Changhoon Yoon
Committed by Gerrit Code Review

ONOS-1767 SM-ONOS implementation

22a363e ONOS-17767 SM-ONOS impl

Change-Id: Ifca8129f2266bada68af735cf81a1d39f1ec8506
Showing 66 changed files with 978 additions and 780 deletions
1 -/*
2 - * Copyright 2015 Open Networking Laboratory
3 - *
4 - * Licensed under the Apache License, Version 2.0 (the "License");
5 - * you may not use this file except in compliance with the License.
6 - * You may obtain a copy of the License at
7 - *
8 - * http://www.apache.org/licenses/LICENSE-2.0
9 - *
10 - * Unless required by applicable law or agreed to in writing, software
11 - * distributed under the License is distributed on an "AS IS" BASIS,
12 - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 - * See the License for the specific language governing permissions and
14 - * limitations under the License.
15 - */
16 -
17 -package org.onosproject.cli.security;
18 -
19 -import com.google.common.collect.ImmutableSet;
20 -import com.google.common.collect.Sets;
21 -import org.apache.karaf.shell.commands.Argument;
22 -import org.apache.karaf.shell.commands.Command;
23 -import org.onosproject.app.ApplicationAdminService;
24 -import org.onosproject.cli.AbstractShellCommand;
25 -import org.onosproject.core.Application;
26 -import org.onosproject.core.ApplicationId;
27 -import org.onosproject.core.Permission;
28 -
29 -import java.util.Set;
30 -import java.util.stream.Collectors;
31 -
32 -/**
33 - * Manages application permissions.
34 - */
35 -@Command(scope = "onos", name = "perm",
36 - description = "Manages application permissions")
37 -public class PermissionCommand extends AbstractShellCommand {
38 -
39 - static final String ADD = "add";
40 - static final String REMOVE = "remove";
41 - static final String LIST = "list";
42 - static final String CLEAR = "clear";
43 -
44 -
45 - @Argument(index = 0, name = "command",
46 - description = "Command name (add|remove)",
47 - required = true, multiValued = false)
48 - String command = null;
49 -
50 - @Argument(index = 1, name = "name", description = "Application name",
51 - required = true, multiValued = false)
52 - String name = null;
53 -
54 - @Argument(index = 2, name = "permissions", description = "List of permissions",
55 - required = false, multiValued = true)
56 - String[] permissions = null;
57 -
58 - @Override
59 - protected void execute() {
60 - ApplicationAdminService applicationAdminService = get(ApplicationAdminService.class);
61 - Set<Permission> newPermSet = Sets.newHashSet();
62 - if (command.equals(ADD)) {
63 - ApplicationId appId = applicationAdminService.getId(name);
64 - if (appId == null) {
65 - print("No such application: %s", name);
66 - return;
67 - }
68 - Application app = applicationAdminService.getApplication(appId);
69 -
70 - for (String perm : permissions) {
71 - try {
72 - Permission permission = Permission.valueOf(perm);
73 - newPermSet.add(permission);
74 - } catch (IllegalArgumentException e) {
75 - print("%s is not a valid permission.", perm);
76 - return;
77 - }
78 -
79 - }
80 - Set<Permission> oldPermSet = applicationAdminService.getPermissions(appId);
81 - if (oldPermSet != null) {
82 - newPermSet.addAll(oldPermSet);
83 - } else {
84 - newPermSet.addAll(app.permissions());
85 - }
86 - applicationAdminService.setPermissions(appId, ImmutableSet.copyOf(newPermSet));
87 -
88 - } else if (command.equals(REMOVE)) {
89 - ApplicationId appId = applicationAdminService.getId(name);
90 - Application app = applicationAdminService.getApplication(appId);
91 - if (appId == null) {
92 - print("No such application: %s", name);
93 - return;
94 - }
95 - Set<Permission> oldPermSet = applicationAdminService.getPermissions(appId);
96 - if (oldPermSet == null) {
97 - oldPermSet = app.permissions();
98 - }
99 - Set<String> clearPermSet = Sets.newHashSet(permissions);
100 - newPermSet.addAll(oldPermSet.stream().filter(
101 - perm -> !clearPermSet.contains(perm.name().toUpperCase())).collect(Collectors.toList()));
102 - applicationAdminService.setPermissions(appId, ImmutableSet.copyOf(newPermSet));
103 - } else if (command.equals(CLEAR)) {
104 - ApplicationId appId = applicationAdminService.getId(name);
105 - if (appId == null) {
106 - print("No such application: %s", name);
107 - return;
108 - }
109 - applicationAdminService.setPermissions(appId, ImmutableSet.of());
110 - print("Cleared the permission list of %s.", appId.name());
111 - } else if (command.equals(LIST)) {
112 - ApplicationId appId = applicationAdminService.getId(name);
113 - if (appId == null) {
114 - print("No such application: %s", name);
115 - return;
116 - }
117 - Application app = applicationAdminService.getApplication(appId);
118 - Set<Permission> userPermissions = applicationAdminService.getPermissions(appId);
119 - Set<Permission> defaultPermissions = app.permissions();
120 - print("Application Role");
121 - print("\trole=%s", app.role().name());
122 -
123 - if (defaultPermissions != null) {
124 - if (!defaultPermissions.isEmpty()) {
125 - print("Default permissions (specified in app.xml)");
126 - for (Permission perm : defaultPermissions) {
127 - print("\tpermission=%s", perm.name());
128 - }
129 - } else {
130 - print("(No default permissions specified in app.xml)");
131 - }
132 - }
133 - if (userPermissions != null) {
134 - if (!userPermissions.isEmpty()) {
135 - print("User permissions");
136 - for (Permission perm : userPermissions) {
137 - print("\tpermission=%s", perm.name());
138 - }
139 - } else {
140 - print("(User has removed all the permissions");
141 - }
142 - }
143 -
144 - }
145 - }
146 -}
...@@ -18,6 +18,7 @@ package org.onosproject.cli.security; ...@@ -18,6 +18,7 @@ package org.onosproject.cli.security;
18 18
19 import org.apache.karaf.shell.console.completer.StringsCompleter; 19 import org.apache.karaf.shell.console.completer.StringsCompleter;
20 import org.onosproject.app.ApplicationService; 20 import org.onosproject.app.ApplicationService;
21 +import org.onosproject.app.ApplicationState;
21 import org.onosproject.cli.AbstractCompleter; 22 import org.onosproject.cli.AbstractCompleter;
22 import org.onosproject.core.Application; 23 import org.onosproject.core.Application;
23 24
...@@ -25,27 +26,33 @@ import java.util.Iterator; ...@@ -25,27 +26,33 @@ import java.util.Iterator;
25 import java.util.List; 26 import java.util.List;
26 import java.util.SortedSet; 27 import java.util.SortedSet;
27 28
29 +import static org.onosproject.app.ApplicationState.INSTALLED;
28 import static org.onosproject.cli.AbstractShellCommand.get; 30 import static org.onosproject.cli.AbstractShellCommand.get;
29 31
30 /** 32 /**
31 - * Application name completer for permission command. 33 + * Application name completer for security review command.
32 */ 34 */
33 -public class PermissionApplicationNameCompleter extends AbstractCompleter { 35 +public class ReviewApplicationNameCompleter extends AbstractCompleter {
34 @Override 36 @Override
35 public int complete(String buffer, int cursor, List<String> candidates) { 37 public int complete(String buffer, int cursor, List<String> candidates) {
36 // Delegate string completer 38 // Delegate string completer
37 StringsCompleter delegate = new StringsCompleter(); 39 StringsCompleter delegate = new StringsCompleter();
38 40
39 - // Fetch our service and feed it's offerings to the string completer
40 ApplicationService service = get(ApplicationService.class); 41 ApplicationService service = get(ApplicationService.class);
41 Iterator<Application> it = service.getApplications().iterator(); 42 Iterator<Application> it = service.getApplications().iterator();
42 SortedSet<String> strings = delegate.getStrings(); 43 SortedSet<String> strings = delegate.getStrings();
43 while (it.hasNext()) { 44 while (it.hasNext()) {
44 Application app = it.next(); 45 Application app = it.next();
45 - strings.add(app.id().name()); 46 + ApplicationState state = service.getState(app.id());
47 +// if (previousApps.contains(app.id().name())) {
48 +// continue;
49 +// }
50 + if (state == INSTALLED) {
51 + strings.add(app.id().name());
52 + }
46 } 53 }
47 54
48 // Now let the completer do the work for figuring out what to offer. 55 // Now let the completer do the work for figuring out what to offer.
49 return delegate.complete(buffer, cursor, candidates); 56 return delegate.complete(buffer, cursor, candidates);
50 } 57 }
51 -} 58 +}
...\ No newline at end of file ...\ No newline at end of file
......
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.cli.security;
18 +
19 +import org.apache.karaf.shell.commands.Argument;
20 +import org.apache.karaf.shell.commands.Command;
21 +import org.onosproject.app.ApplicationAdminService;
22 +import org.onosproject.cli.AbstractShellCommand;
23 +import org.onosproject.core.Application;
24 +import org.onosproject.core.ApplicationId;
25 +import org.onosproject.security.SecurityAdminService;
26 +import org.onosproject.security.SecurityUtil;
27 +
28 +import java.security.Permission;
29 +import java.util.List;
30 +import java.util.Map;
31 +
32 +
33 +/**
34 + * Application security policy review commands.
35 + */
36 +@Command(scope = "onos", name = "review",
37 + description = "Application security policy review interface")
38 +public class ReviewCommand extends AbstractShellCommand {
39 +
40 + @Argument(index = 0, name = "name", description = "Application name",
41 + required = true, multiValued = false)
42 + String name = null;
43 +
44 + @Argument(index = 1, name = "accept", description = "Option to accept policy",
45 + required = false, multiValued = false)
46 + String accept = null;
47 +
48 + @Override
49 + protected void execute() {
50 + ApplicationAdminService applicationAdminService = get(ApplicationAdminService.class);
51 + ApplicationId appId = applicationAdminService.getId(name);
52 + if (appId == null) {
53 + print("No such application: %s", name);
54 + return;
55 + }
56 + Application app = applicationAdminService.getApplication(appId);
57 + SecurityAdminService smService = SecurityUtil.getSecurityService();
58 + if (smService == null) {
59 + print("Security Mode is disabled");
60 + return;
61 + }
62 + if (accept == null) {
63 + smService.review(appId);
64 + printPolicy(smService, app);
65 + } else if (accept.trim().equals("accept")) {
66 + smService.acceptPolicy(appId);
67 + printPolicy(smService, app);
68 + } else {
69 + print("Unknown command");
70 + }
71 + }
72 +
73 + private void printPolicy(SecurityAdminService smService, Application app) {
74 + print("\n*******************************");
75 + print(" SM-ONOS APP REVIEW ");
76 + print("*******************************");
77 +
78 + print("Application name: %s ", app.id().name());
79 + print("Application role: " + app.role());
80 + print("\nDeveloper specified permissions: ");
81 + printMap(smService.getPrintableSpecifiedPermissions(app.id()));
82 + print("\nPermissions granted: ");
83 + printMap(smService.getPrintableGrantedPermissions(app.id()));
84 + print("\nAdditional permissions requested on runtime (POLICY VIOLATIONS): ");
85 + printMap(smService.getPrintableRequestedPermissions(app.id()));
86 + print("");
87 +
88 + }
89 + private void printMap(Map<Integer, List<Permission>> assortedMap) {
90 + for (Integer type : assortedMap.keySet()) {
91 + switch (type) {
92 + case 0:
93 + for (Permission perm: assortedMap.get(0)) {
94 + print("\t[APP PERMISSION] " + perm.getName());
95 + }
96 + break;
97 + case 1:
98 + for (Permission perm: assortedMap.get(1)) {
99 + print("\t[NB-ADMIN SERVICE] " + perm.getName() + "(" + perm.getActions() + ")");
100 + }
101 + break;
102 + case 2:
103 + for (Permission perm: assortedMap.get(2)) {
104 + print("\t[NB SERVICE] " + perm.getName() + "(" + perm.getActions() + ")");
105 + }
106 + break;
107 + case 3:
108 + for (Permission perm: assortedMap.get(3)) {
109 + print("\t[Other SERVICE] " + perm.getName() + "(" + perm.getActions() + ")");
110 + }
111 + break;
112 + case 4:
113 + for (Permission perm: assortedMap.get(4)) {
114 + print("\t[Other] " + perm.getClass().getSimpleName() +
115 + " " + perm.getName() + " (" + perm.getActions() + ")");
116 + }
117 + default:
118 + break;
119 + }
120 + }
121 + }
122 +}
...@@ -21,11 +21,9 @@ ...@@ -21,11 +21,9 @@
21 </command> 21 </command>
22 22
23 <command> 23 <command>
24 - <action class="org.onosproject.cli.security.PermissionCommand"/> 24 + <action class="org.onosproject.cli.security.ReviewCommand"/>
25 <completers> 25 <completers>
26 - <ref component-id="permCommandCompleter"/> 26 + <ref component-id="reviewAppNameCompleter"/>
27 - <ref component-id="permAppNameCompleter"/>
28 - <ref component-id="permNameCompleter"/>
29 </completers> 27 </completers>
30 </command> 28 </command>
31 29
...@@ -435,9 +433,7 @@ ...@@ -435,9 +433,7 @@
435 </command> 433 </command>
436 </command-bundle> 434 </command-bundle>
437 435
438 - <bean id="permAppNameCompleter" class="org.onosproject.cli.security.PermissionApplicationNameCompleter"/> 436 + <bean id="reviewAppNameCompleter" class="org.onosproject.cli.security.ReviewApplicationNameCompleter"/>
439 - <bean id="permCommandCompleter" class="org.onosproject.cli.security.PermissionCommandCompleter"/>
440 - <bean id="permNameCompleter" class="org.onosproject.cli.security.PermissionNameCompleter"/>
441 <bean id="appCommandCompleter" class="org.onosproject.cli.app.ApplicationCommandCompleter"/> 437 <bean id="appCommandCompleter" class="org.onosproject.cli.app.ApplicationCommandCompleter"/>
442 <bean id="appNameCompleter" class="org.onosproject.cli.app.ApplicationNameCompleter"/> 438 <bean id="appNameCompleter" class="org.onosproject.cli.app.ApplicationNameCompleter"/>
443 <bean id="allAppNameCompleter" class="org.onosproject.cli.app.AllApplicationNamesCompleter"/> 439 <bean id="allAppNameCompleter" class="org.onosproject.cli.app.AllApplicationNamesCompleter"/>
......
...@@ -17,7 +17,7 @@ package org.onosproject.app; ...@@ -17,7 +17,7 @@ package org.onosproject.app;
17 17
18 import org.onosproject.core.Application; 18 import org.onosproject.core.Application;
19 import org.onosproject.core.ApplicationId; 19 import org.onosproject.core.ApplicationId;
20 -import org.onosproject.core.Permission; 20 +import org.onosproject.security.Permission;
21 21
22 import java.io.InputStream; 22 import java.io.InputStream;
23 import java.util.Set; 23 import java.util.Set;
......
...@@ -16,8 +16,8 @@ ...@@ -16,8 +16,8 @@
16 package org.onosproject.app; 16 package org.onosproject.app;
17 17
18 import org.onosproject.core.ApplicationRole; 18 import org.onosproject.core.ApplicationRole;
19 -import org.onosproject.core.Permission;
20 import org.onosproject.core.Version; 19 import org.onosproject.core.Version;
20 +import org.onosproject.security.Permission;
21 21
22 import java.net.URI; 22 import java.net.URI;
23 import java.util.List; 23 import java.util.List;
......
...@@ -17,8 +17,8 @@ package org.onosproject.app; ...@@ -17,8 +17,8 @@ package org.onosproject.app;
17 17
18 import org.onosproject.core.Application; 18 import org.onosproject.core.Application;
19 import org.onosproject.core.ApplicationId; 19 import org.onosproject.core.ApplicationId;
20 -import org.onosproject.core.Permission;
21 import org.onosproject.event.ListenerService; 20 import org.onosproject.event.ListenerService;
21 +import org.onosproject.security.Permission;
22 22
23 import java.util.Set; 23 import java.util.Set;
24 24
......
...@@ -17,7 +17,7 @@ package org.onosproject.app; ...@@ -17,7 +17,7 @@ package org.onosproject.app;
17 17
18 import org.onosproject.core.Application; 18 import org.onosproject.core.Application;
19 import org.onosproject.core.ApplicationId; 19 import org.onosproject.core.ApplicationId;
20 -import org.onosproject.core.Permission; 20 +import org.onosproject.security.Permission;
21 import org.onosproject.store.Store; 21 import org.onosproject.store.Store;
22 22
23 import java.io.InputStream; 23 import java.io.InputStream;
......
...@@ -16,8 +16,8 @@ ...@@ -16,8 +16,8 @@
16 package org.onosproject.app; 16 package org.onosproject.app;
17 17
18 import org.onosproject.core.ApplicationRole; 18 import org.onosproject.core.ApplicationRole;
19 -import org.onosproject.core.Permission;
20 import org.onosproject.core.Version; 19 import org.onosproject.core.Version;
20 +import org.onosproject.security.Permission;
21 21
22 import java.net.URI; 22 import java.net.URI;
23 import java.util.List; 23 import java.util.List;
......
...@@ -15,6 +15,8 @@ ...@@ -15,6 +15,8 @@
15 */ 15 */
16 package org.onosproject.core; 16 package org.onosproject.core;
17 17
18 +import org.onosproject.security.Permission;
19 +
18 import java.net.URI; 20 import java.net.URI;
19 import java.util.List; 21 import java.util.List;
20 import java.util.Optional; 22 import java.util.Optional;
......
...@@ -23,9 +23,9 @@ public enum ApplicationRole { ...@@ -23,9 +23,9 @@ public enum ApplicationRole {
23 ADMIN, 23 ADMIN,
24 24
25 /** 25 /**
26 - * Indicates that an application has a REGULAR role. 26 + * Indicates that an application has a USER role.
27 */ 27 */
28 - REGULAR, 28 + USER,
29 29
30 /** 30 /**
31 * Indicates that an application role has not been specified. 31 * Indicates that an application role has not been specified.
......
...@@ -15,6 +15,8 @@ ...@@ -15,6 +15,8 @@
15 */ 15 */
16 package org.onosproject.core; 16 package org.onosproject.core;
17 17
18 +import org.onosproject.security.Permission;
19 +
18 import java.net.URI; 20 import java.net.URI;
19 import java.util.Set; 21 import java.util.Set;
20 import java.util.Optional; 22 import java.util.Optional;
......
1 -/*
2 - * Copyright 2015 Open Networking Laboratory
3 - *
4 - * Licensed under the Apache License, Version 2.0 (the "License");
5 - * you may not use this file except in compliance with the License.
6 - * You may obtain a copy of the License at
7 - *
8 - * http://www.apache.org/licenses/LICENSE-2.0
9 - *
10 - * Unless required by applicable law or agreed to in writing, software
11 - * distributed under the License is distributed on an "AS IS" BASIS,
12 - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 - * See the License for the specific language governing permissions and
14 - * limitations under the License.
15 - */
16 -package org.onosproject.core;
17 -
18 -/**
19 - * Representation of an application permission.
20 - */
21 -public enum Permission {
22 - APP_READ,
23 - APP_EVENT,
24 - CONFIG_READ,
25 - CONFIG_WRITE,
26 - CLUSTER_READ,
27 - CLUSTER_WRITE,
28 - CLUSTER_EVENT,
29 - DEVICE_READ,
30 - DEVICE_EVENT,
31 - DRIVER_READ,
32 - DRIVER_WRITE,
33 - FLOWRULE_READ,
34 - FLOWRULE_WRITE,
35 - FLOWRULE_EVENT,
36 - GROUP_READ,
37 - GROUP_WRITE,
38 - GROUP_EVENT,
39 - HOST_READ,
40 - HOST_WRITE,
41 - HOST_EVENT,
42 - INTENT_READ,
43 - INTENT_WRITE,
44 - INTENT_EVENT,
45 - LINK_READ,
46 - LINK_WRITE,
47 - LINK_EVENT,
48 - PACKET_READ,
49 - PACKET_WRITE,
50 - PACKET_EVENT,
51 - STATISTIC_READ,
52 - TOPOLOGY_READ,
53 - TOPOLOGY_EVENT,
54 - TUNNEL_READ,
55 - TUNNEL_WRITE,
56 - TUNNEL_EVENT,
57 - STORAGE_WRITE
58 -}
...@@ -15,7 +15,6 @@ ...@@ -15,7 +15,6 @@
15 */ 15 */
16 package org.onosproject.net.packet; 16 package org.onosproject.net.packet;
17 17
18 -import org.onosproject.core.Permission;
19 import org.onosproject.net.flow.DefaultTrafficTreatment; 18 import org.onosproject.net.flow.DefaultTrafficTreatment;
20 import org.onosproject.net.flow.TrafficTreatment; 19 import org.onosproject.net.flow.TrafficTreatment;
21 import org.onosproject.net.flow.TrafficTreatment.Builder; 20 import org.onosproject.net.flow.TrafficTreatment.Builder;
...@@ -23,7 +22,7 @@ import org.onosproject.net.flow.TrafficTreatment.Builder; ...@@ -23,7 +22,7 @@ import org.onosproject.net.flow.TrafficTreatment.Builder;
23 import java.util.concurrent.atomic.AtomicBoolean; 22 import java.util.concurrent.atomic.AtomicBoolean;
24 23
25 import static org.onosproject.security.AppGuard.checkPermission; 24 import static org.onosproject.security.AppGuard.checkPermission;
26 - 25 +import static org.onosproject.security.AppPermission.Type.*;
27 26
28 /** 27 /**
29 * Default implementation of a packet context. 28 * Default implementation of a packet context.
...@@ -57,29 +56,25 @@ public abstract class DefaultPacketContext implements PacketContext { ...@@ -57,29 +56,25 @@ public abstract class DefaultPacketContext implements PacketContext {
57 56
58 @Override 57 @Override
59 public long time() { 58 public long time() {
60 - checkPermission(Permission.PACKET_READ); 59 + checkPermission(PACKET_READ);
61 -
62 return time; 60 return time;
63 } 61 }
64 62
65 @Override 63 @Override
66 public InboundPacket inPacket() { 64 public InboundPacket inPacket() {
67 - checkPermission(Permission.PACKET_READ); 65 + checkPermission(PACKET_READ);
68 -
69 return inPkt; 66 return inPkt;
70 } 67 }
71 68
72 @Override 69 @Override
73 public OutboundPacket outPacket() { 70 public OutboundPacket outPacket() {
74 - checkPermission(Permission.PACKET_READ); 71 + checkPermission(PACKET_READ);
75 -
76 return outPkt; 72 return outPkt;
77 } 73 }
78 74
79 @Override 75 @Override
80 public Builder treatmentBuilder() { 76 public Builder treatmentBuilder() {
81 - checkPermission(Permission.PACKET_READ); 77 + checkPermission(PACKET_READ);
82 -
83 return builder; 78 return builder;
84 } 79 }
85 80
...@@ -88,15 +83,13 @@ public abstract class DefaultPacketContext implements PacketContext { ...@@ -88,15 +83,13 @@ public abstract class DefaultPacketContext implements PacketContext {
88 83
89 @Override 84 @Override
90 public boolean block() { 85 public boolean block() {
91 - checkPermission(Permission.PACKET_WRITE); 86 + checkPermission(PACKET_WRITE);
92 -
93 return this.block.getAndSet(true); 87 return this.block.getAndSet(true);
94 } 88 }
95 89
96 @Override 90 @Override
97 public boolean isHandled() { 91 public boolean isHandled() {
98 - checkPermission(Permission.PACKET_READ); 92 + checkPermission(PACKET_READ);
99 -
100 return this.block.get(); 93 return this.block.get();
101 } 94 }
102 } 95 }
...\ No newline at end of file ...\ No newline at end of file
......
...@@ -16,7 +16,6 @@ ...@@ -16,7 +16,6 @@
16 16
17 package org.onosproject.security; 17 package org.onosproject.security;
18 18
19 -import org.onosproject.core.Permission;
20 19
21 /** 20 /**
22 * Aids SM-ONOS to perform API-level permission checking. 21 * Aids SM-ONOS to perform API-level permission checking.
...@@ -30,10 +29,10 @@ public final class AppGuard { ...@@ -30,10 +29,10 @@ public final class AppGuard {
30 * Checks if the caller has the required permission only when security-mode is enabled. 29 * Checks if the caller has the required permission only when security-mode is enabled.
31 * @param permission permission to be checked 30 * @param permission permission to be checked
32 */ 31 */
33 - public static void checkPermission(Permission permission) { 32 + public static void checkPermission(AppPermission.Type permission) {
34 SecurityManager sm = System.getSecurityManager(); 33 SecurityManager sm = System.getSecurityManager();
35 if (sm != null) { 34 if (sm != null) {
36 - System.getSecurityManager().checkPermission(new AppPermission(permission.name())); 35 + System.getSecurityManager().checkPermission(new AppPermission(permission));
37 } 36 }
38 } 37 }
39 } 38 }
......
...@@ -23,12 +23,57 @@ import java.security.BasicPermission; ...@@ -23,12 +23,57 @@ import java.security.BasicPermission;
23 */ 23 */
24 public class AppPermission extends BasicPermission { 24 public class AppPermission extends BasicPermission {
25 25
26 + public enum Type {
27 + APP_READ,
28 + APP_EVENT,
29 + CONFIG_READ,
30 + CONFIG_WRITE,
31 + CLUSTER_READ,
32 + CLUSTER_WRITE,
33 + CLUSTER_EVENT,
34 + DEVICE_READ,
35 + DEVICE_EVENT,
36 + DRIVER_READ,
37 + DRIVER_WRITE,
38 + FLOWRULE_READ,
39 + FLOWRULE_WRITE,
40 + FLOWRULE_EVENT,
41 + GROUP_READ,
42 + GROUP_WRITE,
43 + GROUP_EVENT,
44 + HOST_READ,
45 + HOST_WRITE,
46 + HOST_EVENT,
47 + INTENT_READ,
48 + INTENT_WRITE,
49 + INTENT_EVENT,
50 + LINK_READ,
51 + LINK_WRITE,
52 + LINK_EVENT,
53 + PACKET_READ,
54 + PACKET_WRITE,
55 + PACKET_EVENT,
56 + STATISTIC_READ,
57 + TOPOLOGY_READ,
58 + TOPOLOGY_EVENT,
59 + TUNNEL_READ,
60 + TUNNEL_WRITE,
61 + TUNNEL_EVENT,
62 + STORAGE_WRITE
63 + }
64 +
65 + protected Type type;
26 /** 66 /**
27 * Creates new application permission using the supplied data. 67 * Creates new application permission using the supplied data.
28 * @param name permission name 68 * @param name permission name
29 */ 69 */
30 public AppPermission(String name) { 70 public AppPermission(String name) {
31 super(name.toUpperCase(), ""); 71 super(name.toUpperCase(), "");
72 + try {
73 + type = Type.valueOf(name);
74 + } catch (IllegalArgumentException e) {
75 + type = null;
76 + }
32 } 77 }
33 78
34 /** 79 /**
...@@ -38,6 +83,28 @@ public class AppPermission extends BasicPermission { ...@@ -38,6 +83,28 @@ public class AppPermission extends BasicPermission {
38 */ 83 */
39 public AppPermission(String name, String actions) { 84 public AppPermission(String name, String actions) {
40 super(name.toUpperCase(), actions); 85 super(name.toUpperCase(), actions);
86 + try {
87 + type = Type.valueOf(name);
88 + } catch (IllegalArgumentException e) {
89 + type = null;
90 + }
91 + }
92 +
93 + /**
94 + * Crates new application permission using the supplied data.
95 + * @param type permission type
96 + */
97 + public AppPermission(Type type) {
98 + super(type.name(), "");
99 + this.type = type;
100 + }
101 +
102 + /**
103 + * Returns type of permission.
104 + * @return application permission type
105 + */
106 + public Type getType() {
107 + return this.type;
41 } 108 }
42 109
43 } 110 }
......
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.security;
18 +
19 +public class Permission {
20 +
21 + protected String classname;
22 + protected String name;
23 + protected String actions;
24 +
25 + public Permission(String classname, String name, String actions) {
26 + this.classname = classname;
27 + this.name = name;
28 + if (actions == null) {
29 + this.actions = "";
30 + } else {
31 + this.actions = actions;
32 + }
33 + }
34 +
35 + public Permission(String classname, String name) {
36 + this.classname = classname;
37 + this.name = name;
38 + this.actions = "";
39 + }
40 +
41 + public String getClassName() {
42 + return classname;
43 + }
44 +
45 + public String getName() {
46 + return name;
47 + }
48 +
49 + public String getActions() {
50 + return actions;
51 + }
52 +
53 + @Override
54 + public int hashCode() {
55 + return 0;
56 + }
57 +
58 + @Override
59 + public boolean equals(Object thatPerm) {
60 + if (this == thatPerm) {
61 + return true;
62 + }
63 +
64 + if (!(thatPerm instanceof Permission)) {
65 + return false;
66 + }
67 +
68 + Permission that = (Permission) thatPerm;
69 + return (this.classname.equals(that.classname)) && (this.name.equals(that.name))
70 + && (this.actions.equals(that.actions));
71 + }
72 +
73 + @Override
74 + public String toString() {
75 + return String.format("(%s, %s, %s)", classname, name, actions);
76 + }
77 +}
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.security;
18 +
19 +import org.onosproject.core.ApplicationId;
20 +
21 +import java.security.Permission;
22 +import java.util.List;
23 +import java.util.Map;
24 +
25 +/**
26 + * Security-Mode ONOS service.
27 + */
28 +public interface SecurityAdminService {
29 +
30 + /**
31 + * Returns true if security policy has been enforced to specified application.
32 + * @param appId application identifier
33 + * @return true if secured.
34 + */
35 + boolean isSecured(ApplicationId appId);
36 +
37 + /**
38 + * Changes SecurityModeState of specified application to REVIEWED.
39 + * @param appId application identifier
40 + */
41 + void review(ApplicationId appId);
42 +
43 + /**
44 + * Accepts and enforces security policy to specified application.
45 + * @param appId application identifier
46 + */
47 + void acceptPolicy(ApplicationId appId);
48 +
49 + /**
50 + * Register application to SM-ONOS subsystem.
51 + * @param appId application identifier
52 + */
53 + void register(ApplicationId appId);
54 +
55 + /**
56 + * Returns sorted developer specified permission Map.
57 + * @param appId application identifier
58 + * @return Map of list of permissions sorted by permission type
59 + */
60 + Map<Integer, List<Permission>> getPrintableSpecifiedPermissions(ApplicationId appId);
61 +
62 + /**
63 + * Returns sorted granted permission Map.
64 + * @param appId application identifier
65 + * @return Map of list of permissions sorted by permission type
66 + */
67 + Map<Integer, List<Permission>> getPrintableGrantedPermissions(ApplicationId appId);
68 +
69 + /**
70 + * Returns sorted requested permission Map.
71 + * @param appId application identifier
72 + * @return Map of list of permissions sorted by permission type
73 + */
74 + Map<Integer, List<Permission>> getPrintableRequestedPermissions(ApplicationId appId);
75 +
76 +
77 +}
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.security;
18 +
19 +import org.onlab.osgi.DefaultServiceDirectory;
20 +import org.onlab.osgi.ServiceDirectory;
21 +import org.onlab.osgi.ServiceNotFoundException;
22 +import org.onosproject.core.ApplicationId;
23 +
24 +/**
25 + * Utility class to aid Security-Mode ONOS.
26 + */
27 +public final class SecurityUtil {
28 +
29 + protected static ServiceDirectory serviceDirectory = new DefaultServiceDirectory();
30 +
31 + private SecurityUtil() {
32 + }
33 +
34 + public static boolean isSecurityModeEnabled() {
35 + if (System.getSecurityManager() != null) {
36 + try {
37 + SecurityAdminService securityService = serviceDirectory.get(SecurityAdminService.class);
38 + if (securityService != null) {
39 + return true;
40 + }
41 + } catch (ServiceNotFoundException e) {
42 + return false;
43 + }
44 + }
45 + return false;
46 + }
47 +
48 + public static SecurityAdminService getSecurityService() {
49 + if (System.getSecurityManager() != null) {
50 + try {
51 + SecurityAdminService securityService = serviceDirectory.get(SecurityAdminService.class);
52 + if (securityService != null) {
53 + return securityService;
54 + }
55 + } catch (ServiceNotFoundException e) {
56 + return null;
57 + }
58 + }
59 + return null;
60 + }
61 +
62 + public static boolean isAppSecured(ApplicationId appId) {
63 + SecurityAdminService service = getSecurityService();
64 + if (service != null) {
65 + if (!service.isSecured(appId)) {
66 + System.out.println("\n*******************************");
67 + System.out.println(" SM-ONOS APP WARNING ");
68 + System.out.println("*******************************");
69 + System.out.println(appId.name() + " has not been secured.");
70 + System.out.println("Please review before activating.");
71 + return false;
72 + }
73 + }
74 + return true;
75 + }
76 + public static void register(ApplicationId appId) {
77 + SecurityAdminService service = getSecurityService();
78 + if (service != null) {
79 + service.register(appId);
80 + }
81 + }
82 +}
...@@ -17,7 +17,7 @@ package org.onosproject.app; ...@@ -17,7 +17,7 @@ package org.onosproject.app;
17 17
18 import org.onosproject.core.Application; 18 import org.onosproject.core.Application;
19 import org.onosproject.core.ApplicationId; 19 import org.onosproject.core.ApplicationId;
20 -import org.onosproject.core.Permission; 20 +import org.onosproject.security.Permission;
21 21
22 import java.io.InputStream; 22 import java.io.InputStream;
23 import java.util.Set; 23 import java.util.Set;
......
...@@ -17,7 +17,7 @@ package org.onosproject.app; ...@@ -17,7 +17,7 @@ package org.onosproject.app;
17 17
18 import org.onosproject.core.Application; 18 import org.onosproject.core.Application;
19 import org.onosproject.core.ApplicationId; 19 import org.onosproject.core.ApplicationId;
20 -import org.onosproject.core.Permission; 20 +import org.onosproject.security.Permission;
21 21
22 import java.util.Set; 22 import java.util.Set;
23 23
......
...@@ -17,7 +17,7 @@ package org.onosproject.app; ...@@ -17,7 +17,7 @@ package org.onosproject.app;
17 17
18 import org.onosproject.core.Application; 18 import org.onosproject.core.Application;
19 import org.onosproject.core.ApplicationId; 19 import org.onosproject.core.ApplicationId;
20 -import org.onosproject.core.Permission; 20 +import org.onosproject.security.Permission;
21 import org.onosproject.store.AbstractStore; 21 import org.onosproject.store.AbstractStore;
22 22
23 import java.io.InputStream; 23 import java.io.InputStream;
......
...@@ -19,8 +19,9 @@ import com.google.common.collect.ImmutableList; ...@@ -19,8 +19,9 @@ import com.google.common.collect.ImmutableList;
19 import com.google.common.collect.ImmutableSet; 19 import com.google.common.collect.ImmutableSet;
20 import org.junit.Test; 20 import org.junit.Test;
21 import org.onosproject.core.ApplicationRole; 21 import org.onosproject.core.ApplicationRole;
22 -import org.onosproject.core.Permission;
23 import org.onosproject.core.Version; 22 import org.onosproject.core.Version;
23 +import org.onosproject.security.AppPermission;
24 +import org.onosproject.security.Permission;
24 25
25 import java.net.URI; 26 import java.net.URI;
26 import java.util.List; 27 import java.util.List;
...@@ -40,7 +41,9 @@ public class DefaultApplicationDescriptionTest { ...@@ -40,7 +41,9 @@ public class DefaultApplicationDescriptionTest {
40 public static final String DESC = "Awesome application from Circus, Inc."; 41 public static final String DESC = "Awesome application from Circus, Inc.";
41 public static final String ORIGIN = "Circus"; 42 public static final String ORIGIN = "Circus";
42 public static final ApplicationRole ROLE = ApplicationRole.ADMIN; 43 public static final ApplicationRole ROLE = ApplicationRole.ADMIN;
43 - public static final Set<Permission> PERMS = ImmutableSet.of(Permission.FLOWRULE_WRITE, Permission.FLOWRULE_READ); 44 + public static final Set<Permission> PERMS = ImmutableSet.of(
45 + new Permission(AppPermission.class.getName(), "FLOWRULE_WRITE"),
46 + new Permission(AppPermission.class.getName(), "FLOWRULE_READ"));
44 public static final URI FURL = URI.create("mvn:org.foo-features/1.2a/xml/features"); 47 public static final URI FURL = URI.create("mvn:org.foo-features/1.2a/xml/features");
45 public static final List<String> FEATURES = ImmutableList.of("foo", "bar"); 48 public static final List<String> FEATURES = ImmutableList.of("foo", "bar");
46 49
......
...@@ -33,6 +33,10 @@ ...@@ -33,6 +33,10 @@
33 33
34 <dependencies> 34 <dependencies>
35 <dependency> 35 <dependency>
36 + <groupId>org.osgi</groupId>
37 + <artifactId>org.osgi.core</artifactId>
38 + </dependency>
39 + <dependency>
36 <groupId>org.onosproject</groupId> 40 <groupId>org.onosproject</groupId>
37 <artifactId>onos-api</artifactId> 41 <artifactId>onos-api</artifactId>
38 </dependency> 42 </dependency>
......
...@@ -20,6 +20,7 @@ import com.google.common.collect.ImmutableSet; ...@@ -20,6 +20,7 @@ import com.google.common.collect.ImmutableSet;
20 import com.google.common.io.ByteStreams; 20 import com.google.common.io.ByteStreams;
21 import com.google.common.io.Files; 21 import com.google.common.io.Files;
22 import org.apache.commons.configuration.ConfigurationException; 22 import org.apache.commons.configuration.ConfigurationException;
23 +import org.apache.commons.configuration.HierarchicalConfiguration;
23 import org.apache.commons.configuration.XMLConfiguration; 24 import org.apache.commons.configuration.XMLConfiguration;
24 import org.onlab.util.Tools; 25 import org.onlab.util.Tools;
25 import org.onosproject.app.ApplicationDescription; 26 import org.onosproject.app.ApplicationDescription;
...@@ -28,9 +29,11 @@ import org.onosproject.app.ApplicationException; ...@@ -28,9 +29,11 @@ import org.onosproject.app.ApplicationException;
28 import org.onosproject.app.ApplicationStoreDelegate; 29 import org.onosproject.app.ApplicationStoreDelegate;
29 import org.onosproject.app.DefaultApplicationDescription; 30 import org.onosproject.app.DefaultApplicationDescription;
30 import org.onosproject.core.ApplicationRole; 31 import org.onosproject.core.ApplicationRole;
31 -import org.onosproject.core.Permission;
32 import org.onosproject.core.Version; 32 import org.onosproject.core.Version;
33 +import org.onosproject.security.AppPermission;
34 +import org.onosproject.security.Permission;
33 import org.onosproject.store.AbstractStore; 35 import org.onosproject.store.AbstractStore;
36 +
34 import org.slf4j.Logger; 37 import org.slf4j.Logger;
35 import org.slf4j.LoggerFactory; 38 import org.slf4j.LoggerFactory;
36 39
...@@ -79,7 +82,9 @@ public class ApplicationArchive ...@@ -79,7 +82,9 @@ public class ApplicationArchive
79 private static final String DESCRIPTION = "description"; 82 private static final String DESCRIPTION = "description";
80 83
81 private static final String ROLE = "security.role"; 84 private static final String ROLE = "security.role";
82 - private static final String PERMISSIONS = "security.permissions.permission"; 85 + private static final String APP_PERMISSIONS = "security.permissions.app-perm";
86 + private static final String NET_PERMISSIONS = "security.permissions.net-perm";
87 + private static final String JAVA_PERMISSIONS = "security.permissions.java-perm";
83 88
84 private static final String OAR = ".oar"; 89 private static final String OAR = ".oar";
85 private static final String APP_XML = "app.xml"; 90 private static final String APP_XML = "app.xml";
...@@ -386,13 +391,25 @@ public class ApplicationArchive ...@@ -386,13 +391,25 @@ public class ApplicationArchive
386 // Returns the set of Permissions specified in the app.xml file 391 // Returns the set of Permissions specified in the app.xml file
387 private ImmutableSet<Permission> getPermissions(XMLConfiguration cfg) { 392 private ImmutableSet<Permission> getPermissions(XMLConfiguration cfg) {
388 List<Permission> permissionList = new ArrayList(); 393 List<Permission> permissionList = new ArrayList();
389 - for (Object o : cfg.getList(PERMISSIONS)) { 394 +
395 + for (Object o : cfg.getList(APP_PERMISSIONS)) {
390 String name = (String) o; 396 String name = (String) o;
391 - try { 397 + permissionList.add(new Permission(AppPermission.class.getName(), name));
392 - Permission perm = Permission.valueOf(name); 398 + }
393 - permissionList.add(perm); 399 + for (Object o : cfg.getList(NET_PERMISSIONS)) {
394 - } catch (IllegalArgumentException e) { 400 + //TODO: TO BE FLESHED OUT WHEN NETWORK PERMISSIONS ARE SUPPORTED
395 - log.debug("Unknown permission specified: %s", name); 401 + break;
402 + }
403 +
404 + List<HierarchicalConfiguration> fields =
405 + cfg.configurationsAt(JAVA_PERMISSIONS);
406 + for (HierarchicalConfiguration sub : fields) {
407 + String classname = sub.getString("classname");
408 + String name = sub.getString("name");
409 + String actions = sub.getString("actions");
410 +
411 + if (classname != null && name != null) {
412 + permissionList.add(new Permission(classname, name, actions));
396 } 413 }
397 } 414 }
398 return ImmutableSet.copyOf(permissionList); 415 return ImmutableSet.copyOf(permissionList);
......
...@@ -31,7 +31,7 @@ import org.onosproject.core.Application; ...@@ -31,7 +31,7 @@ import org.onosproject.core.Application;
31 import org.onosproject.core.ApplicationId; 31 import org.onosproject.core.ApplicationId;
32 import org.onosproject.core.ApplicationIdStore; 32 import org.onosproject.core.ApplicationIdStore;
33 import org.onosproject.core.DefaultApplication; 33 import org.onosproject.core.DefaultApplication;
34 -import org.onosproject.core.Permission; 34 +import org.onosproject.security.Permission;
35 import org.slf4j.Logger; 35 import org.slf4j.Logger;
36 36
37 import java.io.InputStream; 37 import java.io.InputStream;
......
...@@ -28,7 +28,8 @@ import org.onosproject.core.Application; ...@@ -28,7 +28,8 @@ import org.onosproject.core.Application;
28 import org.onosproject.core.ApplicationId; 28 import org.onosproject.core.ApplicationId;
29 import org.onosproject.core.ApplicationIdStoreAdapter; 29 import org.onosproject.core.ApplicationIdStoreAdapter;
30 import org.onosproject.core.DefaultApplicationId; 30 import org.onosproject.core.DefaultApplicationId;
31 -import org.onosproject.core.Permission; 31 +import org.onosproject.security.AppPermission;
32 +import org.onosproject.security.Permission;
32 33
33 import java.io.File; 34 import java.io.File;
34 import java.io.IOException; 35 import java.io.IOException;
...@@ -114,7 +115,8 @@ public class SimpleApplicationStoreTest { ...@@ -114,7 +115,8 @@ public class SimpleApplicationStoreTest {
114 @Test 115 @Test
115 public void permissions() { 116 public void permissions() {
116 Application app = createTestApp(); 117 Application app = createTestApp();
117 - ImmutableSet<Permission> permissions = ImmutableSet.of(Permission.FLOWRULE_WRITE); 118 + ImmutableSet<Permission> permissions =
119 + ImmutableSet.of(new Permission(AppPermission.class.getName(), "FLOWRULE_WRITE"));
118 store.setPermissions(app.id(), permissions); 120 store.setPermissions(app.id(), permissions);
119 assertEquals("incorrect app perms", 1, store.getPermissions(app.id()).size()); 121 assertEquals("incorrect app perms", 1, store.getPermissions(app.id()).size());
120 assertEquals("incorrect app state", INSTALLED, store.getState(app.id())); 122 assertEquals("incorrect app state", INSTALLED, store.getState(app.id()));
......
1 -<?xml version="1.0" encoding="UTF-8"?>
2 <!-- 1 <!--
3 ~ Copyright 2015 Open Networking Laboratory 2 ~ Copyright 2015 Open Networking Laboratory
4 ~ 3 ~
...@@ -21,8 +20,10 @@ ...@@ -21,8 +20,10 @@
21 <security> 20 <security>
22 <role>ADMIN</role> 21 <role>ADMIN</role>
23 <permissions> 22 <permissions>
24 - <permission>FLOWRULE_WRITE</permission> 23 + <app-perm>FLOWRULE_WRITE</app-perm>
25 - <permission>FLOWRULE_READ</permission> 24 + <app-perm>FLOWRULE_READ</app-perm>
26 </permissions> 25 </permissions>
26 +
27 </security> 27 </security>
28 +
28 </app> 29 </app>
......
...@@ -33,7 +33,8 @@ import org.onosproject.app.ApplicationStoreDelegate; ...@@ -33,7 +33,8 @@ import org.onosproject.app.ApplicationStoreDelegate;
33 import org.onosproject.event.AbstractListenerManager; 33 import org.onosproject.event.AbstractListenerManager;
34 import org.onosproject.core.Application; 34 import org.onosproject.core.Application;
35 import org.onosproject.core.ApplicationId; 35 import org.onosproject.core.ApplicationId;
36 -import org.onosproject.core.Permission; 36 +import org.onosproject.security.Permission;
37 +import org.onosproject.security.SecurityUtil;
37 import org.slf4j.Logger; 38 import org.slf4j.Logger;
38 39
39 import java.io.InputStream; 40 import java.io.InputStream;
...@@ -41,6 +42,7 @@ import java.util.Set; ...@@ -41,6 +42,7 @@ import java.util.Set;
41 42
42 import static com.google.common.base.Preconditions.checkNotNull; 43 import static com.google.common.base.Preconditions.checkNotNull;
43 import static org.onosproject.app.ApplicationEvent.Type.*; 44 import static org.onosproject.app.ApplicationEvent.Type.*;
45 +import static org.onosproject.security.AppPermission.Type.*;
44 import static org.onosproject.security.AppGuard.checkPermission; 46 import static org.onosproject.security.AppGuard.checkPermission;
45 import static org.slf4j.LoggerFactory.getLogger; 47 import static org.slf4j.LoggerFactory.getLogger;
46 48
...@@ -87,34 +89,34 @@ public class ApplicationManager ...@@ -87,34 +89,34 @@ public class ApplicationManager
87 89
88 @Override 90 @Override
89 public Set<Application> getApplications() { 91 public Set<Application> getApplications() {
90 - checkPermission(Permission.APP_READ); 92 + checkPermission(APP_READ);
91 return store.getApplications(); 93 return store.getApplications();
92 } 94 }
93 95
94 @Override 96 @Override
95 public ApplicationId getId(String name) { 97 public ApplicationId getId(String name) {
96 - checkPermission(Permission.APP_READ); 98 + checkPermission(APP_READ);
97 checkNotNull(name, "Name cannot be null"); 99 checkNotNull(name, "Name cannot be null");
98 return store.getId(name); 100 return store.getId(name);
99 } 101 }
100 102
101 @Override 103 @Override
102 public Application getApplication(ApplicationId appId) { 104 public Application getApplication(ApplicationId appId) {
103 - checkPermission(Permission.APP_READ); 105 + checkPermission(APP_READ);
104 checkNotNull(appId, APP_ID_NULL); 106 checkNotNull(appId, APP_ID_NULL);
105 return store.getApplication(appId); 107 return store.getApplication(appId);
106 } 108 }
107 109
108 @Override 110 @Override
109 public ApplicationState getState(ApplicationId appId) { 111 public ApplicationState getState(ApplicationId appId) {
110 - checkPermission(Permission.APP_READ); 112 + checkPermission(APP_READ);
111 checkNotNull(appId, APP_ID_NULL); 113 checkNotNull(appId, APP_ID_NULL);
112 return store.getState(appId); 114 return store.getState(appId);
113 } 115 }
114 116
115 @Override 117 @Override
116 public Set<Permission> getPermissions(ApplicationId appId) { 118 public Set<Permission> getPermissions(ApplicationId appId) {
117 - checkPermission(Permission.APP_READ); 119 + checkPermission(APP_READ);
118 checkNotNull(appId, APP_ID_NULL); 120 checkNotNull(appId, APP_ID_NULL);
119 return store.getPermissions(appId); 121 return store.getPermissions(appId);
120 } 122 }
...@@ -122,7 +124,9 @@ public class ApplicationManager ...@@ -122,7 +124,9 @@ public class ApplicationManager
122 @Override 124 @Override
123 public Application install(InputStream appDescStream) { 125 public Application install(InputStream appDescStream) {
124 checkNotNull(appDescStream, "Application archive stream cannot be null"); 126 checkNotNull(appDescStream, "Application archive stream cannot be null");
125 - return store.create(appDescStream); 127 + Application app = store.create(appDescStream);
128 + SecurityUtil.register(app.id());
129 + return app;
126 } 130 }
127 131
128 @Override 132 @Override
...@@ -138,6 +142,9 @@ public class ApplicationManager ...@@ -138,6 +142,9 @@ public class ApplicationManager
138 @Override 142 @Override
139 public void activate(ApplicationId appId) { 143 public void activate(ApplicationId appId) {
140 checkNotNull(appId, APP_ID_NULL); 144 checkNotNull(appId, APP_ID_NULL);
145 + if (!SecurityUtil.isAppSecured(appId)) {
146 + return;
147 + }
141 store.activate(appId); 148 store.activate(appId);
142 } 149 }
143 150
......
...@@ -31,7 +31,6 @@ import org.onosproject.cfg.ComponentConfigService; ...@@ -31,7 +31,6 @@ import org.onosproject.cfg.ComponentConfigService;
31 import org.onosproject.cfg.ComponentConfigStore; 31 import org.onosproject.cfg.ComponentConfigStore;
32 import org.onosproject.cfg.ComponentConfigStoreDelegate; 32 import org.onosproject.cfg.ComponentConfigStoreDelegate;
33 import org.onosproject.cfg.ConfigProperty; 33 import org.onosproject.cfg.ConfigProperty;
34 -import org.onosproject.core.Permission;
35 import org.osgi.service.cm.Configuration; 34 import org.osgi.service.cm.Configuration;
36 import org.osgi.service.cm.ConfigurationAdmin; 35 import org.osgi.service.cm.ConfigurationAdmin;
37 import org.slf4j.Logger; 36 import org.slf4j.Logger;
...@@ -50,6 +49,7 @@ import static com.google.common.base.Preconditions.checkArgument; ...@@ -50,6 +49,7 @@ import static com.google.common.base.Preconditions.checkArgument;
50 import static com.google.common.base.Preconditions.checkNotNull; 49 import static com.google.common.base.Preconditions.checkNotNull;
51 import static org.onosproject.security.AppGuard.checkPermission; 50 import static org.onosproject.security.AppGuard.checkPermission;
52 import static org.slf4j.LoggerFactory.getLogger; 51 import static org.slf4j.LoggerFactory.getLogger;
52 +import static org.onosproject.security.AppPermission.Type.*;
53 53
54 54
55 /** 55 /**
...@@ -99,14 +99,14 @@ public class ComponentConfigManager implements ComponentConfigService { ...@@ -99,14 +99,14 @@ public class ComponentConfigManager implements ComponentConfigService {
99 99
100 @Override 100 @Override
101 public Set<String> getComponentNames() { 101 public Set<String> getComponentNames() {
102 - checkPermission(Permission.CONFIG_READ); 102 + checkPermission(CONFIG_READ);
103 103
104 return ImmutableSet.copyOf(properties.keySet()); 104 return ImmutableSet.copyOf(properties.keySet());
105 } 105 }
106 106
107 @Override 107 @Override
108 public void registerProperties(Class<?> componentClass) { 108 public void registerProperties(Class<?> componentClass) {
109 - checkPermission(Permission.CONFIG_WRITE); 109 + checkPermission(CONFIG_WRITE);
110 110
111 String componentName = componentClass.getName(); 111 String componentName = componentClass.getName();
112 String resourceName = componentClass.getSimpleName() + RESOURCE_EXT; 112 String resourceName = componentClass.getSimpleName() + RESOURCE_EXT;
...@@ -130,7 +130,7 @@ public class ComponentConfigManager implements ComponentConfigService { ...@@ -130,7 +130,7 @@ public class ComponentConfigManager implements ComponentConfigService {
130 130
131 @Override 131 @Override
132 public void unregisterProperties(Class<?> componentClass, boolean clear) { 132 public void unregisterProperties(Class<?> componentClass, boolean clear) {
133 - checkPermission(Permission.CONFIG_WRITE); 133 + checkPermission(CONFIG_WRITE);
134 134
135 String componentName = componentClass.getName(); 135 String componentName = componentClass.getName();
136 checkNotNull(componentName, COMPONENT_NULL); 136 checkNotNull(componentName, COMPONENT_NULL);
...@@ -148,7 +148,7 @@ public class ComponentConfigManager implements ComponentConfigService { ...@@ -148,7 +148,7 @@ public class ComponentConfigManager implements ComponentConfigService {
148 148
149 @Override 149 @Override
150 public Set<ConfigProperty> getProperties(String componentName) { 150 public Set<ConfigProperty> getProperties(String componentName) {
151 - checkPermission(Permission.CONFIG_READ); 151 + checkPermission(CONFIG_READ);
152 152
153 Map<String, ConfigProperty> map = properties.get(componentName); 153 Map<String, ConfigProperty> map = properties.get(componentName);
154 return map != null ? ImmutableSet.copyOf(map.values()) : null; 154 return map != null ? ImmutableSet.copyOf(map.values()) : null;
...@@ -156,7 +156,7 @@ public class ComponentConfigManager implements ComponentConfigService { ...@@ -156,7 +156,7 @@ public class ComponentConfigManager implements ComponentConfigService {
156 156
157 @Override 157 @Override
158 public void setProperty(String componentName, String name, String value) { 158 public void setProperty(String componentName, String name, String value) {
159 - checkPermission(Permission.CONFIG_WRITE); 159 + checkPermission(CONFIG_WRITE);
160 160
161 checkNotNull(componentName, COMPONENT_NULL); 161 checkNotNull(componentName, COMPONENT_NULL);
162 checkNotNull(name, PROPERTY_NULL); 162 checkNotNull(name, PROPERTY_NULL);
...@@ -165,7 +165,7 @@ public class ComponentConfigManager implements ComponentConfigService { ...@@ -165,7 +165,7 @@ public class ComponentConfigManager implements ComponentConfigService {
165 165
166 @Override 166 @Override
167 public void unsetProperty(String componentName, String name) { 167 public void unsetProperty(String componentName, String name) {
168 - checkPermission(Permission.CONFIG_WRITE); 168 + checkPermission(CONFIG_WRITE);
169 169
170 checkNotNull(componentName, COMPONENT_NULL); 170 checkNotNull(componentName, COMPONENT_NULL);
171 checkNotNull(name, PROPERTY_NULL); 171 checkNotNull(name, PROPERTY_NULL);
......
...@@ -34,7 +34,6 @@ import org.onosproject.cluster.ClusterStoreDelegate; ...@@ -34,7 +34,6 @@ import org.onosproject.cluster.ClusterStoreDelegate;
34 import org.onosproject.cluster.ControllerNode; 34 import org.onosproject.cluster.ControllerNode;
35 import org.onosproject.cluster.NodeId; 35 import org.onosproject.cluster.NodeId;
36 import org.onosproject.event.AbstractListenerManager; 36 import org.onosproject.event.AbstractListenerManager;
37 -import org.onosproject.core.Permission;
38 import org.slf4j.Logger; 37 import org.slf4j.Logger;
39 38
40 import java.util.Set; 39 import java.util.Set;
...@@ -43,6 +42,8 @@ import static com.google.common.base.Preconditions.checkArgument; ...@@ -43,6 +42,8 @@ import static com.google.common.base.Preconditions.checkArgument;
43 import static com.google.common.base.Preconditions.checkNotNull; 42 import static com.google.common.base.Preconditions.checkNotNull;
44 import static org.onosproject.security.AppGuard.checkPermission; 43 import static org.onosproject.security.AppGuard.checkPermission;
45 import static org.slf4j.LoggerFactory.getLogger; 44 import static org.slf4j.LoggerFactory.getLogger;
45 +import static org.onosproject.security.AppPermission.Type.*;
46 +
46 47
47 48
48 /** 49 /**
...@@ -86,26 +87,26 @@ public class ClusterManager ...@@ -86,26 +87,26 @@ public class ClusterManager
86 87
87 @Override 88 @Override
88 public ControllerNode getLocalNode() { 89 public ControllerNode getLocalNode() {
89 - checkPermission(Permission.CLUSTER_READ); 90 + checkPermission(CLUSTER_READ);
90 return store.getLocalNode(); 91 return store.getLocalNode();
91 } 92 }
92 93
93 @Override 94 @Override
94 public Set<ControllerNode> getNodes() { 95 public Set<ControllerNode> getNodes() {
95 - checkPermission(Permission.CLUSTER_READ); 96 + checkPermission(CLUSTER_READ);
96 return store.getNodes(); 97 return store.getNodes();
97 } 98 }
98 99
99 @Override 100 @Override
100 public ControllerNode getNode(NodeId nodeId) { 101 public ControllerNode getNode(NodeId nodeId) {
101 - checkPermission(Permission.CLUSTER_READ); 102 + checkPermission(CLUSTER_READ);
102 checkNotNull(nodeId, INSTANCE_ID_NULL); 103 checkNotNull(nodeId, INSTANCE_ID_NULL);
103 return store.getNode(nodeId); 104 return store.getNode(nodeId);
104 } 105 }
105 106
106 @Override 107 @Override
107 public ControllerNode.State getState(NodeId nodeId) { 108 public ControllerNode.State getState(NodeId nodeId) {
108 - checkPermission(Permission.CLUSTER_READ); 109 + checkPermission(CLUSTER_READ);
109 checkNotNull(nodeId, INSTANCE_ID_NULL); 110 checkNotNull(nodeId, INSTANCE_ID_NULL);
110 return store.getState(nodeId); 111 return store.getState(nodeId);
111 } 112 }
...@@ -113,7 +114,7 @@ public class ClusterManager ...@@ -113,7 +114,7 @@ public class ClusterManager
113 114
114 @Override 115 @Override
115 public DateTime getLastUpdated(NodeId nodeId) { 116 public DateTime getLastUpdated(NodeId nodeId) {
116 - checkPermission(Permission.CLUSTER_READ); 117 + checkPermission(CLUSTER_READ);
117 return store.getLastUpdated(nodeId); 118 return store.getLastUpdated(nodeId);
118 } 119 }
119 120
......
...@@ -32,7 +32,6 @@ import org.onosproject.cluster.NodeId; ...@@ -32,7 +32,6 @@ import org.onosproject.cluster.NodeId;
32 import org.onosproject.cluster.RoleInfo; 32 import org.onosproject.cluster.RoleInfo;
33 import org.onosproject.event.AbstractListenerManager; 33 import org.onosproject.event.AbstractListenerManager;
34 import org.onosproject.core.MetricsHelper; 34 import org.onosproject.core.MetricsHelper;
35 -import org.onosproject.core.Permission;
36 import org.onosproject.mastership.MastershipAdminService; 35 import org.onosproject.mastership.MastershipAdminService;
37 import org.onosproject.mastership.MastershipEvent; 36 import org.onosproject.mastership.MastershipEvent;
38 import org.onosproject.mastership.MastershipListener; 37 import org.onosproject.mastership.MastershipListener;
...@@ -62,6 +61,8 @@ import static org.onosproject.cluster.ControllerNode.State.ACTIVE; ...@@ -62,6 +61,8 @@ import static org.onosproject.cluster.ControllerNode.State.ACTIVE;
62 import static org.onosproject.net.MastershipRole.MASTER; 61 import static org.onosproject.net.MastershipRole.MASTER;
63 import static org.onosproject.security.AppGuard.checkPermission; 62 import static org.onosproject.security.AppGuard.checkPermission;
64 import static org.slf4j.LoggerFactory.getLogger; 63 import static org.slf4j.LoggerFactory.getLogger;
64 +import static org.onosproject.security.AppPermission.Type.*;
65 +
65 66
66 67
67 @Component(immediate = true) 68 @Component(immediate = true)
...@@ -136,7 +137,7 @@ public class MastershipManager ...@@ -136,7 +137,7 @@ public class MastershipManager
136 137
137 @Override 138 @Override
138 public MastershipRole getLocalRole(DeviceId deviceId) { 139 public MastershipRole getLocalRole(DeviceId deviceId) {
139 - checkPermission(Permission.CLUSTER_READ); 140 + checkPermission(CLUSTER_READ);
140 141
141 checkNotNull(deviceId, DEVICE_ID_NULL); 142 checkNotNull(deviceId, DEVICE_ID_NULL);
142 return store.getRole(clusterService.getLocalNode().id(), deviceId); 143 return store.getRole(clusterService.getLocalNode().id(), deviceId);
...@@ -144,7 +145,7 @@ public class MastershipManager ...@@ -144,7 +145,7 @@ public class MastershipManager
144 145
145 @Override 146 @Override
146 public CompletableFuture<Void> relinquishMastership(DeviceId deviceId) { 147 public CompletableFuture<Void> relinquishMastership(DeviceId deviceId) {
147 - checkPermission(Permission.CLUSTER_WRITE); 148 + checkPermission(CLUSTER_WRITE);
148 return store.relinquishRole(localNodeId, deviceId) 149 return store.relinquishRole(localNodeId, deviceId)
149 .thenAccept(this::post) 150 .thenAccept(this::post)
150 .thenApply(v -> null); 151 .thenApply(v -> null);
...@@ -152,7 +153,7 @@ public class MastershipManager ...@@ -152,7 +153,7 @@ public class MastershipManager
152 153
153 @Override 154 @Override
154 public CompletableFuture<MastershipRole> requestRoleFor(DeviceId deviceId) { 155 public CompletableFuture<MastershipRole> requestRoleFor(DeviceId deviceId) {
155 - checkPermission(Permission.CLUSTER_WRITE); 156 + checkPermission(CLUSTER_WRITE);
156 157
157 checkNotNull(deviceId, DEVICE_ID_NULL); 158 checkNotNull(deviceId, DEVICE_ID_NULL);
158 final Context timer = startTimer(requestRoleTimer); 159 final Context timer = startTimer(requestRoleTimer);
...@@ -162,7 +163,7 @@ public class MastershipManager ...@@ -162,7 +163,7 @@ public class MastershipManager
162 163
163 @Override 164 @Override
164 public NodeId getMasterFor(DeviceId deviceId) { 165 public NodeId getMasterFor(DeviceId deviceId) {
165 - checkPermission(Permission.CLUSTER_READ); 166 + checkPermission(CLUSTER_READ);
166 167
167 checkNotNull(deviceId, DEVICE_ID_NULL); 168 checkNotNull(deviceId, DEVICE_ID_NULL);
168 return store.getMaster(deviceId); 169 return store.getMaster(deviceId);
...@@ -170,7 +171,7 @@ public class MastershipManager ...@@ -170,7 +171,7 @@ public class MastershipManager
170 171
171 @Override 172 @Override
172 public Set<DeviceId> getDevicesOf(NodeId nodeId) { 173 public Set<DeviceId> getDevicesOf(NodeId nodeId) {
173 - checkPermission(Permission.CLUSTER_READ); 174 + checkPermission(CLUSTER_READ);
174 175
175 checkNotNull(nodeId, NODE_ID_NULL); 176 checkNotNull(nodeId, NODE_ID_NULL);
176 return store.getDevices(nodeId); 177 return store.getDevices(nodeId);
...@@ -178,7 +179,7 @@ public class MastershipManager ...@@ -178,7 +179,7 @@ public class MastershipManager
178 179
179 @Override 180 @Override
180 public RoleInfo getNodesFor(DeviceId deviceId) { 181 public RoleInfo getNodesFor(DeviceId deviceId) {
181 - checkPermission(Permission.CLUSTER_READ); 182 + checkPermission(CLUSTER_READ);
182 183
183 checkNotNull(deviceId, DEVICE_ID_NULL); 184 checkNotNull(deviceId, DEVICE_ID_NULL);
184 return store.getNodes(deviceId); 185 return store.getNodes(deviceId);
......
...@@ -31,7 +31,6 @@ import org.onosproject.core.ApplicationIdStore; ...@@ -31,7 +31,6 @@ import org.onosproject.core.ApplicationIdStore;
31 import org.onosproject.core.CoreService; 31 import org.onosproject.core.CoreService;
32 import org.onosproject.core.IdBlockStore; 32 import org.onosproject.core.IdBlockStore;
33 import org.onosproject.core.IdGenerator; 33 import org.onosproject.core.IdGenerator;
34 -import org.onosproject.core.Permission;
35 import org.onosproject.core.Version; 34 import org.onosproject.core.Version;
36 import org.onosproject.event.EventDeliveryService; 35 import org.onosproject.event.EventDeliveryService;
37 import org.osgi.service.component.ComponentContext; 36 import org.osgi.service.component.ComponentContext;
...@@ -46,6 +45,8 @@ import java.util.Set; ...@@ -46,6 +45,8 @@ import java.util.Set;
46 import static com.google.common.base.Preconditions.checkNotNull; 45 import static com.google.common.base.Preconditions.checkNotNull;
47 import static com.google.common.base.Strings.isNullOrEmpty; 46 import static com.google.common.base.Strings.isNullOrEmpty;
48 import static org.onosproject.security.AppGuard.checkPermission; 47 import static org.onosproject.security.AppGuard.checkPermission;
48 +import static org.onosproject.security.AppPermission.Type.*;
49 +
49 50
50 51
51 /** 52 /**
...@@ -100,28 +101,28 @@ public class CoreManager implements CoreService { ...@@ -100,28 +101,28 @@ public class CoreManager implements CoreService {
100 101
101 @Override 102 @Override
102 public Version version() { 103 public Version version() {
103 - checkPermission(Permission.APP_READ); 104 + checkPermission(APP_READ);
104 105
105 return version; 106 return version;
106 } 107 }
107 108
108 @Override 109 @Override
109 public Set<ApplicationId> getAppIds() { 110 public Set<ApplicationId> getAppIds() {
110 - checkPermission(Permission.APP_READ); 111 + checkPermission(APP_READ);
111 112
112 return applicationIdStore.getAppIds(); 113 return applicationIdStore.getAppIds();
113 } 114 }
114 115
115 @Override 116 @Override
116 public ApplicationId getAppId(Short id) { 117 public ApplicationId getAppId(Short id) {
117 - checkPermission(Permission.APP_READ); 118 + checkPermission(APP_READ);
118 119
119 return applicationIdStore.getAppId(id); 120 return applicationIdStore.getAppId(id);
120 } 121 }
121 122
122 @Override 123 @Override
123 public ApplicationId getAppId(String name) { 124 public ApplicationId getAppId(String name) {
124 - checkPermission(Permission.APP_READ); 125 + checkPermission(APP_READ);
125 126
126 return applicationIdStore.getAppId(name); 127 return applicationIdStore.getAppId(name);
127 } 128 }
......
...@@ -27,7 +27,6 @@ import org.apache.felix.scr.annotations.Service; ...@@ -27,7 +27,6 @@ import org.apache.felix.scr.annotations.Service;
27 import org.onosproject.cluster.ClusterService; 27 import org.onosproject.cluster.ClusterService;
28 import org.onosproject.cluster.NodeId; 28 import org.onosproject.cluster.NodeId;
29 import org.onosproject.net.provider.AbstractListenerProviderRegistry; 29 import org.onosproject.net.provider.AbstractListenerProviderRegistry;
30 -import org.onosproject.core.Permission;
31 import org.onosproject.net.config.NetworkConfigEvent; 30 import org.onosproject.net.config.NetworkConfigEvent;
32 import org.onosproject.net.config.NetworkConfigListener; 31 import org.onosproject.net.config.NetworkConfigListener;
33 import org.onosproject.net.config.NetworkConfigService; 32 import org.onosproject.net.config.NetworkConfigService;
...@@ -77,6 +76,7 @@ import static org.onlab.util.Tools.groupedThreads; ...@@ -77,6 +76,7 @@ import static org.onlab.util.Tools.groupedThreads;
77 import static org.onosproject.net.MastershipRole.*; 76 import static org.onosproject.net.MastershipRole.*;
78 import static org.onosproject.security.AppGuard.checkPermission; 77 import static org.onosproject.security.AppGuard.checkPermission;
79 import static org.slf4j.LoggerFactory.getLogger; 78 import static org.slf4j.LoggerFactory.getLogger;
79 +import static org.onosproject.security.AppPermission.Type.*;
80 80
81 81
82 /** 82 /**
...@@ -151,60 +151,60 @@ public class DeviceManager ...@@ -151,60 +151,60 @@ public class DeviceManager
151 151
152 @Override 152 @Override
153 public int getDeviceCount() { 153 public int getDeviceCount() {
154 - checkPermission(Permission.DEVICE_READ); 154 + checkPermission(DEVICE_READ);
155 return store.getDeviceCount(); 155 return store.getDeviceCount();
156 } 156 }
157 157
158 @Override 158 @Override
159 public Iterable<Device> getDevices() { 159 public Iterable<Device> getDevices() {
160 - checkPermission(Permission.DEVICE_READ); 160 + checkPermission(DEVICE_READ);
161 return store.getDevices(); 161 return store.getDevices();
162 } 162 }
163 163
164 @Override 164 @Override
165 public Iterable<Device> getAvailableDevices() { 165 public Iterable<Device> getAvailableDevices() {
166 - checkPermission(Permission.DEVICE_READ); 166 + checkPermission(DEVICE_READ);
167 return store.getAvailableDevices(); 167 return store.getAvailableDevices();
168 } 168 }
169 169
170 @Override 170 @Override
171 public Device getDevice(DeviceId deviceId) { 171 public Device getDevice(DeviceId deviceId) {
172 - checkPermission(Permission.DEVICE_READ); 172 + checkPermission(DEVICE_READ);
173 checkNotNull(deviceId, DEVICE_ID_NULL); 173 checkNotNull(deviceId, DEVICE_ID_NULL);
174 return store.getDevice(deviceId); 174 return store.getDevice(deviceId);
175 } 175 }
176 176
177 @Override 177 @Override
178 public MastershipRole getRole(DeviceId deviceId) { 178 public MastershipRole getRole(DeviceId deviceId) {
179 - checkPermission(Permission.DEVICE_READ); 179 + checkPermission(DEVICE_READ);
180 checkNotNull(deviceId, DEVICE_ID_NULL); 180 checkNotNull(deviceId, DEVICE_ID_NULL);
181 return mastershipService.getLocalRole(deviceId); 181 return mastershipService.getLocalRole(deviceId);
182 } 182 }
183 183
184 @Override 184 @Override
185 public List<Port> getPorts(DeviceId deviceId) { 185 public List<Port> getPorts(DeviceId deviceId) {
186 - checkPermission(Permission.DEVICE_READ); 186 + checkPermission(DEVICE_READ);
187 checkNotNull(deviceId, DEVICE_ID_NULL); 187 checkNotNull(deviceId, DEVICE_ID_NULL);
188 return store.getPorts(deviceId); 188 return store.getPorts(deviceId);
189 } 189 }
190 190
191 @Override 191 @Override
192 public List<PortStatistics> getPortStatistics(DeviceId deviceId) { 192 public List<PortStatistics> getPortStatistics(DeviceId deviceId) {
193 - checkPermission(Permission.DEVICE_READ); 193 + checkPermission(DEVICE_READ);
194 checkNotNull(deviceId, DEVICE_ID_NULL); 194 checkNotNull(deviceId, DEVICE_ID_NULL);
195 return store.getPortStatistics(deviceId); 195 return store.getPortStatistics(deviceId);
196 } 196 }
197 197
198 @Override 198 @Override
199 public List<PortStatistics> getPortDeltaStatistics(DeviceId deviceId) { 199 public List<PortStatistics> getPortDeltaStatistics(DeviceId deviceId) {
200 - checkPermission(Permission.DEVICE_READ); 200 + checkPermission(DEVICE_READ);
201 checkNotNull(deviceId, DEVICE_ID_NULL); 201 checkNotNull(deviceId, DEVICE_ID_NULL);
202 return store.getPortDeltaStatistics(deviceId); 202 return store.getPortDeltaStatistics(deviceId);
203 } 203 }
204 204
205 @Override 205 @Override
206 public Port getPort(DeviceId deviceId, PortNumber portNumber) { 206 public Port getPort(DeviceId deviceId, PortNumber portNumber) {
207 - checkPermission(Permission.DEVICE_READ); 207 + checkPermission(DEVICE_READ);
208 checkNotNull(deviceId, DEVICE_ID_NULL); 208 checkNotNull(deviceId, DEVICE_ID_NULL);
209 checkNotNull(portNumber, PORT_NUMBER_NULL); 209 checkNotNull(portNumber, PORT_NUMBER_NULL);
210 return store.getPort(deviceId, portNumber); 210 return store.getPort(deviceId, portNumber);
...@@ -212,7 +212,7 @@ public class DeviceManager ...@@ -212,7 +212,7 @@ public class DeviceManager
212 212
213 @Override 213 @Override
214 public boolean isAvailable(DeviceId deviceId) { 214 public boolean isAvailable(DeviceId deviceId) {
215 - checkPermission(Permission.DEVICE_READ); 215 + checkPermission(DEVICE_READ);
216 216
217 checkNotNull(deviceId, DEVICE_ID_NULL); 217 checkNotNull(deviceId, DEVICE_ID_NULL);
218 return store.isAvailable(deviceId); 218 return store.isAvailable(deviceId);
...@@ -664,7 +664,7 @@ public class DeviceManager ...@@ -664,7 +664,7 @@ public class DeviceManager
664 664
665 @Override 665 @Override
666 public Iterable<Device> getDevices(Type type) { 666 public Iterable<Device> getDevices(Type type) {
667 - checkPermission(Permission.DEVICE_READ); 667 + checkPermission(DEVICE_READ);
668 Set<Device> results = new HashSet<>(); 668 Set<Device> results = new HashSet<>();
669 Iterable<Device> devices = store.getDevices(); 669 Iterable<Device> devices = store.getDevices();
670 if (devices != null) { 670 if (devices != null) {
...@@ -679,7 +679,7 @@ public class DeviceManager ...@@ -679,7 +679,7 @@ public class DeviceManager
679 679
680 @Override 680 @Override
681 public Iterable<Device> getAvailableDevices(Type type) { 681 public Iterable<Device> getAvailableDevices(Type type) {
682 - checkPermission(Permission.DEVICE_READ); 682 + checkPermission(DEVICE_READ);
683 Set<Device> results = new HashSet<>(); 683 Set<Device> results = new HashSet<>();
684 Iterable<Device> availableDevices = store.getAvailableDevices(); 684 Iterable<Device> availableDevices = store.getAvailableDevices();
685 if (availableDevices != null) { 685 if (availableDevices != null) {
......
...@@ -24,7 +24,6 @@ import org.apache.felix.scr.annotations.Deactivate; ...@@ -24,7 +24,6 @@ import org.apache.felix.scr.annotations.Deactivate;
24 import org.apache.felix.scr.annotations.Reference; 24 import org.apache.felix.scr.annotations.Reference;
25 import org.apache.felix.scr.annotations.ReferenceCardinality; 25 import org.apache.felix.scr.annotations.ReferenceCardinality;
26 import org.apache.felix.scr.annotations.Service; 26 import org.apache.felix.scr.annotations.Service;
27 -import org.onosproject.core.Permission;
28 import org.onosproject.net.Device; 27 import org.onosproject.net.Device;
29 import org.onosproject.net.DeviceId; 28 import org.onosproject.net.DeviceId;
30 import org.onosproject.net.device.DeviceService; 29 import org.onosproject.net.device.DeviceService;
...@@ -47,6 +46,8 @@ import java.util.stream.Collectors; ...@@ -47,6 +46,8 @@ import java.util.stream.Collectors;
47 import static org.onlab.util.Tools.nullIsNotFound; 46 import static org.onlab.util.Tools.nullIsNotFound;
48 import static org.onosproject.net.AnnotationKeys.DRIVER; 47 import static org.onosproject.net.AnnotationKeys.DRIVER;
49 import static org.onosproject.security.AppGuard.checkPermission; 48 import static org.onosproject.security.AppGuard.checkPermission;
49 +import static org.onosproject.security.AppPermission.Type.*;
50 +
50 51
51 52
52 /** 53 /**
...@@ -108,7 +109,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS ...@@ -108,7 +109,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS
108 109
109 @Override 110 @Override
110 public Set<Driver> getDrivers() { 111 public Set<Driver> getDrivers() {
111 - checkPermission(Permission.DRIVER_READ); 112 + checkPermission(DRIVER_READ);
112 113
113 ImmutableSet.Builder<Driver> builder = ImmutableSet.builder(); 114 ImmutableSet.Builder<Driver> builder = ImmutableSet.builder();
114 drivers.values().forEach(builder::add); 115 drivers.values().forEach(builder::add);
...@@ -117,7 +118,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS ...@@ -117,7 +118,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS
117 118
118 @Override 119 @Override
119 public Set<Driver> getDrivers(Class<? extends Behaviour> withBehaviour) { 120 public Set<Driver> getDrivers(Class<? extends Behaviour> withBehaviour) {
120 - checkPermission(Permission.DRIVER_READ); 121 + checkPermission(DRIVER_READ);
121 122
122 return drivers.values().stream() 123 return drivers.values().stream()
123 .filter(d -> d.hasBehaviour(withBehaviour)) 124 .filter(d -> d.hasBehaviour(withBehaviour))
...@@ -126,14 +127,14 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS ...@@ -126,14 +127,14 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS
126 127
127 @Override 128 @Override
128 public Driver getDriver(String driverName) { 129 public Driver getDriver(String driverName) {
129 - checkPermission(Permission.DRIVER_READ); 130 + checkPermission(DRIVER_READ);
130 131
131 return nullIsNotFound(drivers.get(driverName), NO_DRIVER); 132 return nullIsNotFound(drivers.get(driverName), NO_DRIVER);
132 } 133 }
133 134
134 @Override 135 @Override
135 public Driver getDriver(String mfr, String hw, String sw) { 136 public Driver getDriver(String mfr, String hw, String sw) {
136 - checkPermission(Permission.DRIVER_READ); 137 + checkPermission(DRIVER_READ);
137 138
138 // First attempt a literal search. 139 // First attempt a literal search.
139 Driver driver = driverByKey.get(key(mfr, hw, sw)); 140 Driver driver = driverByKey.get(key(mfr, hw, sw));
...@@ -160,7 +161,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS ...@@ -160,7 +161,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS
160 161
161 @Override 162 @Override
162 public Driver getDriver(DeviceId deviceId) { 163 public Driver getDriver(DeviceId deviceId) {
163 - checkPermission(Permission.DRIVER_READ); 164 + checkPermission(DRIVER_READ);
164 165
165 Device device = nullIsNotFound(deviceService.getDevice(deviceId), NO_DEVICE); 166 Device device = nullIsNotFound(deviceService.getDevice(deviceId), NO_DEVICE);
166 String driverName = device.annotations().value(DRIVER); 167 String driverName = device.annotations().value(DRIVER);
...@@ -174,7 +175,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS ...@@ -174,7 +175,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS
174 175
175 @Override 176 @Override
176 public DriverHandler createHandler(DeviceId deviceId, String... credentials) { 177 public DriverHandler createHandler(DeviceId deviceId, String... credentials) {
177 - checkPermission(Permission.DRIVER_WRITE); 178 + checkPermission(DRIVER_WRITE);
178 179
179 Driver driver = getDriver(deviceId); 180 Driver driver = getDriver(deviceId);
180 return new DefaultDriverHandler(new DefaultDriverData(driver, deviceId)); 181 return new DefaultDriverHandler(new DefaultDriverData(driver, deviceId));
......
...@@ -36,7 +36,6 @@ import org.onosproject.net.provider.AbstractListenerProviderRegistry; ...@@ -36,7 +36,6 @@ import org.onosproject.net.provider.AbstractListenerProviderRegistry;
36 import org.onosproject.core.ApplicationId; 36 import org.onosproject.core.ApplicationId;
37 import org.onosproject.core.CoreService; 37 import org.onosproject.core.CoreService;
38 import org.onosproject.core.IdGenerator; 38 import org.onosproject.core.IdGenerator;
39 -import org.onosproject.core.Permission;
40 import org.onosproject.net.Device; 39 import org.onosproject.net.Device;
41 import org.onosproject.net.DeviceId; 40 import org.onosproject.net.DeviceId;
42 import org.onosproject.net.device.DeviceService; 41 import org.onosproject.net.device.DeviceService;
...@@ -79,6 +78,8 @@ import static org.onosproject.net.flow.FlowRuleEvent.Type.RULE_ADD_REQUESTED; ...@@ -79,6 +78,8 @@ import static org.onosproject.net.flow.FlowRuleEvent.Type.RULE_ADD_REQUESTED;
79 import static org.onosproject.net.flow.FlowRuleEvent.Type.RULE_REMOVE_REQUESTED; 78 import static org.onosproject.net.flow.FlowRuleEvent.Type.RULE_REMOVE_REQUESTED;
80 import static org.onosproject.security.AppGuard.checkPermission; 79 import static org.onosproject.security.AppGuard.checkPermission;
81 import static org.slf4j.LoggerFactory.getLogger; 80 import static org.slf4j.LoggerFactory.getLogger;
81 +import static org.onosproject.security.AppPermission.Type.*;
82 +
82 83
83 84
84 /** 85 /**
...@@ -165,19 +166,19 @@ public class FlowRuleManager ...@@ -165,19 +166,19 @@ public class FlowRuleManager
165 166
166 @Override 167 @Override
167 public int getFlowRuleCount() { 168 public int getFlowRuleCount() {
168 - checkPermission(Permission.FLOWRULE_READ); 169 + checkPermission(FLOWRULE_READ);
169 return store.getFlowRuleCount(); 170 return store.getFlowRuleCount();
170 } 171 }
171 172
172 @Override 173 @Override
173 public Iterable<FlowEntry> getFlowEntries(DeviceId deviceId) { 174 public Iterable<FlowEntry> getFlowEntries(DeviceId deviceId) {
174 - checkPermission(Permission.FLOWRULE_READ); 175 + checkPermission(FLOWRULE_READ);
175 return store.getFlowEntries(deviceId); 176 return store.getFlowEntries(deviceId);
176 } 177 }
177 178
178 @Override 179 @Override
179 public void applyFlowRules(FlowRule... flowRules) { 180 public void applyFlowRules(FlowRule... flowRules) {
180 - checkPermission(Permission.FLOWRULE_WRITE); 181 + checkPermission(FLOWRULE_WRITE);
181 182
182 FlowRuleOperations.Builder builder = FlowRuleOperations.builder(); 183 FlowRuleOperations.Builder builder = FlowRuleOperations.builder();
183 for (int i = 0; i < flowRules.length; i++) { 184 for (int i = 0; i < flowRules.length; i++) {
...@@ -188,7 +189,7 @@ public class FlowRuleManager ...@@ -188,7 +189,7 @@ public class FlowRuleManager
188 189
189 @Override 190 @Override
190 public void removeFlowRules(FlowRule... flowRules) { 191 public void removeFlowRules(FlowRule... flowRules) {
191 - checkPermission(Permission.FLOWRULE_WRITE); 192 + checkPermission(FLOWRULE_WRITE);
192 193
193 FlowRuleOperations.Builder builder = FlowRuleOperations.builder(); 194 FlowRuleOperations.Builder builder = FlowRuleOperations.builder();
194 for (int i = 0; i < flowRules.length; i++) { 195 for (int i = 0; i < flowRules.length; i++) {
...@@ -199,13 +200,13 @@ public class FlowRuleManager ...@@ -199,13 +200,13 @@ public class FlowRuleManager
199 200
200 @Override 201 @Override
201 public void removeFlowRulesById(ApplicationId id) { 202 public void removeFlowRulesById(ApplicationId id) {
202 - checkPermission(Permission.FLOWRULE_WRITE); 203 + checkPermission(FLOWRULE_WRITE);
203 removeFlowRules(Iterables.toArray(getFlowRulesById(id), FlowRule.class)); 204 removeFlowRules(Iterables.toArray(getFlowRulesById(id), FlowRule.class));
204 } 205 }
205 206
206 @Override 207 @Override
207 public Iterable<FlowRule> getFlowRulesById(ApplicationId id) { 208 public Iterable<FlowRule> getFlowRulesById(ApplicationId id) {
208 - checkPermission(Permission.FLOWRULE_READ); 209 + checkPermission(FLOWRULE_READ);
209 210
210 Set<FlowRule> flowEntries = Sets.newHashSet(); 211 Set<FlowRule> flowEntries = Sets.newHashSet();
211 for (Device d : deviceService.getDevices()) { 212 for (Device d : deviceService.getDevices()) {
...@@ -220,7 +221,7 @@ public class FlowRuleManager ...@@ -220,7 +221,7 @@ public class FlowRuleManager
220 221
221 @Override 222 @Override
222 public Iterable<FlowRule> getFlowRulesByGroupId(ApplicationId appId, short groupId) { 223 public Iterable<FlowRule> getFlowRulesByGroupId(ApplicationId appId, short groupId) {
223 - checkPermission(Permission.FLOWRULE_READ); 224 + checkPermission(FLOWRULE_READ);
224 225
225 Set<FlowRule> matches = Sets.newHashSet(); 226 Set<FlowRule> matches = Sets.newHashSet();
226 long toLookUp = ((long) appId.id() << 16) | groupId; 227 long toLookUp = ((long) appId.id() << 16) | groupId;
...@@ -236,7 +237,7 @@ public class FlowRuleManager ...@@ -236,7 +237,7 @@ public class FlowRuleManager
236 237
237 @Override 238 @Override
238 public void apply(FlowRuleOperations ops) { 239 public void apply(FlowRuleOperations ops) {
239 - checkPermission(Permission.FLOWRULE_WRITE); 240 + checkPermission(FLOWRULE_WRITE);
240 operationsService.submit(new FlowOperationsProcessor(ops)); 241 operationsService.submit(new FlowOperationsProcessor(ops));
241 } 242 }
242 243
......
...@@ -27,7 +27,6 @@ import org.onlab.osgi.DefaultServiceDirectory; ...@@ -27,7 +27,6 @@ import org.onlab.osgi.DefaultServiceDirectory;
27 import org.onlab.osgi.ServiceDirectory; 27 import org.onlab.osgi.ServiceDirectory;
28 import org.onlab.util.ItemNotFoundException; 28 import org.onlab.util.ItemNotFoundException;
29 import org.onosproject.cluster.ClusterService; 29 import org.onosproject.cluster.ClusterService;
30 -import org.onosproject.core.Permission;
31 import org.onosproject.mastership.MastershipEvent; 30 import org.onosproject.mastership.MastershipEvent;
32 import org.onosproject.mastership.MastershipListener; 31 import org.onosproject.mastership.MastershipListener;
33 import org.onosproject.mastership.MastershipService; 32 import org.onosproject.mastership.MastershipService;
...@@ -62,6 +61,8 @@ import static com.google.common.base.Preconditions.checkNotNull; ...@@ -62,6 +61,8 @@ import static com.google.common.base.Preconditions.checkNotNull;
62 import static java.util.concurrent.Executors.newFixedThreadPool; 61 import static java.util.concurrent.Executors.newFixedThreadPool;
63 import static org.onlab.util.Tools.groupedThreads; 62 import static org.onlab.util.Tools.groupedThreads;
64 import static org.onosproject.security.AppGuard.checkPermission; 63 import static org.onosproject.security.AppGuard.checkPermission;
64 +import static org.onosproject.security.AppPermission.Type.*;
65 +
65 66
66 67
67 /** 68 /**
...@@ -193,13 +194,13 @@ public class FlowObjectiveManager implements FlowObjectiveService { ...@@ -193,13 +194,13 @@ public class FlowObjectiveManager implements FlowObjectiveService {
193 194
194 @Override 195 @Override
195 public void filter(DeviceId deviceId, FilteringObjective filteringObjective) { 196 public void filter(DeviceId deviceId, FilteringObjective filteringObjective) {
196 - checkPermission(Permission.FLOWRULE_WRITE); 197 + checkPermission(FLOWRULE_WRITE);
197 executorService.submit(new ObjectiveInstaller(deviceId, filteringObjective)); 198 executorService.submit(new ObjectiveInstaller(deviceId, filteringObjective));
198 } 199 }
199 200
200 @Override 201 @Override
201 public void forward(DeviceId deviceId, ForwardingObjective forwardingObjective) { 202 public void forward(DeviceId deviceId, ForwardingObjective forwardingObjective) {
202 - checkPermission(Permission.FLOWRULE_WRITE); 203 + checkPermission(FLOWRULE_WRITE);
203 if (queueObjective(deviceId, forwardingObjective)) { 204 if (queueObjective(deviceId, forwardingObjective)) {
204 return; 205 return;
205 } 206 }
...@@ -208,13 +209,13 @@ public class FlowObjectiveManager implements FlowObjectiveService { ...@@ -208,13 +209,13 @@ public class FlowObjectiveManager implements FlowObjectiveService {
208 209
209 @Override 210 @Override
210 public void next(DeviceId deviceId, NextObjective nextObjective) { 211 public void next(DeviceId deviceId, NextObjective nextObjective) {
211 - checkPermission(Permission.FLOWRULE_WRITE); 212 + checkPermission(FLOWRULE_WRITE);
212 executorService.submit(new ObjectiveInstaller(deviceId, nextObjective)); 213 executorService.submit(new ObjectiveInstaller(deviceId, nextObjective));
213 } 214 }
214 215
215 @Override 216 @Override
216 public int allocateNextId() { 217 public int allocateNextId() {
217 - checkPermission(Permission.FLOWRULE_WRITE); 218 + checkPermission(FLOWRULE_WRITE);
218 return flowObjectiveStore.allocateNextId(); 219 return flowObjectiveStore.allocateNextId();
219 } 220 }
220 221
......
...@@ -27,7 +27,6 @@ import org.onlab.osgi.DefaultServiceDirectory; ...@@ -27,7 +27,6 @@ import org.onlab.osgi.DefaultServiceDirectory;
27 import org.onlab.osgi.ServiceDirectory; 27 import org.onlab.osgi.ServiceDirectory;
28 import org.onlab.util.ItemNotFoundException; 28 import org.onlab.util.ItemNotFoundException;
29 import org.onosproject.cluster.ClusterService; 29 import org.onosproject.cluster.ClusterService;
30 -import org.onosproject.core.Permission;
31 import org.onosproject.mastership.MastershipEvent; 30 import org.onosproject.mastership.MastershipEvent;
32 import org.onosproject.mastership.MastershipListener; 31 import org.onosproject.mastership.MastershipListener;
33 import org.onosproject.mastership.MastershipService; 32 import org.onosproject.mastership.MastershipService;
...@@ -65,6 +64,7 @@ import static com.google.common.base.Preconditions.checkNotNull; ...@@ -65,6 +64,7 @@ import static com.google.common.base.Preconditions.checkNotNull;
65 import static java.util.concurrent.Executors.newFixedThreadPool; 64 import static java.util.concurrent.Executors.newFixedThreadPool;
66 import static org.onlab.util.Tools.groupedThreads; 65 import static org.onlab.util.Tools.groupedThreads;
67 import static org.onosproject.security.AppGuard.checkPermission; 66 import static org.onosproject.security.AppGuard.checkPermission;
67 +import static org.onosproject.security.AppPermission.Type.*;
68 68
69 69
70 /** 70 /**
...@@ -217,7 +217,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService { ...@@ -217,7 +217,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService {
217 217
218 @Override 218 @Override
219 public void filter(DeviceId deviceId, FilteringObjective filteringObjective) { 219 public void filter(DeviceId deviceId, FilteringObjective filteringObjective) {
220 - checkPermission(Permission.FLOWRULE_WRITE); 220 + checkPermission(FLOWRULE_WRITE);
221 221
222 List<FilteringObjective> filteringObjectives 222 List<FilteringObjective> filteringObjectives
223 = this.deviceCompositionTreeMap.get(deviceId).updateFilter(filteringObjective); 223 = this.deviceCompositionTreeMap.get(deviceId).updateFilter(filteringObjective);
...@@ -228,7 +228,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService { ...@@ -228,7 +228,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService {
228 228
229 @Override 229 @Override
230 public void forward(DeviceId deviceId, ForwardingObjective forwardingObjective) { 230 public void forward(DeviceId deviceId, ForwardingObjective forwardingObjective) {
231 - checkPermission(Permission.FLOWRULE_WRITE); 231 + checkPermission(FLOWRULE_WRITE);
232 232
233 if (queueObjective(deviceId, forwardingObjective)) { 233 if (queueObjective(deviceId, forwardingObjective)) {
234 return; 234 return;
...@@ -242,7 +242,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService { ...@@ -242,7 +242,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService {
242 242
243 @Override 243 @Override
244 public void next(DeviceId deviceId, NextObjective nextObjective) { 244 public void next(DeviceId deviceId, NextObjective nextObjective) {
245 - checkPermission(Permission.FLOWRULE_WRITE); 245 + checkPermission(FLOWRULE_WRITE);
246 246
247 List<NextObjective> nextObjectives = this.deviceCompositionTreeMap.get(deviceId).updateNext(nextObjective); 247 List<NextObjective> nextObjectives = this.deviceCompositionTreeMap.get(deviceId).updateNext(nextObjective);
248 for (NextObjective tmp : nextObjectives) { 248 for (NextObjective tmp : nextObjectives) {
...@@ -252,7 +252,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService { ...@@ -252,7 +252,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService {
252 252
253 @Override 253 @Override
254 public int allocateNextId() { 254 public int allocateNextId() {
255 - checkPermission(Permission.FLOWRULE_WRITE); 255 + checkPermission(FLOWRULE_WRITE);
256 256
257 return flowObjectiveStore.allocateNextId(); 257 return flowObjectiveStore.allocateNextId();
258 } 258 }
......
...@@ -23,7 +23,6 @@ import org.apache.felix.scr.annotations.ReferenceCardinality; ...@@ -23,7 +23,6 @@ import org.apache.felix.scr.annotations.ReferenceCardinality;
23 import org.apache.felix.scr.annotations.Service; 23 import org.apache.felix.scr.annotations.Service;
24 import org.onosproject.net.provider.AbstractListenerProviderRegistry; 24 import org.onosproject.net.provider.AbstractListenerProviderRegistry;
25 import org.onosproject.core.ApplicationId; 25 import org.onosproject.core.ApplicationId;
26 -import org.onosproject.core.Permission;
27 import org.onosproject.net.DeviceId; 26 import org.onosproject.net.DeviceId;
28 import org.onosproject.net.device.DeviceEvent; 27 import org.onosproject.net.device.DeviceEvent;
29 import org.onosproject.net.device.DeviceListener; 28 import org.onosproject.net.device.DeviceListener;
...@@ -51,6 +50,8 @@ import java.util.Collections; ...@@ -51,6 +50,8 @@ import java.util.Collections;
51 50
52 import static org.onosproject.security.AppGuard.checkPermission; 51 import static org.onosproject.security.AppGuard.checkPermission;
53 import static org.slf4j.LoggerFactory.getLogger; 52 import static org.slf4j.LoggerFactory.getLogger;
53 +import static org.onosproject.security.AppPermission.Type.*;
54 +
54 55
55 56
56 /** 57 /**
...@@ -96,7 +97,7 @@ public class GroupManager ...@@ -96,7 +97,7 @@ public class GroupManager
96 */ 97 */
97 @Override 98 @Override
98 public void addGroup(GroupDescription groupDesc) { 99 public void addGroup(GroupDescription groupDesc) {
99 - checkPermission(Permission.GROUP_WRITE); 100 + checkPermission(GROUP_WRITE);
100 store.storeGroupDescription(groupDesc); 101 store.storeGroupDescription(groupDesc);
101 } 102 }
102 103
...@@ -115,7 +116,7 @@ public class GroupManager ...@@ -115,7 +116,7 @@ public class GroupManager
115 */ 116 */
116 @Override 117 @Override
117 public Group getGroup(DeviceId deviceId, GroupKey appCookie) { 118 public Group getGroup(DeviceId deviceId, GroupKey appCookie) {
118 - checkPermission(Permission.GROUP_READ); 119 + checkPermission(GROUP_READ);
119 return store.getGroup(deviceId, appCookie); 120 return store.getGroup(deviceId, appCookie);
120 } 121 }
121 122
...@@ -137,7 +138,7 @@ public class GroupManager ...@@ -137,7 +138,7 @@ public class GroupManager
137 GroupBuckets buckets, 138 GroupBuckets buckets,
138 GroupKey newCookie, 139 GroupKey newCookie,
139 ApplicationId appId) { 140 ApplicationId appId) {
140 - checkPermission(Permission.GROUP_WRITE); 141 + checkPermission(GROUP_WRITE);
141 store.updateGroupDescription(deviceId, 142 store.updateGroupDescription(deviceId,
142 oldCookie, 143 oldCookie,
143 UpdateType.ADD, 144 UpdateType.ADD,
...@@ -163,7 +164,7 @@ public class GroupManager ...@@ -163,7 +164,7 @@ public class GroupManager
163 GroupBuckets buckets, 164 GroupBuckets buckets,
164 GroupKey newCookie, 165 GroupKey newCookie,
165 ApplicationId appId) { 166 ApplicationId appId) {
166 - checkPermission(Permission.GROUP_WRITE); 167 + checkPermission(GROUP_WRITE);
167 store.updateGroupDescription(deviceId, 168 store.updateGroupDescription(deviceId,
168 oldCookie, 169 oldCookie,
169 UpdateType.REMOVE, 170 UpdateType.REMOVE,
...@@ -185,7 +186,7 @@ public class GroupManager ...@@ -185,7 +186,7 @@ public class GroupManager
185 public void removeGroup(DeviceId deviceId, 186 public void removeGroup(DeviceId deviceId,
186 GroupKey appCookie, 187 GroupKey appCookie,
187 ApplicationId appId) { 188 ApplicationId appId) {
188 - checkPermission(Permission.GROUP_WRITE); 189 + checkPermission(GROUP_WRITE);
189 store.deleteGroupDescription(deviceId, appCookie); 190 store.deleteGroupDescription(deviceId, appCookie);
190 } 191 }
191 192
...@@ -200,13 +201,13 @@ public class GroupManager ...@@ -200,13 +201,13 @@ public class GroupManager
200 @Override 201 @Override
201 public Iterable<Group> getGroups(DeviceId deviceId, 202 public Iterable<Group> getGroups(DeviceId deviceId,
202 ApplicationId appId) { 203 ApplicationId appId) {
203 - checkPermission(Permission.GROUP_READ); 204 + checkPermission(GROUP_READ);
204 return store.getGroups(deviceId); 205 return store.getGroups(deviceId);
205 } 206 }
206 207
207 @Override 208 @Override
208 public Iterable<Group> getGroups(DeviceId deviceId) { 209 public Iterable<Group> getGroups(DeviceId deviceId) {
209 - checkPermission(Permission.GROUP_READ); 210 + checkPermission(GROUP_READ);
210 return store.getGroups(deviceId); 211 return store.getGroups(deviceId);
211 } 212 }
212 213
......
...@@ -26,7 +26,6 @@ import org.onlab.packet.MacAddress; ...@@ -26,7 +26,6 @@ import org.onlab.packet.MacAddress;
26 import org.onlab.packet.VlanId; 26 import org.onlab.packet.VlanId;
27 import org.onosproject.incubator.net.intf.InterfaceService; 27 import org.onosproject.incubator.net.intf.InterfaceService;
28 import org.onosproject.net.provider.AbstractListenerProviderRegistry; 28 import org.onosproject.net.provider.AbstractListenerProviderRegistry;
29 -import org.onosproject.core.Permission;
30 import org.onosproject.net.config.NetworkConfigEvent; 29 import org.onosproject.net.config.NetworkConfigEvent;
31 import org.onosproject.net.config.NetworkConfigListener; 30 import org.onosproject.net.config.NetworkConfigListener;
32 import org.onosproject.net.config.NetworkConfigService; 31 import org.onosproject.net.config.NetworkConfigService;
...@@ -57,6 +56,7 @@ import static com.google.common.base.Preconditions.checkNotNull; ...@@ -57,6 +56,7 @@ import static com.google.common.base.Preconditions.checkNotNull;
57 import static com.google.common.base.Preconditions.checkState; 56 import static com.google.common.base.Preconditions.checkState;
58 import static org.onosproject.security.AppGuard.checkPermission; 57 import static org.onosproject.security.AppGuard.checkPermission;
59 import static org.slf4j.LoggerFactory.getLogger; 58 import static org.slf4j.LoggerFactory.getLogger;
59 +import static org.onosproject.security.AppPermission.Type.*;
60 60
61 /** 61 /**
62 * Provides basic implementation of the host SB &amp; NB APIs. 62 * Provides basic implementation of the host SB &amp; NB APIs.
...@@ -118,66 +118,66 @@ public class HostManager ...@@ -118,66 +118,66 @@ public class HostManager
118 118
119 @Override 119 @Override
120 public int getHostCount() { 120 public int getHostCount() {
121 - checkPermission(Permission.HOST_READ); 121 + checkPermission(HOST_READ);
122 return store.getHostCount(); 122 return store.getHostCount();
123 } 123 }
124 124
125 @Override 125 @Override
126 public Iterable<Host> getHosts() { 126 public Iterable<Host> getHosts() {
127 - checkPermission(Permission.HOST_READ); 127 + checkPermission(HOST_READ);
128 return store.getHosts(); 128 return store.getHosts();
129 } 129 }
130 130
131 @Override 131 @Override
132 public Host getHost(HostId hostId) { 132 public Host getHost(HostId hostId) {
133 - checkPermission(Permission.HOST_READ); 133 + checkPermission(HOST_READ);
134 checkNotNull(hostId, HOST_ID_NULL); 134 checkNotNull(hostId, HOST_ID_NULL);
135 return store.getHost(hostId); 135 return store.getHost(hostId);
136 } 136 }
137 137
138 @Override 138 @Override
139 public Set<Host> getHostsByVlan(VlanId vlanId) { 139 public Set<Host> getHostsByVlan(VlanId vlanId) {
140 - checkPermission(Permission.HOST_READ); 140 + checkPermission(HOST_READ);
141 return store.getHosts(vlanId); 141 return store.getHosts(vlanId);
142 } 142 }
143 143
144 @Override 144 @Override
145 public Set<Host> getHostsByMac(MacAddress mac) { 145 public Set<Host> getHostsByMac(MacAddress mac) {
146 - checkPermission(Permission.HOST_READ); 146 + checkPermission(HOST_READ);
147 checkNotNull(mac, "MAC address cannot be null"); 147 checkNotNull(mac, "MAC address cannot be null");
148 return store.getHosts(mac); 148 return store.getHosts(mac);
149 } 149 }
150 150
151 @Override 151 @Override
152 public Set<Host> getHostsByIp(IpAddress ip) { 152 public Set<Host> getHostsByIp(IpAddress ip) {
153 - checkPermission(Permission.HOST_READ); 153 + checkPermission(HOST_READ);
154 checkNotNull(ip, "IP address cannot be null"); 154 checkNotNull(ip, "IP address cannot be null");
155 return store.getHosts(ip); 155 return store.getHosts(ip);
156 } 156 }
157 157
158 @Override 158 @Override
159 public Set<Host> getConnectedHosts(ConnectPoint connectPoint) { 159 public Set<Host> getConnectedHosts(ConnectPoint connectPoint) {
160 - checkPermission(Permission.HOST_READ); 160 + checkPermission(HOST_READ);
161 checkNotNull(connectPoint, "Connection point cannot be null"); 161 checkNotNull(connectPoint, "Connection point cannot be null");
162 return store.getConnectedHosts(connectPoint); 162 return store.getConnectedHosts(connectPoint);
163 } 163 }
164 164
165 @Override 165 @Override
166 public Set<Host> getConnectedHosts(DeviceId deviceId) { 166 public Set<Host> getConnectedHosts(DeviceId deviceId) {
167 - checkPermission(Permission.HOST_READ); 167 + checkPermission(HOST_READ);
168 checkNotNull(deviceId, "Device ID cannot be null"); 168 checkNotNull(deviceId, "Device ID cannot be null");
169 return store.getConnectedHosts(deviceId); 169 return store.getConnectedHosts(deviceId);
170 } 170 }
171 171
172 @Override 172 @Override
173 public void startMonitoringIp(IpAddress ip) { 173 public void startMonitoringIp(IpAddress ip) {
174 - checkPermission(Permission.HOST_EVENT); 174 + checkPermission(HOST_EVENT);
175 monitor.addMonitoringFor(ip); 175 monitor.addMonitoringFor(ip);
176 } 176 }
177 177
178 @Override 178 @Override
179 public void stopMonitoringIp(IpAddress ip) { 179 public void stopMonitoringIp(IpAddress ip) {
180 - checkPermission(Permission.HOST_EVENT); 180 + checkPermission(HOST_EVENT);
181 monitor.stopMonitoring(ip); 181 monitor.stopMonitoring(ip);
182 } 182 }
183 183
...@@ -212,13 +212,13 @@ public class HostManager ...@@ -212,13 +212,13 @@ public class HostManager
212 212
213 @Override 213 @Override
214 public Set<PortAddresses> getAddressBindings() { 214 public Set<PortAddresses> getAddressBindings() {
215 - checkPermission(Permission.HOST_READ); 215 + checkPermission(HOST_READ);
216 return store.getAddressBindings(); 216 return store.getAddressBindings();
217 } 217 }
218 218
219 @Override 219 @Override
220 public Set<PortAddresses> getAddressBindingsForPort(ConnectPoint connectPoint) { 220 public Set<PortAddresses> getAddressBindingsForPort(ConnectPoint connectPoint) {
221 - checkPermission(Permission.HOST_READ); 221 + checkPermission(HOST_READ);
222 return store.getAddressBindingsForPort(connectPoint); 222 return store.getAddressBindingsForPort(connectPoint);
223 } 223 }
224 224
......
...@@ -25,7 +25,6 @@ import org.apache.felix.scr.annotations.Service; ...@@ -25,7 +25,6 @@ import org.apache.felix.scr.annotations.Service;
25 import org.onosproject.event.AbstractListenerManager; 25 import org.onosproject.event.AbstractListenerManager;
26 import org.onosproject.core.CoreService; 26 import org.onosproject.core.CoreService;
27 import org.onosproject.core.IdGenerator; 27 import org.onosproject.core.IdGenerator;
28 -import org.onosproject.core.Permission;
29 import org.onosproject.net.flow.FlowRule; 28 import org.onosproject.net.flow.FlowRule;
30 import org.onosproject.net.flow.FlowRuleOperations; 29 import org.onosproject.net.flow.FlowRuleOperations;
31 import org.onosproject.net.flow.FlowRuleOperationsContext; 30 import org.onosproject.net.flow.FlowRuleOperationsContext;
...@@ -67,6 +66,8 @@ import static org.onosproject.net.intent.constraint.PartialFailureConstraint.int ...@@ -67,6 +66,8 @@ import static org.onosproject.net.intent.constraint.PartialFailureConstraint.int
67 import static org.onosproject.net.intent.impl.phase.IntentProcessPhase.newInitialPhase; 66 import static org.onosproject.net.intent.impl.phase.IntentProcessPhase.newInitialPhase;
68 import static org.onosproject.security.AppGuard.checkPermission; 67 import static org.onosproject.security.AppGuard.checkPermission;
69 import static org.slf4j.LoggerFactory.getLogger; 68 import static org.slf4j.LoggerFactory.getLogger;
69 +import static org.onosproject.security.AppPermission.Type.*;
70 +
70 71
71 /** 72 /**
72 * An implementation of intent service. 73 * An implementation of intent service.
...@@ -138,7 +139,7 @@ public class IntentManager ...@@ -138,7 +139,7 @@ public class IntentManager
138 139
139 @Override 140 @Override
140 public void submit(Intent intent) { 141 public void submit(Intent intent) {
141 - checkPermission(Permission.INTENT_WRITE); 142 + checkPermission(INTENT_WRITE);
142 checkNotNull(intent, INTENT_NULL); 143 checkNotNull(intent, INTENT_NULL);
143 IntentData data = new IntentData(intent, IntentState.INSTALL_REQ, null); 144 IntentData data = new IntentData(intent, IntentState.INSTALL_REQ, null);
144 store.addPending(data); 145 store.addPending(data);
...@@ -146,7 +147,7 @@ public class IntentManager ...@@ -146,7 +147,7 @@ public class IntentManager
146 147
147 @Override 148 @Override
148 public void withdraw(Intent intent) { 149 public void withdraw(Intent intent) {
149 - checkPermission(Permission.INTENT_WRITE); 150 + checkPermission(INTENT_WRITE);
150 checkNotNull(intent, INTENT_NULL); 151 checkNotNull(intent, INTENT_NULL);
151 IntentData data = new IntentData(intent, IntentState.WITHDRAW_REQ, null); 152 IntentData data = new IntentData(intent, IntentState.WITHDRAW_REQ, null);
152 store.addPending(data); 153 store.addPending(data);
...@@ -154,7 +155,7 @@ public class IntentManager ...@@ -154,7 +155,7 @@ public class IntentManager
154 155
155 @Override 156 @Override
156 public void purge(Intent intent) { 157 public void purge(Intent intent) {
157 - checkPermission(Permission.INTENT_WRITE); 158 + checkPermission(INTENT_WRITE);
158 checkNotNull(intent, INTENT_NULL); 159 checkNotNull(intent, INTENT_NULL);
159 IntentData data = new IntentData(intent, IntentState.PURGE_REQ, null); 160 IntentData data = new IntentData(intent, IntentState.PURGE_REQ, null);
160 store.addPending(data); 161 store.addPending(data);
...@@ -162,45 +163,45 @@ public class IntentManager ...@@ -162,45 +163,45 @@ public class IntentManager
162 163
163 @Override 164 @Override
164 public Intent getIntent(Key key) { 165 public Intent getIntent(Key key) {
165 - checkPermission(Permission.INTENT_READ); 166 + checkPermission(INTENT_READ);
166 return store.getIntent(key); 167 return store.getIntent(key);
167 } 168 }
168 169
169 @Override 170 @Override
170 public Iterable<Intent> getIntents() { 171 public Iterable<Intent> getIntents() {
171 - checkPermission(Permission.INTENT_READ); 172 + checkPermission(INTENT_READ);
172 return store.getIntents(); 173 return store.getIntents();
173 } 174 }
174 175
175 @Override 176 @Override
176 public Iterable<IntentData> getIntentData() { 177 public Iterable<IntentData> getIntentData() {
177 - checkPermission(Permission.INTENT_READ); 178 + checkPermission(INTENT_READ);
178 return store.getIntentData(false, 0); 179 return store.getIntentData(false, 0);
179 } 180 }
180 181
181 @Override 182 @Override
182 public long getIntentCount() { 183 public long getIntentCount() {
183 - checkPermission(Permission.INTENT_READ); 184 + checkPermission(INTENT_READ);
184 return store.getIntentCount(); 185 return store.getIntentCount();
185 } 186 }
186 187
187 @Override 188 @Override
188 public IntentState getIntentState(Key intentKey) { 189 public IntentState getIntentState(Key intentKey) {
189 - checkPermission(Permission.INTENT_READ); 190 + checkPermission(INTENT_READ);
190 checkNotNull(intentKey, INTENT_ID_NULL); 191 checkNotNull(intentKey, INTENT_ID_NULL);
191 return store.getIntentState(intentKey); 192 return store.getIntentState(intentKey);
192 } 193 }
193 194
194 @Override 195 @Override
195 public List<Intent> getInstallableIntents(Key intentKey) { 196 public List<Intent> getInstallableIntents(Key intentKey) {
196 - checkPermission(Permission.INTENT_READ); 197 + checkPermission(INTENT_READ);
197 checkNotNull(intentKey, INTENT_ID_NULL); 198 checkNotNull(intentKey, INTENT_ID_NULL);
198 return store.getInstallableIntents(intentKey); 199 return store.getInstallableIntents(intentKey);
199 } 200 }
200 201
201 @Override 202 @Override
202 public boolean isLocal(Key intentKey) { 203 public boolean isLocal(Key intentKey) {
203 - checkPermission(Permission.INTENT_READ); 204 + checkPermission(INTENT_READ);
204 return store.isMaster(intentKey); 205 return store.isMaster(intentKey);
205 } 206 }
206 207
...@@ -221,7 +222,7 @@ public class IntentManager ...@@ -221,7 +222,7 @@ public class IntentManager
221 222
222 @Override 223 @Override
223 public Iterable<Intent> getPending() { 224 public Iterable<Intent> getPending() {
224 - checkPermission(Permission.INTENT_READ); 225 + checkPermission(INTENT_READ);
225 226
226 return store.getPending(); 227 return store.getPending();
227 } 228 }
......
...@@ -25,7 +25,6 @@ import org.apache.felix.scr.annotations.Reference; ...@@ -25,7 +25,6 @@ import org.apache.felix.scr.annotations.Reference;
25 import org.apache.felix.scr.annotations.ReferenceCardinality; 25 import org.apache.felix.scr.annotations.ReferenceCardinality;
26 import org.apache.felix.scr.annotations.Service; 26 import org.apache.felix.scr.annotations.Service;
27 import org.onosproject.net.provider.AbstractListenerProviderRegistry; 27 import org.onosproject.net.provider.AbstractListenerProviderRegistry;
28 -import org.onosproject.core.Permission;
29 import org.onosproject.net.config.NetworkConfigEvent; 28 import org.onosproject.net.config.NetworkConfigEvent;
30 import org.onosproject.net.config.NetworkConfigListener; 29 import org.onosproject.net.config.NetworkConfigListener;
31 import org.onosproject.net.config.NetworkConfigService; 30 import org.onosproject.net.config.NetworkConfigService;
...@@ -59,6 +58,7 @@ import static com.google.common.base.Preconditions.checkState; ...@@ -59,6 +58,7 @@ import static com.google.common.base.Preconditions.checkState;
59 import static org.onosproject.net.LinkKey.linkKey; 58 import static org.onosproject.net.LinkKey.linkKey;
60 import static org.onosproject.security.AppGuard.checkPermission; 59 import static org.onosproject.security.AppGuard.checkPermission;
61 import static org.slf4j.LoggerFactory.getLogger; 60 import static org.slf4j.LoggerFactory.getLogger;
61 +import static org.onosproject.security.AppPermission.Type.*;
62 62
63 63
64 /** 64 /**
...@@ -111,19 +111,19 @@ public class LinkManager ...@@ -111,19 +111,19 @@ public class LinkManager
111 111
112 @Override 112 @Override
113 public int getLinkCount() { 113 public int getLinkCount() {
114 - checkPermission(Permission.LINK_READ); 114 + checkPermission(LINK_READ);
115 return store.getLinkCount(); 115 return store.getLinkCount();
116 } 116 }
117 117
118 @Override 118 @Override
119 public Iterable<Link> getLinks() { 119 public Iterable<Link> getLinks() {
120 - checkPermission(Permission.LINK_READ); 120 + checkPermission(LINK_READ);
121 return store.getLinks(); 121 return store.getLinks();
122 } 122 }
123 123
124 @Override 124 @Override
125 public Iterable<Link> getActiveLinks() { 125 public Iterable<Link> getActiveLinks() {
126 - checkPermission(Permission.LINK_READ); 126 + checkPermission(LINK_READ);
127 return FluentIterable.from(getLinks()) 127 return FluentIterable.from(getLinks())
128 .filter(new Predicate<Link>() { 128 .filter(new Predicate<Link>() {
129 129
...@@ -136,7 +136,7 @@ public class LinkManager ...@@ -136,7 +136,7 @@ public class LinkManager
136 136
137 @Override 137 @Override
138 public Set<Link> getDeviceLinks(DeviceId deviceId) { 138 public Set<Link> getDeviceLinks(DeviceId deviceId) {
139 - checkPermission(Permission.LINK_READ); 139 + checkPermission(LINK_READ);
140 checkNotNull(deviceId, DEVICE_ID_NULL); 140 checkNotNull(deviceId, DEVICE_ID_NULL);
141 return Sets.union(store.getDeviceEgressLinks(deviceId), 141 return Sets.union(store.getDeviceEgressLinks(deviceId),
142 store.getDeviceIngressLinks(deviceId)); 142 store.getDeviceIngressLinks(deviceId));
...@@ -144,21 +144,21 @@ public class LinkManager ...@@ -144,21 +144,21 @@ public class LinkManager
144 144
145 @Override 145 @Override
146 public Set<Link> getDeviceEgressLinks(DeviceId deviceId) { 146 public Set<Link> getDeviceEgressLinks(DeviceId deviceId) {
147 - checkPermission(Permission.LINK_READ); 147 + checkPermission(LINK_READ);
148 checkNotNull(deviceId, DEVICE_ID_NULL); 148 checkNotNull(deviceId, DEVICE_ID_NULL);
149 return store.getDeviceEgressLinks(deviceId); 149 return store.getDeviceEgressLinks(deviceId);
150 } 150 }
151 151
152 @Override 152 @Override
153 public Set<Link> getDeviceIngressLinks(DeviceId deviceId) { 153 public Set<Link> getDeviceIngressLinks(DeviceId deviceId) {
154 - checkPermission(Permission.LINK_READ); 154 + checkPermission(LINK_READ);
155 checkNotNull(deviceId, DEVICE_ID_NULL); 155 checkNotNull(deviceId, DEVICE_ID_NULL);
156 return store.getDeviceIngressLinks(deviceId); 156 return store.getDeviceIngressLinks(deviceId);
157 } 157 }
158 158
159 @Override 159 @Override
160 public Set<Link> getLinks(ConnectPoint connectPoint) { 160 public Set<Link> getLinks(ConnectPoint connectPoint) {
161 - checkPermission(Permission.LINK_READ); 161 + checkPermission(LINK_READ);
162 checkNotNull(connectPoint, CONNECT_POINT_NULL); 162 checkNotNull(connectPoint, CONNECT_POINT_NULL);
163 return Sets.union(store.getEgressLinks(connectPoint), 163 return Sets.union(store.getEgressLinks(connectPoint),
164 store.getIngressLinks(connectPoint)); 164 store.getIngressLinks(connectPoint));
...@@ -166,21 +166,21 @@ public class LinkManager ...@@ -166,21 +166,21 @@ public class LinkManager
166 166
167 @Override 167 @Override
168 public Set<Link> getEgressLinks(ConnectPoint connectPoint) { 168 public Set<Link> getEgressLinks(ConnectPoint connectPoint) {
169 - checkPermission(Permission.LINK_READ); 169 + checkPermission(LINK_READ);
170 checkNotNull(connectPoint, CONNECT_POINT_NULL); 170 checkNotNull(connectPoint, CONNECT_POINT_NULL);
171 return store.getEgressLinks(connectPoint); 171 return store.getEgressLinks(connectPoint);
172 } 172 }
173 173
174 @Override 174 @Override
175 public Set<Link> getIngressLinks(ConnectPoint connectPoint) { 175 public Set<Link> getIngressLinks(ConnectPoint connectPoint) {
176 - checkPermission(Permission.LINK_READ); 176 + checkPermission(LINK_READ);
177 checkNotNull(connectPoint, CONNECT_POINT_NULL); 177 checkNotNull(connectPoint, CONNECT_POINT_NULL);
178 return store.getIngressLinks(connectPoint); 178 return store.getIngressLinks(connectPoint);
179 } 179 }
180 180
181 @Override 181 @Override
182 public Link getLink(ConnectPoint src, ConnectPoint dst) { 182 public Link getLink(ConnectPoint src, ConnectPoint dst) {
183 - checkPermission(Permission.LINK_READ); 183 + checkPermission(LINK_READ);
184 checkNotNull(src, CONNECT_POINT_NULL); 184 checkNotNull(src, CONNECT_POINT_NULL);
185 checkNotNull(dst, CONNECT_POINT_NULL); 185 checkNotNull(dst, CONNECT_POINT_NULL);
186 return store.getLink(src, dst); 186 return store.getLink(src, dst);
......
...@@ -23,7 +23,6 @@ import org.apache.felix.scr.annotations.ReferenceCardinality; ...@@ -23,7 +23,6 @@ import org.apache.felix.scr.annotations.ReferenceCardinality;
23 import org.apache.felix.scr.annotations.Service; 23 import org.apache.felix.scr.annotations.Service;
24 import org.onosproject.core.ApplicationId; 24 import org.onosproject.core.ApplicationId;
25 import org.onosproject.core.CoreService; 25 import org.onosproject.core.CoreService;
26 -import org.onosproject.core.Permission;
27 import org.onosproject.net.Device; 26 import org.onosproject.net.Device;
28 import org.onosproject.net.device.DeviceEvent; 27 import org.onosproject.net.device.DeviceEvent;
29 import org.onosproject.net.device.DeviceListener; 28 import org.onosproject.net.device.DeviceListener;
...@@ -63,7 +62,7 @@ import static com.google.common.base.Preconditions.checkNotNull; ...@@ -63,7 +62,7 @@ import static com.google.common.base.Preconditions.checkNotNull;
63 import static org.onlab.util.Tools.groupedThreads; 62 import static org.onlab.util.Tools.groupedThreads;
64 import static org.onosproject.security.AppGuard.checkPermission; 63 import static org.onosproject.security.AppGuard.checkPermission;
65 import static org.slf4j.LoggerFactory.getLogger; 64 import static org.slf4j.LoggerFactory.getLogger;
66 - 65 +import static org.onosproject.security.AppPermission.Type.*;
67 66
68 /** 67 /**
69 * Provides a basic implementation of the packet SB &amp; NB APIs. 68 * Provides a basic implementation of the packet SB &amp; NB APIs.
...@@ -126,14 +125,14 @@ public class PacketManager ...@@ -126,14 +125,14 @@ public class PacketManager
126 125
127 @Override 126 @Override
128 public void addProcessor(PacketProcessor processor, int priority) { 127 public void addProcessor(PacketProcessor processor, int priority) {
129 - checkPermission(Permission.PACKET_EVENT); 128 + checkPermission(PACKET_EVENT);
130 checkNotNull(processor, "Processor cannot be null"); 129 checkNotNull(processor, "Processor cannot be null");
131 processors.put(priority, processor); 130 processors.put(priority, processor);
132 } 131 }
133 132
134 @Override 133 @Override
135 public void removeProcessor(PacketProcessor processor) { 134 public void removeProcessor(PacketProcessor processor) {
136 - checkPermission(Permission.PACKET_EVENT); 135 + checkPermission(PACKET_EVENT);
137 checkNotNull(processor, "Processor cannot be null"); 136 checkNotNull(processor, "Processor cannot be null");
138 processors.values().remove(processor); 137 processors.values().remove(processor);
139 } 138 }
...@@ -141,7 +140,7 @@ public class PacketManager ...@@ -141,7 +140,7 @@ public class PacketManager
141 @Override 140 @Override
142 public void requestPackets(TrafficSelector selector, PacketPriority priority, 141 public void requestPackets(TrafficSelector selector, PacketPriority priority,
143 ApplicationId appId) { 142 ApplicationId appId) {
144 - checkPermission(Permission.PACKET_READ); 143 + checkPermission(PACKET_READ);
145 checkNotNull(selector, "Selector cannot be null"); 144 checkNotNull(selector, "Selector cannot be null");
146 checkNotNull(appId, "Application ID cannot be null"); 145 checkNotNull(appId, "Application ID cannot be null");
147 146
...@@ -154,7 +153,7 @@ public class PacketManager ...@@ -154,7 +153,7 @@ public class PacketManager
154 @Override 153 @Override
155 public void cancelPackets(TrafficSelector selector, PacketPriority priority, 154 public void cancelPackets(TrafficSelector selector, PacketPriority priority,
156 ApplicationId appId) { 155 ApplicationId appId) {
157 - checkPermission(Permission.PACKET_READ); 156 + checkPermission(PACKET_READ);
158 checkNotNull(selector, "Selector cannot be null"); 157 checkNotNull(selector, "Selector cannot be null");
159 checkNotNull(appId, "Application ID cannot be null"); 158 checkNotNull(appId, "Application ID cannot be null");
160 159
...@@ -246,7 +245,7 @@ public class PacketManager ...@@ -246,7 +245,7 @@ public class PacketManager
246 245
247 @Override 246 @Override
248 public void emit(OutboundPacket packet) { 247 public void emit(OutboundPacket packet) {
249 - checkPermission(Permission.PACKET_WRITE); 248 + checkPermission(PACKET_WRITE);
250 checkNotNull(packet, "Packet cannot be null"); 249 checkNotNull(packet, "Packet cannot be null");
251 store.emit(packet); 250 store.emit(packet);
252 } 251 }
......
...@@ -33,7 +33,6 @@ import org.onlab.packet.VlanId; ...@@ -33,7 +33,6 @@ import org.onlab.packet.VlanId;
33 import org.onlab.packet.ndp.NeighborAdvertisement; 33 import org.onlab.packet.ndp.NeighborAdvertisement;
34 import org.onlab.packet.ndp.NeighborDiscoveryOptions; 34 import org.onlab.packet.ndp.NeighborDiscoveryOptions;
35 import org.onlab.packet.ndp.NeighborSolicitation; 35 import org.onlab.packet.ndp.NeighborSolicitation;
36 -import org.onosproject.core.Permission;
37 import org.onosproject.incubator.net.intf.Interface; 36 import org.onosproject.incubator.net.intf.Interface;
38 import org.onosproject.incubator.net.intf.InterfaceService; 37 import org.onosproject.incubator.net.intf.InterfaceService;
39 import org.onosproject.net.ConnectPoint; 38 import org.onosproject.net.ConnectPoint;
...@@ -61,6 +60,7 @@ import static org.onlab.packet.VlanId.vlanId; ...@@ -61,6 +60,7 @@ import static org.onlab.packet.VlanId.vlanId;
61 import static org.onosproject.net.HostId.hostId; 60 import static org.onosproject.net.HostId.hostId;
62 import static org.onosproject.security.AppGuard.checkPermission; 61 import static org.onosproject.security.AppGuard.checkPermission;
63 import static org.slf4j.LoggerFactory.getLogger; 62 import static org.slf4j.LoggerFactory.getLogger;
63 +import static org.onosproject.security.AppPermission.Type.*;
64 64
65 65
66 @Component(immediate = true) 66 @Component(immediate = true)
...@@ -110,7 +110,8 @@ public class ProxyArpManager implements ProxyArpService { ...@@ -110,7 +110,8 @@ public class ProxyArpManager implements ProxyArpService {
110 110
111 @Override 111 @Override
112 public boolean isKnown(IpAddress addr) { 112 public boolean isKnown(IpAddress addr) {
113 - checkPermission(Permission.PACKET_READ); 113 + checkPermission(PACKET_READ);
114 +
114 checkNotNull(addr, MAC_ADDR_NULL); 115 checkNotNull(addr, MAC_ADDR_NULL);
115 Set<Host> hosts = hostService.getHostsByIp(addr); 116 Set<Host> hosts = hostService.getHostsByIp(addr);
116 return !hosts.isEmpty(); 117 return !hosts.isEmpty();
...@@ -118,7 +119,8 @@ public class ProxyArpManager implements ProxyArpService { ...@@ -118,7 +119,8 @@ public class ProxyArpManager implements ProxyArpService {
118 119
119 @Override 120 @Override
120 public void reply(Ethernet eth, ConnectPoint inPort) { 121 public void reply(Ethernet eth, ConnectPoint inPort) {
121 - checkPermission(Permission.PACKET_WRITE); 122 + checkPermission(PACKET_WRITE);
123 +
122 checkNotNull(eth, REQUEST_NULL); 124 checkNotNull(eth, REQUEST_NULL);
123 125
124 if (eth.getEtherType() == Ethernet.TYPE_ARP) { 126 if (eth.getEtherType() == Ethernet.TYPE_ARP) {
...@@ -316,7 +318,8 @@ public class ProxyArpManager implements ProxyArpService { ...@@ -316,7 +318,8 @@ public class ProxyArpManager implements ProxyArpService {
316 318
317 @Override 319 @Override
318 public void forward(Ethernet eth, ConnectPoint inPort) { 320 public void forward(Ethernet eth, ConnectPoint inPort) {
319 - checkPermission(Permission.PACKET_WRITE); 321 + checkPermission(PACKET_WRITE);
322 +
320 checkNotNull(eth, REQUEST_NULL); 323 checkNotNull(eth, REQUEST_NULL);
321 324
322 Host h = hostService.getHost(hostId(eth.getDestinationMAC(), 325 Host h = hostService.getHost(hostId(eth.getDestinationMAC(),
...@@ -333,7 +336,7 @@ public class ProxyArpManager implements ProxyArpService { ...@@ -333,7 +336,7 @@ public class ProxyArpManager implements ProxyArpService {
333 336
334 @Override 337 @Override
335 public boolean handlePacket(PacketContext context) { 338 public boolean handlePacket(PacketContext context) {
336 - checkPermission(Permission.PACKET_WRITE); 339 + checkPermission(PACKET_WRITE);
337 340
338 InboundPacket pkt = context.inPacket(); 341 InboundPacket pkt = context.inPacket();
339 Ethernet ethPkt = pkt.parsed(); 342 Ethernet ethPkt = pkt.parsed();
......
...@@ -23,7 +23,6 @@ import org.apache.felix.scr.annotations.Reference; ...@@ -23,7 +23,6 @@ import org.apache.felix.scr.annotations.Reference;
23 import org.apache.felix.scr.annotations.ReferenceCardinality; 23 import org.apache.felix.scr.annotations.ReferenceCardinality;
24 import org.apache.felix.scr.annotations.Service; 24 import org.apache.felix.scr.annotations.Service;
25 import org.onosproject.event.AbstractListenerManager; 25 import org.onosproject.event.AbstractListenerManager;
26 -import org.onosproject.core.Permission;
27 import org.onosproject.net.Link; 26 import org.onosproject.net.Link;
28 import org.onosproject.net.intent.IntentId; 27 import org.onosproject.net.intent.IntentId;
29 import org.onosproject.net.resource.ResourceAllocation; 28 import org.onosproject.net.resource.ResourceAllocation;
...@@ -58,6 +57,7 @@ import static com.google.common.base.Preconditions.checkArgument; ...@@ -58,6 +57,7 @@ import static com.google.common.base.Preconditions.checkArgument;
58 import static com.google.common.base.Preconditions.checkNotNull; 57 import static com.google.common.base.Preconditions.checkNotNull;
59 import static org.onosproject.security.AppGuard.checkPermission; 58 import static org.onosproject.security.AppGuard.checkPermission;
60 import static org.slf4j.LoggerFactory.getLogger; 59 import static org.slf4j.LoggerFactory.getLogger;
60 +import static org.onosproject.security.AppPermission.Type.*;
61 61
62 62
63 /** 63 /**
...@@ -150,7 +150,7 @@ public class LinkResourceManager ...@@ -150,7 +150,7 @@ public class LinkResourceManager
150 150
151 @Override 151 @Override
152 public LinkResourceAllocations requestResources(LinkResourceRequest req) { 152 public LinkResourceAllocations requestResources(LinkResourceRequest req) {
153 - checkPermission(Permission.LINK_WRITE); 153 + checkPermission(LINK_WRITE);
154 154
155 // TODO Concatenate multiple bandwidth requests. 155 // TODO Concatenate multiple bandwidth requests.
156 // TODO Support multiple lambda resource requests. 156 // TODO Support multiple lambda resource requests.
...@@ -213,7 +213,7 @@ public class LinkResourceManager ...@@ -213,7 +213,7 @@ public class LinkResourceManager
213 213
214 @Override 214 @Override
215 public void releaseResources(LinkResourceAllocations allocations) { 215 public void releaseResources(LinkResourceAllocations allocations) {
216 - checkPermission(Permission.LINK_WRITE); 216 + checkPermission(LINK_WRITE);
217 final LinkResourceEvent event = store.releaseResources(allocations); 217 final LinkResourceEvent event = store.releaseResources(allocations);
218 if (event != null) { 218 if (event != null) {
219 post(event); 219 post(event);
...@@ -223,32 +223,32 @@ public class LinkResourceManager ...@@ -223,32 +223,32 @@ public class LinkResourceManager
223 @Override 223 @Override
224 public LinkResourceAllocations updateResources(LinkResourceRequest req, 224 public LinkResourceAllocations updateResources(LinkResourceRequest req,
225 LinkResourceAllocations oldAllocations) { 225 LinkResourceAllocations oldAllocations) {
226 - checkPermission(Permission.LINK_WRITE); 226 + checkPermission(LINK_WRITE);
227 releaseResources(oldAllocations); 227 releaseResources(oldAllocations);
228 return requestResources(req); 228 return requestResources(req);
229 } 229 }
230 230
231 @Override 231 @Override
232 public Iterable<LinkResourceAllocations> getAllocations() { 232 public Iterable<LinkResourceAllocations> getAllocations() {
233 - checkPermission(Permission.LINK_READ); 233 + checkPermission(LINK_READ);
234 return store.getAllocations(); 234 return store.getAllocations();
235 } 235 }
236 236
237 @Override 237 @Override
238 public Iterable<LinkResourceAllocations> getAllocations(Link link) { 238 public Iterable<LinkResourceAllocations> getAllocations(Link link) {
239 - checkPermission(Permission.LINK_READ); 239 + checkPermission(LINK_READ);
240 return store.getAllocations(link); 240 return store.getAllocations(link);
241 } 241 }
242 242
243 @Override 243 @Override
244 public LinkResourceAllocations getAllocations(IntentId intentId) { 244 public LinkResourceAllocations getAllocations(IntentId intentId) {
245 - checkPermission(Permission.LINK_READ); 245 + checkPermission(LINK_READ);
246 return store.getAllocations(intentId); 246 return store.getAllocations(intentId);
247 } 247 }
248 248
249 @Override 249 @Override
250 public Iterable<ResourceRequest> getAvailableResources(Link link) { 250 public Iterable<ResourceRequest> getAvailableResources(Link link) {
251 - checkPermission(Permission.LINK_READ); 251 + checkPermission(LINK_READ);
252 252
253 Set<ResourceAllocation> freeRes = store.getFreeResources(link); 253 Set<ResourceAllocation> freeRes = store.getFreeResources(link);
254 Set<ResourceRequest> result = new HashSet<>(); 254 Set<ResourceRequest> result = new HashSet<>();
...@@ -274,7 +274,7 @@ public class LinkResourceManager ...@@ -274,7 +274,7 @@ public class LinkResourceManager
274 @Override 274 @Override
275 public Iterable<ResourceRequest> getAvailableResources(Link link, 275 public Iterable<ResourceRequest> getAvailableResources(Link link,
276 LinkResourceAllocations allocations) { 276 LinkResourceAllocations allocations) {
277 - checkPermission(Permission.LINK_READ); 277 + checkPermission(LINK_READ);
278 278
279 Set<ResourceAllocation> allocatedRes = allocations.getResourceAllocation(link); 279 Set<ResourceAllocation> allocatedRes = allocations.getResourceAllocation(link);
280 Set<ResourceRequest> result = Sets.newHashSet(getAvailableResources(link)); 280 Set<ResourceRequest> result = Sets.newHashSet(getAvailableResources(link));
......
...@@ -27,7 +27,6 @@ import org.apache.felix.scr.annotations.ReferenceCardinality; ...@@ -27,7 +27,6 @@ import org.apache.felix.scr.annotations.ReferenceCardinality;
27 import org.apache.felix.scr.annotations.Service; 27 import org.apache.felix.scr.annotations.Service;
28 import org.onosproject.core.ApplicationId; 28 import org.onosproject.core.ApplicationId;
29 import org.onosproject.core.GroupId; 29 import org.onosproject.core.GroupId;
30 -import org.onosproject.core.Permission;
31 import org.onosproject.net.ConnectPoint; 30 import org.onosproject.net.ConnectPoint;
32 import org.onosproject.net.Link; 31 import org.onosproject.net.Link;
33 import org.onosproject.net.Path; 32 import org.onosproject.net.Path;
...@@ -51,6 +50,7 @@ import java.util.Set; ...@@ -51,6 +50,7 @@ import java.util.Set;
51 import static com.google.common.base.Preconditions.checkNotNull; 50 import static com.google.common.base.Preconditions.checkNotNull;
52 import static org.slf4j.LoggerFactory.getLogger; 51 import static org.slf4j.LoggerFactory.getLogger;
53 import static org.onosproject.security.AppGuard.checkPermission; 52 import static org.onosproject.security.AppGuard.checkPermission;
53 +import static org.onosproject.security.AppPermission.Type.*;
54 54
55 55
56 /** 56 /**
...@@ -86,14 +86,14 @@ public class StatisticManager implements StatisticService { ...@@ -86,14 +86,14 @@ public class StatisticManager implements StatisticService {
86 86
87 @Override 87 @Override
88 public Load load(Link link) { 88 public Load load(Link link) {
89 - checkPermission(Permission.STATISTIC_READ); 89 + checkPermission(STATISTIC_READ);
90 90
91 return load(link.src()); 91 return load(link.src());
92 } 92 }
93 93
94 @Override 94 @Override
95 public Load load(Link link, ApplicationId appId, Optional<GroupId> groupId) { 95 public Load load(Link link, ApplicationId appId, Optional<GroupId> groupId) {
96 - checkPermission(Permission.STATISTIC_READ); 96 + checkPermission(STATISTIC_READ);
97 97
98 Statistics stats = getStatistics(link.src()); 98 Statistics stats = getStatistics(link.src());
99 if (!stats.isValid()) { 99 if (!stats.isValid()) {
...@@ -114,14 +114,14 @@ public class StatisticManager implements StatisticService { ...@@ -114,14 +114,14 @@ public class StatisticManager implements StatisticService {
114 114
115 @Override 115 @Override
116 public Load load(ConnectPoint connectPoint) { 116 public Load load(ConnectPoint connectPoint) {
117 - checkPermission(Permission.STATISTIC_READ); 117 + checkPermission(STATISTIC_READ);
118 118
119 return loadInternal(connectPoint); 119 return loadInternal(connectPoint);
120 } 120 }
121 121
122 @Override 122 @Override
123 public Link max(Path path) { 123 public Link max(Path path) {
124 - checkPermission(Permission.STATISTIC_READ); 124 + checkPermission(STATISTIC_READ);
125 125
126 if (path.links().isEmpty()) { 126 if (path.links().isEmpty()) {
127 return null; 127 return null;
...@@ -140,7 +140,7 @@ public class StatisticManager implements StatisticService { ...@@ -140,7 +140,7 @@ public class StatisticManager implements StatisticService {
140 140
141 @Override 141 @Override
142 public Link min(Path path) { 142 public Link min(Path path) {
143 - checkPermission(Permission.STATISTIC_READ); 143 + checkPermission(STATISTIC_READ);
144 144
145 if (path.links().isEmpty()) { 145 if (path.links().isEmpty()) {
146 return null; 146 return null;
...@@ -159,7 +159,7 @@ public class StatisticManager implements StatisticService { ...@@ -159,7 +159,7 @@ public class StatisticManager implements StatisticService {
159 159
160 @Override 160 @Override
161 public FlowRule highestHitter(ConnectPoint connectPoint) { 161 public FlowRule highestHitter(ConnectPoint connectPoint) {
162 - checkPermission(Permission.STATISTIC_READ); 162 + checkPermission(STATISTIC_READ);
163 163
164 Set<FlowEntry> hitters = statisticStore.getCurrentStatistic(connectPoint); 164 Set<FlowEntry> hitters = statisticStore.getCurrentStatistic(connectPoint);
165 if (hitters.isEmpty()) { 165 if (hitters.isEmpty()) {
......
...@@ -24,7 +24,6 @@ import org.apache.felix.scr.annotations.Deactivate; ...@@ -24,7 +24,6 @@ import org.apache.felix.scr.annotations.Deactivate;
24 import org.apache.felix.scr.annotations.Reference; 24 import org.apache.felix.scr.annotations.Reference;
25 import org.apache.felix.scr.annotations.ReferenceCardinality; 25 import org.apache.felix.scr.annotations.ReferenceCardinality;
26 import org.apache.felix.scr.annotations.Service; 26 import org.apache.felix.scr.annotations.Service;
27 -import org.onosproject.core.Permission;
28 import org.onosproject.net.ConnectPoint; 27 import org.onosproject.net.ConnectPoint;
29 import org.onosproject.net.DefaultEdgeLink; 28 import org.onosproject.net.DefaultEdgeLink;
30 import org.onosproject.net.DefaultPath; 29 import org.onosproject.net.DefaultPath;
...@@ -51,6 +50,7 @@ import java.util.Set; ...@@ -51,6 +50,7 @@ import java.util.Set;
51 import static com.google.common.base.Preconditions.checkNotNull; 50 import static com.google.common.base.Preconditions.checkNotNull;
52 import static org.slf4j.LoggerFactory.getLogger; 51 import static org.slf4j.LoggerFactory.getLogger;
53 import static org.onosproject.security.AppGuard.checkPermission; 52 import static org.onosproject.security.AppGuard.checkPermission;
53 +import static org.onosproject.security.AppPermission.Type.*;
54 54
55 55
56 /** 56 /**
...@@ -88,14 +88,14 @@ public class PathManager implements PathService { ...@@ -88,14 +88,14 @@ public class PathManager implements PathService {
88 88
89 @Override 89 @Override
90 public Set<Path> getPaths(ElementId src, ElementId dst) { 90 public Set<Path> getPaths(ElementId src, ElementId dst) {
91 - checkPermission(Permission.TOPOLOGY_READ); 91 + checkPermission(TOPOLOGY_READ);
92 92
93 return getPaths(src, dst, null); 93 return getPaths(src, dst, null);
94 } 94 }
95 95
96 @Override 96 @Override
97 public Set<Path> getPaths(ElementId src, ElementId dst, LinkWeight weight) { 97 public Set<Path> getPaths(ElementId src, ElementId dst, LinkWeight weight) {
98 - checkPermission(Permission.TOPOLOGY_READ); 98 + checkPermission(TOPOLOGY_READ);
99 99
100 checkNotNull(src, ELEMENT_ID_NULL); 100 checkNotNull(src, ELEMENT_ID_NULL);
101 checkNotNull(dst, ELEMENT_ID_NULL); 101 checkNotNull(dst, ELEMENT_ID_NULL);
......
...@@ -22,7 +22,6 @@ import org.apache.felix.scr.annotations.Reference; ...@@ -22,7 +22,6 @@ import org.apache.felix.scr.annotations.Reference;
22 import org.apache.felix.scr.annotations.ReferenceCardinality; 22 import org.apache.felix.scr.annotations.ReferenceCardinality;
23 import org.apache.felix.scr.annotations.Service; 23 import org.apache.felix.scr.annotations.Service;
24 import org.onosproject.net.provider.AbstractListenerProviderRegistry; 24 import org.onosproject.net.provider.AbstractListenerProviderRegistry;
25 -import org.onosproject.core.Permission;
26 import org.onosproject.event.Event; 25 import org.onosproject.event.Event;
27 import org.onosproject.net.ConnectPoint; 26 import org.onosproject.net.ConnectPoint;
28 import org.onosproject.net.DeviceId; 27 import org.onosproject.net.DeviceId;
...@@ -51,6 +50,8 @@ import java.util.Set; ...@@ -51,6 +50,8 @@ import java.util.Set;
51 import static com.google.common.base.Preconditions.checkNotNull; 50 import static com.google.common.base.Preconditions.checkNotNull;
52 import static org.onosproject.security.AppGuard.checkPermission; 51 import static org.onosproject.security.AppGuard.checkPermission;
53 import static org.slf4j.LoggerFactory.getLogger; 52 import static org.slf4j.LoggerFactory.getLogger;
53 +import static org.onosproject.security.AppPermission.Type.*;
54 +
54 55
55 /** 56 /**
56 * Provides basic implementation of the topology SB &amp; NB APIs. 57 * Provides basic implementation of the topology SB &amp; NB APIs.
...@@ -91,27 +92,27 @@ public class TopologyManager ...@@ -91,27 +92,27 @@ public class TopologyManager
91 92
92 @Override 93 @Override
93 public Topology currentTopology() { 94 public Topology currentTopology() {
94 - checkPermission(Permission.TOPOLOGY_READ); 95 + checkPermission(TOPOLOGY_READ);
95 return store.currentTopology(); 96 return store.currentTopology();
96 } 97 }
97 98
98 @Override 99 @Override
99 public boolean isLatest(Topology topology) { 100 public boolean isLatest(Topology topology) {
100 - checkPermission(Permission.TOPOLOGY_READ); 101 + checkPermission(TOPOLOGY_READ);
101 checkNotNull(topology, TOPOLOGY_NULL); 102 checkNotNull(topology, TOPOLOGY_NULL);
102 return store.isLatest(topology); 103 return store.isLatest(topology);
103 } 104 }
104 105
105 @Override 106 @Override
106 public Set<TopologyCluster> getClusters(Topology topology) { 107 public Set<TopologyCluster> getClusters(Topology topology) {
107 - checkPermission(Permission.TOPOLOGY_READ); 108 + checkPermission(TOPOLOGY_READ);
108 checkNotNull(topology, TOPOLOGY_NULL); 109 checkNotNull(topology, TOPOLOGY_NULL);
109 return store.getClusters(topology); 110 return store.getClusters(topology);
110 } 111 }
111 112
112 @Override 113 @Override
113 public TopologyCluster getCluster(Topology topology, ClusterId clusterId) { 114 public TopologyCluster getCluster(Topology topology, ClusterId clusterId) {
114 - checkPermission(Permission.TOPOLOGY_READ); 115 + checkPermission(TOPOLOGY_READ);
115 checkNotNull(topology, TOPOLOGY_NULL); 116 checkNotNull(topology, TOPOLOGY_NULL);
116 checkNotNull(topology, CLUSTER_ID_NULL); 117 checkNotNull(topology, CLUSTER_ID_NULL);
117 return store.getCluster(topology, clusterId); 118 return store.getCluster(topology, clusterId);
...@@ -119,7 +120,7 @@ public class TopologyManager ...@@ -119,7 +120,7 @@ public class TopologyManager
119 120
120 @Override 121 @Override
121 public Set<DeviceId> getClusterDevices(Topology topology, TopologyCluster cluster) { 122 public Set<DeviceId> getClusterDevices(Topology topology, TopologyCluster cluster) {
122 - checkPermission(Permission.TOPOLOGY_READ); 123 + checkPermission(TOPOLOGY_READ);
123 checkNotNull(topology, TOPOLOGY_NULL); 124 checkNotNull(topology, TOPOLOGY_NULL);
124 checkNotNull(topology, CLUSTER_NULL); 125 checkNotNull(topology, CLUSTER_NULL);
125 return store.getClusterDevices(topology, cluster); 126 return store.getClusterDevices(topology, cluster);
...@@ -127,7 +128,7 @@ public class TopologyManager ...@@ -127,7 +128,7 @@ public class TopologyManager
127 128
128 @Override 129 @Override
129 public Set<Link> getClusterLinks(Topology topology, TopologyCluster cluster) { 130 public Set<Link> getClusterLinks(Topology topology, TopologyCluster cluster) {
130 - checkPermission(Permission.TOPOLOGY_READ); 131 + checkPermission(TOPOLOGY_READ);
131 checkNotNull(topology, TOPOLOGY_NULL); 132 checkNotNull(topology, TOPOLOGY_NULL);
132 checkNotNull(topology, CLUSTER_NULL); 133 checkNotNull(topology, CLUSTER_NULL);
133 return store.getClusterLinks(topology, cluster); 134 return store.getClusterLinks(topology, cluster);
...@@ -135,14 +136,14 @@ public class TopologyManager ...@@ -135,14 +136,14 @@ public class TopologyManager
135 136
136 @Override 137 @Override
137 public TopologyGraph getGraph(Topology topology) { 138 public TopologyGraph getGraph(Topology topology) {
138 - checkPermission(Permission.TOPOLOGY_READ); 139 + checkPermission(TOPOLOGY_READ);
139 checkNotNull(topology, TOPOLOGY_NULL); 140 checkNotNull(topology, TOPOLOGY_NULL);
140 return store.getGraph(topology); 141 return store.getGraph(topology);
141 } 142 }
142 143
143 @Override 144 @Override
144 public Set<Path> getPaths(Topology topology, DeviceId src, DeviceId dst) { 145 public Set<Path> getPaths(Topology topology, DeviceId src, DeviceId dst) {
145 - checkPermission(Permission.TOPOLOGY_READ); 146 + checkPermission(TOPOLOGY_READ);
146 checkNotNull(topology, TOPOLOGY_NULL); 147 checkNotNull(topology, TOPOLOGY_NULL);
147 checkNotNull(src, DEVICE_ID_NULL); 148 checkNotNull(src, DEVICE_ID_NULL);
148 checkNotNull(dst, DEVICE_ID_NULL); 149 checkNotNull(dst, DEVICE_ID_NULL);
...@@ -151,7 +152,7 @@ public class TopologyManager ...@@ -151,7 +152,7 @@ public class TopologyManager
151 152
152 @Override 153 @Override
153 public Set<Path> getPaths(Topology topology, DeviceId src, DeviceId dst, LinkWeight weight) { 154 public Set<Path> getPaths(Topology topology, DeviceId src, DeviceId dst, LinkWeight weight) {
154 - checkPermission(Permission.TOPOLOGY_READ); 155 + checkPermission(TOPOLOGY_READ);
155 156
156 checkNotNull(topology, TOPOLOGY_NULL); 157 checkNotNull(topology, TOPOLOGY_NULL);
157 checkNotNull(src, DEVICE_ID_NULL); 158 checkNotNull(src, DEVICE_ID_NULL);
...@@ -162,7 +163,7 @@ public class TopologyManager ...@@ -162,7 +163,7 @@ public class TopologyManager
162 163
163 @Override 164 @Override
164 public boolean isInfrastructure(Topology topology, ConnectPoint connectPoint) { 165 public boolean isInfrastructure(Topology topology, ConnectPoint connectPoint) {
165 - checkPermission(Permission.TOPOLOGY_READ); 166 + checkPermission(TOPOLOGY_READ);
166 checkNotNull(topology, TOPOLOGY_NULL); 167 checkNotNull(topology, TOPOLOGY_NULL);
167 checkNotNull(connectPoint, CONNECTION_POINT_NULL); 168 checkNotNull(connectPoint, CONNECTION_POINT_NULL);
168 return store.isInfrastructure(topology, connectPoint); 169 return store.isInfrastructure(topology, connectPoint);
...@@ -170,7 +171,7 @@ public class TopologyManager ...@@ -170,7 +171,7 @@ public class TopologyManager
170 171
171 @Override 172 @Override
172 public boolean isBroadcastPoint(Topology topology, ConnectPoint connectPoint) { 173 public boolean isBroadcastPoint(Topology topology, ConnectPoint connectPoint) {
173 - checkPermission(Permission.TOPOLOGY_READ); 174 + checkPermission(TOPOLOGY_READ);
174 checkNotNull(topology, TOPOLOGY_NULL); 175 checkNotNull(topology, TOPOLOGY_NULL);
175 checkNotNull(connectPoint, CONNECTION_POINT_NULL); 176 checkNotNull(connectPoint, CONNECTION_POINT_NULL);
176 return store.isBroadcastPoint(topology, connectPoint); 177 return store.isBroadcastPoint(topology, connectPoint);
......
1 -<?xml version="1.0" encoding="UTF-8"?>
2 -<!--
3 - ~ Copyright 2015 Open Networking Laboratory
4 - ~
5 - ~ Licensed under the Apache License, Version 2.0 (the "License");
6 - ~ you may not use this file except in compliance with the License.
7 - ~ You may obtain a copy of the License at
8 - ~
9 - ~ http://www.apache.org/licenses/LICENSE-2.0
10 - ~
11 - ~ Unless required by applicable law or agreed to in writing, software
12 - ~ distributed under the License is distributed on an "AS IS" BASIS,
13 - ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 - ~ See the License for the specific language governing permissions and
15 - ~ limitations under the License.
16 - -->
17 -
18 -<project xmlns="http://maven.apache.org/POM/4.0.0"
19 - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
20 - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
21 - <parent>
22 - <artifactId>onos-security</artifactId>
23 - <groupId>org.onosproject</groupId>
24 - <version>1.3.0-SNAPSHOT</version>
25 - <relativePath>../pom.xml</relativePath>
26 - </parent>
27 - <modelVersion>4.0.0</modelVersion>
28 - <packaging>bundle</packaging>
29 -
30 - <artifactId>onos-security-impl</artifactId>
31 -
32 - <description>Security-mode ONOS components</description>
33 -
34 - <dependencies>
35 - <dependency>
36 - <groupId>org.osgi</groupId>
37 - <artifactId>org.osgi.core</artifactId>
38 - </dependency>
39 - <dependency>
40 - <groupId>org.onosproject</groupId>
41 - <artifactId>onos-api</artifactId>
42 - </dependency>
43 - <dependency>
44 - <groupId>org.apache.karaf.features</groupId>
45 - <artifactId>org.apache.karaf.features.core</artifactId>
46 - </dependency>
47 - </dependencies>
48 -
49 -</project>
...\ No newline at end of file ...\ No newline at end of file
1 -package org.onosproject.security.impl;
2 -
3 -import org.apache.felix.scr.annotations.Component;
4 -import org.apache.felix.scr.annotations.Reference;
5 -import org.apache.felix.scr.annotations.ReferenceCardinality;
6 -import org.apache.felix.scr.annotations.Activate;
7 -import org.apache.felix.scr.annotations.Deactivate;
8 -import org.apache.karaf.features.BundleInfo;
9 -import org.apache.karaf.features.Feature;
10 -import org.apache.karaf.features.FeaturesService;
11 -
12 -import org.onosproject.app.ApplicationAdminService;
13 -import org.onosproject.app.ApplicationEvent;
14 -import org.onosproject.app.ApplicationListener;
15 -import org.onosproject.app.ApplicationState;
16 -import org.onosproject.core.Application;
17 -import org.onosproject.core.ApplicationId;
18 -import org.onosproject.core.Permission;
19 -import org.onosproject.security.AppPermission;
20 -import org.osgi.framework.Bundle;
21 -import org.osgi.framework.BundleContext;
22 -import org.osgi.framework.BundleEvent;
23 -import org.osgi.framework.BundleListener;
24 -import org.osgi.framework.FrameworkUtil;
25 -import org.osgi.framework.PackagePermission;
26 -import org.osgi.framework.ServicePermission;
27 -import org.osgi.service.log.LogEntry;
28 -import org.osgi.service.log.LogListener;
29 -import org.osgi.service.log.LogReaderService;
30 -import org.osgi.service.permissionadmin.PermissionInfo;
31 -
32 -import java.security.AccessControlException;
33 -import java.security.AllPermission;
34 -import java.util.ArrayList;
35 -import java.util.List;
36 -import java.util.Map;
37 -import java.util.Set;
38 -import java.util.concurrent.ConcurrentHashMap;
39 -import java.util.stream.Collectors;
40 -
41 -import org.osgi.service.permissionadmin.PermissionAdmin;
42 -import org.slf4j.Logger;
43 -
44 -import static org.slf4j.LoggerFactory.getLogger;
45 -
46 -/**
47 - * Security-Mode ONOS management implementation.
48 - */
49 -
50 -//TODO : implement a dedicated distributed store for SM-ONOS
51 -
52 -@Component(immediate = true)
53 -public class SecurityModeManager {
54 -
55 - @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
56 - protected ApplicationAdminService appAdminService;
57 -
58 - @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
59 - protected FeaturesService featuresService;
60 -
61 - @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
62 - protected LogReaderService logReaderService;
63 -
64 - private final Logger log = getLogger(getClass());
65 -
66 - private SecurityBundleListener securityBundleListener = new SecurityBundleListener();
67 -
68 - private SecurityApplicationListener securityApplicationListener = new SecurityApplicationListener();
69 -
70 - private SecurityLogListener securityLogListener = new SecurityLogListener();
71 -
72 - private Bundle bundle = null;
73 -
74 - private BundleContext bundleContext = null;
75 -
76 - private PermissionAdmin permissionAdmin = null;
77 -
78 - private Map<String, ApplicationId> appTracker = null;
79 -
80 - private Map<Permission, Set<String>> serviceDirectory = null;
81 -
82 -
83 - @Activate
84 - public void activate() {
85 - if (System.getSecurityManager() == null) {
86 - log.warn("J2EE security manager is disabled.");
87 - deactivate();
88 - return;
89 - }
90 - bundle = FrameworkUtil.getBundle(this.getClass());
91 - bundleContext = bundle.getBundleContext();
92 -
93 - bundleContext.addBundleListener(securityBundleListener);
94 - appAdminService.addListener(securityApplicationListener);
95 - logReaderService.addLogListener(securityLogListener);
96 - appTracker = new ConcurrentHashMap<>();
97 -
98 - permissionAdmin = getPermissionAdmin(bundleContext);
99 - if (permissionAdmin == null) {
100 - log.warn("Permission Admin not found.");
101 - this.deactivate();
102 - return;
103 - }
104 -
105 - serviceDirectory = PolicyBuilder.getServiceDirectory();
106 -
107 - PermissionInfo[] allPerm = {
108 - new PermissionInfo(AllPermission.class.getName(), "", ""), };
109 -
110 - permissionAdmin.setPermissions(bundle.getLocation(), allPerm);
111 - log.warn("Security-Mode Started");
112 - }
113 -
114 -
115 - @Deactivate
116 - public void deactivate() {
117 - bundleContext.removeBundleListener(securityBundleListener);
118 - appAdminService.removeListener(securityApplicationListener);
119 - logReaderService.removeLogListener(securityLogListener);
120 - log.info("Stopped");
121 -
122 - }
123 -
124 - private class SecurityApplicationListener implements ApplicationListener {
125 -
126 - @Override
127 - public void event(ApplicationEvent event) {
128 - //App needs to be restarted
129 - if (event.type() == ApplicationEvent.Type.APP_PERMISSIONS_CHANGED) {
130 - if (appAdminService.getState(event.subject().id()) == ApplicationState.ACTIVE) {
131 - appAdminService.deactivate(event.subject().id());
132 - print("Permissions updated (%s). Deactivating...",
133 - event.subject().id().name());
134 - }
135 - }
136 - }
137 - }
138 -
139 - private class SecurityBundleListener implements BundleListener {
140 -
141 - @Override
142 - public void bundleChanged(BundleEvent event) {
143 - switch (event.getType()) {
144 - case BundleEvent.INSTALLED:
145 - setPermissions(event);
146 - break;
147 - case BundleEvent.UNINSTALLED:
148 - clearPermissions(event);
149 - break;
150 - default:
151 - break;
152 - }
153 - }
154 - }
155 -
156 - private void clearPermissions(BundleEvent bundleEvent) {
157 - if (appTracker.containsKey(bundleEvent.getBundle().getLocation())) {
158 - permissionAdmin.setPermissions(bundleEvent.getBundle().getLocation(), new PermissionInfo[]{});
159 - appTracker.remove(bundleEvent.getBundle().getLocation());
160 - }
161 - }
162 -
163 - // find the location of the installed bundle and enforce policy
164 - private void setPermissions(BundleEvent bundleEvent) {
165 - for (Application app : appAdminService.getApplications()) {
166 - if (getBundleLocations(app).contains(bundleEvent.getBundle().getLocation())) {
167 - String location = bundleEvent.getBundle().getLocation();
168 -
169 - Set<org.onosproject.core.Permission> permissions =
170 - appAdminService.getPermissions(app.id());
171 -
172 - //Permissions granted by user overrides the permissions specified in App.Xml file
173 - if (permissions == null) {
174 - permissions = app.permissions();
175 - }
176 -
177 - if (permissions.isEmpty()) {
178 - print("Application %s has not been granted any permission.", app.id().name());
179 - }
180 -
181 - PermissionInfo[] perms = null;
182 -
183 - switch (app.role()) {
184 - case ADMIN:
185 - perms = PolicyBuilder.getAdminApplicationPermissions(serviceDirectory);
186 - break;
187 - case REGULAR:
188 - perms = PolicyBuilder.getApplicationPermissions(serviceDirectory, permissions);
189 - break;
190 - case UNSPECIFIED:
191 - default:
192 - //no role has been assigned.
193 - perms = PolicyBuilder.getDefaultPerms();
194 - log.warn("Application %s has no role assigned.", app.id().name());
195 - break;
196 - }
197 - permissionAdmin.setPermissions(location, perms);
198 - appTracker.put(location, app.id());
199 - break;
200 - }
201 - }
202 - }
203 -
204 - //TODO: dispatch security policy violation event via distributed store
205 - //immediately notify and deactivate the application upon policy violation
206 - private class SecurityLogListener implements LogListener {
207 - @Override
208 - public void logged(LogEntry entry) {
209 - if (entry != null) {
210 - if (entry.getException() != null) {
211 - ApplicationId applicationId = appTracker.get(entry.getBundle().getLocation());
212 - if (applicationId != null) {
213 - if (appAdminService.getState(applicationId).equals(ApplicationState.ACTIVE)) {
214 - if (entry.getException() instanceof AccessControlException) {
215 - java.security.Permission permission =
216 - ((AccessControlException) entry.getException()).getPermission();
217 - handleException(applicationId.name(), permission);
218 - appAdminService.deactivate(applicationId);
219 - }
220 - }
221 - }
222 - }
223 - }
224 - }
225 - }
226 -
227 - private void handleException(String name, java.security.Permission perm) {
228 - if (perm instanceof ServicePermission || perm instanceof PackagePermission) {
229 - print("%s has attempted to %s %s.", name, perm.getActions(), perm.getName());
230 - } else if (perm instanceof AppPermission) {
231 - print("%s has attempted to call an NB API that requires %s permission.",
232 - name, perm.getName().toUpperCase());
233 - } else {
234 - print("%s has attempted to perform an action that requires %s", name, perm.toString());
235 - }
236 - print("POLICY VIOLATION: Deactivating %s.", name);
237 -
238 - }
239 - private void print(String format, Object... args) {
240 - System.out.println(String.format("SM-ONOS: " + format, args));
241 - log.warn(String.format(format, args));
242 - }
243 -
244 - private List<String> getBundleLocations(Application app) {
245 - List<String> locations = new ArrayList();
246 - for (String name : app.features()) {
247 - try {
248 - Feature feature = featuresService.getFeature(name);
249 - locations.addAll(
250 - feature.getBundles().stream().map(BundleInfo::getLocation).collect(Collectors.toList()));
251 - } catch (Exception e) {
252 - return locations;
253 - }
254 - }
255 - return locations;
256 - }
257 -
258 - private PermissionAdmin getPermissionAdmin(BundleContext context) {
259 - return (PermissionAdmin) context.getService(context.getServiceReference(PermissionAdmin.class.getName()));
260 - }
261 -
262 -}
...@@ -12,10 +12,46 @@ ...@@ -12,10 +12,46 @@
12 </parent> 12 </parent>
13 13
14 <artifactId>onos-security</artifactId> 14 <artifactId>onos-security</artifactId>
15 - <packaging>pom</packaging> 15 + <packaging>bundle</packaging>
16 - <modules> 16 +
17 - <module>impl</module> 17 +
18 - </modules> 18 + <description>Security-Mode ONOS project</description>
19 +
20 + <dependencies>
21 + <dependency>
22 + <groupId>org.osgi</groupId>
23 + <artifactId>org.osgi.core</artifactId>
24 + </dependency>
25 + <dependency>
26 + <groupId>org.osgi</groupId>
27 + <artifactId>org.osgi.compendium</artifactId>
28 + </dependency>
29 + <dependency>
30 + <groupId>org.apache.felix</groupId>
31 + <artifactId>org.apache.felix.scr.annotations</artifactId>
32 + </dependency>
33 + <dependency>
34 + <groupId>org.onosproject</groupId>
35 + <artifactId>onos-api</artifactId>
36 + </dependency>
37 + <dependency>
38 + <groupId>org.onosproject</groupId>
39 + <artifactId>onos-core-serializers</artifactId>
40 + <version>${project.version}</version>
41 + </dependency>
42 + <dependency>
43 + <groupId>org.apache.karaf.features</groupId>
44 + <artifactId>org.apache.karaf.features.core</artifactId>
45 + </dependency>
46 + </dependencies>
47 +
48 + <build>
49 + <plugins>
50 + <plugin>
51 + <groupId>org.apache.felix</groupId>
52 + <artifactId>maven-scr-plugin</artifactId>
53 + </plugin>
54 + </plugins>
55 + </build>
19 56
20 - <description>Security-mode ONOS project root</description>
21 </project> 57 </project>
...\ No newline at end of file ...\ No newline at end of file
......
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.security.store;
18 +
19 +import org.onosproject.security.Permission;
20 +
21 +import java.util.Set;
22 +
23 +/**
24 + * Security-Mode ONOS security policy and state representation for distributed store.
25 + */
26 +public class SecurityInfo {
27 +
28 + protected Set<Permission> grantedPermissions;
29 + protected SecurityModeState state;
30 +
31 + public SecurityInfo(Set<Permission> perms, SecurityModeState state) {
32 + this.grantedPermissions = perms;
33 + this.state = state;
34 + }
35 + public Set<Permission> getPermissions() {
36 + return grantedPermissions;
37 + }
38 + public SecurityModeState getState() {
39 + return state;
40 + }
41 +}
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.security.store;
18 +
19 +import org.onosproject.core.ApplicationId;
20 +import org.onosproject.event.AbstractEvent;
21 +
22 +/**
23 + * Security-Mode ONOS notifications.
24 + */
25 +public class SecurityModeEvent extends AbstractEvent<SecurityModeEvent.Type, ApplicationId> {
26 +
27 + protected SecurityModeEvent(Type type, ApplicationId subject) {
28 + super(type, subject);
29 + }
30 +
31 + public enum Type {
32 +
33 + /**
34 + * Signifies that security policy has been accepted.
35 + */
36 + POLICY_ACCEPTED,
37 +
38 + /**
39 + * Signifies that security policy has been reviewed.
40 + */
41 + POLICY_REVIEWED,
42 +
43 + /**
44 + * Signifies that application has violated security policy.
45 + */
46 + POLICY_VIOLATED,
47 + }
48 +}
...@@ -14,20 +14,12 @@ ...@@ -14,20 +14,12 @@
14 * limitations under the License. 14 * limitations under the License.
15 */ 15 */
16 16
17 -package org.onosproject.cli.security; 17 +package org.onosproject.security.store;
18 18
19 -import com.google.common.collect.ImmutableList; 19 +import org.onosproject.event.EventListener;
20 -import org.onosproject.cli.AbstractChoicesCompleter;
21 20
22 -import java.util.List;
23 -
24 -import static org.onosproject.cli.security.PermissionCommand.*;
25 /** 21 /**
26 - * Permission command completer. 22 + * Security-Mode ONOS event listener.
27 */ 23 */
28 -public class PermissionCommandCompleter extends AbstractChoicesCompleter { 24 +public interface SecurityModeListener extends EventListener<SecurityModeEvent> {
29 - @Override
30 - protected List<String> choices() {
31 - return ImmutableList.of(ADD, REMOVE, CLEAR, LIST);
32 - }
33 } 25 }
......
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.security.store;
18 +
19 +/**
20 + * Representation of Security-Mode ONOS application review state.
21 + */
22 +public enum SecurityModeState {
23 +
24 + /**
25 + * Indicates that operator has accepted application security policy.
26 + */
27 + SECURED,
28 +
29 + /**
30 + * Indicates that application security policy has been reviewed.
31 + */
32 + REVIEWED,
33 +
34 + /**
35 + * Indicates that application has been installed.
36 + */
37 + INSTALLED,
38 +
39 + /**
40 + * Indicates that application has violated security policy.
41 + */
42 + POLICY_VIOLATED,
43 +}
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.security.store;
18 +
19 +import org.onosproject.core.ApplicationId;
20 +import org.onosproject.security.Permission;
21 +import org.onosproject.store.Store;
22 +
23 +import java.util.Set;
24 +
25 +/**
26 + * Security-Mode ONOS distributed store service.
27 + */
28 +public interface SecurityModeStore extends Store<SecurityModeEvent, SecurityModeStoreDelegate> {
29 +
30 + /**
31 + * Updates the local bundle-application directories.
32 + * @param appId application identifier
33 + * @return true if successfully registered.
34 + */
35 + boolean registerApplication(ApplicationId appId);
36 +
37 + /**
38 + * Removes application info from the local bundle-application directories.
39 + * @param appId application identifier
40 + */
41 + void unregisterApplication(ApplicationId appId);
42 +
43 + /**
44 + * Returns state of the specified application.
45 + * @param appId application identifier
46 + * @return Security-Mode State of application
47 + */
48 + SecurityModeState getState(ApplicationId appId);
49 +
50 + /**
51 + * Returns bundle locations of specified application.
52 + * @param appId application identifier
53 + * @return set of bundle location strings
54 + */
55 + Set<String> getBundleLocations(ApplicationId appId);
56 +
57 + /**
58 + * Returns application identifiers that are associated with given bundle location.
59 + * @param location OSGi bundle location
60 + * @return set of application identifiers
61 + */
62 + Set<ApplicationId> getApplicationIds(String location);
63 +
64 + /**
65 + * Returns a list of permissions that have been requested by given application.
66 + * @param appId application identifier
67 + * @return list of permissions
68 + */
69 + Set<Permission> getRequestedPermissions(ApplicationId appId);
70 +
71 + /**
72 + * Returns an array of permissions that have been granted to given application.
73 + * @param appId application identifier
74 + * @return array of permissionInfo
75 + */
76 + Set<Permission> getGrantedPermissions(ApplicationId appId);
77 +
78 + /**
79 + * Request permission that is required to run given application.
80 + * @param appId application identifier
81 + * @param permission permission
82 + */
83 + void requestPermission(ApplicationId appId, Permission permission);
84 +
85 + /**
86 + * Returns true if given application has been secured.
87 + * @param appId application identifier
88 + * @return true indicates secured
89 + */
90 + boolean isSecured(ApplicationId appId);
91 +
92 + /**
93 + * Notifies SM-ONOS that operator has reviewed the policy.
94 + * @param appId application identifier
95 + */
96 + void reviewPolicy(ApplicationId appId);
97 +
98 + /**
99 + * Accept the current security policy of given application.
100 + * @param appId application identifier
101 + * @param permissionSet array of PermissionInfo
102 + */
103 + void acceptPolicy(ApplicationId appId, Set<Permission> permissionSet);
104 +}
...\ No newline at end of file ...\ No newline at end of file
...@@ -14,32 +14,12 @@ ...@@ -14,32 +14,12 @@
14 * limitations under the License. 14 * limitations under the License.
15 */ 15 */
16 16
17 -package org.onosproject.cli.security; 17 +package org.onosproject.security.store;
18 18
19 -import org.apache.karaf.shell.console.completer.ArgumentCompleter; 19 +import org.onosproject.store.StoreDelegate;
20 -import org.onosproject.cli.AbstractChoicesCompleter;
21 -import org.onosproject.core.Permission;
22 -
23 -import java.util.ArrayList;
24 -import java.util.List;
25 20
26 /** 21 /**
27 - * Permission Name Completer. 22 + * Security-Mode distributed store delegate abstraction.
28 */ 23 */
29 -public class PermissionNameCompleter extends AbstractChoicesCompleter { 24 +public interface SecurityModeStoreDelegate extends StoreDelegate<SecurityModeEvent> {
30 - @Override
31 - protected List<String> choices() {
32 - List<String> permNames = new ArrayList<>();
33 -
34 - ArgumentCompleter.ArgumentList list = getArgumentList();
35 - String cmd = list.getArguments()[1];
36 - if (cmd.equals("add") || cmd.equals("remove")) {
37 - for (Permission perm : Permission.values()) {
38 - permNames.add(perm.name());
39 - }
40 - }
41 - return permNames;
42 - }
43 -
44 -
45 } 25 }
......
...@@ -38,7 +38,7 @@ import org.onosproject.core.Application; ...@@ -38,7 +38,7 @@ import org.onosproject.core.Application;
38 import org.onosproject.core.ApplicationId; 38 import org.onosproject.core.ApplicationId;
39 import org.onosproject.core.ApplicationIdStore; 39 import org.onosproject.core.ApplicationIdStore;
40 import org.onosproject.core.DefaultApplication; 40 import org.onosproject.core.DefaultApplication;
41 -import org.onosproject.core.Permission; 41 +import org.onosproject.security.Permission;
42 import org.onosproject.store.cluster.messaging.ClusterCommunicationService; 42 import org.onosproject.store.cluster.messaging.ClusterCommunicationService;
43 import org.onosproject.store.cluster.messaging.MessageSubject; 43 import org.onosproject.store.cluster.messaging.MessageSubject;
44 import org.onosproject.store.serializers.KryoNamespaces; 44 import org.onosproject.store.serializers.KryoNamespaces;
......
...@@ -135,7 +135,7 @@ ...@@ -135,7 +135,7 @@
135 <feature>onos-api</feature> 135 <feature>onos-api</feature>
136 <!-- FIXME Release when stable (before Drake) --> 136 <!-- FIXME Release when stable (before Drake) -->
137 <bundle>mvn:org.onosproject/org.apache.felix.framework.security/2.2.0.onos-SNAPSHOT</bundle> 137 <bundle>mvn:org.onosproject/org.apache.felix.framework.security/2.2.0.onos-SNAPSHOT</bundle>
138 - <bundle>mvn:org.onosproject/onos-security-impl/@ONOS-VERSION</bundle> 138 + <bundle>mvn:org.onosproject/onos-security/@ONOS-VERSION</bundle>
139 </feature> 139 </feature>
140 140
141 </features> 141 </features>
......
...@@ -17,7 +17,6 @@ package org.onosproject.openflow.controller; ...@@ -17,7 +17,6 @@ package org.onosproject.openflow.controller;
17 17
18 import org.onlab.packet.DeserializationException; 18 import org.onlab.packet.DeserializationException;
19 import org.onlab.packet.Ethernet; 19 import org.onlab.packet.Ethernet;
20 -import org.onosproject.core.Permission;
21 import org.projectfloodlight.openflow.protocol.OFPacketIn; 20 import org.projectfloodlight.openflow.protocol.OFPacketIn;
22 import org.projectfloodlight.openflow.protocol.OFPacketOut; 21 import org.projectfloodlight.openflow.protocol.OFPacketOut;
23 import org.projectfloodlight.openflow.protocol.OFVersion; 22 import org.projectfloodlight.openflow.protocol.OFVersion;
...@@ -34,6 +33,7 @@ import java.util.Collections; ...@@ -34,6 +33,7 @@ import java.util.Collections;
34 import java.util.concurrent.atomic.AtomicBoolean; 33 import java.util.concurrent.atomic.AtomicBoolean;
35 34
36 import static org.onosproject.security.AppGuard.checkPermission; 35 import static org.onosproject.security.AppGuard.checkPermission;
36 +import static org.onosproject.security.AppPermission.Type.*;
37 37
38 38
39 /** 39 /**
...@@ -57,7 +57,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext ...@@ -57,7 +57,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext
57 57
58 @Override 58 @Override
59 public void send() { 59 public void send() {
60 - checkPermission(Permission.PACKET_WRITE); 60 + checkPermission(PACKET_WRITE);
61 61
62 if (block() && isBuilt.get()) { 62 if (block() && isBuilt.get()) {
63 sw.sendMsg(pktout); 63 sw.sendMsg(pktout);
...@@ -97,7 +97,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext ...@@ -97,7 +97,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext
97 97
98 @Override 98 @Override
99 public Ethernet parsed() { 99 public Ethernet parsed() {
100 - checkPermission(Permission.PACKET_READ); 100 + checkPermission(PACKET_READ);
101 101
102 try { 102 try {
103 return Ethernet.deserializer().deserialize(pktin.getData(), 0, pktin.getData().length); 103 return Ethernet.deserializer().deserialize(pktin.getData(), 0, pktin.getData().length);
...@@ -111,7 +111,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext ...@@ -111,7 +111,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext
111 111
112 @Override 112 @Override
113 public Dpid dpid() { 113 public Dpid dpid() {
114 - checkPermission(Permission.PACKET_READ); 114 + checkPermission(PACKET_READ);
115 115
116 return new Dpid(sw.getId()); 116 return new Dpid(sw.getId());
117 } 117 }
...@@ -130,7 +130,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext ...@@ -130,7 +130,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext
130 130
131 @Override 131 @Override
132 public Integer inPort() { 132 public Integer inPort() {
133 - checkPermission(Permission.PACKET_READ); 133 + checkPermission(PACKET_READ);
134 134
135 return pktinInPort().getPortNumber(); 135 return pktinInPort().getPortNumber();
136 } 136 }
...@@ -144,7 +144,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext ...@@ -144,7 +144,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext
144 144
145 @Override 145 @Override
146 public byte[] unparsed() { 146 public byte[] unparsed() {
147 - checkPermission(Permission.PACKET_READ); 147 + checkPermission(PACKET_READ);
148 148
149 return pktin.getData().clone(); 149 return pktin.getData().clone();
150 150
...@@ -160,21 +160,21 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext ...@@ -160,21 +160,21 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext
160 160
161 @Override 161 @Override
162 public boolean block() { 162 public boolean block() {
163 - checkPermission(Permission.PACKET_WRITE); 163 + checkPermission(PACKET_WRITE);
164 164
165 return free.getAndSet(false); 165 return free.getAndSet(false);
166 } 166 }
167 167
168 @Override 168 @Override
169 public boolean isHandled() { 169 public boolean isHandled() {
170 - checkPermission(Permission.PACKET_READ); 170 + checkPermission(PACKET_READ);
171 171
172 return !free.get(); 172 return !free.get();
173 } 173 }
174 174
175 @Override 175 @Override
176 public boolean isBuffered() { 176 public boolean isBuffered() {
177 - checkPermission(Permission.PACKET_READ); 177 + checkPermission(PACKET_READ);
178 178
179 return isBuffered; 179 return isBuffered;
180 } 180 }
......