Adding Tomoyo feature for C++.
authorrtrimana <rtrimana@uci.edu>
Fri, 30 Mar 2018 18:07:19 +0000 (11:07 -0700)
committerrtrimana <rtrimana@uci.edu>
Fri, 30 Mar 2018 18:07:19 +0000 (11:07 -0700)
iotjava/iotruntime/master/IoTMaster.java
localconfig/tomoyo/C++.tomoyo.pol [new file with mode: 0644]
localconfig/tomoyo/Java.tomoyo.pol

index cbcfbf3..fbe5c11 100644 (file)
@@ -641,17 +641,23 @@ public final class IoTMaster {
                        routerConfig.configureHostMainPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveControllerHostAdd,
                                strIoTSlaveObjectHostAdd, STR_TCP_PROTOCOL);
                        // Configure MAC policies for objects
-                       String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
                        if (STR_ACTIVATE_SANDBOXING.equals("Yes")) {
+                               // Read config file
+                               String strObjLanguage = readObjectLanguage(strObjName, strObjClassName);
+                               String strFileName = null;
+                               if(strObjLanguage.equals(STR_JAVA))
+                                       strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
+                               else
+                                       strFileName = STR_MAC_POL_PATH + STR_CPP + STR_MAC_POLICY_EXT;
                                processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, strObjClassName,
                                        strFileName, strIoTMasterHostAdd, commHan.getComPort(strObjName), commHan.getRMIRegPort(strObjName), 
                                        commHan.getRMIStubPort(strObjName));
-                   // Check for additional MAC policy
-                   String strMACConfigPath = STR_IOT_CODE_PATH + strObjClassName + "/";
-                   String strCfgFile = strMACConfigPath + strObjClassName + STR_CFG_FILE_EXT;
-                       String strAddMACPolicy = parseConfigFile(strCfgFile, STR_ADD_MAC_POL);
-                   if (strAddMACPolicy != null && strAddMACPolicy.equals("Yes"))
-                       processJailConfig.combineAdditionalMACPolicy(strMACConfigPath, strObjClassName, strIoTSlaveObjectHostAdd);
+                               // Check for additional MAC policy
+                               String strMACConfigPath = STR_IOT_CODE_PATH + strObjClassName + "/";
+                               String strCfgFile = strMACConfigPath + strObjClassName + STR_CFG_FILE_EXT;
+                               String strAddMACPolicy = parseConfigFile(strCfgFile, STR_ADD_MAC_POL);
+                               if (strAddMACPolicy != null && strAddMACPolicy.equals("Yes"))
+                                       processJailConfig.combineAdditionalMACPolicy(strMACConfigPath, strObjClassName, strIoTSlaveObjectHostAdd);
                                processJailConfig.configureProcessJailContRMIPolicies(strObjControllerName, strIoTSlaveObjectHostAdd, 
                                        commHan.getRMIRegPort(strObjName), commHan.getRMIStubPort(strObjName));
                        }
@@ -980,7 +986,26 @@ public final class IoTMaster {
                printWriter.close();
                runCommand("chmod 755 " + strFileName);
        }
+       
+       /**
+        * A private method to read the language of the object, i.e. driver
+        *
+        * @params  strObjName                                  String object name
+        * @params  strObjClassName                     String object class name
+        * @return  String
+        */
+    private String readObjectLanguage(String strObjName, String strObjClassName) {
+
+               // Read config file
+               String sCfgFile = STR_IOT_CODE_PATH + strObjClassName + "/" + strObjClassName + STR_CFG_FILE_EXT;
+               String strLanguageDriver = parseConfigFile(sCfgFile, STR_LANGUAGE + "_" + strObjName);
+               if(strLanguageDriver == null)   // Read just the field LANGUAGE if the first read is null
+                       strLanguageDriver = parseConfigFile(sCfgFile, STR_LANGUAGE);
+               if(strLanguageDriver == null) // Check nullness for the second time - report if it is still null
+                       throw new Error("IoTMaster: Language specification missing in config file: " + sCfgFile);
 
+               return strLanguageDriver;
+    }
 
        /**
         * A private method to create an object on a specific machine
@@ -999,12 +1024,7 @@ public final class IoTMaster {
                throws IOException, FileNotFoundException, ClassNotFoundException, InterruptedException {
 
                // Read config file
-               String sCfgFile = STR_IOT_CODE_PATH + strObjClassName + "/" + strObjClassName + STR_CFG_FILE_EXT;
-               String strLanguageDriver = parseConfigFile(sCfgFile, STR_LANGUAGE + "_" + strObjName);
-               if(strLanguageDriver == null)   // Read just the field LANGUAGE if the first read is null
-                       strLanguageDriver = parseConfigFile(sCfgFile, STR_LANGUAGE);
-               if(strLanguageDriver == null) // Check nullness for the second time - report if it is still null
-                       throw new Error("IoTMaster: Language specification missing in config file: " + sCfgFile);
+               String strLanguageDriver = readObjectLanguage(strObjName, strObjClassName);
                // Construct ssh command line
                // e.g. ssh rtrimana@dw-2.eecs.uci.edu cd <path>;
                //      java -cp $CLASSPATH:./*.jar
@@ -2057,9 +2077,12 @@ public final class IoTMaster {
                                        createMainObjectCpp(strObjControllerName, outStream, inStream);
                                }
                                // Write basic MAC policies for controller
-                               //String strFileName = STR_MAC_POL_PATH + strObjControllerName + STR_MAC_POLICY_EXT;
                                if (STR_ACTIVATE_SANDBOXING.equals("Yes")) {
-                                       String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
+                                       String strFileName = null;
+                                       if(STR_LANGUAGE_CONTROLLER.equals(STR_JAVA))
+                                               strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
+                                       else
+                                               strFileName = STR_MAC_POL_PATH + STR_CPP + STR_MAC_POLICY_EXT;
                                        processJailConfig.configureProcessJailControllerPolicies(strObjControllerName, strFileName, 
                                                strIoTMasterHostAdd, commHan.getComPort(strObjControllerName));
                                // Whether or not we need additional Tomoyo policy?
diff --git a/localconfig/tomoyo/C++.tomoyo.pol b/localconfig/tomoyo/C++.tomoyo.pol
new file mode 100644 (file)
index 0000000..54d10b6
--- /dev/null
@@ -0,0 +1,26 @@
+<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/bin/iotruntime/<object-name>.sh /usr/bin/sudo /home/iotuser/iot2/bin/iotruntime/slave/IoTSlave.o
+use_profile 3
+use_group 0
+
+misc env PATH
+misc env LANG
+misc env MAIL
+misc env LOGNAME
+misc env USER
+misc env USERNAME
+misc env HOME
+misc env SHELL
+misc env TERM
+misc env SUDO_COMMAND
+misc env SUDO_USER
+misc env SUDO_UID
+misc env SUDO_GID
+file read /etc/ld.so.preload
+file read /etc/resolv.conf
+file create /home/iotuser/iot2/bin/iotruntime/log/\*.log 0666
+file write /home/iotuser/iot2/bin/iotruntime/log/\*.log
+file read/write /home/iotuser/iot2/bin/iotruntime/slave/\*.log
+file read /home/iotuser/iot2/bin/iotruntime/slave/\*.so
+file read /sys/devices/system/cpu/online
+file write/truncate /home/iotuser/iot2/bin/iotruntime/slave/gmon.out
+
index c58214c..0c2d324 100644 (file)
@@ -1,4 +1,4 @@
-<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/<object-name>.sh /usr/bin/java
+<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/bin/iotruntime/<object-name>.sh /usr/bin/java
 use_profile 3
 use_group 0