From c3a1aa3a921d688ebd54d5cca0ad60a1425a0fe5 Mon Sep 17 00:00:00 2001
From: rtrimana <rtrimana@uci.edu>
Date: Mon, 1 May 2017 08:51:01 -0700
Subject: [PATCH] Adding a flag to activate/deactivate process sandboxing

---
 iotjava/iotruntime/master/IoTMaster.java | 46 +++++++++++++++---------
 localconfig/iotruntime/IoTMaster.config  |  3 ++
 2 files changed, 32 insertions(+), 17 deletions(-)

diff --git a/iotjava/iotruntime/master/IoTMaster.java b/iotjava/iotruntime/master/IoTMaster.java
index bd69b0a..f3bae94 100644
--- a/iotjava/iotruntime/master/IoTMaster.java
+++ b/iotjava/iotruntime/master/IoTMaster.java
@@ -102,6 +102,7 @@ public final class IoTMaster {
 	private static String STR_LANGUAGE_CONTROLLER;
 	private static String STR_SKEL_CLASS_SUFFIX;
 	private static String STR_STUB_CLASS_SUFFIX;
+	private static String STR_ACTIVATE_SANDBOXING;
 	private static boolean BOOL_VERBOSE;
 
 	/**
@@ -198,6 +199,7 @@ public final class IoTMaster {
 		STR_JVM_INIT_HEAP_SIZE = null;
 		STR_JVM_MAX_HEAP_SIZE = null;
 		STR_LANGUAGE_CONTROLLER = null;
+		STR_ACTIVATE_SANDBOXING = null;
 		BOOL_VERBOSE = false;
 	}
 
@@ -277,6 +279,7 @@ public final class IoTMaster {
 		STR_JVM_MAX_HEAP_SIZE = prop.getProperty("JVM_MAX_HEAP_SIZE");
 		STR_SKEL_CLASS_SUFFIX = prop.getProperty("SKEL_CLASS_SUFFIX");
 		STR_STUB_CLASS_SUFFIX = prop.getProperty("STUB_CLASS_SUFFIX");
+		STR_ACTIVATE_SANDBOXING = prop.getProperty("ACTIVATE_SANDBOXING");
 		if(prop.getProperty("VERBOSE").equals(STR_YES)) {
 			BOOL_VERBOSE = true;
 		}
@@ -301,6 +304,7 @@ public final class IoTMaster {
 		RuntimeOutput.print("STR_JVM_MAX_HEAP_SIZE=" + STR_JVM_MAX_HEAP_SIZE, BOOL_VERBOSE);
 		RuntimeOutput.print("STR_SKEL_CLASS_SUFFIX=" + STR_SKEL_CLASS_SUFFIX, BOOL_VERBOSE);
 		RuntimeOutput.print("STR_STUB_CLASS_SUFFIX=" + STR_STUB_CLASS_SUFFIX, BOOL_VERBOSE);
+		RuntimeOutput.print("STR_ACTIVATE_SANDBOXING=" + STR_ACTIVATE_SANDBOXING, BOOL_VERBOSE);
 		RuntimeOutput.print("BOOL_VERBOSE=" + BOOL_VERBOSE, BOOL_VERBOSE);
 		RuntimeOutput.print("IoTMaster: Information extracted successfully!", BOOL_VERBOSE);
 	}
@@ -636,11 +640,13 @@ public final class IoTMaster {
 			// Configure MAC policies for objects
 			//String strFileName = STR_MAC_POL_PATH + strObjClassName + STR_MAC_POLICY_EXT;
 			String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
-			processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, strObjClassName,
-				strFileName, strIoTMasterHostAdd, commHan.getComPort(strObjName), commHan.getRMIRegPort(strObjName), 
-				commHan.getRMIStubPort(strObjName));
-			processJailConfig.configureProcessJailContRMIPolicies(strObjControllerName, strIoTSlaveObjectHostAdd, 
-				commHan.getRMIRegPort(strObjName), commHan.getRMIStubPort(strObjName));
+			if (STR_ACTIVATE_SANDBOXING.equals("Yes")) {
+				processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, strObjClassName,
+					strFileName, strIoTMasterHostAdd, commHan.getComPort(strObjName), commHan.getRMIRegPort(strObjName), 
+					commHan.getRMIStubPort(strObjName));
+				processJailConfig.configureProcessJailContRMIPolicies(strObjControllerName, strIoTSlaveObjectHostAdd, 
+					commHan.getRMIRegPort(strObjName), commHan.getRMIStubPort(strObjName));
+			}
 			// Instrument the IoTSet declarations inside the class file
 			instrumentObjectIoTSet(strFieldObjectID, strLanguage);
 		}
@@ -732,7 +738,8 @@ public final class IoTMaster {
 				routerConfig.configureRouterHTTPPolicies(STR_ROUTER_ADD, strIoTSlaveObjectHostAdd, strDeviceAddress);
 				routerConfig.configureHostHTTPPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveObjectHostAdd, strDeviceAddress);
 				// Configure MAC policies
-				processJailConfig.configureProcessJailGWDevicePolicies(strIoTSlaveObjectHostAdd, STR_ROUTER_ADD, INT_DNS_PORT);
+				if (STR_ACTIVATE_SANDBOXING.equals("Yes"))
+					processJailConfig.configureProcessJailGWDevicePolicies(strIoTSlaveObjectHostAdd, STR_ROUTER_ADD, INT_DNS_PORT);
 			} else {
 				// Other port numbers...
 				commHan.addDevicePort(iDestDeviceDriverPort);
@@ -741,8 +748,9 @@ public final class IoTMaster {
 				routerConfig.configureHostMainPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveObjectHostAdd, strDeviceAddress, strProtocol, 
 					commHan.getComPort(strDeviceAddressKey), iDestDeviceDriverPort);
 				// Configure MAC policies
-				processJailConfig.configureProcessJailDevicePolicies(strIoTSlaveObjectHostAdd, strProtocol,
-					commHan.getComPort(strDeviceAddressKey), strDeviceAddress, iDestDeviceDriverPort);
+				if (STR_ACTIVATE_SANDBOXING.equals("Yes"))
+					processJailConfig.configureProcessJailDevicePolicies(strIoTSlaveObjectHostAdd, strProtocol,
+						commHan.getComPort(strDeviceAddressKey), strDeviceAddress, iDestDeviceDriverPort);
 			}
 		}
 	}
@@ -769,10 +777,12 @@ public final class IoTMaster {
 			// Get device address
 			String strAddress = (String) arrFieldValues[0];
 			// Setting up router policies for HTTP/HTTPs
-			if (strControllerName != null) {
-				processJailConfig.configureProcessJailInetAddressPolicies(strControllerName, strAddress);
-			} else {
-				processJailConfig.configureProcessJailInetAddressPolicies(strHostAddress, strAddress);
+			if (STR_ACTIVATE_SANDBOXING.equals("Yes")) {
+				if (strControllerName != null) {
+					processJailConfig.configureProcessJailInetAddressPolicies(strControllerName, strAddress);
+				} else {
+					processJailConfig.configureProcessJailInetAddressPolicies(strHostAddress, strAddress);
+				}
 			}
 			routerConfig.configureRouterHTTPPolicies(STR_ROUTER_ADD, strHostAddress, strAddress);
 			routerConfig.configureHostHTTPPolicies(strHostAddress, strHostAddress, strAddress);
@@ -2060,9 +2070,11 @@ public final class IoTMaster {
 				}
 				// Write basic MAC policies for controller
 				//String strFileName = STR_MAC_POL_PATH + strObjControllerName + STR_MAC_POLICY_EXT;
-				String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
-				processJailConfig.configureProcessJailControllerPolicies(strObjControllerName, strFileName, 
-					strIoTMasterHostAdd, commHan.getComPort(strObjControllerName));
+				if (STR_ACTIVATE_SANDBOXING.equals("Yes")) {
+					String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
+					processJailConfig.configureProcessJailControllerPolicies(strObjControllerName, strFileName, 
+						strIoTMasterHostAdd, commHan.getComPort(strObjControllerName));
+				}
 				// PROFILING
 				result = System.currentTimeMillis()-start;
 				System.out.println("\n\n ==> From IoTSlave start until main controller object is created: " + result);
@@ -2192,8 +2204,8 @@ public final class IoTMaster {
 				serverSocket.close();
 				commHan.printLists();
 				lbIoT.printHostInfo();
-				// TODO: Uncomment this - just for experiments!
-				createMACPolicyThreads(setAddresses);
+				if (STR_ACTIVATE_SANDBOXING.equals("Yes"))
+					createMACPolicyThreads(setAddresses);
 			}
 
 		} catch (IOException          |
diff --git a/localconfig/iotruntime/IoTMaster.config b/localconfig/iotruntime/IoTMaster.config
index b899280..de7069f 100644
--- a/localconfig/iotruntime/IoTMaster.config
+++ b/localconfig/iotruntime/IoTMaster.config
@@ -44,3 +44,6 @@ SKEL_CLASS_SUFFIX=_Skeleton
 # Skeleton suffix, e.g. _Stub for CameraSpecial_Stub.class
 STUB_CLASS_SUFFIX=_Stub
 
+# Sandboxing
+ACTIVATE_SANDBOXING=Yes
+
-- 
2.34.1