_IP_ADDRESS,
-			strMasterIPAddress).replace(STR_MASTER_COM_PORT, String.valueOf(iComPort)).replace(STR_RMI_REG_PORT,
-			String.valueOf(iRMIRegPort)).replace(STR_RMI_STUB_PORT, String.valueOf(iRMIStubPort));
+		String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strObjectName).
+			replace(STR_OBJECT_CLASS_NAME, strObjectClassName).
+			replace(STR_MASTER_IP_ADDRESS, strMasterIPAddress).
+			replace(STR_MASTER_COM_PORT, String.valueOf(iComPort));
+			//replace(STR_RMI_REG_PORT, String.valueOf(iRMIRegPort)).
+			//replace(STR_RMI_STUB_PORT, String.valueOf(iRMIStubPort));
 		pwConfig.println("\n");
 		pwConfig.print(strNewPolicyList);
+		pwConfig.println("network inet stream bind/listen :: " + iRMIRegPort);
+		pwConfig.println("network inet stream bind/listen :: " + iRMIStubPort);
 	}
 
 
@@ -324,8 +331,10 @@ public final class ProcessJailConfig {
 		PrintWriter pwConfig = getPrintWriter(strControllerName);
 		String strPolicyList = readFile(strFileName);
 		// Replace the strings with the actual values
-		String strNewPolicyList = strPolicyList.replace(STR_MASTER_IP_ADDRESS,
-			strMasterIPAddress).replace(STR_MASTER_COM_PORT, String.valueOf(iComPort));
+		String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strControllerName).
+			replace(STR_OBJECT_CLASS_NAME, strControllerName).
+			replace(STR_MASTER_IP_ADDRESS, strMasterIPAddress).
+			replace(STR_MASTER_COM_PORT, String.valueOf(iComPort));
 		pwConfig.println("\n");
 		pwConfig.print(strNewPolicyList);
 	}
diff --git a/localconfig/tomoyo/AmcrestCamera.tomoyo.pol b/localconfig/tomoyo/AmcrestCamera.tomoyo.pol
deleted file mode 100644
index d13903e..0000000
--- a/localconfig/tomoyo/AmcrestCamera.tomoyo.pol
+++ /dev/null
@@ -1,55 +0,0 @@
-<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/<object-name>.sh /usr/bin/java
-use_profile 3
-use_group 0
-
-misc env MAIL
-misc env SSH_CLIENT
-misc env USER
-misc env SHLVL
-misc env HOME
-misc env OLDPWD
-misc env LOGNAME
-misc env _
-misc env XDG_SESSION_ID
-misc env PATH
-misc env XDG_RUNTIME_DIR
-misc env LANG
-misc env SHELL
-misc env PWD
-misc env SSH_CONNECTION
-file read /etc/ld.so.preload
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
-network unix stream connect /var/run/nscd/socket
-file read /etc/nsswitch.conf
-file read /etc/passwd
-file create /tmp/hsperfdata_iotuser/\* 0600
-file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\*
-file read /sys/devices/system/cpu/online
-file read /usr/lib/locale/locale-archive
-file write/truncate /home/iotuser/.oracle_jre_usage/\*cf.timestamp
-file read /usr/share/java/\*.jar
-file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/\*.config
-network inet stream connect ::ffff:<master-ip-address> <master-com-port>
-file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class
-file read /dev/random
-file read /dev/urandom
-file create /home/iotuser/iot2/iotjava/iotruntime/AmcrestCamera.jar 0666
-file read/write /home/iotuser/iot2/iotjava/iotruntime/AmcrestCamera.jar
-file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class
-file ioctl socket:[family=10:type=1:protocol=6] 0x541B
-file read /home/iotuser/iot2/iotjava/iotruntime/\*.class
-file read /usr/share/locale/en_GB/LC_MESSAGES/libc.mo
-file create /tmp/imageio\*.tmp 0600
-file read/write/unlink /tmp/imageio\*.tmp
-network inet stream bind/listen :: <rmi-stub-port>
-network inet stream bind/listen :: <rmi-reg-port>
diff --git a/localconfig/tomoyo/Java.tomoyo.pol b/localconfig/tomoyo/Java.tomoyo.pol
new file mode 100644
index 0000000..083348b
--- /dev/null
+++ b/localconfig/tomoyo/Java.tomoyo.pol
@@ -0,0 +1,56 @@
+<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/<object-name>.sh /usr/bin/java
+use_profile 3
+use_group 0
+
+misc env MAIL
+misc env SSH_CLIENT
+misc env USER
+misc env SHLVL
+misc env HOME
+misc env OLDPWD
+misc env LOGNAME
+misc env _
+misc env XDG_SESSION_ID
+misc env PATH
+misc env XDG_RUNTIME_DIR
+misc env LANG
+misc env SHELL
+misc env PWD
+misc env SSH_CONNECTION
+file read /etc/ld.so.preload
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\*
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\*
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.dat
+network unix stream connect /var/run/nscd/socket
+file read /etc/nsswitch.conf
+file read /etc/passwd
+file read /etc/timezone
+file create /tmp/hsperfdata_iotuser/\* 0600
+file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\*
+file read /sys/devices/system/cpu/online
+file read /usr/lib/locale/locale-archive
+file write/truncate /home/iotuser/.oracle_jre_usage/\*cf.timestamp
+file read /usr/share/java/\*.jar
+file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class
+file read /home/iotuser/iot2/iotjava/iotruntime/\*.config
+network inet stream connect ::ffff:<master-ip-address> <master-com-port>
+file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class
+file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class
+file read /dev/random
+file read /dev/urandom
+file create /home/iotuser/iot2/iotjava/iotruntime/<object-class-name>.jar 0666
+file read/write /home/iotuser/iot2/iotjava/iotruntime/<object-class-name>.jar
+file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class
+file ioctl socket:[family=10:type=1:protocol=6] 0x541B
+file read /home/iotuser/iot2/iotjava/iotruntime/\*.class
+file read /usr/share/locale/en_GB/LC_MESSAGES/libc.mo
+file create /tmp/imageio\*.tmp 0600
+file read/write/unlink /tmp/imageio\*.tmp
+file read proc:/sys/vm/overcommit_memory
diff --git a/localconfig/tomoyo/LabRoom.tomoyo.pol b/localconfig/tomoyo/LabRoom.tomoyo.pol
deleted file mode 100644
index 050f52a..0000000
--- a/localconfig/tomoyo/LabRoom.tomoyo.pol
+++ /dev/null
@@ -1,52 +0,0 @@
-<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/<object-name>.sh /usr/bin/java
-use_profile 3
-use_group 0
-
-misc env MAIL
-misc env SSH_CLIENT
-misc env USER
-misc env SHLVL
-misc env HOME
-misc env OLDPWD
-misc env LOGNAME
-misc env _
-misc env XDG_SESSION_ID
-misc env PATH
-misc env XDG_RUNTIME_DIR
-misc env LANG
-misc env SHELL
-misc env PWD
-misc env SSH_CONNECTION
-file read /etc/ld.so.preload
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
-network unix stream connect /var/run/nscd/socket
-file read /etc/nsswitch.conf
-file read /etc/passwd
-file create /tmp/hsperfdata_iotuser/\* 0600
-file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\*
-file read /sys/devices/system/cpu/online
-file read /usr/lib/locale/locale-archive
-file write/truncate /home/iotuser/.oracle_jre_usage/\*cf.timestamp
-file read /usr/share/java/\*.jar
-file read /home/iotuser/iot2/iotjava/iotruntime/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/\*.config
-network inet stream connect ::ffff:<master-ip-address> <master-com-port>
-file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class
-file read /dev/random
-file read /dev/urandom
-file create /home/iotuser/iot2/iotjava/iotruntime/LabRoom.jar 0666
-file read/write /home/iotuser/iot2/iotjava/iotruntime/LabRoom.jar
-file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class
-network inet stream bind/listen :: <rmi-stub-port>
-network inet stream bind/listen :: <rmi-reg-port>
-file ioctl socket:[family=10:type=1:protocol=6] 0x541B
diff --git a/localconfig/tomoyo/LifxLightBulb.tomoyo.pol b/localconfig/tomoyo/LifxLightBulb.tomoyo.pol
deleted file mode 100644
index 5c89817..0000000
--- a/localconfig/tomoyo/LifxLightBulb.tomoyo.pol
+++ /dev/null
@@ -1,52 +0,0 @@
-<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/<object-name>.sh /usr/bin/java
-use_profile 3
-use_group 0
-
-misc env MAIL
-misc env SSH_CLIENT
-misc env USER
-misc env SHLVL
-misc env HOME
-misc env OLDPWD
-misc env LOGNAME
-misc env _
-misc env XDG_SESSION_ID
-misc env PATH
-misc env XDG_RUNTIME_DIR
-misc env LANG
-misc env SHELL
-misc env PWD
-misc env SSH_CONNECTION
-file read /etc/ld.so.preload
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
-network unix stream connect /var/run/nscd/socket
-file read /etc/nsswitch.conf
-file read /etc/passwd
-file create /tmp/hsperfdata_iotuser/\* 0600
-file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\*
-file read /sys/devices/system/cpu/online
-file read /usr/lib/locale/locale-archive
-file write/truncate /home/iotuser/.oracle_jre_usage/\*cf.timestamp
-file read /usr/share/java/\*.jar
-file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/\*.config
-network inet stream connect ::ffff:<master-ip-address> <master-com-port>
-file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class
-file read /dev/random
-file read /dev/urandom
-file create /home/iotuser/iot2/iotjava/iotruntime/LifxLightBulb.jar 0666
-file read/write /home/iotuser/iot2/iotjava/iotruntime/LifxLightBulb.jar
-file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/\*.class
-network inet stream bind/listen :: <rmi-stub-port>
-network inet stream bind/listen :: <rmi-reg-port>
-file ioctl socket:[family=10:type=1:protocol=6] 0x541B
diff --git a/localconfig/tomoyo/SmartLightsController.tomoyo.pol b/localconfig/tomoyo/SmartLightsController.tomoyo.pol
deleted file mode 100644
index 6760b73..0000000
--- a/localconfig/tomoyo/SmartLightsController.tomoyo.pol
+++ /dev/null
@@ -1,56 +0,0 @@
-<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/SmartLightsController.sh /usr/bin/java
-use_profile 3
-use_group 0
-
-misc env MAIL
-misc env SSH_CLIENT
-misc env USER
-misc env SHLVL
-misc env HOME
-misc env OLDPWD
-misc env LOGNAME
-misc env _
-misc env XDG_SESSION_ID
-misc env PATH
-misc env XDG_RUNTIME_DIR
-misc env LANG
-misc env SHELL
-misc env PWD
-misc env SSH_CONNECTION
-file read /etc/ld.so.preload
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.dat
-network unix stream connect /var/run/nscd/socket
-file read /etc/nsswitch.conf
-file read /etc/passwd
-file create /tmp/hsperfdata_iotuser/\* 0600
-file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\*
-file read /sys/devices/system/cpu/online
-file read /usr/lib/locale/locale-archive
-file write/truncate /home/iotuser/.oracle_jre_usage/81970c018e7540cf.timestamp
-file read /usr/share/java/\*.jar
-file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/\*.config
-network inet stream connect ::ffff:<master-ip-address> <master-com-port>
-file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class
-file read /dev/random
-file read /dev/urandom
-file create /home/iotuser/iot2/iotjava/iotruntime/SmartLightsController.jar 0666
-file read/write /home/iotuser/iot2/iotjava/iotruntime/SmartLightsController.jar
-file read /home/iotuser/iot2/iotjava/SmartLightsController/\*.class
-file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class
-file ioctl socket:[family=10:type=1:protocol=6] 0x541B
-file read /etc/timezone
-file read /usr/share/locale/en_GB/LC_MESSAGES/libc.mo
-file create /tmp/imageio\*.tmp 0600
-file read/write/unlink /tmp/imageio\*.tmp
-file read/write /tmp/imageio\*.tmp