X-Git-Url: http://plrg.eecs.uci.edu/git/?p=iot2.git;a=blobdiff_plain;f=iotjava%2Fiotruntime%2Fmaster%2FIoTMaster.java;h=15948bf633de21d17394055eccc2dcbf9bfc6953;hp=ed199d044f39c0be957207eb82eed6a9d6d3a809;hb=4f93f30fc71a3696f426acf231cd665cb16cdc3b;hpb=8b9f15dfaa9cf16deb2d5b91bba324739fdd3544 diff --git a/iotjava/iotruntime/master/IoTMaster.java b/iotjava/iotruntime/master/IoTMaster.java index ed199d0..15948bf 100644 --- a/iotjava/iotruntime/master/IoTMaster.java +++ b/iotjava/iotruntime/master/IoTMaster.java @@ -40,7 +40,7 @@ import static java.lang.Math.toIntExact; * @version 1.0 * @since 2016-06-16 */ -public class IoTMaster { +public final class IoTMaster { /** * IoTMaster class properties @@ -102,6 +102,9 @@ public class IoTMaster { private static String STR_LANGUAGE_CONTROLLER; private static String STR_SKEL_CLASS_SUFFIX; private static String STR_STUB_CLASS_SUFFIX; + private static String STR_ACTIVATE_SANDBOXING; + private static String STR_POLICY_ON; + private static String STR_MAC_TO_IP_TRANSLATION; private static boolean BOOL_VERBOSE; /** @@ -126,6 +129,7 @@ public class IoTMaster { private static final String STR_INT_STUB_CLS_CFG = "INTERFACE_STUB_CLASS"; private static final String STR_FILE_TRF_CFG = "ADDITIONAL_ZIP_FILE"; private static final String STR_LANGUAGE = "LANGUAGE"; + private static final String STR_ADD_MAC_POL = "ADDITIONAL_MAC_POLICY"; private static final String STR_YES = "Yes"; private static final String STR_NO = "No"; private static final String STR_JAVA = "Java"; @@ -136,8 +140,11 @@ public class IoTMaster { private static final String STR_SHELL_HEADER = "#!/bin/sh"; private static final String STR_JAVA_PATH = "/usr/bin/java"; private static final String STR_MAC_POL_PATH = "tomoyo/"; + private static final String STR_TMP = "tmp"; + private static final String STR_ARP = "arp"; private static int INT_SIZE = 4; // send length in the size of integer (4 bytes) + private static final int INT_DNS_PORT = 53; /** * Runtime class name constants - not to be configured by users @@ -197,6 +204,9 @@ public class IoTMaster { STR_JVM_INIT_HEAP_SIZE = null; STR_JVM_MAX_HEAP_SIZE = null; STR_LANGUAGE_CONTROLLER = null; + STR_ACTIVATE_SANDBOXING = null; + STR_POLICY_ON = null; + STR_MAC_TO_IP_TRANSLATION = null; BOOL_VERBOSE = false; } @@ -211,7 +221,13 @@ public class IoTMaster { lbIoT = new LoadBalancer(BOOL_VERBOSE); lbIoT.setupLoadBalancer(); routerConfig = new RouterConfig(); - routerConfig.getAddressList(STR_ROUTER_ADD); + // Get MAC to IP translation either from /tmp/dhcp.leases or arp command + if (STR_MAC_TO_IP_TRANSLATION.equals(STR_TMP)) + routerConfig.getAddressListTmp(STR_ROUTER_ADD); + else if (STR_MAC_TO_IP_TRANSLATION.equals(STR_ARP)) + routerConfig.getAddressListArp(STR_ROUTER_ADD); + else + throw new Error("IoTMaster: Unknown value for STR_MAC_TO_IP_TRANSLATION: " + STR_MAC_TO_IP_TRANSLATION); processJailConfig = new ProcessJailConfig(); //processJailConfig.setAddressListObject(routerConfig.getAddressListObject()); objInitHand = new ObjectInitHandler(BOOL_VERBOSE); @@ -276,6 +292,9 @@ public class IoTMaster { STR_JVM_MAX_HEAP_SIZE = prop.getProperty("JVM_MAX_HEAP_SIZE"); STR_SKEL_CLASS_SUFFIX = prop.getProperty("SKEL_CLASS_SUFFIX"); STR_STUB_CLASS_SUFFIX = prop.getProperty("STUB_CLASS_SUFFIX"); + STR_ACTIVATE_SANDBOXING = prop.getProperty("ACTIVATE_SANDBOXING"); + STR_POLICY_ON = prop.getProperty("POLICY_ON"); + STR_MAC_TO_IP_TRANSLATION = prop.getProperty("MAC_TO_IP_TRANSLATION"); if(prop.getProperty("VERBOSE").equals(STR_YES)) { BOOL_VERBOSE = true; } @@ -300,6 +319,9 @@ public class IoTMaster { RuntimeOutput.print("STR_JVM_MAX_HEAP_SIZE=" + STR_JVM_MAX_HEAP_SIZE, BOOL_VERBOSE); RuntimeOutput.print("STR_SKEL_CLASS_SUFFIX=" + STR_SKEL_CLASS_SUFFIX, BOOL_VERBOSE); RuntimeOutput.print("STR_STUB_CLASS_SUFFIX=" + STR_STUB_CLASS_SUFFIX, BOOL_VERBOSE); + RuntimeOutput.print("STR_ACTIVATE_SANDBOXING=" + STR_ACTIVATE_SANDBOXING, BOOL_VERBOSE); + RuntimeOutput.print("STR_POLICY_ON=" + STR_POLICY_ON, BOOL_VERBOSE); + RuntimeOutput.print("STR_MAC_TO_IP_TRANSLATION=" + STR_MAC_TO_IP_TRANSLATION, BOOL_VERBOSE); RuntimeOutput.print("BOOL_VERBOSE=" + BOOL_VERBOSE, BOOL_VERBOSE); RuntimeOutput.print("IoTMaster: Information extracted successfully!", BOOL_VERBOSE); } @@ -411,6 +433,7 @@ public class IoTMaster { // Get information from the set List listObject = objAddInitHand.getFields(strFieldIdentifier); + RuntimeOutput.print("IoTMaster: DEBUG: Getting into instrumentIoTSetDevice!", BOOL_VERBOSE); // Create a new IoTSet if(strLanguage.equals(STR_JAVA)) { Message msgCrtIoTSet = new MessageCreateSetRelation(IoTCommCode.CREATE_NEW_IOTSET, strFieldName); @@ -635,11 +658,19 @@ public class IoTMaster { // Configure MAC policies for objects //String strFileName = STR_MAC_POL_PATH + strObjClassName + STR_MAC_POLICY_EXT; String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT; - processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, strObjClassName, - strFileName, strIoTMasterHostAdd, commHan.getComPort(strObjName), commHan.getRMIRegPort(strObjName), - commHan.getRMIStubPort(strObjName)); - processJailConfig.configureProcessJailContRMIPolicies(strObjControllerName, strIoTSlaveObjectHostAdd, - commHan.getRMIRegPort(strObjName), commHan.getRMIStubPort(strObjName)); + if (STR_ACTIVATE_SANDBOXING.equals("Yes")) { + processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, strObjClassName, + strFileName, strIoTMasterHostAdd, commHan.getComPort(strObjName), commHan.getRMIRegPort(strObjName), + commHan.getRMIStubPort(strObjName)); + // Check for additional MAC policy + String strMACConfigPath = STR_IOT_CODE_PATH + strObjClassName + "/"; + String strCfgFile = strMACConfigPath + strObjClassName + STR_CFG_FILE_EXT; + String strAddMACPolicy = parseConfigFile(strCfgFile, STR_ADD_MAC_POL); + if (strAddMACPolicy != null && strAddMACPolicy.equals("Yes")) + processJailConfig.combineAdditionalMACPolicy(strMACConfigPath, strObjClassName, strIoTSlaveObjectHostAdd); + processJailConfig.configureProcessJailContRMIPolicies(strObjControllerName, strIoTSlaveObjectHostAdd, + commHan.getRMIRegPort(strObjName), commHan.getRMIStubPort(strObjName)); + } // Instrument the IoTSet declarations inside the class file instrumentObjectIoTSet(strFieldObjectID, strLanguage); } @@ -730,6 +761,9 @@ public class IoTMaster { routerConfig.configureHostMainPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveObjectHostAdd, strDeviceAddress, STR_TCP_PROTOCOL, iDestDeviceDriverPort); routerConfig.configureRouterHTTPPolicies(STR_ROUTER_ADD, strIoTSlaveObjectHostAdd, strDeviceAddress); routerConfig.configureHostHTTPPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveObjectHostAdd, strDeviceAddress); + // Configure MAC policies + if (STR_ACTIVATE_SANDBOXING.equals("Yes")) + processJailConfig.configureProcessJailGWDevicePolicies(strIoTSlaveObjectHostAdd, STR_ROUTER_ADD, strDeviceAddress, INT_DNS_PORT); } else { // Other port numbers... commHan.addDevicePort(iDestDeviceDriverPort); @@ -738,8 +772,9 @@ public class IoTMaster { routerConfig.configureHostMainPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveObjectHostAdd, strDeviceAddress, strProtocol, commHan.getComPort(strDeviceAddressKey), iDestDeviceDriverPort); // Configure MAC policies - processJailConfig.configureProcessJailDevicePolicies(strIoTSlaveObjectHostAdd, strProtocol, - commHan.getComPort(strDeviceAddressKey), strDeviceAddress, iDestDeviceDriverPort); + if (STR_ACTIVATE_SANDBOXING.equals("Yes")) + processJailConfig.configureProcessJailDevicePolicies(strIoTSlaveObjectHostAdd, strProtocol, + commHan.getComPort(strDeviceAddressKey), strDeviceAddress, iDestDeviceDriverPort); } } } @@ -753,7 +788,7 @@ public class IoTMaster { * @return void */ private void setRouterPolicyIoTSetAddress(String strFieldIdentifier, Map.Entry map, - String strHostAddress) { + String strHostAddress, String strControllerName) { // Get information from the set SetInstrumenter setInstrumenter = (SetInstrumenter) map.getValue(); @@ -766,6 +801,13 @@ public class IoTMaster { // Get device address String strAddress = (String) arrFieldValues[0]; // Setting up router policies for HTTP/HTTPs + if (STR_ACTIVATE_SANDBOXING.equals("Yes")) { + if (strControllerName != null) { + processJailConfig.configureProcessJailInetAddressPolicies(strControllerName, STR_ROUTER_ADD, strAddress); + } else { + processJailConfig.configureProcessJailInetAddressPolicies(strHostAddress, STR_ROUTER_ADD, strAddress); + } + } routerConfig.configureRouterHTTPPolicies(STR_ROUTER_ADD, strHostAddress, strAddress); routerConfig.configureHostHTTPPolicies(strHostAddress, strHostAddress, strAddress); } @@ -820,7 +862,7 @@ public class IoTMaster { setRouterPolicyIoTSetDevice(strFieldIdentifier, map, strIoTSlaveObjectHostAdd); } else if(setInstrumenter.getObjTableName().equals(STR_IOT_ADD_CLS)) { // Instrument the IoTAddress - setRouterPolicyIoTSetAddress(strFieldIdentifier, map, strIoTSlaveObjectHostAdd); + setRouterPolicyIoTSetAddress(strFieldIdentifier, map, strIoTSlaveObjectHostAdd, null); } else if(setInstrumenter.getObjTableName().equals(STR_IOT_ZB_ADD_CLS)) { // Instrument the IoTZigbeeAddress - special feature for Zigbee device support RuntimeOutput.print("IoTMaster: IoTZigbeeAddress found! No router policy is set here..", @@ -1067,6 +1109,7 @@ public class IoTMaster { if(setInstrumenter.getObjTableName().equals(STR_IOT_DEV_ADD_CLS)) { // Instrument the normal IoTDeviceAddress synchronized(this) { + //RuntimeOutput.print("IoTMaster: DEBUG: Processing " + STR_IOT_DEV_ADD_CLS + "!", BOOL_VERBOSE); instrumentIoTSetDevice(strFieldIdentifier, strObjName, strFieldName, strIoTSlaveObjectHostAdd, inStream, outStream, strLanguageDriver); } } else if(setInstrumenter.getObjTableName().equals(STR_IOT_ZB_ADD_CLS)) { @@ -1357,6 +1400,8 @@ public class IoTMaster { private void setRouterBasicPolicies(String strRouter) { String strMonitorHost = routerConfig.getIPFromMACAddress(STR_MONITORING_HOST); + routerConfig.initMainPolicy(strRouter); + routerConfig.combineRouterPolicies(strRouter); routerConfig.configureRouterICMPPolicies(strRouter, strMonitorHost); routerConfig.configureRouterDHCPPolicies(strRouter); routerConfig.configureRouterDNSPolicies(strRouter); @@ -1373,6 +1418,8 @@ public class IoTMaster { private void setHostBasicPolicies(String strHost) { String strMonitorHost = routerConfig.getIPFromMACAddress(STR_MONITORING_HOST); + routerConfig.initMainPolicy(strHost); + routerConfig.combineRouterPolicies(strHost); routerConfig.configureHostDHCPPolicies(strHost); routerConfig.configureHostDNSPolicies(strHost); if (strHost.equals(strMonitorHost)) { @@ -1970,13 +2017,15 @@ public class IoTMaster { try { // Extract hostname for this IoTMaster from MySQL DB strIoTMasterHostAdd = routerConfig.getIPFromMACAddress(STR_MASTER_MAC_ADD); + // Assign a new list of PrintWriter objects + routerConfig.renewPrintWriter(); + HashSet setAddresses = null; // Loop as we can still find controller/device classes for(int i=0; i From IoTSlave start until main controller object is created: " + result); @@ -2089,6 +2146,11 @@ public class IoTMaster { // SetInstrumenter vs. RelationInstrumenter String strFieldName = map.getKey(); String strClassName = map.getValue().getClass().getName(); + + System.out.println("\n\nDEBUG: Instrumenting IoTSet and IoTRelation objects!!!"); + System.out.println("DEBUG: Field name: " + strFieldName); + System.out.println("DEBUG: Class name: " + strFieldName + "\n\n"); + if(strClassName.equals(STR_SET_INSTRUMENTER_CLS)) { SetInstrumenter setInstrumenter = (SetInstrumenter) map.getValue(); if(setInstrumenter.getObjTableName().equals(STR_IOT_DEV_ADD_CLS)) { @@ -2101,7 +2163,7 @@ public class IoTMaster { throw new Error(strErrMsg); } else if(setInstrumenter.getObjTableName().equals(STR_IOT_ADD_CLS)) { // Instrument the IoTAddress - setRouterPolicyIoTSetAddress(strFieldName, map, strIoTSlaveControllerHostAdd); + setRouterPolicyIoTSetAddress(strFieldName, map, strIoTSlaveControllerHostAdd, strObjControllerName); instrumentIoTSetAddress(strFieldName, strFieldName, inStream, outStream, STR_LANGUAGE_CONTROLLER); } else { // Any other cases @@ -2114,7 +2176,7 @@ public class IoTMaster { // Combine controller MAC policies with the main policy file for the host String strTempFileName = "./" + strObjControllerName + STR_MAC_POLICY_EXT; processJailConfig.combineControllerMACPolicies(strIoTSlaveControllerHostAdd, strObjControllerName, strTempFileName); - processJailConfig.close(); + processJailConfig.flush(); // PROFILING result = System.currentTimeMillis()-start; @@ -2124,22 +2186,20 @@ public class IoTMaster { // PROFILING start = System.currentTimeMillis(); - // ROUTING POLICY: Deploy basic policies if this is the last controller - if (i == strObjectNames.length-1) { - // ROUTING POLICY: implement basic policies to reject all other irrelevant traffics - for(String s: commHan.getHosts()) { - setHostBasicPolicies(s); - } - // We retain all the basic policies for router, - // but we delete the initial allowance policies for internal all TCP and UDP communications - setRouterBasicPolicies(STR_ROUTER_ADD); + // ROUTING POLICY: implement basic policies to reject all other irrelevant traffics + for(String s: commHan.getHosts()) { + setHostBasicPolicies(s); } - // Close access to policy files and deploy policies - routerConfig.close(); + // We retain all the basic policies for router, + // but we delete the initial allowance policies for internal all TCP and UDP communications + setRouterBasicPolicies(STR_ROUTER_ADD); + routerConfig.closeMain(); // Deploy the policy - HashSet setAddresses = new HashSet(commHan.getHosts()); + setAddresses = new HashSet(commHan.getHosts()); setAddresses.add(strIoTMasterHostAdd); - createPolicyThreads(STR_ROUTER_ADD, setAddresses); + // See if firewall policy is configured to be "on" or "off" + if (STR_POLICY_ON.equals(STR_YES)) + createPolicyThreads(STR_ROUTER_ADD, setAddresses); // PROFILING result = System.currentTimeMillis()-start; @@ -2182,10 +2242,16 @@ public class IoTMaster { inStream.close(); socket.close(); serverSocket.close(); + objInitHand.clearObjectInitHandler(); commHan.printLists(); + commHan.clearCommunicationHandler(); lbIoT.printHostInfo(); - createMACPolicyThreads(setAddresses); } + // Close access to policy files and deploy policies + routerConfig.close(); + processJailConfig.close(); + if (STR_ACTIVATE_SANDBOXING.equals("Yes")) + createMACPolicyThreads(setAddresses); } catch (IOException | InterruptedException |