X-Git-Url: http://plrg.eecs.uci.edu/git/?p=iot2.git;a=blobdiff_plain;f=iotjava%2Fiotruntime%2Fmaster%2FIoTMaster.java;h=f3bae940be1f79c0e3f50174d26ddae787d6383d;hp=5fb917807b47d9183b8299100279f0434395f497;hb=c3a1aa3a921d688ebd54d5cca0ad60a1425a0fe5;hpb=e7713056b0b0d2f6df424f88317a3d1738f5e3af

diff --git a/iotjava/iotruntime/master/IoTMaster.java b/iotjava/iotruntime/master/IoTMaster.java
index 5fb9178..f3bae94 100644
--- a/iotjava/iotruntime/master/IoTMaster.java
+++ b/iotjava/iotruntime/master/IoTMaster.java
@@ -40,7 +40,7 @@ import static java.lang.Math.toIntExact;
  * @version     1.0
  * @since       2016-06-16
  */
-public class IoTMaster {
+public final class IoTMaster {
 
 	/**
 	 * IoTMaster class properties
@@ -51,6 +51,7 @@ public class IoTMaster {
 	private CommunicationHandler commHan;
 	private LoadBalancer lbIoT;
 	private RouterConfig routerConfig;
+	private ProcessJailConfig processJailConfig;
 	private ObjectInitHandler objInitHand;
 	private ObjectAddressInitHandler objAddInitHand;
 	private String[] strObjectNames;
@@ -96,12 +97,12 @@ public class IoTMaster {
 	private static String STR_ZB_GATEWAY_ADDRESS;
 	private static String STR_ZB_GATEWAY_PORT;
 	private static String STR_ZB_IOTMASTER_PORT;
-	private static String STR_NUM_CALLBACK_PORTS;
 	private static String STR_JVM_INIT_HEAP_SIZE;
 	private static String STR_JVM_MAX_HEAP_SIZE;
 	private static String STR_LANGUAGE_CONTROLLER;
 	private static String STR_SKEL_CLASS_SUFFIX;
 	private static String STR_STUB_CLASS_SUFFIX;
+	private static String STR_ACTIVATE_SANDBOXING;
 	private static boolean BOOL_VERBOSE;
 
 	/**
@@ -113,6 +114,8 @@ public class IoTMaster {
 	private static final String STR_CFG_FILE_EXT = ".config";
 	private static final String STR_CLS_FILE_EXT = ".class";
 	private static final String STR_JAR_FILE_EXT = ".jar";
+	private static final String STR_MAC_POLICY_EXT = ".tomoyo.pol";	
+	private static final String STR_SHELL_FILE_EXT = ".sh";
 	private static final String STR_SO_FILE_EXT = ".so";
 	private static final String STR_ZIP_FILE_EXT = ".zip";
 	private static final String STR_TCP_PROTOCOL = "tcp";
@@ -131,8 +134,12 @@ public class IoTMaster {
 	private static final String STR_SSH = "ssh";
 	private static final String STR_SCP = "scp";
 	private static final String STR_IOTSLAVE_CPP = "./IoTSlave.o";
+	private static final String STR_SHELL_HEADER = "#!/bin/sh";
+	private static final String STR_JAVA_PATH = "/usr/bin/java";
+	private static final String STR_MAC_POL_PATH = "tomoyo/";
 
 	private static int INT_SIZE = 4;	// send length in the size of integer (4 bytes)
+	private static final int INT_DNS_PORT = 53;
 
 	/**
 	 * Runtime class name constants - not to be configured by users
@@ -153,6 +160,7 @@ public class IoTMaster {
 		commHan = null;
 		lbIoT = null;
 		routerConfig = null;
+		processJailConfig = null;
 		objInitHand = null;
 		objAddInitHand = null;
 		strObjectNames = argObjNms;
@@ -188,10 +196,10 @@ public class IoTMaster {
 		STR_ZB_GATEWAY_ADDRESS = null;
 		STR_ZB_GATEWAY_PORT = null;
 		STR_ZB_IOTMASTER_PORT = null;
-		STR_NUM_CALLBACK_PORTS = null;
 		STR_JVM_INIT_HEAP_SIZE = null;
 		STR_JVM_MAX_HEAP_SIZE = null;
 		STR_LANGUAGE_CONTROLLER = null;
+		STR_ACTIVATE_SANDBOXING = null;
 		BOOL_VERBOSE = false;
 	}
 
@@ -207,11 +215,31 @@ public class IoTMaster {
 		lbIoT.setupLoadBalancer();
 		routerConfig = new RouterConfig();
 		routerConfig.getAddressList(STR_ROUTER_ADD);
+		processJailConfig = new ProcessJailConfig();
+		//processJailConfig.setAddressListObject(routerConfig.getAddressListObject());
 		objInitHand = new ObjectInitHandler(BOOL_VERBOSE);
 		objAddInitHand = new ObjectAddressInitHandler(BOOL_VERBOSE);
 		mapClassNameToCrim = new HashMap<String,Object>();
 	}
 
+	/**
+	 * getPrintWriter() gets a new PrintWriter for a new object
+	 *
+	 * @param   strObjectName 	String object name
+	 * @return  PrintWriter
+	 */
+	private PrintWriter getPrintWriter(String strObjectName) {
+
+		FileWriter fw = null;
+		try {
+			fw = new FileWriter(strObjectName);
+		} catch (IOException ex) {
+			ex.printStackTrace();
+		}
+		PrintWriter printWriter = new PrintWriter(new BufferedWriter(fw));
+		return printWriter;
+	}
+
 	/**
 	 * A method to initialize constants from config file
 	 *
@@ -247,12 +275,11 @@ public class IoTMaster {
 		STR_ZB_GATEWAY_ADDRESS = prop.getProperty("ZIGBEE_GATEWAY_ADDRESS");
 		STR_ZB_GATEWAY_PORT = prop.getProperty("ZIGBEE_GATEWAY_PORT");
 		STR_ZB_IOTMASTER_PORT = prop.getProperty("ZIGBEE_IOTMASTER_PORT");
-		STR_NUM_CALLBACK_PORTS = prop.getProperty("NUMBER_CALLBACK_PORTS");
 		STR_JVM_INIT_HEAP_SIZE = prop.getProperty("JVM_INIT_HEAP_SIZE");
 		STR_JVM_MAX_HEAP_SIZE = prop.getProperty("JVM_MAX_HEAP_SIZE");
-		//STR_LANGUAGE = prop.getProperty("LANGUAGE");
 		STR_SKEL_CLASS_SUFFIX = prop.getProperty("SKEL_CLASS_SUFFIX");
 		STR_STUB_CLASS_SUFFIX = prop.getProperty("STUB_CLASS_SUFFIX");
+		STR_ACTIVATE_SANDBOXING = prop.getProperty("ACTIVATE_SANDBOXING");
 		if(prop.getProperty("VERBOSE").equals(STR_YES)) {
 			BOOL_VERBOSE = true;
 		}
@@ -273,12 +300,11 @@ public class IoTMaster {
 		RuntimeOutput.print("STR_ZB_GATEWAY_ADDRESS=" + STR_ZB_GATEWAY_ADDRESS, BOOL_VERBOSE);
 		RuntimeOutput.print("STR_ZB_GATEWAY_PORT=" + STR_ZB_GATEWAY_PORT, BOOL_VERBOSE);
 		RuntimeOutput.print("STR_ZB_IOTMASTER_PORT=" + STR_ZB_IOTMASTER_PORT, BOOL_VERBOSE);
-		RuntimeOutput.print("STR_NUM_CALLBACK_PORTS=" + STR_NUM_CALLBACK_PORTS, BOOL_VERBOSE);
 		RuntimeOutput.print("STR_JVM_INIT_HEAP_SIZE=" + STR_JVM_INIT_HEAP_SIZE, BOOL_VERBOSE);
 		RuntimeOutput.print("STR_JVM_MAX_HEAP_SIZE=" + STR_JVM_MAX_HEAP_SIZE, BOOL_VERBOSE);
-		//RuntimeOutput.print("STR_LANGUAGE=" + STR_LANGUAGE, BOOL_VERBOSE);
 		RuntimeOutput.print("STR_SKEL_CLASS_SUFFIX=" + STR_SKEL_CLASS_SUFFIX, BOOL_VERBOSE);
 		RuntimeOutput.print("STR_STUB_CLASS_SUFFIX=" + STR_STUB_CLASS_SUFFIX, BOOL_VERBOSE);
+		RuntimeOutput.print("STR_ACTIVATE_SANDBOXING=" + STR_ACTIVATE_SANDBOXING, BOOL_VERBOSE);
 		RuntimeOutput.print("BOOL_VERBOSE=" + BOOL_VERBOSE, BOOL_VERBOSE);
 		RuntimeOutput.print("IoTMaster: Information extracted successfully!", BOOL_VERBOSE);
 	}
@@ -492,7 +518,7 @@ public class IoTMaster {
 		RuntimeOutput.print("IoTMaster: Number of rows for IoTZigbeeAddress: " + iRows, BOOL_VERBOSE);
 
 		// TODO: DEBUG!!!
-		System.out.println("\n\n DEBUG: InstrumentZigbeeDevice: Object Name: " + strObjName);
+		System.out.println("\n\nDEBUG: InstrumentZigbeeDevice: Object Name: " + strObjName);
 		System.out.println("DEBUG: InstrumentZigbeeDevice: Port number: " + commHan.getComPort(strZigbeeGWAddressKey));
 		System.out.println("DEBUG: InstrumentZigbeeDevice: Device address: " + strZigbeeGWAddress + "\n\n");
 
@@ -562,10 +588,11 @@ public class IoTMaster {
 	 * A private method to instrument an object on a specific machine and setting up policies
 	 *
 	 * @params  strFieldObjectID  		  String field object ID
+	 * @params  strObjControllerName	  String object controller name
 	 * @params  strLanguage				  String language
 	 * @return  void
 	 */
-	private void instrumentObject(String strFieldObjectID, String strLanguage) throws IOException {
+	private void instrumentObject(String strFieldObjectID, String strObjControllerName, String strLanguage) throws IOException {
 
 		// Extract the interface name for RMI
 		// e.g. ProximitySensorInterface, TempSensorInterface, etc.
@@ -610,6 +637,16 @@ public class IoTMaster {
 				strIoTSlaveObjectHostAdd, STR_TCP_PROTOCOL);
 			routerConfig.configureHostMainPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveControllerHostAdd,
 				strIoTSlaveObjectHostAdd, STR_TCP_PROTOCOL);
+			// Configure MAC policies for objects
+			//String strFileName = STR_MAC_POL_PATH + strObjClassName + STR_MAC_POLICY_EXT;
+			String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
+			if (STR_ACTIVATE_SANDBOXING.equals("Yes")) {
+				processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, strObjClassName,
+					strFileName, strIoTMasterHostAdd, commHan.getComPort(strObjName), commHan.getRMIRegPort(strObjName), 
+					commHan.getRMIStubPort(strObjName));
+				processJailConfig.configureProcessJailContRMIPolicies(strObjControllerName, strIoTSlaveObjectHostAdd, 
+					commHan.getRMIRegPort(strObjName), commHan.getRMIStubPort(strObjName));
+			}
 			// Instrument the IoTSet declarations inside the class file
 			instrumentObjectIoTSet(strFieldObjectID, strLanguage);
 		}
@@ -628,35 +665,8 @@ public class IoTMaster {
 			STR_TCP_PROTOCOL, commHan.getRMIStubPort(strObjName));
 		routerConfig.configureHostMainPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveControllerHostAdd, strIoTSlaveObjectHostAdd,
 			STR_TCP_PROTOCOL, commHan.getRMIStubPort(strObjName));
-		// Send the same set of routing policies for callback ports
-		setCallbackPortsPolicy(strObjName, STR_ROUTER_ADD, strIoTSlaveControllerHostAdd, strIoTSlaveObjectHostAdd, STR_TCP_PROTOCOL);
 	}
 
-	/**
-	 * A private method to set router policies for callback ports
-	 *
-	 * @params  strRouterAdd       				String router address
-	 * @params  strIoTSlaveControllerHostAdd  	String slave controller host address
-	 * @params  strIoTSlaveObjectHostAdd  		String slave object host address
-	 * @params	strProtocol						String protocol
-	 * @return  iPort							Integer port number
-	 */
-	private void setCallbackPortsPolicy(String strObjName, String strRouterAdd, String strIoTSlaveControllerHostAdd, 
-		String strIoTSlaveObjectHostAdd, String strProtocol) {
-
-		int iNumCallbackPorts = Integer.parseInt(STR_NUM_CALLBACK_PORTS);
-		Integer[] rmiCallbackPorts = commHan.getCallbackPorts(strObjName, iNumCallbackPorts);
-
-		// Iterate over port numbers and set up policies
-		for (int i=0; i<iNumCallbackPorts; i++) {
-			routerConfig.configureRouterMainPolicies(strRouterAdd, strIoTSlaveControllerHostAdd, strIoTSlaveObjectHostAdd,
-				strProtocol, rmiCallbackPorts[i]);
-			routerConfig.configureHostMainPolicies(strIoTSlaveControllerHostAdd, strIoTSlaveControllerHostAdd, strIoTSlaveObjectHostAdd,
-				strProtocol, rmiCallbackPorts[i]);
-			routerConfig.configureHostMainPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveControllerHostAdd, strIoTSlaveObjectHostAdd,
-				strProtocol, rmiCallbackPorts[i]);
-		}
-	}
 
 	/**
 	 * A private method to set router policies for IoTDeviceAddress objects
@@ -727,6 +737,9 @@ public class IoTMaster {
 				routerConfig.configureHostMainPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveObjectHostAdd, strDeviceAddress, STR_TCP_PROTOCOL, iDestDeviceDriverPort);
 				routerConfig.configureRouterHTTPPolicies(STR_ROUTER_ADD, strIoTSlaveObjectHostAdd, strDeviceAddress);
 				routerConfig.configureHostHTTPPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveObjectHostAdd, strDeviceAddress);
+				// Configure MAC policies
+				if (STR_ACTIVATE_SANDBOXING.equals("Yes"))
+					processJailConfig.configureProcessJailGWDevicePolicies(strIoTSlaveObjectHostAdd, STR_ROUTER_ADD, INT_DNS_PORT);
 			} else {
 				// Other port numbers...
 				commHan.addDevicePort(iDestDeviceDriverPort);
@@ -734,6 +747,10 @@ public class IoTMaster {
 					commHan.getComPort(strDeviceAddressKey), iDestDeviceDriverPort);
 				routerConfig.configureHostMainPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveObjectHostAdd, strDeviceAddress, strProtocol, 
 					commHan.getComPort(strDeviceAddressKey), iDestDeviceDriverPort);
+				// Configure MAC policies
+				if (STR_ACTIVATE_SANDBOXING.equals("Yes"))
+					processJailConfig.configureProcessJailDevicePolicies(strIoTSlaveObjectHostAdd, strProtocol,
+						commHan.getComPort(strDeviceAddressKey), strDeviceAddress, iDestDeviceDriverPort);
 			}
 		}
 	}
@@ -747,7 +764,7 @@ public class IoTMaster {
 	 * @return  void
 	 */
 	private void setRouterPolicyIoTSetAddress(String strFieldIdentifier, Map.Entry<String,Object> map, 
-		String strHostAddress) {
+		String strHostAddress, String strControllerName) {
 
 		// Get information from the set
 		SetInstrumenter setInstrumenter = (SetInstrumenter) map.getValue();
@@ -760,6 +777,13 @@ public class IoTMaster {
 			// Get device address
 			String strAddress = (String) arrFieldValues[0];
 			// Setting up router policies for HTTP/HTTPs
+			if (STR_ACTIVATE_SANDBOXING.equals("Yes")) {
+				if (strControllerName != null) {
+					processJailConfig.configureProcessJailInetAddressPolicies(strControllerName, strAddress);
+				} else {
+					processJailConfig.configureProcessJailInetAddressPolicies(strHostAddress, strAddress);
+				}
+			}
 			routerConfig.configureRouterHTTPPolicies(STR_ROUTER_ADD, strHostAddress, strAddress);
 			routerConfig.configureHostHTTPPolicies(strHostAddress, strHostAddress, strAddress);
 		}
@@ -814,7 +838,7 @@ public class IoTMaster {
 					setRouterPolicyIoTSetDevice(strFieldIdentifier, map, strIoTSlaveObjectHostAdd);
 				} else if(setInstrumenter.getObjTableName().equals(STR_IOT_ADD_CLS)) { 
 				// Instrument the IoTAddress
-					setRouterPolicyIoTSetAddress(strFieldIdentifier, map, strIoTSlaveObjectHostAdd);
+					setRouterPolicyIoTSetAddress(strFieldIdentifier, map, strIoTSlaveObjectHostAdd, null);
 				} else if(setInstrumenter.getObjTableName().equals(STR_IOT_ZB_ADD_CLS)) { 
 				// Instrument the IoTZigbeeAddress - special feature for Zigbee device support
 					RuntimeOutput.print("IoTMaster: IoTZigbeeAddress found! No router policy is set here..", 
@@ -905,11 +929,18 @@ public class IoTMaster {
 	 */
 	private String getCmdJavaDriverIoTSlave(String strIoTMasterHostAdd, String strIoTSlaveObjectHostAdd, String strObjName) {
 
-		return STR_SSH + " " + STR_USERNAME + strIoTSlaveObjectHostAdd + " cd " + STR_RUNTIME_DIR + " sudo java " +
-			STR_CLS_PATH + " " + STR_RMI_PATH + " " + STR_RMI_HOSTNAME +
-			strIoTSlaveObjectHostAdd + " " + STR_IOT_SLAVE_CLS + " " + strIoTMasterHostAdd + " " +
+		// Create an Shell executable
+		String strJavaCommand =	STR_SHELL_HEADER + "\nexec " + STR_JAVA_PATH + " " + STR_CLS_PATH + " " + STR_RMI_PATH + " " + 
+			STR_RMI_HOSTNAME + strIoTSlaveObjectHostAdd + " " + STR_IOT_SLAVE_CLS + " " + strIoTMasterHostAdd + " " +
 			commHan.getComPort(strObjName) + " " + commHan.getRMIRegPort(strObjName) + " " +
-			commHan.getRMIStubPort(strObjName) + " >& " + STR_LOG_FILE_PATH + strObjName + ".log &";
+			commHan.getRMIStubPort(strObjName) + " > " + STR_LOG_FILE_PATH + strObjName + ".log &";
+		String shellFile = "./" + strObjName + STR_SHELL_FILE_EXT;
+		createWrapperShellScript(strJavaCommand, shellFile);
+		// Send the file to the compute node
+		String strCmdSend = "scp " + shellFile + " " + STR_USERNAME + strIoTSlaveObjectHostAdd + ":" + STR_RUNTIME_DIR;
+		runCommand(strCmdSend);
+		System.out.println("IoTMaster: Sending shell file: " + strCmdSend);
+		return STR_SSH + " " + STR_USERNAME + strIoTSlaveObjectHostAdd + " cd " + STR_RUNTIME_DIR + " " + shellFile;
 	}
 
 
@@ -926,6 +957,22 @@ public class IoTMaster {
 	}
 
 
+	/**
+	 * createWrapperShellScript() gets a wrapper shell script
+	 *
+	 * @param   strCommand 		String command
+	 * @param   strObjectName 	String object name
+	 * @return  PrintWriter
+	 */
+	private void createWrapperShellScript(String strCommand, String strFileName) {
+
+		PrintWriter printWriter = getPrintWriter(strFileName);
+		printWriter.println(strCommand);
+		printWriter.close();
+		runCommand("chmod 755 " + strFileName);
+	}
+
+
 	/**
 	 * A private method to create an object on a specific machine
 	 *
@@ -1134,7 +1181,7 @@ public class IoTMaster {
 	 * @params  strLanguage				  String language
 	 * @return  void
 	 */
-	private void instrumentIoTSet(Map.Entry<String,Object> map, String strFieldName, String strLanguage) 
+	private void instrumentIoTSet(Map.Entry<String,Object> map, String strFieldName, String strObjControllerName, String strLanguage) 
 		throws IOException, ClassNotFoundException, InterruptedException {
 				
 		// Get information from the set
@@ -1150,11 +1197,10 @@ public class IoTMaster {
 			String strObjID = setInstrumenter.fieldObjectID(iRow);
 			strObjClassName = setInstrumenter.fieldEntryType(strObjID);
 			// Call the method to create an object
-			instrumentObject(strObjID, strLanguage);
-			int iNumOfPorts = Integer.parseInt(STR_NUM_CALLBACK_PORTS);
+			instrumentObject(strObjID, strObjControllerName, strLanguage);
 			objInitHand.addObjectIntoField(strFieldName, strIoTSlaveObjectHostAdd, strObjName,
 				strObjClassName, strObjClassInterfaceName, strObjStubClsIntfaceName, commHan.getRMIRegPort(strObjName), 
-				commHan.getRMIStubPort(strObjName), commHan.getCallbackPorts(strObjName, iNumOfPorts));
+				commHan.getRMIStubPort(strObjName));
 		}
 	}
 
@@ -1167,7 +1213,7 @@ public class IoTMaster {
 	 * @params  strLanguage				  String language
 	 * @return  void
 	 */
-	private void instrumentIoTRelation(Map.Entry<String,Object> map, String strFieldName, String strLanguage) 
+	private void instrumentIoTRelation(Map.Entry<String,Object> map, String strFieldName, String strObjControllerName, String strLanguage) 
 		throws IOException, ClassNotFoundException, InterruptedException {
 
 			// Get information from the set
@@ -1182,27 +1228,24 @@ public class IoTMaster {
 			String strObjID = relationInstrumenter.firstFieldObjectID(iRow);
 			strObjClassName = relationInstrumenter.firstEntryFieldType(strObjID);
 			// Call the method to create an object
-			instrumentObject(strObjID, strLanguage);
+			instrumentObject(strObjID, strObjControllerName, strLanguage);
 			// Get the first object controller host address
 			String strFirstIoTSlaveObjectHostAdd = strIoTSlaveObjectHostAdd;
-			int iNumOfPorts = Integer.parseInt(STR_NUM_CALLBACK_PORTS);
 			objInitHand.addObjectIntoField(strFieldName, strIoTSlaveObjectHostAdd, strObjName,
 				strObjClassName, strObjClassInterfaceName, strObjStubClsIntfaceName, 
-				commHan.getRMIRegPort(strObjName), commHan.getRMIStubPort(strObjName), 
-				commHan.getCallbackPorts(strObjName, iNumOfPorts));
+				commHan.getRMIRegPort(strObjName), commHan.getRMIStubPort(strObjName));
 			// Operate on the second set
 			arrFieldClasses = relationInstrumenter.secondFieldClasses(iRow);
 			arrFieldValues = relationInstrumenter.secondFieldValues(iRow);
 			strObjID = relationInstrumenter.secondFieldObjectID(iRow);
 			strObjClassName = relationInstrumenter.secondEntryFieldType(strObjID);
 			// Call the method to create an object
-			instrumentObject(strObjID, strLanguage);
+			instrumentObject(strObjID, strObjControllerName, strLanguage);
 			// Get the second object controller host address
 			String strSecondIoTSlaveObjectHostAdd = strIoTSlaveObjectHostAdd;
 			objInitHand.addSecondObjectIntoField(strFieldName, strIoTSlaveObjectHostAdd, strObjName,
 				strObjClassName, strObjClassInterfaceName, strObjStubClsIntfaceName, 
-				commHan.getRMIRegPort(strObjName), commHan.getRMIStubPort(strObjName),
-				commHan.getCallbackPorts(strObjName, iNumOfPorts));
+				commHan.getRMIRegPort(strObjName), commHan.getRMIStubPort(strObjName));
 			// ROUTING POLICY: first and second controller objects in IoTRelation
 			routerConfig.configureRouterMainPolicies(STR_ROUTER_ADD, strFirstIoTSlaveObjectHostAdd,
 				strSecondIoTSlaveObjectHostAdd, STR_TCP_PROTOCOL);
@@ -1237,8 +1280,8 @@ public class IoTMaster {
 					// == COMMUNICATION WITH IOTSLAVE CONTROLLER TO FILL IN IOTSET
 					commMasterToSlave(new MessageGetObject(IoTCommCode.GET_IOTSET_OBJECT, objInitInfo.getIoTSlaveObjectHostAdd(),
 						objInitInfo.getObjectName(), objInitInfo.getObjectClassName(), objInitInfo.getObjectClassInterfaceName(), 
-						objInitInfo.getObjectStubClassInterfaceName(), objInitInfo.getRMIRegistryPort(), objInitInfo.getRMIStubPort(),
-						objInitInfo.getRMICallbackPorts()), "Get IoTSet object!", inStream, outStream);
+						objInitInfo.getObjectStubClassInterfaceName(), objInitInfo.getRMIRegistryPort(), objInitInfo.getRMIStubPort()), 
+						"Get IoTSet object!", inStream, outStream);
 
 				}
 				// == COMMUNICATION WITH IOTSLAVE CONTROLLER TO REINITIALIZE IOTSET FIELD
@@ -1256,14 +1299,14 @@ public class IoTMaster {
 					commMasterToSlave(new MessageGetObject(IoTCommCode.GET_IOTRELATION_FIRST_OBJECT, 
 						objInitInfo.getIoTSlaveObjectHostAdd(), objInitInfo.getObjectName(), objInitInfo.getObjectClassName(),
 						objInitInfo.getObjectClassInterfaceName(), objInitInfo.getObjectStubClassInterfaceName(),
-						objInitInfo.getRMIRegistryPort(), objInitInfo.getRMIStubPort(), objInitInfo.getRMICallbackPorts()), 
+						objInitInfo.getRMIRegistryPort(), objInitInfo.getRMIStubPort()), 
 						"Get IoTRelation first object!", inStream, outStream);
 					ObjectInitInfo objSecObj = (ObjectInitInfo) it.next();
 					// == COMMUNICATION WITH IOTSLAVE CONTROLLER TO FILL IN IOTRELATION (SECOND OBJECT)
 					commMasterToSlave(new MessageGetObject(IoTCommCode.GET_IOTRELATION_SECOND_OBJECT,
 						objSecObj.getIoTSlaveObjectHostAdd(), objSecObj.getObjectName(), objSecObj.getObjectClassName(),
 						objSecObj.getObjectClassInterfaceName(), objSecObj.getObjectStubClassInterfaceName(),
-						objSecObj.getRMIRegistryPort(), objSecObj.getRMIStubPort(), objSecObj.getRMICallbackPorts()), 
+						objSecObj.getRMIRegistryPort(), objSecObj.getRMIStubPort()), 
 						"Get IoTRelation second object!", inStream, outStream);
 				}
 				// == COMMUNICATION WITH IOTSLAVE CONTROLLER TO REINITIALIZE IOTRELATION FIELD
@@ -1295,7 +1338,7 @@ public class IoTMaster {
 					// == COMMUNICATION WITH IOTSLAVE CONTROLLER TO FILL IN IOTSET
 					getIoTSetRelationObjectCpp(IoTCommCode.GET_IOTSET_OBJECT, objInitInfo.getIoTSlaveObjectHostAdd(), objInitInfo.getObjectName(), 
 						objInitInfo.getObjectClassName(), objInitInfo.getObjectClassInterfaceName(), objInitInfo.getObjectStubClassInterfaceName(),
- 						objInitInfo.getRMIRegistryPort(), objInitInfo.getRMIStubPort(), objInitInfo.getRMICallbackPorts(), outStream, inStream);
+ 						objInitInfo.getRMIRegistryPort(), objInitInfo.getRMIStubPort(), outStream, inStream);
 				}
 				// == COMMUNICATION WITH IOTSLAVE CONTROLLER TO REINITIALIZE IOTSET FIELD
 				reinitializeIoTSetFieldCpp(outStream, inStream);
@@ -1310,12 +1353,12 @@ public class IoTMaster {
 					// == COMMUNICATION WITH IOTSLAVE CONTROLLER TO FILL IN IOTRELATION (FIRST OBJECT)
 					getIoTSetRelationObjectCpp(IoTCommCode.GET_IOTRELATION_FIRST_OBJECT, objInitInfo.getIoTSlaveObjectHostAdd(), objInitInfo.getObjectName(), 
 						objInitInfo.getObjectClassName(), objInitInfo.getObjectClassInterfaceName(), objInitInfo.getObjectStubClassInterfaceName(),
- 						objInitInfo.getRMIRegistryPort(), objInitInfo.getRMIStubPort(), objInitInfo.getRMICallbackPorts(), outStream, inStream);
+ 						objInitInfo.getRMIRegistryPort(), objInitInfo.getRMIStubPort(), outStream, inStream);
 					ObjectInitInfo objSecObj = (ObjectInitInfo) it.next();
 					// == COMMUNICATION WITH IOTSLAVE CONTROLLER TO FILL IN IOTRELATION (SECOND OBJECT)
 					getIoTSetRelationObjectCpp(IoTCommCode.GET_IOTRELATION_SECOND_OBJECT, objSecObj.getIoTSlaveObjectHostAdd(), objSecObj.getObjectName(), 
 						objSecObj.getObjectClassName(), objSecObj.getObjectClassInterfaceName(), objSecObj.getObjectStubClassInterfaceName(),
-						objSecObj.getRMIRegistryPort(), objSecObj.getRMIStubPort(), objSecObj.getRMICallbackPorts(), outStream, inStream);
+						objSecObj.getRMIRegistryPort(), objSecObj.getRMIStubPort(), outStream, inStream);
 				}
 				// == COMMUNICATION WITH IOTSLAVE CONTROLLER TO REINITIALIZE IOTRELATION FIELD
 				reinitializeIoTRelationFieldCpp(outStream, inStream);
@@ -1410,6 +1453,39 @@ public class IoTMaster {
 		}
 	}
 
+	/**
+	 * A method to create a thread for policy deployment
+	 *
+	 * @param  setHostAddresses		Set of strings for host addresses to configure
+	 * @return            			void
+	 */
+	private void createMACPolicyThreads(Set<String> setHostAddresses) throws IOException {
+
+		// Create a list of threads
+		List<Thread> threads = new ArrayList<Thread>();
+		// Start threads for hosts
+		for(String strAddress : setHostAddresses) {
+			Thread policyThread = new Thread(new Runnable() {
+				public void run() {
+					synchronized(this) {
+						processJailConfig.sendMACPolicies(strAddress);
+					}
+				}
+			});
+			threads.add(policyThread);
+			policyThread.start();
+			RuntimeOutput.print("Deploying MAC policies for: " + strAddress, BOOL_VERBOSE);
+		}
+		// Join all threads
+		for (Thread thread : threads) {
+			try {
+				thread.join();
+			} catch (InterruptedException ex) {
+				ex.printStackTrace();
+			}
+		}
+	}
+
 
 	/**
 	 * A method to send files to Java IoTSlave
@@ -1539,14 +1615,19 @@ public class IoTMaster {
 	 */
 	private String getCmdJavaIoTSlave(String strObjControllerName) {
 
-		return STR_SSH + " " + STR_USERNAME + strIoTSlaveControllerHostAdd + " cd " +
-					STR_RUNTIME_DIR + " sudo java " + STR_JVM_INIT_HEAP_SIZE + " " + 
-					STR_JVM_MAX_HEAP_SIZE + " " + STR_CLS_PATH + " " +
-					STR_RMI_PATH + " " + STR_IOT_SLAVE_CLS + " " + strIoTMasterHostAdd + " " +
-					commHan.getComPort(strObjControllerName) + " " +
-					commHan.getRMIRegPort(strObjControllerName) + " " +
-					commHan.getRMIStubPort(strObjControllerName) + " >& " +
-					STR_LOG_FILE_PATH + strObjControllerName + ".log &";
+		// Create an Shell executable
+		String strJavaCommand =	STR_SHELL_HEADER + "\nexec " + STR_JAVA_PATH + " " + STR_JVM_INIT_HEAP_SIZE + " " + 
+					STR_JVM_MAX_HEAP_SIZE + " " + STR_CLS_PATH + " " + STR_RMI_PATH + " " + STR_IOT_SLAVE_CLS + " " + 
+					strIoTMasterHostAdd + " " + commHan.getComPort(strObjControllerName) + " " +
+					commHan.getRMIRegPort(strObjControllerName) + " " + commHan.getRMIStubPort(strObjControllerName) + 
+					" > " + STR_LOG_FILE_PATH + strObjControllerName + ".log &";
+		String shellFile = "./" + strObjControllerName + STR_SHELL_FILE_EXT;
+		createWrapperShellScript(strJavaCommand, shellFile);
+		// Send the file to the compute node
+		String strCmdSend = "scp " + shellFile + " " + STR_USERNAME + strIoTSlaveControllerHostAdd + ":" + STR_RUNTIME_DIR;
+		runCommand(strCmdSend);
+		System.out.println("IoTMaster: Sending main controller shell file: " + strCmdSend);
+		return STR_SSH + " " + STR_USERNAME + strIoTSlaveControllerHostAdd + " cd " + STR_RUNTIME_DIR + " " + shellFile;
 	}
 
 
@@ -1813,7 +1894,7 @@ public class IoTMaster {
 	 */
 	public void getIoTSetRelationObjectCpp(IoTCommCode iotCommCode, String strIoTSlaveHostAddress, String strObjectName, String strObjectClassName, 
 			String strObjectClassInterfaceName, String strObjectStubClassInterfaceName, int iRMIRegistryPort, int iRMIStubPort, 
-			Integer[] iCallbackPorts, OutputStream outStream, InputStream inStream) throws IOException {
+			OutputStream outStream, InputStream inStream) throws IOException {
 
 		sendCommCode(iotCommCode, outStream, inStream);
 		RuntimeOutput.print("IoTMaster: Getting IoTSet object content...", BOOL_VERBOSE);
@@ -1832,10 +1913,6 @@ public class IoTMaster {
 		sendInteger(iRMIRegistryPort, outStream); recvAck(inStream);
 		RuntimeOutput.print("IoTMaster: Driver object stub port: " + iRMIStubPort, BOOL_VERBOSE);
 		sendInteger(iRMIStubPort, outStream); recvAck(inStream);
-		sendInteger(iCallbackPorts.length, outStream); recvAck(inStream);
-		for(Integer i : iCallbackPorts) {
-			sendInteger(i, outStream); recvAck(inStream);
-		}
 	}
 
 
@@ -1991,7 +2068,13 @@ public class IoTMaster {
 					sendFileToCppSlave(strControllerFilePath, strControllerZipFile);
 					createMainObjectCpp(strObjControllerName, outStream, inStream);
 				}
-
+				// Write basic MAC policies for controller
+				//String strFileName = STR_MAC_POL_PATH + strObjControllerName + STR_MAC_POLICY_EXT;
+				if (STR_ACTIVATE_SANDBOXING.equals("Yes")) {
+					String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
+					processJailConfig.configureProcessJailControllerPolicies(strObjControllerName, strFileName, 
+						strIoTMasterHostAdd, commHan.getComPort(strObjControllerName));
+				}
 				// PROFILING
 				result = System.currentTimeMillis()-start;
 				System.out.println("\n\n ==> From IoTSlave start until main controller object is created: " + result);
@@ -2038,16 +2121,21 @@ public class IoTMaster {
 							throw new Error(strErrMsg);
 						} else if(setInstrumenter.getObjTableName().equals(STR_IOT_ADD_CLS)) { 
 						// Instrument the IoTAddress
-							setRouterPolicyIoTSetAddress(strFieldName, map, strIoTSlaveControllerHostAdd);
+							setRouterPolicyIoTSetAddress(strFieldName, map, strIoTSlaveControllerHostAdd, strObjControllerName);
 							instrumentIoTSetAddress(strFieldName, strFieldName, inStream, outStream, STR_LANGUAGE_CONTROLLER);
 						} else {
 						// Any other cases
-							instrumentIoTSet(map, strFieldName, STR_LANGUAGE_CONTROLLER);
+							instrumentIoTSet(map, strFieldName, strObjControllerName, STR_LANGUAGE_CONTROLLER);
 						}
 					} else if (strClassName.equals(STR_REL_INSTRUMENTER_CLS)) {
-						instrumentIoTRelation(map, strFieldName, STR_LANGUAGE_CONTROLLER);
+						instrumentIoTRelation(map, strFieldName, strObjControllerName, STR_LANGUAGE_CONTROLLER);
 					}
 				}
+				// Combine controller MAC policies with the main policy file for the host
+				String strTempFileName = "./" + strObjControllerName + STR_MAC_POLICY_EXT;
+				processJailConfig.combineControllerMACPolicies(strIoTSlaveControllerHostAdd, strObjControllerName, strTempFileName);
+				processJailConfig.close();
+
 				// PROFILING
 				result = System.currentTimeMillis()-start;
 				System.out.println("\n\n ==> Time needed to instrument device driver objects: " + result + "\n\n");
@@ -2116,6 +2204,8 @@ public class IoTMaster {
 				serverSocket.close();
 				commHan.printLists();
 				lbIoT.printHostInfo();
+				if (STR_ACTIVATE_SANDBOXING.equals("Yes"))
+					createMACPolicyThreads(setAddresses);
 			}
 
 		} catch (IOException          |