From: rtrimana Date: Mon, 10 Apr 2017 21:47:52 +0000 (-0700) Subject: Sentinel with process jailing using Tomoyo - works with the SmartLightsController... X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=8b9f15dfaa9cf16deb2d5b91bba324739fdd3544;p=iot2.git Sentinel with process jailing using Tomoyo - works with the SmartLightsController benchmark --- diff --git a/benchmarks/Java/HomeSecurityController/Makefile b/benchmarks/Java/HomeSecurityController/Makefile index 7094972..460b10a 100644 --- a/benchmarks/Java/HomeSecurityController/Makefile +++ b/benchmarks/Java/HomeSecurityController/Makefile @@ -22,12 +22,12 @@ PHONY += homesecurity homesecurity: $(JAVAC) $(JFLAGS) *.java cp HomeSecurityController.config $(BIN_DIR)/HomeSecurityController - cd $(BIN_DIR)/HomeSecurityController; $(JAR) $(JARFLAGS) HomeSecurityController.jar ../HomeSecurityController/HomeSecurityController*.class ../HomeSecurityController/MotionDetection*.class ../iotcode/interfaces/SmartthingsSensor*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Alarm*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/ZoneState*.class ../iotcode/interfaces/Resolution*.class + cd $(BIN_DIR)/HomeSecurityController; $(JAR) $(JARFLAGS) HomeSecurityController.jar ../HomeSecurityController/HomeSecurityController*.class ../HomeSecurityController/*.class ../iotcode/interfaces/SmartthingsSensor*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Alarm*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/ZoneState*.class ../iotcode/interfaces/Resolution*.class PHONY += check-homesecurity check-homesecurity: $(JAVAC) $(JFLAGS) $(CHECKER_OPT) $(ASTUBS) *.java cp HomeSecurityController.config $(BIN_DIR)/HomeSecurityController - cd $(BIN_DIR)/HomeSecurityController; $(JAR) $(JARFLAGS) HomeSecurityController.jar ../HomeSecurityController/HomeSecurityController*.class ../HomeSecurityController/MotionDetection*.class ../iotcode/interfaces/SmartthingsSensor*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Alarm*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/ZoneState*.class ../iotcode/interfaces/Resolution*.class + cd $(BIN_DIR)/HomeSecurityController; $(JAR) $(JARFLAGS) HomeSecurityController.jar ../HomeSecurityController/HomeSecurityController*.class ../HomeSecurityController/*.class ../iotcode/interfaces/SmartthingsSensor*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Alarm*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/ZoneState*.class ../iotcode/interfaces/Resolution*.class .PHONY: $(PHONY) diff --git a/benchmarks/Java/SmartLightsController/Makefile b/benchmarks/Java/SmartLightsController/Makefile index 69d132b..25baf35 100644 --- a/benchmarks/Java/SmartLightsController/Makefile +++ b/benchmarks/Java/SmartLightsController/Makefile @@ -22,12 +22,12 @@ PHONY += smartlights smartlights: $(JAVAC) $(JFLAGS) *.java cp SmartLightsController.config $(BIN_DIR)/SmartLightsController - cd $(BIN_DIR)/SmartLightsController; $(JAR) $(JARFLAGS) SmartLightsController.jar ../SmartLightsController/SmartLightsController*.class ../SmartLightsController/ColorTemperature*.class ../SmartLightsController/MotionDetection*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/LightBulb*.class ../iotcode/interfaces/Resolution*.class + cd $(BIN_DIR)/SmartLightsController; $(JAR) $(JARFLAGS) SmartLightsController.jar ../SmartLightsController/SmartLightsController*.class ../SmartLightsController/ColorTemperature*.class ../SmartLightsController/MotionDetection*.class ../SmartLightsController/*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/LightBulb*.class ../iotcode/interfaces/Resolution*.class PHONY += check-smartlights check-smartlights: $(JAVAC) $(JFLAGS) $(CHECKER_OPT) $(ASTUBS) *.java cp SmartLightsController.config $(BIN_DIR)/SmartLightsController - cd $(BIN_DIR)/SmartLightsController; $(JAR) $(JARFLAGS) SmartLightsController.jar ../SmartLightsController/SmartLightsController*.class ../SmartLightsController/ColorTemperature*.class ../SmartLightsController/MotionDetection*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/LightBulb*.class ../iotcode/interfaces/Resolution*.class + cd $(BIN_DIR)/SmartLightsController; $(JAR) $(JARFLAGS) SmartLightsController.jar ../SmartLightsController/SmartLightsController*.class ../SmartLightsController/ColorTemperature*.class ../SmartLightsController/MotionDetection*.class ../SmartLightsController/*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/LightBulb*.class ../iotcode/interfaces/Resolution*.class .PHONY: $(PHONY) diff --git a/iotjava/iotruntime/master/IoTMaster.java b/iotjava/iotruntime/master/IoTMaster.java index 8be2fe4..ed199d0 100644 --- a/iotjava/iotruntime/master/IoTMaster.java +++ b/iotjava/iotruntime/master/IoTMaster.java @@ -513,7 +513,7 @@ public class IoTMaster { RuntimeOutput.print("IoTMaster: Number of rows for IoTZigbeeAddress: " + iRows, BOOL_VERBOSE); // TODO: DEBUG!!! - System.out.println("\n\n DEBUG: InstrumentZigbeeDevice: Object Name: " + strObjName); + System.out.println("\n\nDEBUG: InstrumentZigbeeDevice: Object Name: " + strObjName); System.out.println("DEBUG: InstrumentZigbeeDevice: Port number: " + commHan.getComPort(strZigbeeGWAddressKey)); System.out.println("DEBUG: InstrumentZigbeeDevice: Device address: " + strZigbeeGWAddress + "\n\n"); @@ -633,8 +633,9 @@ public class IoTMaster { routerConfig.configureHostMainPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveControllerHostAdd, strIoTSlaveObjectHostAdd, STR_TCP_PROTOCOL); // Configure MAC policies for objects - String strFileName = STR_MAC_POL_PATH + strObjClassName + STR_MAC_POLICY_EXT; - processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, + //String strFileName = STR_MAC_POL_PATH + strObjClassName + STR_MAC_POLICY_EXT; + String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT; + processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, strObjClassName, strFileName, strIoTMasterHostAdd, commHan.getComPort(strObjName), commHan.getRMIRegPort(strObjName), commHan.getRMIStubPort(strObjName)); processJailConfig.configureProcessJailContRMIPolicies(strObjControllerName, strIoTSlaveObjectHostAdd, @@ -2050,7 +2051,8 @@ public class IoTMaster { createMainObjectCpp(strObjControllerName, outStream, inStream); } // Write basic MAC policies for controller - String strFileName = STR_MAC_POL_PATH + strObjControllerName + STR_MAC_POLICY_EXT; + //String strFileName = STR_MAC_POL_PATH + strObjControllerName + STR_MAC_POLICY_EXT; + String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT; processJailConfig.configureProcessJailControllerPolicies(strObjControllerName, strFileName, strIoTMasterHostAdd, commHan.getComPort(strObjControllerName)); // PROFILING diff --git a/iotjava/iotruntime/master/ProcessJailConfig.java b/iotjava/iotruntime/master/ProcessJailConfig.java index d76d130..7b080fd 100644 --- a/iotjava/iotruntime/master/ProcessJailConfig.java +++ b/iotjava/iotruntime/master/ProcessJailConfig.java @@ -38,6 +38,7 @@ public final class ProcessJailConfig { private static final String STR_MAC_POLICY_EXT = ".tomoyo.pol"; private static final String STR_OBJECT_NAME = ""; + private static final String STR_OBJECT_CLASS_NAME = ""; private static final String STR_MASTER_IP_ADDRESS = ""; private static final String STR_MASTER_COM_PORT = ""; private static final String STR_RMI_REG_PORT = ""; @@ -263,6 +264,7 @@ public final class ProcessJailConfig { * * @param strConfigHost String hostname to be configured * @param strObjectName String object name + * @param strObjectClassName String object class name * @param strFileName String policy file path and name * @param strMasterIPAddress String master IP address * @param iComPort Integer communication port (controller-driver) @@ -270,17 +272,22 @@ public final class ProcessJailConfig { * @param iRMIStubPort Integer RMI stub port * @return void */ - public void configureProcessJailDeviceDriverPolicies(String strConfigHost, String strObjectName, + public void configureProcessJailDeviceDriverPolicies(String strConfigHost, String strObjectName, String strObjectClassName, String strFileName, String strMasterIPAddress, int iComPort, int iRMIRegPort, int iRMIStubPort) { PrintWriter pwConfig = getPrintWriter(strConfigHost); String strPolicyList = readFile(strFileName); // Replace the strings with the actual values - String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strObjectName).replace(STR_MASTER_IP_ADDRESS, - strMasterIPAddress).replace(STR_MASTER_COM_PORT, String.valueOf(iComPort)).replace(STR_RMI_REG_PORT, - String.valueOf(iRMIRegPort)).replace(STR_RMI_STUB_PORT, String.valueOf(iRMIStubPort)); + String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strObjectName). + replace(STR_OBJECT_CLASS_NAME, strObjectClassName). + replace(STR_MASTER_IP_ADDRESS, strMasterIPAddress). + replace(STR_MASTER_COM_PORT, String.valueOf(iComPort)); + //replace(STR_RMI_REG_PORT, String.valueOf(iRMIRegPort)). + //replace(STR_RMI_STUB_PORT, String.valueOf(iRMIStubPort)); pwConfig.println("\n"); pwConfig.print(strNewPolicyList); + pwConfig.println("network inet stream bind/listen :: " + iRMIRegPort); + pwConfig.println("network inet stream bind/listen :: " + iRMIStubPort); } @@ -324,8 +331,10 @@ public final class ProcessJailConfig { PrintWriter pwConfig = getPrintWriter(strControllerName); String strPolicyList = readFile(strFileName); // Replace the strings with the actual values - String strNewPolicyList = strPolicyList.replace(STR_MASTER_IP_ADDRESS, - strMasterIPAddress).replace(STR_MASTER_COM_PORT, String.valueOf(iComPort)); + String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strControllerName). + replace(STR_OBJECT_CLASS_NAME, strControllerName). + replace(STR_MASTER_IP_ADDRESS, strMasterIPAddress). + replace(STR_MASTER_COM_PORT, String.valueOf(iComPort)); pwConfig.println("\n"); pwConfig.print(strNewPolicyList); } diff --git a/localconfig/tomoyo/AmcrestCamera.tomoyo.pol b/localconfig/tomoyo/AmcrestCamera.tomoyo.pol deleted file mode 100644 index d13903e..0000000 --- a/localconfig/tomoyo/AmcrestCamera.tomoyo.pol +++ /dev/null @@ -1,55 +0,0 @@ - /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/.sh /usr/bin/java -use_profile 3 -use_group 0 - -misc env MAIL -misc env SSH_CLIENT -misc env USER -misc env SHLVL -misc env HOME -misc env OLDPWD -misc env LOGNAME -misc env _ -misc env XDG_SESSION_ID -misc env PATH -misc env XDG_RUNTIME_DIR -misc env LANG -misc env SHELL -misc env PWD -misc env SSH_CONNECTION -file read /etc/ld.so.preload -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar -network unix stream connect /var/run/nscd/socket -file read /etc/nsswitch.conf -file read /etc/passwd -file create /tmp/hsperfdata_iotuser/\* 0600 -file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\* -file read /sys/devices/system/cpu/online -file read /usr/lib/locale/locale-archive -file write/truncate /home/iotuser/.oracle_jre_usage/\*cf.timestamp -file read /usr/share/java/\*.jar -file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/\*.config -network inet stream connect ::ffff: -file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class -file read /dev/random -file read /dev/urandom -file create /home/iotuser/iot2/iotjava/iotruntime/AmcrestCamera.jar 0666 -file read/write /home/iotuser/iot2/iotjava/iotruntime/AmcrestCamera.jar -file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class -file ioctl socket:[family=10:type=1:protocol=6] 0x541B -file read /home/iotuser/iot2/iotjava/iotruntime/\*.class -file read /usr/share/locale/en_GB/LC_MESSAGES/libc.mo -file create /tmp/imageio\*.tmp 0600 -file read/write/unlink /tmp/imageio\*.tmp -network inet stream bind/listen :: -network inet stream bind/listen :: diff --git a/localconfig/tomoyo/Java.tomoyo.pol b/localconfig/tomoyo/Java.tomoyo.pol new file mode 100644 index 0000000..083348b --- /dev/null +++ b/localconfig/tomoyo/Java.tomoyo.pol @@ -0,0 +1,56 @@ + /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/.sh /usr/bin/java +use_profile 3 +use_group 0 + +misc env MAIL +misc env SSH_CLIENT +misc env USER +misc env SHLVL +misc env HOME +misc env OLDPWD +misc env LOGNAME +misc env _ +misc env XDG_SESSION_ID +misc env PATH +misc env XDG_RUNTIME_DIR +misc env LANG +misc env SHELL +misc env PWD +misc env SSH_CONNECTION +file read /etc/ld.so.preload +file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so +file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg +file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so +file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\* +file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar +file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\* +file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\* +file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so +file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar +file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.dat +network unix stream connect /var/run/nscd/socket +file read /etc/nsswitch.conf +file read /etc/passwd +file read /etc/timezone +file create /tmp/hsperfdata_iotuser/\* 0600 +file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\* +file read /sys/devices/system/cpu/online +file read /usr/lib/locale/locale-archive +file write/truncate /home/iotuser/.oracle_jre_usage/\*cf.timestamp +file read /usr/share/java/\*.jar +file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class +file read /home/iotuser/iot2/iotjava/iotruntime/\*.config +network inet stream connect ::ffff: +file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class +file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class +file read /dev/random +file read /dev/urandom +file create /home/iotuser/iot2/iotjava/iotruntime/.jar 0666 +file read/write /home/iotuser/iot2/iotjava/iotruntime/.jar +file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class +file ioctl socket:[family=10:type=1:protocol=6] 0x541B +file read /home/iotuser/iot2/iotjava/iotruntime/\*.class +file read /usr/share/locale/en_GB/LC_MESSAGES/libc.mo +file create /tmp/imageio\*.tmp 0600 +file read/write/unlink /tmp/imageio\*.tmp +file read proc:/sys/vm/overcommit_memory diff --git a/localconfig/tomoyo/LabRoom.tomoyo.pol b/localconfig/tomoyo/LabRoom.tomoyo.pol deleted file mode 100644 index 050f52a..0000000 --- a/localconfig/tomoyo/LabRoom.tomoyo.pol +++ /dev/null @@ -1,52 +0,0 @@ - /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/.sh /usr/bin/java -use_profile 3 -use_group 0 - -misc env MAIL -misc env SSH_CLIENT -misc env USER -misc env SHLVL -misc env HOME -misc env OLDPWD -misc env LOGNAME -misc env _ -misc env XDG_SESSION_ID -misc env PATH -misc env XDG_RUNTIME_DIR -misc env LANG -misc env SHELL -misc env PWD -misc env SSH_CONNECTION -file read /etc/ld.so.preload -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar -network unix stream connect /var/run/nscd/socket -file read /etc/nsswitch.conf -file read /etc/passwd -file create /tmp/hsperfdata_iotuser/\* 0600 -file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\* -file read /sys/devices/system/cpu/online -file read /usr/lib/locale/locale-archive -file write/truncate /home/iotuser/.oracle_jre_usage/\*cf.timestamp -file read /usr/share/java/\*.jar -file read /home/iotuser/iot2/iotjava/iotruntime/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/\*.config -network inet stream connect ::ffff: -file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class -file read /dev/random -file read /dev/urandom -file create /home/iotuser/iot2/iotjava/iotruntime/LabRoom.jar 0666 -file read/write /home/iotuser/iot2/iotjava/iotruntime/LabRoom.jar -file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class -network inet stream bind/listen :: -network inet stream bind/listen :: -file ioctl socket:[family=10:type=1:protocol=6] 0x541B diff --git a/localconfig/tomoyo/LifxLightBulb.tomoyo.pol b/localconfig/tomoyo/LifxLightBulb.tomoyo.pol deleted file mode 100644 index 5c89817..0000000 --- a/localconfig/tomoyo/LifxLightBulb.tomoyo.pol +++ /dev/null @@ -1,52 +0,0 @@ - /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/.sh /usr/bin/java -use_profile 3 -use_group 0 - -misc env MAIL -misc env SSH_CLIENT -misc env USER -misc env SHLVL -misc env HOME -misc env OLDPWD -misc env LOGNAME -misc env _ -misc env XDG_SESSION_ID -misc env PATH -misc env XDG_RUNTIME_DIR -misc env LANG -misc env SHELL -misc env PWD -misc env SSH_CONNECTION -file read /etc/ld.so.preload -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar -network unix stream connect /var/run/nscd/socket -file read /etc/nsswitch.conf -file read /etc/passwd -file create /tmp/hsperfdata_iotuser/\* 0600 -file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\* -file read /sys/devices/system/cpu/online -file read /usr/lib/locale/locale-archive -file write/truncate /home/iotuser/.oracle_jre_usage/\*cf.timestamp -file read /usr/share/java/\*.jar -file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/\*.config -network inet stream connect ::ffff: -file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class -file read /dev/random -file read /dev/urandom -file create /home/iotuser/iot2/iotjava/iotruntime/LifxLightBulb.jar 0666 -file read/write /home/iotuser/iot2/iotjava/iotruntime/LifxLightBulb.jar -file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/\*.class -network inet stream bind/listen :: -network inet stream bind/listen :: -file ioctl socket:[family=10:type=1:protocol=6] 0x541B diff --git a/localconfig/tomoyo/SmartLightsController.tomoyo.pol b/localconfig/tomoyo/SmartLightsController.tomoyo.pol deleted file mode 100644 index 6760b73..0000000 --- a/localconfig/tomoyo/SmartLightsController.tomoyo.pol +++ /dev/null @@ -1,56 +0,0 @@ - /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/SmartLightsController.sh /usr/bin/java -use_profile 3 -use_group 0 - -misc env MAIL -misc env SSH_CLIENT -misc env USER -misc env SHLVL -misc env HOME -misc env OLDPWD -misc env LOGNAME -misc env _ -misc env XDG_SESSION_ID -misc env PATH -misc env XDG_RUNTIME_DIR -misc env LANG -misc env SHELL -misc env PWD -misc env SSH_CONNECTION -file read /etc/ld.so.preload -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.dat -network unix stream connect /var/run/nscd/socket -file read /etc/nsswitch.conf -file read /etc/passwd -file create /tmp/hsperfdata_iotuser/\* 0600 -file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\* -file read /sys/devices/system/cpu/online -file read /usr/lib/locale/locale-archive -file write/truncate /home/iotuser/.oracle_jre_usage/81970c018e7540cf.timestamp -file read /usr/share/java/\*.jar -file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/\*.config -network inet stream connect ::ffff: -file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class -file read /dev/random -file read /dev/urandom -file create /home/iotuser/iot2/iotjava/iotruntime/SmartLightsController.jar 0666 -file read/write /home/iotuser/iot2/iotjava/iotruntime/SmartLightsController.jar -file read /home/iotuser/iot2/iotjava/SmartLightsController/\*.class -file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class -file ioctl socket:[family=10:type=1:protocol=6] 0x541B -file read /etc/timezone -file read /usr/share/locale/en_GB/LC_MESSAGES/libc.mo -file create /tmp/imageio\*.tmp 0600 -file read/write/unlink /tmp/imageio\*.tmp -file read/write /tmp/imageio\*.tmp