private static String STR_SKEL_CLASS_SUFFIX;
private static String STR_STUB_CLASS_SUFFIX;
private static String STR_ACTIVATE_SANDBOXING;
+ private static String STR_POLICY_ON;
+ private static String STR_MAC_TO_IP_TRANSLATION;
private static boolean BOOL_VERBOSE;
/**
private static final String STR_INT_STUB_CLS_CFG = "INTERFACE_STUB_CLASS";
private static final String STR_FILE_TRF_CFG = "ADDITIONAL_ZIP_FILE";
private static final String STR_LANGUAGE = "LANGUAGE";
+ private static final String STR_ADD_MAC_POL = "ADDITIONAL_MAC_POLICY";
private static final String STR_YES = "Yes";
private static final String STR_NO = "No";
private static final String STR_JAVA = "Java";
private static final String STR_SHELL_HEADER = "#!/bin/sh";
private static final String STR_JAVA_PATH = "/usr/bin/java";
private static final String STR_MAC_POL_PATH = "tomoyo/";
+ private static final String STR_TMP = "tmp";
+ private static final String STR_ARP = "arp";
private static int INT_SIZE = 4; // send length in the size of integer (4 bytes)
private static final int INT_DNS_PORT = 53;
STR_JVM_MAX_HEAP_SIZE = null;
STR_LANGUAGE_CONTROLLER = null;
STR_ACTIVATE_SANDBOXING = null;
+ STR_POLICY_ON = null;
+ STR_MAC_TO_IP_TRANSLATION = null;
BOOL_VERBOSE = false;
}
lbIoT = new LoadBalancer(BOOL_VERBOSE);
lbIoT.setupLoadBalancer();
routerConfig = new RouterConfig();
- routerConfig.getAddressList(STR_ROUTER_ADD);
+ // Get MAC to IP translation either from /tmp/dhcp.leases or arp command
+ if (STR_MAC_TO_IP_TRANSLATION.equals(STR_TMP))
+ routerConfig.getAddressListTmp(STR_ROUTER_ADD);
+ else if (STR_MAC_TO_IP_TRANSLATION.equals(STR_ARP))
+ routerConfig.getAddressListArp(STR_ROUTER_ADD);
+ else
+ throw new Error("IoTMaster: Unknown value for STR_MAC_TO_IP_TRANSLATION: " + STR_MAC_TO_IP_TRANSLATION);
processJailConfig = new ProcessJailConfig();
//processJailConfig.setAddressListObject(routerConfig.getAddressListObject());
objInitHand = new ObjectInitHandler(BOOL_VERBOSE);
STR_SKEL_CLASS_SUFFIX = prop.getProperty("SKEL_CLASS_SUFFIX");
STR_STUB_CLASS_SUFFIX = prop.getProperty("STUB_CLASS_SUFFIX");
STR_ACTIVATE_SANDBOXING = prop.getProperty("ACTIVATE_SANDBOXING");
+ STR_POLICY_ON = prop.getProperty("POLICY_ON");
+ STR_MAC_TO_IP_TRANSLATION = prop.getProperty("MAC_TO_IP_TRANSLATION");
if(prop.getProperty("VERBOSE").equals(STR_YES)) {
BOOL_VERBOSE = true;
}
RuntimeOutput.print("STR_SKEL_CLASS_SUFFIX=" + STR_SKEL_CLASS_SUFFIX, BOOL_VERBOSE);
RuntimeOutput.print("STR_STUB_CLASS_SUFFIX=" + STR_STUB_CLASS_SUFFIX, BOOL_VERBOSE);
RuntimeOutput.print("STR_ACTIVATE_SANDBOXING=" + STR_ACTIVATE_SANDBOXING, BOOL_VERBOSE);
+ RuntimeOutput.print("STR_POLICY_ON=" + STR_POLICY_ON, BOOL_VERBOSE);
+ RuntimeOutput.print("STR_MAC_TO_IP_TRANSLATION=" + STR_MAC_TO_IP_TRANSLATION, BOOL_VERBOSE);
RuntimeOutput.print("BOOL_VERBOSE=" + BOOL_VERBOSE, BOOL_VERBOSE);
RuntimeOutput.print("IoTMaster: Information extracted successfully!", BOOL_VERBOSE);
}
processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, strObjClassName,
strFileName, strIoTMasterHostAdd, commHan.getComPort(strObjName), commHan.getRMIRegPort(strObjName),
commHan.getRMIStubPort(strObjName));
+ // Check for additional MAC policy
+ String strMACConfigPath = STR_IOT_CODE_PATH + strObjClassName + "/";
+ String strCfgFile = strMACConfigPath + strObjClassName + STR_CFG_FILE_EXT;
+ String strAddMACPolicy = parseConfigFile(strCfgFile, STR_ADD_MAC_POL);
+ if (strAddMACPolicy != null && strAddMACPolicy.equals("Yes"))
+ processJailConfig.combineAdditionalMACPolicy(strMACConfigPath, strObjClassName, strIoTSlaveObjectHostAdd);
processJailConfig.configureProcessJailContRMIPolicies(strObjControllerName, strIoTSlaveObjectHostAdd,
commHan.getRMIRegPort(strObjName), commHan.getRMIStubPort(strObjName));
}
private void setRouterBasicPolicies(String strRouter) {
String strMonitorHost = routerConfig.getIPFromMACAddress(STR_MONITORING_HOST);
+ routerConfig.initMainPolicy(strRouter);
+ routerConfig.combineRouterPolicies(strRouter);
routerConfig.configureRouterICMPPolicies(strRouter, strMonitorHost);
routerConfig.configureRouterDHCPPolicies(strRouter);
routerConfig.configureRouterDNSPolicies(strRouter);
private void setHostBasicPolicies(String strHost) {
String strMonitorHost = routerConfig.getIPFromMACAddress(STR_MONITORING_HOST);
+ routerConfig.initMainPolicy(strHost);
+ routerConfig.combineRouterPolicies(strHost);
routerConfig.configureHostDHCPPolicies(strHost);
routerConfig.configureHostDNSPolicies(strHost);
if (strHost.equals(strMonitorHost)) {
try {
// Extract hostname for this IoTMaster from MySQL DB
strIoTMasterHostAdd = routerConfig.getIPFromMACAddress(STR_MASTER_MAC_ADD);
+ // Assign a new list of PrintWriter objects
+ routerConfig.renewPrintWriter();
+ HashSet<String> setAddresses = null;
// Loop as we can still find controller/device classes
for(int i=0; i<strObjectNames.length; i++) {
// PROFILING
start = System.currentTimeMillis();
-
- // Assign a new list of PrintWriter objects
- routerConfig.renewPrintWriter();
+ // Assign a new list of main PrintWriter objects
+ routerConfig.renewMainPrintWriter();
// Get controller names one by one
String strObjControllerName = strObjectNames[i];
// Use LoadBalancer to assign a host address
String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
processJailConfig.configureProcessJailControllerPolicies(strObjControllerName, strFileName,
strIoTMasterHostAdd, commHan.getComPort(strObjControllerName));
+ // Whether or not we need additional Tomoyo policy?
+ String strAddMACPolicy = parseConfigFile(strControllerCfg, STR_ADD_MAC_POL);
+ if (strAddMACPolicy != null && strAddMACPolicy.equals("Yes")) {
+ String strContMACCfg = STR_CONT_PATH + strObjControllerName + "/";
+ processJailConfig.combineAdditionalMACPolicy(strContMACCfg, strObjControllerName, strObjControllerName);
+ }
}
// PROFILING
result = System.currentTimeMillis()-start;
// SetInstrumenter vs. RelationInstrumenter
String strFieldName = map.getKey();
String strClassName = map.getValue().getClass().getName();
+
+ System.out.println("\n\nDEBUG: Instrumenting IoTSet and IoTRelation objects!!!");
+ System.out.println("DEBUG: Field name: " + strFieldName);
+ System.out.println("DEBUG: Class name: " + strFieldName + "\n\n");
+
if(strClassName.equals(STR_SET_INSTRUMENTER_CLS)) {
SetInstrumenter setInstrumenter = (SetInstrumenter) map.getValue();
if(setInstrumenter.getObjTableName().equals(STR_IOT_DEV_ADD_CLS)) {
// Combine controller MAC policies with the main policy file for the host
String strTempFileName = "./" + strObjControllerName + STR_MAC_POLICY_EXT;
processJailConfig.combineControllerMACPolicies(strIoTSlaveControllerHostAdd, strObjControllerName, strTempFileName);
- processJailConfig.close();
+ processJailConfig.flush();
// PROFILING
result = System.currentTimeMillis()-start;
// PROFILING
start = System.currentTimeMillis();
- // ROUTING POLICY: Deploy basic policies if this is the last controller
- if (i == strObjectNames.length-1) {
- // ROUTING POLICY: implement basic policies to reject all other irrelevant traffics
- for(String s: commHan.getHosts()) {
- setHostBasicPolicies(s);
- }
- // We retain all the basic policies for router,
- // but we delete the initial allowance policies for internal all TCP and UDP communications
- setRouterBasicPolicies(STR_ROUTER_ADD);
+ // ROUTING POLICY: implement basic policies to reject all other irrelevant traffics
+ for(String s: commHan.getHosts()) {
+ setHostBasicPolicies(s);
}
- // Close access to policy files and deploy policies
- routerConfig.close();
+ // We retain all the basic policies for router,
+ // but we delete the initial allowance policies for internal all TCP and UDP communications
+ setRouterBasicPolicies(STR_ROUTER_ADD);
+ routerConfig.closeMain();
// Deploy the policy
- HashSet<String> setAddresses = new HashSet<String>(commHan.getHosts());
+ setAddresses = new HashSet<String>(commHan.getHosts());
setAddresses.add(strIoTMasterHostAdd);
- createPolicyThreads(STR_ROUTER_ADD, setAddresses);
+ // See if firewall policy is configured to be "on" or "off"
+ if (STR_POLICY_ON.equals(STR_YES))
+ createPolicyThreads(STR_ROUTER_ADD, setAddresses);
// PROFILING
result = System.currentTimeMillis()-start;
inStream.close();
socket.close();
serverSocket.close();
+ objInitHand.clearObjectInitHandler();
commHan.printLists();
+ commHan.clearCommunicationHandler();
lbIoT.printHostInfo();
- if (STR_ACTIVATE_SANDBOXING.equals("Yes"))
- createMACPolicyThreads(setAddresses);
}
+ // Close access to policy files and deploy policies
+ routerConfig.close();
+ processJailConfig.close();
+ if (STR_ACTIVATE_SANDBOXING.equals("Yes"))
+ createMACPolicyThreads(setAddresses);
} catch (IOException |
InterruptedException |