1 package iotruntime.master;
3 import java.io.InputStream;
4 import java.io.InputStreamReader;
5 import java.io.BufferedReader;
6 import java.io.BufferedWriter;
7 import java.io.FileWriter;
8 import java.io.PrintWriter;
9 import java.io.IOException;
10 import java.nio.file.Files;
11 import java.nio.file.Paths;
12 import java.nio.charset.StandardCharsets;
13 import java.util.HashMap;
16 /** Class ProcessJailConfig is a class that configures the compute
17 * nodes in our network with the relevant process jail policies;
19 * We use Tomoyo 2.5 as a Mandatory Access Control (MAC) that is
20 * simple, easy to maintain, and lightweight (suitable for embedded
23 * @author Rahmadi Trimananda <rahmadi.trimananda @ uci.edu>
27 public final class ProcessJailConfig {
30 * ProcessJailConfig constants
32 private static final String STR_SSH_USERNAME_ROUTER = "root";
33 private static final String STR_SSH_USERNAME_HOST = "iotuser";
34 private static final String STR_TCP_PROTOCOL = "tcp";
35 private static final String STR_UDP_PROTOCOL = "udp";
36 private static final String STR_TCPGW_PROTOCOL = "tcpgw";
37 private static final String STR_NO_PROTOCOL = "nopro";
39 private static final String STR_MAC_POLICY_EXT = ".tomoyo.pol";
40 private static final String STR_OBJECT_NAME = "<object-name>";
41 private static final String STR_OBJECT_CLASS_NAME = "<object-class-name>";
42 private static final String STR_MASTER_IP_ADDRESS = "<master-ip-address>";
43 private static final String STR_MASTER_COM_PORT = "<master-com-port>";
44 private static final String STR_RMI_REG_PORT = "<rmi-reg-port>";
45 private static final String STR_RMI_STUB_PORT = "<rmi-stub-port>";
46 private static final String STR_DEV_IP_ADDRESS = "<dev-ip-address>";
47 private static final String STR_DEV_COM_PORT = "<dev-com-port>";
48 private static final String STR_DEV_PORT = "<dev-port>";
52 * ProcessJailConfig properties
54 private Map<String, PrintWriter> mapHostToFile;
55 private Map<String, String> mapMACtoIPAdd;
61 public ProcessJailConfig() {
62 // This maps hostname to file PrintWriter
63 mapHostToFile = new HashMap<String, PrintWriter>();
69 * renewPrintWriter() renews the mapHostToFile object that lists all PrintWriters
73 public void renewPrintWriter() {
75 mapHostToFile = new HashMap<String, PrintWriter>();
80 * getPrintWriter() gets the right PrintWriter object to print policies to the right file
82 * @param strConfigHost String hostname to be configured
85 private PrintWriter getPrintWriter(String strConfigHost) {
87 // Return object if existing
88 if (mapHostToFile.containsKey(strConfigHost)) {
89 return mapHostToFile.get(strConfigHost);
91 // Simply create a new one if it doesn't exist
94 fw = new FileWriter(strConfigHost + STR_MAC_POLICY_EXT);
95 } catch (IOException ex) {
98 PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
99 mapHostToFile.put(strConfigHost, pwConfig);
106 * close() closes all PrintWriter objects
110 public void close() {
112 for(PrintWriter pwConfig: mapHostToFile.values()) {
119 * sendMACPolicies() deploys policies on MAC implementation for process jailing
121 * @param strConfigHost String hostname to be configured
124 public void sendMACPolicies(String strConfigHost) {
126 String strCmdSend = "scp " + strConfigHost + STR_MAC_POLICY_EXT + " " +
127 STR_SSH_USERNAME_HOST + "@" + strConfigHost + ":~;";
128 System.out.println(strCmdSend);
129 runCommand(strCmdSend);
130 String strCmdDeploy = "ssh " + STR_SSH_USERNAME_HOST + "@" + strConfigHost +
131 " sudo tomoyo-loadpolicy -df < ~/" + strConfigHost + STR_MAC_POLICY_EXT + "; rm ~/" + strConfigHost +
132 STR_MAC_POLICY_EXT + ";";
133 System.out.println(strCmdDeploy);
134 runCommand(strCmdDeploy);
139 * deployPolicies() method configures the policies
141 * @param strCommand String that contains command line
144 private void deployPolicies(String strCommand) {
147 Runtime runtime = Runtime.getRuntime();
148 Process process = runtime.exec(strCommand);
150 } catch (IOException ex) {
151 System.out.println("RouterConfig: IOException: " + ex.getMessage());
152 ex.printStackTrace();
153 } catch (InterruptedException ex) {
154 System.out.println("RouterConfig: InterruptException: " + ex.getMessage());
155 ex.printStackTrace();
161 * setAddressListObject() method sets the map for IP and MAC addresses
163 * This method gets the mapping from RouterConfig
165 public void setAddressListObject(Map<String, String> _mapMACtoIPAdd) {
167 mapMACtoIPAdd = _mapMACtoIPAdd;
172 * runCommand() method runs shell command
174 * @param strCommand String that contains command line
177 private void runCommand(String strCommand) {
180 Runtime runtime = Runtime.getRuntime();
181 Process process = runtime.exec(strCommand);
183 } catch (IOException ex) {
184 System.out.println("RouterConfig: IOException: " + ex.getMessage());
185 ex.printStackTrace();
186 } catch (InterruptedException ex) {
187 System.out.println("RouterConfig: InterruptException: " + ex.getMessage());
188 ex.printStackTrace();
194 * getAddressList() method gets list of IP addresses
196 * This method sends an inquiry to the router to look for
197 * the list of DHCP leased addresses and their mapping to MAC
200 * @param strRouterAddress String that contains address of router
202 public void getAddressList(String strRouterAddress) {
204 //HashMap<String,String> hmMACToIPAdd = new HashMap<String,String>();
206 // We can replace "cat /tmp/dhcp.leases" with "cat /proc/net/arp"
207 String cmd = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strRouterAddress +
208 " cat /tmp/dhcp.leases";
209 Runtime runtime = Runtime.getRuntime();
210 Process process = runtime.exec(cmd);
212 InputStream inStream = process.getInputStream();
213 InputStreamReader isReader = new InputStreamReader(inStream);
214 BufferedReader bReader = new BufferedReader(isReader);
215 String strRead = null;
216 while((strRead = bReader.readLine()) != null){
217 String[] str = strRead.split(" ");
218 mapMACtoIPAdd.put(str[1], str[2]);
220 } catch (IOException ex) {
221 System.out.println("RouterConfig: IOException: " + ex.getMessage());
222 ex.printStackTrace();
228 * getIPFromMACAddress() method gets IP from MAC address
230 * @return String String that contains IP address from the MAC-IP mapping
232 public String getIPFromMACAddress(String strMACAddress) {
234 String strIPAddress = mapMACtoIPAdd.get(strMACAddress);
235 if (strIPAddress == null) {
236 throw new Error("RouterConfig: MAC address " + strMACAddress +
237 " not found on the list! Please check if device is present in /tmp/dhcp.leases!");
244 * readFile() read the entire file and return a string
246 * @return String String that contains the content of the file
248 public String readFile(String filePath) {
250 String retStr = null;
252 retStr = new String(Files.readAllBytes(Paths.get(filePath)), StandardCharsets.UTF_8);
253 } catch (IOException ex) {
254 ex.printStackTrace();
261 * configureProcessJailDeviceDriverPolicies() method configures the main MAC policies
263 * This method configures the main policies between controller and device driver
265 * @param strConfigHost String hostname to be configured
266 * @param strObjectName String object name
267 * @param strObjectClassName String object class name
268 * @param strFileName String policy file path and name
269 * @param strMasterIPAddress String master IP address
270 * @param iComPort Integer communication port (controller-driver)
271 * @param iRMIRegPort Integer RMI registry port
272 * @param iRMIStubPort Integer RMI stub port
275 public void configureProcessJailDeviceDriverPolicies(String strConfigHost, String strObjectName, String strObjectClassName,
276 String strFileName, String strMasterIPAddress, int iComPort, int iRMIRegPort, int iRMIStubPort) {
278 PrintWriter pwConfig = getPrintWriter(strConfigHost);
279 String strPolicyList = readFile(strFileName);
280 // Replace the strings with the actual values
281 String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strObjectName).
282 replace(STR_OBJECT_CLASS_NAME, strObjectClassName).
283 replace(STR_MASTER_IP_ADDRESS, strMasterIPAddress).
284 replace(STR_MASTER_COM_PORT, String.valueOf(iComPort));
285 //replace(STR_RMI_REG_PORT, String.valueOf(iRMIRegPort)).
286 //replace(STR_RMI_STUB_PORT, String.valueOf(iRMIStubPort));
287 pwConfig.println("\n");
288 pwConfig.print(strNewPolicyList);
289 pwConfig.println("network inet stream bind/listen :: " + iRMIRegPort);
290 pwConfig.println("network inet stream bind/listen :: " + iRMIStubPort);
295 * configureProcessJailDevicePolicies() method configures the device MAC policies
297 * This method configures the device policies between device driver and device
299 * @param strConfigHost String hostname to be configured
300 * @param strProtocol String protocol name
301 * @param iDeviceComPort Integer device communication port
302 * @param strDeviceIPAddress String device IP address
303 * @param iDevicePort Integer device port
306 public void configureProcessJailDevicePolicies(String strConfigHost, String strProtocol,
307 int iDeviceComPort, String strDeviceIPAddress, int iDevicePort) {
309 PrintWriter pwConfig = getPrintWriter(strConfigHost);
310 if (strProtocol.equals(STR_TCP_PROTOCOL)) {
311 pwConfig.println("network inet stream connect ::ffff:" + strDeviceIPAddress + " " + String.valueOf(iDevicePort));
313 pwConfig.println("network inet dgram bind :: " + String.valueOf(iDeviceComPort));
314 pwConfig.println("network inet dgram send ::ffff:" + strDeviceIPAddress + " " + String.valueOf(iDevicePort));
320 * configureProcessJailDevicePolicies() method configures the device MAC policies
322 * This method configures the device policies between device driver and device
324 * @param strConfigHost String hostname to be configured
325 * @param strRouterAddress String router address
326 * @param iPort Integer port
329 public void configureProcessJailGWDevicePolicies(String strConfigHost, String strRouterAddress, int iPort) {
331 PrintWriter pwConfig = getPrintWriter(strConfigHost);
332 pwConfig.println("file read /home/iotuser/iot2/iotjava/iotruntime/\\*.jks");
333 pwConfig.println("file read /etc/resolv.conf");
334 pwConfig.println("file read /etc/hosts");
335 pwConfig.println("network inet dgram send " + strRouterAddress + " " + String.valueOf(iPort));
340 * configureProcessJailDeviceDriverInetAddressPolicies() method configures the device MAC policies
343 * @param strConfigHost String hostname to be configured
344 * @param strAddress String device IP address
347 public void configureProcessJailInetAddressPolicies(String strConfigHost, String strRouterAddress, String strAddress) {
349 PrintWriter pwConfig = getPrintWriter(strConfigHost);
350 //System.out.println("\n\nDEBUG: Writing the config host address setup!!!\n\n");
351 pwConfig.println("file read /etc/resolv.conf");
352 pwConfig.println("file read /etc/hosts");
353 pwConfig.println("file read /etc/host.conf");
354 pwConfig.println("network inet dgram send " + strRouterAddress + " " + String.valueOf(53)); // TCP/UDP access through router
355 pwConfig.println("network inet stream connect ::ffff:" + strAddress + " " + String.valueOf(80)); // HTTP access for this address
360 * configureProcessJailControllerPolicies() method configures the main MAC policies for controller
362 * @param strControllerName String controller name to be configured
363 * @param strFileName String policy file path and name
364 * @param strMasterIPAddress String master IP address
365 * @param iComPort Integer communication port (controller-driver)
368 public void configureProcessJailControllerPolicies(String strControllerName, String strFileName,
369 String strMasterIPAddress, int iComPort) {
371 PrintWriter pwConfig = getPrintWriter(strControllerName);
372 String strPolicyList = readFile(strFileName);
373 // Replace the strings with the actual values
374 String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strControllerName).
375 replace(STR_OBJECT_CLASS_NAME, strControllerName).
376 replace(STR_MASTER_IP_ADDRESS, strMasterIPAddress).
377 replace(STR_MASTER_COM_PORT, String.valueOf(iComPort));
378 pwConfig.println("\n");
379 pwConfig.print(strNewPolicyList);
384 * configureProcessJailContRMIPolicies() method configures the MAC policies for RMI ports of controller
386 * @param strControllerName String controller name to be configured
387 * @param strFileName String policy file path and name
388 * @param strMasterIPAddress String master IP address
389 * @param iComPort Integer communication port (controller-driver)
392 public void configureProcessJailContRMIPolicies(String strControllerName, String strDeviceDriverIPAddress,
393 int iRMIRegPort, int iRMIStubPort) {
395 PrintWriter pwConfig = getPrintWriter(strControllerName);
396 // Replace the strings with the actual values
397 pwConfig.println("network inet stream connect ::ffff:" + strDeviceDriverIPAddress + " " + String.valueOf(iRMIRegPort));
398 pwConfig.println("network inet stream connect ::ffff:" + strDeviceDriverIPAddress + " " + String.valueOf(iRMIStubPort));
403 * combineControllerMACPolicies() method combines the controller MAC policies into the right host policy file
405 * @param strConfigHost String hostname to be configured
406 * @param strFileName String policy file path and name
409 public void combineControllerMACPolicies(String strConfigHost, String strObjectControllerName, String strFileName) {
411 PrintWriter pwConfig = getPrintWriter(strConfigHost);
412 PrintWriter pwCont = getPrintWriter(strObjectControllerName);
414 String strPolicyList = readFile(strFileName);
415 pwConfig.println(strPolicyList);
416 runCommand("rm -rf " + strFileName);