From 8b9f15dfaa9cf16deb2d5b91bba324739fdd3544 Mon Sep 17 00:00:00 2001 From: rtrimana Date: Mon, 10 Apr 2017 14:47:52 -0700 Subject: [PATCH] Sentinel with process jailing using Tomoyo - works with the SmartLightsController benchmark --- .../Java/HomeSecurityController/Makefile | 4 +- .../Java/SmartLightsController/Makefile | 4 +- iotjava/iotruntime/master/IoTMaster.java | 10 ++-- .../iotruntime/master/ProcessJailConfig.java | 21 +++++-- ...crestCamera.tomoyo.pol => Java.tomoyo.pol} | 9 +-- localconfig/tomoyo/LabRoom.tomoyo.pol | 52 ----------------- localconfig/tomoyo/LifxLightBulb.tomoyo.pol | 52 ----------------- .../tomoyo/SmartLightsController.tomoyo.pol | 56 ------------------- 8 files changed, 30 insertions(+), 178 deletions(-) rename localconfig/tomoyo/{AmcrestCamera.tomoyo.pol => Java.tomoyo.pol} (87%) delete mode 100644 localconfig/tomoyo/LabRoom.tomoyo.pol delete mode 100644 localconfig/tomoyo/LifxLightBulb.tomoyo.pol delete mode 100644 localconfig/tomoyo/SmartLightsController.tomoyo.pol diff --git a/benchmarks/Java/HomeSecurityController/Makefile b/benchmarks/Java/HomeSecurityController/Makefile index 7094972..460b10a 100644 --- a/benchmarks/Java/HomeSecurityController/Makefile +++ b/benchmarks/Java/HomeSecurityController/Makefile @@ -22,12 +22,12 @@ PHONY += homesecurity homesecurity: $(JAVAC) $(JFLAGS) *.java cp HomeSecurityController.config $(BIN_DIR)/HomeSecurityController - cd $(BIN_DIR)/HomeSecurityController; $(JAR) $(JARFLAGS) HomeSecurityController.jar ../HomeSecurityController/HomeSecurityController*.class ../HomeSecurityController/MotionDetection*.class ../iotcode/interfaces/SmartthingsSensor*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Alarm*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/ZoneState*.class ../iotcode/interfaces/Resolution*.class + cd $(BIN_DIR)/HomeSecurityController; $(JAR) $(JARFLAGS) HomeSecurityController.jar ../HomeSecurityController/HomeSecurityController*.class ../HomeSecurityController/*.class ../iotcode/interfaces/SmartthingsSensor*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Alarm*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/ZoneState*.class ../iotcode/interfaces/Resolution*.class PHONY += check-homesecurity check-homesecurity: $(JAVAC) $(JFLAGS) $(CHECKER_OPT) $(ASTUBS) *.java cp HomeSecurityController.config $(BIN_DIR)/HomeSecurityController - cd $(BIN_DIR)/HomeSecurityController; $(JAR) $(JARFLAGS) HomeSecurityController.jar ../HomeSecurityController/HomeSecurityController*.class ../HomeSecurityController/MotionDetection*.class ../iotcode/interfaces/SmartthingsSensor*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Alarm*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/ZoneState*.class ../iotcode/interfaces/Resolution*.class + cd $(BIN_DIR)/HomeSecurityController; $(JAR) $(JARFLAGS) HomeSecurityController.jar ../HomeSecurityController/HomeSecurityController*.class ../HomeSecurityController/*.class ../iotcode/interfaces/SmartthingsSensor*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Alarm*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/ZoneState*.class ../iotcode/interfaces/Resolution*.class .PHONY: $(PHONY) diff --git a/benchmarks/Java/SmartLightsController/Makefile b/benchmarks/Java/SmartLightsController/Makefile index 69d132b..25baf35 100644 --- a/benchmarks/Java/SmartLightsController/Makefile +++ b/benchmarks/Java/SmartLightsController/Makefile @@ -22,12 +22,12 @@ PHONY += smartlights smartlights: $(JAVAC) $(JFLAGS) *.java cp SmartLightsController.config $(BIN_DIR)/SmartLightsController - cd $(BIN_DIR)/SmartLightsController; $(JAR) $(JARFLAGS) SmartLightsController.jar ../SmartLightsController/SmartLightsController*.class ../SmartLightsController/ColorTemperature*.class ../SmartLightsController/MotionDetection*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/LightBulb*.class ../iotcode/interfaces/Resolution*.class + cd $(BIN_DIR)/SmartLightsController; $(JAR) $(JARFLAGS) SmartLightsController.jar ../SmartLightsController/SmartLightsController*.class ../SmartLightsController/ColorTemperature*.class ../SmartLightsController/MotionDetection*.class ../SmartLightsController/*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/LightBulb*.class ../iotcode/interfaces/Resolution*.class PHONY += check-smartlights check-smartlights: $(JAVAC) $(JFLAGS) $(CHECKER_OPT) $(ASTUBS) *.java cp SmartLightsController.config $(BIN_DIR)/SmartLightsController - cd $(BIN_DIR)/SmartLightsController; $(JAR) $(JARFLAGS) SmartLightsController.jar ../SmartLightsController/SmartLightsController*.class ../SmartLightsController/ColorTemperature*.class ../SmartLightsController/MotionDetection*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/LightBulb*.class ../iotcode/interfaces/Resolution*.class + cd $(BIN_DIR)/SmartLightsController; $(JAR) $(JARFLAGS) SmartLightsController.jar ../SmartLightsController/SmartLightsController*.class ../SmartLightsController/ColorTemperature*.class ../SmartLightsController/MotionDetection*.class ../SmartLightsController/*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/LightBulb*.class ../iotcode/interfaces/Resolution*.class .PHONY: $(PHONY) diff --git a/iotjava/iotruntime/master/IoTMaster.java b/iotjava/iotruntime/master/IoTMaster.java index 8be2fe4..ed199d0 100644 --- a/iotjava/iotruntime/master/IoTMaster.java +++ b/iotjava/iotruntime/master/IoTMaster.java @@ -513,7 +513,7 @@ public class IoTMaster { RuntimeOutput.print("IoTMaster: Number of rows for IoTZigbeeAddress: " + iRows, BOOL_VERBOSE); // TODO: DEBUG!!! - System.out.println("\n\n DEBUG: InstrumentZigbeeDevice: Object Name: " + strObjName); + System.out.println("\n\nDEBUG: InstrumentZigbeeDevice: Object Name: " + strObjName); System.out.println("DEBUG: InstrumentZigbeeDevice: Port number: " + commHan.getComPort(strZigbeeGWAddressKey)); System.out.println("DEBUG: InstrumentZigbeeDevice: Device address: " + strZigbeeGWAddress + "\n\n"); @@ -633,8 +633,9 @@ public class IoTMaster { routerConfig.configureHostMainPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveControllerHostAdd, strIoTSlaveObjectHostAdd, STR_TCP_PROTOCOL); // Configure MAC policies for objects - String strFileName = STR_MAC_POL_PATH + strObjClassName + STR_MAC_POLICY_EXT; - processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, + //String strFileName = STR_MAC_POL_PATH + strObjClassName + STR_MAC_POLICY_EXT; + String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT; + processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, strObjClassName, strFileName, strIoTMasterHostAdd, commHan.getComPort(strObjName), commHan.getRMIRegPort(strObjName), commHan.getRMIStubPort(strObjName)); processJailConfig.configureProcessJailContRMIPolicies(strObjControllerName, strIoTSlaveObjectHostAdd, @@ -2050,7 +2051,8 @@ public class IoTMaster { createMainObjectCpp(strObjControllerName, outStream, inStream); } // Write basic MAC policies for controller - String strFileName = STR_MAC_POL_PATH + strObjControllerName + STR_MAC_POLICY_EXT; + //String strFileName = STR_MAC_POL_PATH + strObjControllerName + STR_MAC_POLICY_EXT; + String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT; processJailConfig.configureProcessJailControllerPolicies(strObjControllerName, strFileName, strIoTMasterHostAdd, commHan.getComPort(strObjControllerName)); // PROFILING diff --git a/iotjava/iotruntime/master/ProcessJailConfig.java b/iotjava/iotruntime/master/ProcessJailConfig.java index d76d130..7b080fd 100644 --- a/iotjava/iotruntime/master/ProcessJailConfig.java +++ b/iotjava/iotruntime/master/ProcessJailConfig.java @@ -38,6 +38,7 @@ public final class ProcessJailConfig { private static final String STR_MAC_POLICY_EXT = ".tomoyo.pol"; private static final String STR_OBJECT_NAME = ""; + private static final String STR_OBJECT_CLASS_NAME = ""; private static final String STR_MASTER_IP_ADDRESS = ""; private static final String STR_MASTER_COM_PORT = ""; private static final String STR_RMI_REG_PORT = ""; @@ -263,6 +264,7 @@ public final class ProcessJailConfig { * * @param strConfigHost String hostname to be configured * @param strObjectName String object name + * @param strObjectClassName String object class name * @param strFileName String policy file path and name * @param strMasterIPAddress String master IP address * @param iComPort Integer communication port (controller-driver) @@ -270,17 +272,22 @@ public final class ProcessJailConfig { * @param iRMIStubPort Integer RMI stub port * @return void */ - public void configureProcessJailDeviceDriverPolicies(String strConfigHost, String strObjectName, + public void configureProcessJailDeviceDriverPolicies(String strConfigHost, String strObjectName, String strObjectClassName, String strFileName, String strMasterIPAddress, int iComPort, int iRMIRegPort, int iRMIStubPort) { PrintWriter pwConfig = getPrintWriter(strConfigHost); String strPolicyList = readFile(strFileName); // Replace the strings with the actual values - String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strObjectName).replace(STR_MASTER_IP_ADDRESS, - strMasterIPAddress).replace(STR_MASTER_COM_PORT, String.valueOf(iComPort)).replace(STR_RMI_REG_PORT, - String.valueOf(iRMIRegPort)).replace(STR_RMI_STUB_PORT, String.valueOf(iRMIStubPort)); + String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strObjectName). + replace(STR_OBJECT_CLASS_NAME, strObjectClassName). + replace(STR_MASTER_IP_ADDRESS, strMasterIPAddress). + replace(STR_MASTER_COM_PORT, String.valueOf(iComPort)); + //replace(STR_RMI_REG_PORT, String.valueOf(iRMIRegPort)). + //replace(STR_RMI_STUB_PORT, String.valueOf(iRMIStubPort)); pwConfig.println("\n"); pwConfig.print(strNewPolicyList); + pwConfig.println("network inet stream bind/listen :: " + iRMIRegPort); + pwConfig.println("network inet stream bind/listen :: " + iRMIStubPort); } @@ -324,8 +331,10 @@ public final class ProcessJailConfig { PrintWriter pwConfig = getPrintWriter(strControllerName); String strPolicyList = readFile(strFileName); // Replace the strings with the actual values - String strNewPolicyList = strPolicyList.replace(STR_MASTER_IP_ADDRESS, - strMasterIPAddress).replace(STR_MASTER_COM_PORT, String.valueOf(iComPort)); + String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strControllerName). + replace(STR_OBJECT_CLASS_NAME, strControllerName). + replace(STR_MASTER_IP_ADDRESS, strMasterIPAddress). + replace(STR_MASTER_COM_PORT, String.valueOf(iComPort)); pwConfig.println("\n"); pwConfig.print(strNewPolicyList); } diff --git a/localconfig/tomoyo/AmcrestCamera.tomoyo.pol b/localconfig/tomoyo/Java.tomoyo.pol similarity index 87% rename from localconfig/tomoyo/AmcrestCamera.tomoyo.pol rename to localconfig/tomoyo/Java.tomoyo.pol index d13903e..083348b 100644 --- a/localconfig/tomoyo/AmcrestCamera.tomoyo.pol +++ b/localconfig/tomoyo/Java.tomoyo.pol @@ -27,9 +27,11 @@ file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\* file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\* file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar +file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.dat network unix stream connect /var/run/nscd/socket file read /etc/nsswitch.conf file read /etc/passwd +file read /etc/timezone file create /tmp/hsperfdata_iotuser/\* 0600 file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\* file read /sys/devices/system/cpu/online @@ -43,13 +45,12 @@ file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class file read /dev/random file read /dev/urandom -file create /home/iotuser/iot2/iotjava/iotruntime/AmcrestCamera.jar 0666 -file read/write /home/iotuser/iot2/iotjava/iotruntime/AmcrestCamera.jar +file create /home/iotuser/iot2/iotjava/iotruntime/.jar 0666 +file read/write /home/iotuser/iot2/iotjava/iotruntime/.jar file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class file ioctl socket:[family=10:type=1:protocol=6] 0x541B file read /home/iotuser/iot2/iotjava/iotruntime/\*.class file read /usr/share/locale/en_GB/LC_MESSAGES/libc.mo file create /tmp/imageio\*.tmp 0600 file read/write/unlink /tmp/imageio\*.tmp -network inet stream bind/listen :: -network inet stream bind/listen :: +file read proc:/sys/vm/overcommit_memory diff --git a/localconfig/tomoyo/LabRoom.tomoyo.pol b/localconfig/tomoyo/LabRoom.tomoyo.pol deleted file mode 100644 index 050f52a..0000000 --- a/localconfig/tomoyo/LabRoom.tomoyo.pol +++ /dev/null @@ -1,52 +0,0 @@ - /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/.sh /usr/bin/java -use_profile 3 -use_group 0 - -misc env MAIL -misc env SSH_CLIENT -misc env USER -misc env SHLVL -misc env HOME -misc env OLDPWD -misc env LOGNAME -misc env _ -misc env XDG_SESSION_ID -misc env PATH -misc env XDG_RUNTIME_DIR -misc env LANG -misc env SHELL -misc env PWD -misc env SSH_CONNECTION -file read /etc/ld.so.preload -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar -network unix stream connect /var/run/nscd/socket -file read /etc/nsswitch.conf -file read /etc/passwd -file create /tmp/hsperfdata_iotuser/\* 0600 -file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\* -file read /sys/devices/system/cpu/online -file read /usr/lib/locale/locale-archive -file write/truncate /home/iotuser/.oracle_jre_usage/\*cf.timestamp -file read /usr/share/java/\*.jar -file read /home/iotuser/iot2/iotjava/iotruntime/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/\*.config -network inet stream connect ::ffff: -file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class -file read /dev/random -file read /dev/urandom -file create /home/iotuser/iot2/iotjava/iotruntime/LabRoom.jar 0666 -file read/write /home/iotuser/iot2/iotjava/iotruntime/LabRoom.jar -file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class -network inet stream bind/listen :: -network inet stream bind/listen :: -file ioctl socket:[family=10:type=1:protocol=6] 0x541B diff --git a/localconfig/tomoyo/LifxLightBulb.tomoyo.pol b/localconfig/tomoyo/LifxLightBulb.tomoyo.pol deleted file mode 100644 index 5c89817..0000000 --- a/localconfig/tomoyo/LifxLightBulb.tomoyo.pol +++ /dev/null @@ -1,52 +0,0 @@ - /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/.sh /usr/bin/java -use_profile 3 -use_group 0 - -misc env MAIL -misc env SSH_CLIENT -misc env USER -misc env SHLVL -misc env HOME -misc env OLDPWD -misc env LOGNAME -misc env _ -misc env XDG_SESSION_ID -misc env PATH -misc env XDG_RUNTIME_DIR -misc env LANG -misc env SHELL -misc env PWD -misc env SSH_CONNECTION -file read /etc/ld.so.preload -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar -network unix stream connect /var/run/nscd/socket -file read /etc/nsswitch.conf -file read /etc/passwd -file create /tmp/hsperfdata_iotuser/\* 0600 -file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\* -file read /sys/devices/system/cpu/online -file read /usr/lib/locale/locale-archive -file write/truncate /home/iotuser/.oracle_jre_usage/\*cf.timestamp -file read /usr/share/java/\*.jar -file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/\*.config -network inet stream connect ::ffff: -file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class -file read /dev/random -file read /dev/urandom -file create /home/iotuser/iot2/iotjava/iotruntime/LifxLightBulb.jar 0666 -file read/write /home/iotuser/iot2/iotjava/iotruntime/LifxLightBulb.jar -file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/\*.class -network inet stream bind/listen :: -network inet stream bind/listen :: -file ioctl socket:[family=10:type=1:protocol=6] 0x541B diff --git a/localconfig/tomoyo/SmartLightsController.tomoyo.pol b/localconfig/tomoyo/SmartLightsController.tomoyo.pol deleted file mode 100644 index 6760b73..0000000 --- a/localconfig/tomoyo/SmartLightsController.tomoyo.pol +++ /dev/null @@ -1,56 +0,0 @@ - /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/SmartLightsController.sh /usr/bin/java -use_profile 3 -use_group 0 - -misc env MAIL -misc env SSH_CLIENT -misc env USER -misc env SHLVL -misc env HOME -misc env OLDPWD -misc env LOGNAME -misc env _ -misc env XDG_SESSION_ID -misc env PATH -misc env XDG_RUNTIME_DIR -misc env LANG -misc env SHELL -misc env PWD -misc env SSH_CONNECTION -file read /etc/ld.so.preload -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\* -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar -file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.dat -network unix stream connect /var/run/nscd/socket -file read /etc/nsswitch.conf -file read /etc/passwd -file create /tmp/hsperfdata_iotuser/\* 0600 -file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\* -file read /sys/devices/system/cpu/online -file read /usr/lib/locale/locale-archive -file write/truncate /home/iotuser/.oracle_jre_usage/81970c018e7540cf.timestamp -file read /usr/share/java/\*.jar -file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/\*.config -network inet stream connect ::ffff: -file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class -file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class -file read /dev/random -file read /dev/urandom -file create /home/iotuser/iot2/iotjava/iotruntime/SmartLightsController.jar 0666 -file read/write /home/iotuser/iot2/iotjava/iotruntime/SmartLightsController.jar -file read /home/iotuser/iot2/iotjava/SmartLightsController/\*.class -file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class -file ioctl socket:[family=10:type=1:protocol=6] 0x541B -file read /etc/timezone -file read /usr/share/locale/en_GB/LC_MESSAGES/libc.mo -file create /tmp/imageio\*.tmp 0600 -file read/write/unlink /tmp/imageio\*.tmp -file read/write /tmp/imageio\*.tmp -- 2.34.1