projects / iot2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Modifying master for Tomoyo process jailing; Adding basic policies for Tomoyo environ...
[iot2.git] / localconfig / tomoyo / LifxLightBulb.tomoyo.pol
diff --git a/localconfig/tomoyo/LifxLightBulb.tomoyo.pol b/localconfig/tomoyo/LifxLightBulb.tomoyo.pol
new file mode 100644 (file)
index 0000000..9e4e2f7
--- /dev/null
+++ b/localconfig/tomoyo/LifxLightBulb.tomoyo.pol
@@ -0,0 +1,154 @@
+<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/LifxLightBulb<object-id>.sh /usr/bin/java
+use_profile 3
+use_group 0
+
+misc env MAIL
+misc env SSH_CLIENT
+misc env USER
+misc env SHLVL
+misc env HOME
+misc env OLDPWD
+misc env LOGNAME
+misc env _
+misc env XDG_SESSION_ID
+misc env PATH
+misc env XDG_RUNTIME_DIR
+misc env LANG
+misc env SHELL
+misc env PWD
+misc env SSH_CONNECTION
+file read /etc/ld.so.preload
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/libjli.so
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jvm.cfg
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/libjvm.so
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/libverify.so
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/libjava.so
+network unix stream connect /var/run/nscd/socket
+file read /etc/nsswitch.conf
+file read /etc/passwd
+file create /tmp/hsperfdata_iotuser/\* 0600
+file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\*
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/libzip.so
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/meta-index
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/rt.jar
+file read /sys/devices/system/cpu/online
+file read /usr/lib/locale/locale-archive
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/meta-index
+file write/truncate /home/iotuser/.oracle_jre_usage/81970c018e7540cf.timestamp
+file read /usr/share/java/servlet-api-2.5.jar
+file read /usr/share/java/asm-all-5.0.3.jar
+file read /usr/share/java/BoofCV-WebcamCapture-0.21.jar
+file read /usr/share/java/core-0.28.jar
+file read /usr/share/java/jurt-4.3.3.jar
+file read /usr/share/java/ridl-4.3.3.jar
+file read /usr/share/java/unoloader.jar
+file read /usr/share/java/BoofCV-xuggler-0.21-sources.jar
+file read /usr/share/java/xpp3_min-1.1.4c.jar
+file read /usr/share/java/simple-0.29.jar
+file read /usr/share/java/BoofCV-recognition-0.21-sources.jar
+file read /usr/share/java/BoofCV-feature-0.21.jar
+file read /usr/share/java/jsp-api-2.1.jar
+file read /usr/share/java/mysql-connector-java-5.1.39.jar
+file read /usr/share/java/BoofCV-jcodec-0.21-sources.jar
+file read /usr/share/java/BoofCV-visualize-0.21-sources.jar
+file read /usr/share/java/BoofCV-WebcamCapture-0.21-sources.jar
+file read /usr/share/java/GeoRegression-georegression-0.9-sources.jar
+file read /usr/share/java/el-api-2.1.jar
+file read /usr/share/java/unoil-4.3.3.jar
+file read /usr/share/java/GeoRegression-experimental-0.9-sources.jar
+file read /usr/share/java/xmlpull-1.1.3.1.jar
+file read /usr/share/java/georegression-0.10.jar
+file read /usr/share/java/BoofCV-android-0.21.jar
+file read /usr/share/java/BoofCV-ip-0.21.jar
+file read /usr/share/java/BoofCV-android-0.21-sources.jar
+file read /usr/share/java/hsqldb1.8.0-1.8.0.10+dfsg.jar
+file read /usr/share/java/BoofCV-sfm-0.21.jar
+file read /usr/share/java/BoofCV-visualize-0.21.jar
+file read /usr/share/java/BoofCV-geo-0.21-sources.jar
+file read /usr/share/java/core-0.29.jar
+file read /usr/share/java/libintl.jar
+file read /usr/share/java/BoofCV-io-0.21-sources.jar
+file read /usr/share/java/BoofCV-io-0.21.jar
+file read /usr/share/java/hsqldbutil1.8.0-1.8.0.10+dfsg.jar
+file read /usr/share/java/dense64-0.28.jar
+file read /usr/share/java/BoofCV-xuggler-0.21.jar
+file read /usr/share/java/BoofCV-learning-0.21.jar
+file read /usr/share/java/BoofCV-sfm-0.21-sources.jar
+file read /usr/share/java/zip4j_1.3.2.jar
+file read /usr/share/java/ddogleg-0.8-SNAPSHOT.jar
+file read /usr/share/java/BoofCV-openkinect-0.21.jar
+file read /usr/share/java/dense64-0.29.jar
+file read /usr/share/java/juh-4.3.3.jar
+file read /usr/share/java/jl1.0.1.jar
+file read /usr/share/java/BoofCV-jcodec-0.21.jar
+file read /usr/share/java/BoofCV-ip-0.21-sources.jar
+file read /usr/share/java/GeoRegression-experimental-0.9.jar
+file read /usr/share/java/GeoRegression-georegression-0.9.jar
+file read /usr/share/java/java-json.jar
+file read /usr/share/java/ddogleg-0.9.jar
+file read /usr/share/java/xstream-1.4.7.jar
+file read /usr/share/java/BoofCV-geo-0.21.jar
+file read /usr/share/java/java_uno.jar
+file read /usr/share/java/BoofCV-calibration-0.21.jar
+file read /usr/share/java/javac.jar
+file read /usr/share/java/BoofCV-recognition-0.21.jar
+file read /usr/share/java/checker.jar
+file read /usr/share/java/BoofCV-feature-0.21-sources.jar
+file read /usr/share/java/BoofCV-openkinect-0.21-sources.jar
+file read /usr/share/java/equation-0.29.jar
+file read /usr/share/java/simple-0.28.jar
+file read /usr/share/java/BoofCV-learning-0.21-sources.jar
+file read /usr/share/java/equation-0.28.jar
+file read /usr/share/java/BoofCV-calibration-0.21-sources.jar
+file read /home/iotuser/iot2/iotjava/iotruntime/slave/IoTSlave.class
+file read /home/iotuser/iot2/iotjava/iotruntime/IoTSlave.config
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/libnet.so
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/net.properties
+network inet stream connect ::ffff:192.168.2.108 <master-com-port>
+file read /home/iotuser/iot2/iotjava/iotruntime/master/RuntimeOutput.class
+file read /home/iotuser/iot2/iotjava/iotruntime/messages/MessageSendFile.class
+file read /home/iotuser/iot2/iotjava/iotruntime/messages/Message.class
+file read /home/iotuser/iot2/iotjava/iotruntime/messages/IoTCommCode.class
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/java.security
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/jsse.jar
+file read /dev/random
+file read /dev/urandom
+file read /home/iotuser/iot2/iotjava/iotruntime/slave/IoTSlave$3.class
+file read /home/iotuser/iot2/iotjava/iotruntime/messages/MessageSimple.class
+file create /home/iotuser/iot2/iotjava/iotruntime/LifxLightBulb.jar 0666
+file read/write /home/iotuser/iot2/iotjava/iotruntime/LifxLightBulb.jar
+file read /home/iotuser/iot2/iotjava/iotruntime/messages/MessageCreateObject.class
+file read /home/iotuser/iot2/iotjava/iotcode/LifxLightBulb/LifxLightBulb.class
+file read /home/iotuser/iot2/iotjava/iotcode/LifxLightBulb/LightBulb_Skeleton.class
+file read /home/iotuser/iot2/iotjava/iotrmi/Java/IoTRMIComm.class
+file read /home/iotuser/iot2/iotjava/iotrmi/Java/IoTRMICommServer.class
+file read /home/iotuser/iot2/iotjava/iotcode/LifxLightBulb/LightBulb_Skeleton$1.class
+file read /home/iotuser/iot2/iotjava/iotruntime/slave/IoTSlave$1.class
+file read /home/iotuser/iot2/iotjava/iotrmi/Java/IoTRMIComm$1.class
+file read /home/iotuser/iot2/iotjava/iotrmi/Java/IoTRMIComm$2.class
+file read /home/iotuser/iot2/iotjava/iotruntime/messages/MessageCreateSetRelation.class
+file read /home/iotuser/iot2/iotjava/iotrmi/Java/IoTRMICommServer$1.class
+file read /home/iotuser/iot2/iotjava/iotrmi/Java/IoTRMICommServer$2.class
+file read /home/iotuser/iot2/iotjava/iotruntime/slave/ISet.class
+file read /home/iotuser/iot2/iotjava/iotrmi/Java/IoTRMICommServer$3.class
+file read /home/iotuser/iot2/iotjava/iotrmi/Java/IoTRMIUtil.class
+file read /home/iotuser/iot2/iotjava/iotruntime/messages/MessageGetDeviceObject.class
+file read /home/iotuser/iot2/iotjava/iotrmi/Java/IoTRMITypes.class
+file read /home/iotuser/iot2/iotjava/iotruntime/slave/IoTDeviceAddress.class
+file read /home/iotuser/iot2/iotjava/iotruntime/slave/IoTAddress.class
+file read /home/iotuser/iot2/iotjava/iotrmi/Java/IoTSocketServer.class
+file read /home/iotuser/iot2/iotjava/iotrmi/Java/IoTSocket.class
+file read /home/iotuser/iot2/iotjava/iotruntime/slave/IoTSet.class
+file read /home/iotuser/iot2/iotjava/iotruntime/IoTUDP.class
+network inet stream bind/listen :: <rmi-stub-port>
+network inet stream bind/listen :: <rmi-reg-port>
+file ioctl socket:[family=10:type=1:protocol=6] 0x541B
+file read /home/iotuser/iot2/iotjava/iotcode/LifxLightBulb/LightBulb_Skeleton$2.class
+network inet dgram bind :: <device-com-port>
+file read /home/iotuser/iot2/iotjava/iotcode/LifxLightBulb/LifxLightBulb$1.class
+file read /home/iotuser/iot2/iotjava/iotcode/LifxLightBulb/LifxHeader.class
+network inet dgram send ::ffff:<device-ip-address> 56700
+file read /home/iotuser/iot2/iotjava/iotcode/LifxLightBulb/DeviceStateVersion.class
+file read /home/iotuser/iot2/iotjava/iotcode/LifxLightBulb/BulbColor.class
+file read /home/iotuser/iot2/iotjava/iotcode/LifxLightBulb/LightState.class
+file read /home/iotuser/iot2/iotjava/iotcode/LifxLightBulb/LightBulb_Skeleton$5.class
The source code and documentation of Vigilia