From c8e8fa46088ad115eb35414ae719754ad2bf39ee Mon Sep 17 00:00:00 2001
From: rtrimana <rtrimana@uci.edu>
Date: Fri, 30 Mar 2018 11:07:19 -0700
Subject: [PATCH] Adding Tomoyo feature for C++.

---
 iotjava/iotruntime/master/IoTMaster.java | 53 +++++++++++++++++-------
 localconfig/tomoyo/C++.tomoyo.pol        | 26 ++++++++++++
 localconfig/tomoyo/Java.tomoyo.pol       |  2 +-
 3 files changed, 65 insertions(+), 16 deletions(-)
 create mode 100644 localconfig/tomoyo/C++.tomoyo.pol

diff --git a/iotjava/iotruntime/master/IoTMaster.java b/iotjava/iotruntime/master/IoTMaster.java
index cbcfbf3..fbe5c11 100644
--- a/iotjava/iotruntime/master/IoTMaster.java
+++ b/iotjava/iotruntime/master/IoTMaster.java
@@ -641,17 +641,23 @@ public final class IoTMaster {
 			routerConfig.configureHostMainPolicies(strIoTSlaveObjectHostAdd, strIoTSlaveControllerHostAdd,
 				strIoTSlaveObjectHostAdd, STR_TCP_PROTOCOL);
 			// Configure MAC policies for objects
-			String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
 			if (STR_ACTIVATE_SANDBOXING.equals("Yes")) {
+				// Read config file
+				String strObjLanguage = readObjectLanguage(strObjName, strObjClassName);
+				String strFileName = null;
+				if(strObjLanguage.equals(STR_JAVA))
+					strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
+				else
+					strFileName = STR_MAC_POL_PATH + STR_CPP + STR_MAC_POLICY_EXT;
 				processJailConfig.configureProcessJailDeviceDriverPolicies(strIoTSlaveObjectHostAdd, strObjName, strObjClassName,
 					strFileName, strIoTMasterHostAdd, commHan.getComPort(strObjName), commHan.getRMIRegPort(strObjName), 
 					commHan.getRMIStubPort(strObjName));
-	            // Check for additional MAC policy
-	            String strMACConfigPath = STR_IOT_CODE_PATH + strObjClassName + "/";
-	            String strCfgFile = strMACConfigPath + strObjClassName + STR_CFG_FILE_EXT;
-        		String strAddMACPolicy = parseConfigFile(strCfgFile, STR_ADD_MAC_POL);
-	            if (strAddMACPolicy != null && strAddMACPolicy.equals("Yes"))
-	                processJailConfig.combineAdditionalMACPolicy(strMACConfigPath, strObjClassName, strIoTSlaveObjectHostAdd);
+				// Check for additional MAC policy
+				String strMACConfigPath = STR_IOT_CODE_PATH + strObjClassName + "/";
+				String strCfgFile = strMACConfigPath + strObjClassName + STR_CFG_FILE_EXT;
+				String strAddMACPolicy = parseConfigFile(strCfgFile, STR_ADD_MAC_POL);
+				if (strAddMACPolicy != null && strAddMACPolicy.equals("Yes"))
+					processJailConfig.combineAdditionalMACPolicy(strMACConfigPath, strObjClassName, strIoTSlaveObjectHostAdd);
 				processJailConfig.configureProcessJailContRMIPolicies(strObjControllerName, strIoTSlaveObjectHostAdd, 
 					commHan.getRMIRegPort(strObjName), commHan.getRMIStubPort(strObjName));
 			}
@@ -980,7 +986,26 @@ public final class IoTMaster {
 		printWriter.close();
 		runCommand("chmod 755 " + strFileName);
 	}
+	
+	/**
+	 * A private method to read the language of the object, i.e. driver
+	 *
+	 * @params  strObjName  				String object name
+	 * @params  strObjClassName 			String object class name
+	 * @return  String
+	 */
+    private String readObjectLanguage(String strObjName, String strObjClassName) {
+
+		// Read config file
+		String sCfgFile = STR_IOT_CODE_PATH + strObjClassName + "/" + strObjClassName + STR_CFG_FILE_EXT;
+		String strLanguageDriver = parseConfigFile(sCfgFile, STR_LANGUAGE + "_" + strObjName);
+		if(strLanguageDriver == null)	// Read just the field LANGUAGE if the first read is null
+			strLanguageDriver = parseConfigFile(sCfgFile, STR_LANGUAGE);
+		if(strLanguageDriver == null) // Check nullness for the second time - report if it is still null
+			throw new Error("IoTMaster: Language specification missing in config file: " + sCfgFile);
 
+		return strLanguageDriver;
+    }
 
 	/**
 	 * A private method to create an object on a specific machine
@@ -999,12 +1024,7 @@ public final class IoTMaster {
 		throws IOException, FileNotFoundException, ClassNotFoundException, InterruptedException {
 
 		// Read config file
-		String sCfgFile = STR_IOT_CODE_PATH + strObjClassName + "/" + strObjClassName + STR_CFG_FILE_EXT;
-		String strLanguageDriver = parseConfigFile(sCfgFile, STR_LANGUAGE + "_" + strObjName);
-		if(strLanguageDriver == null)	// Read just the field LANGUAGE if the first read is null
-			strLanguageDriver = parseConfigFile(sCfgFile, STR_LANGUAGE);
-		if(strLanguageDriver == null) // Check nullness for the second time - report if it is still null
-			throw new Error("IoTMaster: Language specification missing in config file: " + sCfgFile);
+		String strLanguageDriver = readObjectLanguage(strObjName, strObjClassName);
 		// Construct ssh command line
 		// e.g. ssh rtrimana@dw-2.eecs.uci.edu cd <path>;
 		//      java -cp $CLASSPATH:./*.jar
@@ -2057,9 +2077,12 @@ public final class IoTMaster {
 					createMainObjectCpp(strObjControllerName, outStream, inStream);
 				}
 				// Write basic MAC policies for controller
-				//String strFileName = STR_MAC_POL_PATH + strObjControllerName + STR_MAC_POLICY_EXT;
 				if (STR_ACTIVATE_SANDBOXING.equals("Yes")) {
-					String strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
+					String strFileName = null;
+					if(STR_LANGUAGE_CONTROLLER.equals(STR_JAVA))
+						strFileName = STR_MAC_POL_PATH + STR_JAVA + STR_MAC_POLICY_EXT;
+					else
+						strFileName = STR_MAC_POL_PATH + STR_CPP + STR_MAC_POLICY_EXT;
 					processJailConfig.configureProcessJailControllerPolicies(strObjControllerName, strFileName, 
 						strIoTMasterHostAdd, commHan.getComPort(strObjControllerName));
 			        // Whether or not we need additional Tomoyo policy?
diff --git a/localconfig/tomoyo/C++.tomoyo.pol b/localconfig/tomoyo/C++.tomoyo.pol
new file mode 100644
index 0000000..54d10b6
--- /dev/null
+++ b/localconfig/tomoyo/C++.tomoyo.pol
@@ -0,0 +1,26 @@
+<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/bin/iotruntime/<object-name>.sh /usr/bin/sudo /home/iotuser/iot2/bin/iotruntime/slave/IoTSlave.o
+use_profile 3
+use_group 0
+
+misc env PATH
+misc env LANG
+misc env MAIL
+misc env LOGNAME
+misc env USER
+misc env USERNAME
+misc env HOME
+misc env SHELL
+misc env TERM
+misc env SUDO_COMMAND
+misc env SUDO_USER
+misc env SUDO_UID
+misc env SUDO_GID
+file read /etc/ld.so.preload
+file read /etc/resolv.conf
+file create /home/iotuser/iot2/bin/iotruntime/log/\*.log 0666
+file write /home/iotuser/iot2/bin/iotruntime/log/\*.log
+file read/write /home/iotuser/iot2/bin/iotruntime/slave/\*.log
+file read /home/iotuser/iot2/bin/iotruntime/slave/\*.so
+file read /sys/devices/system/cpu/online
+file write/truncate /home/iotuser/iot2/bin/iotruntime/slave/gmon.out
+
diff --git a/localconfig/tomoyo/Java.tomoyo.pol b/localconfig/tomoyo/Java.tomoyo.pol
index c58214c..0c2d324 100644
--- a/localconfig/tomoyo/Java.tomoyo.pol
+++ b/localconfig/tomoyo/Java.tomoyo.pol
@@ -1,4 +1,4 @@
-<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/iotjava/iotruntime/<object-name>.sh /usr/bin/java
+<kernel> /usr/sbin/sshd /bin/bash /home/iotuser/iot2/bin/iotruntime/<object-name>.sh /usr/bin/java
 use_profile 3
 use_group 0
 
-- 
2.34.1