Sentinel with process jailing using Tomoyo - works with the SmartLightsController...
authorrtrimana <rtrimana@uci.edu>
Mon, 10 Apr 2017 21:47:52 +0000 (14:47 -0700)
committerrtrimana <rtrimana@uci.edu>
Mon, 10 Apr 2017 21:47:52 +0000 (14:47 -0700)
benchmarks/Java/HomeSecurityController/Makefile
benchmarks/Java/SmartLightsController/Makefile
iotjava/iotruntime/master/IoTMaster.java
iotjava/iotruntime/master/ProcessJailConfig.java
localconfig/tomoyo/AmcrestCamera.tomoyo.pol [deleted file]
localconfig/tomoyo/Java.tomoyo.pol [new file with mode: 0644]
localconfig/tomoyo/LabRoom.tomoyo.pol [deleted file]
localconfig/tomoyo/LifxLightBulb.tomoyo.pol [deleted file]
localconfig/tomoyo/SmartLightsController.tomoyo.pol [deleted file]

index 7094972..460b10a 100644 (file)
@@ -22,12 +22,12 @@ PHONY += homesecurity
 homesecurity:
        $(JAVAC) $(JFLAGS) *.java
        cp HomeSecurityController.config $(BIN_DIR)/HomeSecurityController
-       cd $(BIN_DIR)/HomeSecurityController; $(JAR) $(JARFLAGS) HomeSecurityController.jar ../HomeSecurityController/HomeSecurityController*.class ../HomeSecurityController/MotionDetection*.class ../iotcode/interfaces/SmartthingsSensor*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Alarm*.class ../iotcode/interfaces/Room*.class  ../iotcode/interfaces/ZoneState*.class ../iotcode/interfaces/Resolution*.class
+       cd $(BIN_DIR)/HomeSecurityController; $(JAR) $(JARFLAGS) HomeSecurityController.jar ../HomeSecurityController/HomeSecurityController*.class ../HomeSecurityController/*.class ../iotcode/interfaces/SmartthingsSensor*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Alarm*.class ../iotcode/interfaces/Room*.class  ../iotcode/interfaces/ZoneState*.class ../iotcode/interfaces/Resolution*.class
 
 PHONY += check-homesecurity
 check-homesecurity:
        $(JAVAC) $(JFLAGS) $(CHECKER_OPT) $(ASTUBS) *.java
        cp HomeSecurityController.config $(BIN_DIR)/HomeSecurityController
-       cd $(BIN_DIR)/HomeSecurityController; $(JAR) $(JARFLAGS) HomeSecurityController.jar ../HomeSecurityController/HomeSecurityController*.class ../HomeSecurityController/MotionDetection*.class ../iotcode/interfaces/SmartthingsSensor*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Alarm*.class ../iotcode/interfaces/Room*.class  ../iotcode/interfaces/ZoneState*.class ../iotcode/interfaces/Resolution*.class
+       cd $(BIN_DIR)/HomeSecurityController; $(JAR) $(JARFLAGS) HomeSecurityController.jar ../HomeSecurityController/HomeSecurityController*.class ../HomeSecurityController/*.class ../iotcode/interfaces/SmartthingsSensor*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Alarm*.class ../iotcode/interfaces/Room*.class  ../iotcode/interfaces/ZoneState*.class ../iotcode/interfaces/Resolution*.class
 
 .PHONY: $(PHONY)
index 69d132b..25baf35 100644 (file)
@@ -22,12 +22,12 @@ PHONY += smartlights
 smartlights:
        $(JAVAC) $(JFLAGS) *.java
        cp SmartLightsController.config $(BIN_DIR)/SmartLightsController
-       cd $(BIN_DIR)/SmartLightsController; $(JAR) $(JARFLAGS) SmartLightsController.jar ../SmartLightsController/SmartLightsController*.class ../SmartLightsController/ColorTemperature*.class ../SmartLightsController/MotionDetection*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/LightBulb*.class ../iotcode/interfaces/Resolution*.class
+       cd $(BIN_DIR)/SmartLightsController; $(JAR) $(JARFLAGS) SmartLightsController.jar ../SmartLightsController/SmartLightsController*.class ../SmartLightsController/ColorTemperature*.class ../SmartLightsController/MotionDetection*.class ../SmartLightsController/*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/LightBulb*.class ../iotcode/interfaces/Resolution*.class
 
 PHONY += check-smartlights
 check-smartlights:
        $(JAVAC) $(JFLAGS) $(CHECKER_OPT) $(ASTUBS) *.java
        cp SmartLightsController.config $(BIN_DIR)/SmartLightsController
-       cd $(BIN_DIR)/SmartLightsController; $(JAR) $(JARFLAGS) SmartLightsController.jar ../SmartLightsController/SmartLightsController*.class ../SmartLightsController/ColorTemperature*.class ../SmartLightsController/MotionDetection*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/LightBulb*.class ../iotcode/interfaces/Resolution*.class
+       cd $(BIN_DIR)/SmartLightsController; $(JAR) $(JARFLAGS) SmartLightsController.jar ../SmartLightsController/SmartLightsController*.class ../SmartLightsController/ColorTemperature*.class ../SmartLightsController/MotionDetection*.class ../SmartLightsController/*.class ../iotcode/interfaces/Camera*.class ../iotcode/interfaces/Room*.class ../iotcode/interfaces/LightBulb*.class ../iotcode/interfaces/Resolution*.class
 
 .PHONY: $(PHONY)
index 8be2fe4..ed199d0 100644 (file)
@@ -513,7 +513,7 @@ public class IoTMaster {
                RuntimeOutput.print("IoTMaster: Number of rows for IoTZigbeeAddress: " + iRows, BOOL_VERBOSE);
 
                // TODO: DEBUG!!!
-               System.out.println("\n\n DEBUG: InstrumentZigbeeDevice: Object Name: " + strObjName);
+               System.out.println("\n\nDEBUG: InstrumentZigbeeDevice: Object Name: " + strObjName);
                System.out.println("DEBUG: InstrumentZigbeeDevice: Port number: " + commHan.getComPort(strZigbeeGWAddressKey));
                System.out.println("DEBUG: InstrumentZigbeeDevice: Device address: " + strZigbeeGWAddress + "\n\n");
 
@@ -633,8 +633,9 @@ public class IoTMaster {
                        routerConfig.configureHostMainPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveControllerHostAdd,
                                strIoTSlaveObjectHostAdd, STR_TCP_PROTOCOL);
                        // Configure MAC policies for objects
-                       String strFileName = STR_MAC_POL_PATH + strObjClassName + STR_MAC_POLICY_EXT;
-                       processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, 
+                       //String strFileName = STR_MAC_POL_PATH + strObjClassName + STR_MAC_POLICY_EXT;
+                       String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
+                       processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, strObjClassName,
                                strFileName, strIoTMasterHostAdd, commHan.getComPort(strObjName), commHan.getRMIRegPort(strObjName), 
                                commHan.getRMIStubPort(strObjName));
                        processJailConfig.configureProcessJailContRMIPolicies(strObjControllerName, strIoTSlaveObjectHostAdd, 
@@ -2050,7 +2051,8 @@ public class IoTMaster {
                                        createMainObjectCpp(strObjControllerName, outStream, inStream);
                                }
                                // Write basic MAC policies for controller
-                               String strFileName = STR_MAC_POL_PATH + strObjControllerName + STR_MAC_POLICY_EXT;
+                               //String strFileName = STR_MAC_POL_PATH + strObjControllerName + STR_MAC_POLICY_EXT;
+                               String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
                                processJailConfig.configureProcessJailControllerPolicies(strObjControllerName, strFileName, 
                                        strIoTMasterHostAdd, commHan.getComPort(strObjControllerName));
                                // PROFILING
index d76d130..7b080fd 100644 (file)
@@ -38,6 +38,7 @@ public final class ProcessJailConfig {
 
        private static final String STR_MAC_POLICY_EXT          = ".tomoyo.pol";
        private static final String STR_OBJECT_NAME             = "<object-name>";
+       private static final String STR_OBJECT_CLASS_NAME       = "<object-class-name>";
        private static final String STR_MASTER_IP_ADDRESS       = "<master-ip-address>";
        private static final String STR_MASTER_COM_PORT         = "<master-com-port>";
        private static final String STR_RMI_REG_PORT            = "<rmi-reg-port>";
@@ -263,6 +264,7 @@ public final class ProcessJailConfig {
         *
         * @param   strConfigHost                       String hostname to be configured
         * @param   strObjectName                       String object name
+        * @param   strObjectClassName          String object class name
         * @param   strFileName                         String policy file path and name
         * @param   strMasterIPAddress          String master IP address
         * @param   iComPort                            Integer communication port (controller-driver)
@@ -270,17 +272,22 @@ public final class ProcessJailConfig {
         * @param   iRMIStubPort                        Integer RMI stub port
         * @return  void
         */
-       public void configureProcessJailDeviceDriverPolicies(String strConfigHost, String strObjectName, 
+       public void configureProcessJailDeviceDriverPolicies(String strConfigHost, String strObjectName, String strObjectClassName, 
                        String strFileName, String strMasterIPAddress, int iComPort, int iRMIRegPort, int iRMIStubPort) {
 
                PrintWriter pwConfig = getPrintWriter(strConfigHost);
                String strPolicyList = readFile(strFileName);
                // Replace the strings with the actual values
-               String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strObjectName).replace(STR_MASTER_IP_ADDRESS,
-                       strMasterIPAddress).replace(STR_MASTER_COM_PORT, String.valueOf(iComPort)).replace(STR_RMI_REG_PORT,
-                       String.valueOf(iRMIRegPort)).replace(STR_RMI_STUB_PORT, String.valueOf(iRMIStubPort));
+               String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strObjectName).
+                       replace(STR_OBJECT_CLASS_NAME, strObjectClassName).
+                       replace(STR_MASTER_IP_ADDRESS, strMasterIPAddress).
+                       replace(STR_MASTER_COM_PORT, String.valueOf(iComPort));
+                       //replace(STR_RMI_REG_PORT, String.valueOf(iRMIRegPort)).
+                       //replace(STR_RMI_STUB_PORT, String.valueOf(iRMIStubPort));
                pwConfig.println("\n");
                pwConfig.print(strNewPolicyList);
+               pwConfig.println("network inet stream bind/listen :: " + iRMIRegPort);
+               pwConfig.println("network inet stream bind/listen :: " + iRMIStubPort);
        }
 
 
@@ -324,8 +331,10 @@ public final class ProcessJailConfig {
                PrintWriter pwConfig = getPrintWriter(strControllerName);
                String strPolicyList = readFile(strFileName);
                // Replace the strings with the actual values
-               String strNewPolicyList = strPolicyList.replace(STR_MASTER_IP_ADDRESS,
-                       strMasterIPAddress).replace(STR_MASTER_COM_PORT, String.valueOf(iComPort));
+               String strNewPolicyList = strPolicyList.replace(STR_OBJECT_NAME, strControllerName).
+                       replace(STR_OBJECT_CLASS_NAME, strControllerName).
+                       replace(STR_MASTER_IP_ADDRESS, strMasterIPAddress).
+                       replace(STR_MASTER_COM_PORT, String.valueOf(iComPort));
                pwConfig.println("\n");
                pwConfig.print(strNewPolicyList);
        }
diff --git a/localconfig/tomoyo/AmcrestCamera.tomoyo.pol b/localconfig/tomoyo/AmcrestCamera.tomoyo.pol
deleted file mode 100644 (file)
index d13903e..0000000
+++ /dev/null
@@ -1,55 +0,0 @@
-<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/<object-name>.sh /usr/bin/java
-use_profile 3
-use_group 0
-
-misc env MAIL
-misc env SSH_CLIENT
-misc env USER
-misc env SHLVL
-misc env HOME
-misc env OLDPWD
-misc env LOGNAME
-misc env _
-misc env XDG_SESSION_ID
-misc env PATH
-misc env XDG_RUNTIME_DIR
-misc env LANG
-misc env SHELL
-misc env PWD
-misc env SSH_CONNECTION
-file read /etc/ld.so.preload
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
-network unix stream connect /var/run/nscd/socket
-file read /etc/nsswitch.conf
-file read /etc/passwd
-file create /tmp/hsperfdata_iotuser/\* 0600
-file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\*
-file read /sys/devices/system/cpu/online
-file read /usr/lib/locale/locale-archive
-file write/truncate /home/iotuser/.oracle_jre_usage/\*cf.timestamp
-file read /usr/share/java/\*.jar
-file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/\*.config
-network inet stream connect ::ffff:<master-ip-address> <master-com-port>
-file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class
-file read /dev/random
-file read /dev/urandom
-file create /home/iotuser/iot2/iotjava/iotruntime/AmcrestCamera.jar 0666
-file read/write /home/iotuser/iot2/iotjava/iotruntime/AmcrestCamera.jar
-file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class
-file ioctl socket:[family=10:type=1:protocol=6] 0x541B
-file read /home/iotuser/iot2/iotjava/iotruntime/\*.class
-file read /usr/share/locale/en_GB/LC_MESSAGES/libc.mo
-file create /tmp/imageio\*.tmp 0600
-file read/write/unlink /tmp/imageio\*.tmp
-network inet stream bind/listen :: <rmi-stub-port>
-network inet stream bind/listen :: <rmi-reg-port>
diff --git a/localconfig/tomoyo/Java.tomoyo.pol b/localconfig/tomoyo/Java.tomoyo.pol
new file mode 100644 (file)
index 0000000..083348b
--- /dev/null
@@ -0,0 +1,56 @@
+<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/<object-name>.sh /usr/bin/java
+use_profile 3
+use_group 0
+
+misc env MAIL
+misc env SSH_CLIENT
+misc env USER
+misc env SHLVL
+misc env HOME
+misc env OLDPWD
+misc env LOGNAME
+misc env _
+misc env XDG_SESSION_ID
+misc env PATH
+misc env XDG_RUNTIME_DIR
+misc env LANG
+misc env SHELL
+misc env PWD
+misc env SSH_CONNECTION
+file read /etc/ld.so.preload
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\*
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\*
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
+file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.dat
+network unix stream connect /var/run/nscd/socket
+file read /etc/nsswitch.conf
+file read /etc/passwd
+file read /etc/timezone
+file create /tmp/hsperfdata_iotuser/\* 0600
+file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\*
+file read /sys/devices/system/cpu/online
+file read /usr/lib/locale/locale-archive
+file write/truncate /home/iotuser/.oracle_jre_usage/\*cf.timestamp
+file read /usr/share/java/\*.jar
+file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class
+file read /home/iotuser/iot2/iotjava/iotruntime/\*.config
+network inet stream connect ::ffff:<master-ip-address> <master-com-port>
+file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class
+file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class
+file read /dev/random
+file read /dev/urandom
+file create /home/iotuser/iot2/iotjava/iotruntime/<object-class-name>.jar 0666
+file read/write /home/iotuser/iot2/iotjava/iotruntime/<object-class-name>.jar
+file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class
+file ioctl socket:[family=10:type=1:protocol=6] 0x541B
+file read /home/iotuser/iot2/iotjava/iotruntime/\*.class
+file read /usr/share/locale/en_GB/LC_MESSAGES/libc.mo
+file create /tmp/imageio\*.tmp 0600
+file read/write/unlink /tmp/imageio\*.tmp
+file read proc:/sys/vm/overcommit_memory
diff --git a/localconfig/tomoyo/LabRoom.tomoyo.pol b/localconfig/tomoyo/LabRoom.tomoyo.pol
deleted file mode 100644 (file)
index 050f52a..0000000
+++ /dev/null
@@ -1,52 +0,0 @@
-<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/<object-name>.sh /usr/bin/java
-use_profile 3
-use_group 0
-
-misc env MAIL
-misc env SSH_CLIENT
-misc env USER
-misc env SHLVL
-misc env HOME
-misc env OLDPWD
-misc env LOGNAME
-misc env _
-misc env XDG_SESSION_ID
-misc env PATH
-misc env XDG_RUNTIME_DIR
-misc env LANG
-misc env SHELL
-misc env PWD
-misc env SSH_CONNECTION
-file read /etc/ld.so.preload
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
-network unix stream connect /var/run/nscd/socket
-file read /etc/nsswitch.conf
-file read /etc/passwd
-file create /tmp/hsperfdata_iotuser/\* 0600
-file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\*
-file read /sys/devices/system/cpu/online
-file read /usr/lib/locale/locale-archive
-file write/truncate /home/iotuser/.oracle_jre_usage/\*cf.timestamp
-file read /usr/share/java/\*.jar
-file read /home/iotuser/iot2/iotjava/iotruntime/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/\*.config
-network inet stream connect ::ffff:<master-ip-address> <master-com-port>
-file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class
-file read /dev/random
-file read /dev/urandom
-file create /home/iotuser/iot2/iotjava/iotruntime/LabRoom.jar 0666
-file read/write /home/iotuser/iot2/iotjava/iotruntime/LabRoom.jar
-file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class
-network inet stream bind/listen :: <rmi-stub-port>
-network inet stream bind/listen :: <rmi-reg-port>
-file ioctl socket:[family=10:type=1:protocol=6] 0x541B
diff --git a/localconfig/tomoyo/LifxLightBulb.tomoyo.pol b/localconfig/tomoyo/LifxLightBulb.tomoyo.pol
deleted file mode 100644 (file)
index 5c89817..0000000
+++ /dev/null
@@ -1,52 +0,0 @@
-<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/<object-name>.sh /usr/bin/java
-use_profile 3
-use_group 0
-
-misc env MAIL
-misc env SSH_CLIENT
-misc env USER
-misc env SHLVL
-misc env HOME
-misc env OLDPWD
-misc env LOGNAME
-misc env _
-misc env XDG_SESSION_ID
-misc env PATH
-misc env XDG_RUNTIME_DIR
-misc env LANG
-misc env SHELL
-misc env PWD
-misc env SSH_CONNECTION
-file read /etc/ld.so.preload
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
-network unix stream connect /var/run/nscd/socket
-file read /etc/nsswitch.conf
-file read /etc/passwd
-file create /tmp/hsperfdata_iotuser/\* 0600
-file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\*
-file read /sys/devices/system/cpu/online
-file read /usr/lib/locale/locale-archive
-file write/truncate /home/iotuser/.oracle_jre_usage/\*cf.timestamp
-file read /usr/share/java/\*.jar
-file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/\*.config
-network inet stream connect ::ffff:<master-ip-address> <master-com-port>
-file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class
-file read /dev/random
-file read /dev/urandom
-file create /home/iotuser/iot2/iotjava/iotruntime/LifxLightBulb.jar 0666
-file read/write /home/iotuser/iot2/iotjava/iotruntime/LifxLightBulb.jar
-file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/\*.class
-network inet stream bind/listen :: <rmi-stub-port>
-network inet stream bind/listen :: <rmi-reg-port>
-file ioctl socket:[family=10:type=1:protocol=6] 0x541B
diff --git a/localconfig/tomoyo/SmartLightsController.tomoyo.pol b/localconfig/tomoyo/SmartLightsController.tomoyo.pol
deleted file mode 100644 (file)
index 6760b73..0000000
+++ /dev/null
@@ -1,56 +0,0 @@
-<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/SmartLightsController.sh /usr/bin/java
-use_profile 3
-use_group 0
-
-misc env MAIL
-misc env SSH_CLIENT
-misc env USER
-misc env SHLVL
-misc env HOME
-misc env OLDPWD
-misc env LOGNAME
-misc env _
-misc env XDG_SESSION_ID
-misc env PATH
-misc env XDG_RUNTIME_DIR
-misc env LANG
-misc env SHELL
-misc env PWD
-misc env SSH_CONNECTION
-file read /etc/ld.so.preload
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/\*.cfg
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/client/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/ext/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/\*
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/arm/jli/\*.so
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.jar
-file read /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/\*.dat
-network unix stream connect /var/run/nscd/socket
-file read /etc/nsswitch.conf
-file read /etc/passwd
-file create /tmp/hsperfdata_iotuser/\* 0600
-file read/write/unlink/truncate /tmp/hsperfdata_iotuser/\*
-file read /sys/devices/system/cpu/online
-file read /usr/lib/locale/locale-archive
-file write/truncate /home/iotuser/.oracle_jre_usage/81970c018e7540cf.timestamp
-file read /usr/share/java/\*.jar
-file read /home/iotuser/iot2/iotjava/iotruntime/slave/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/\*.config
-network inet stream connect ::ffff:<master-ip-address> <master-com-port>
-file read /home/iotuser/iot2/iotjava/iotruntime/master/\*.class
-file read /home/iotuser/iot2/iotjava/iotruntime/messages/\*.class
-file read /dev/random
-file read /dev/urandom
-file create /home/iotuser/iot2/iotjava/iotruntime/SmartLightsController.jar 0666
-file read/write /home/iotuser/iot2/iotjava/iotruntime/SmartLightsController.jar
-file read /home/iotuser/iot2/iotjava/SmartLightsController/\*.class
-file read /home/iotuser/iot2/iotjava/iotrmi/Java/\*.class
-file ioctl socket:[family=10:type=1:protocol=6] 0x541B
-file read /etc/timezone
-file read /usr/share/locale/en_GB/LC_MESSAGES/libc.mo
-file create /tmp/imageio\*.tmp 0600
-file read/write/unlink /tmp/imageio\*.tmp
-file read/write /tmp/imageio\*.tmp