홍길동 / onos

Go to a project
Toggle navigation Toggle navigation pinning
Changhoon Yoon
Committed by Gerrit Code Review
b856b813 1 parent f28207bd

ONOS-1767 SM-ONOS implementation 

22a363e ONOS-17767 SM-ONOS impl

Change-Id: Ifca8129f2266bada68af735cf81a1d39f1ec8506
Inline Side-by-side
Showing 66 changed files with 2015 additions and 1096 deletions
1 -/*
2 - * Copyright 2015 Open Networking Laboratory
3 - *
4 - * Licensed under the Apache License, Version 2.0 (the "License");
5 - * you may not use this file except in compliance with the License.
6 - * You may obtain a copy of the License at
7 - *
8 - * http://www.apache.org/licenses/LICENSE-2.0
9 - *
10 - * Unless required by applicable law or agreed to in writing, software
11 - * distributed under the License is distributed on an "AS IS" BASIS,
12 - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 - * See the License for the specific language governing permissions and
14 - * limitations under the License.
15 - */
16 -
17 -package org.onosproject.cli.security;
18 -
19 -import com.google.common.collect.ImmutableSet;
20 -import com.google.common.collect.Sets;
21 -import org.apache.karaf.shell.commands.Argument;
22 -import org.apache.karaf.shell.commands.Command;
23 -import org.onosproject.app.ApplicationAdminService;
24 -import org.onosproject.cli.AbstractShellCommand;
25 -import org.onosproject.core.Application;
26 -import org.onosproject.core.ApplicationId;
27 -import org.onosproject.core.Permission;
28 -
29 -import java.util.Set;
30 -import java.util.stream.Collectors;
31 -
32 -/**
33 - * Manages application permissions.
34 - */
35 -@Command(scope = "onos", name = "perm",
36 - description = "Manages application permissions")
37 -public class PermissionCommand extends AbstractShellCommand {
38 -
39 - static final String ADD = "add";
40 - static final String REMOVE = "remove";
41 - static final String LIST = "list";
42 - static final String CLEAR = "clear";
43 -
44 -
45 - @Argument(index = 0, name = "command",
46 - description = "Command name (add|remove)",
47 - required = true, multiValued = false)
48 - String command = null;
49 -
50 - @Argument(index = 1, name = "name", description = "Application name",
51 - required = true, multiValued = false)
52 - String name = null;
53 -
54 - @Argument(index = 2, name = "permissions", description = "List of permissions",
55 - required = false, multiValued = true)
56 - String[] permissions = null;
57 -
58 - @Override
59 - protected void execute() {
60 - ApplicationAdminService applicationAdminService = get(ApplicationAdminService.class);
61 - Set<Permission> newPermSet = Sets.newHashSet();
62 - if (command.equals(ADD)) {
63 - ApplicationId appId = applicationAdminService.getId(name);
64 - if (appId == null) {
65 - print("No such application: %s", name);
66 - return;
67 - }
68 - Application app = applicationAdminService.getApplication(appId);
69 -
70 - for (String perm : permissions) {
71 - try {
72 - Permission permission = Permission.valueOf(perm);
73 - newPermSet.add(permission);
74 - } catch (IllegalArgumentException e) {
75 - print("%s is not a valid permission.", perm);
76 - return;
77 - }
78 -
79 - }
80 - Set<Permission> oldPermSet = applicationAdminService.getPermissions(appId);
81 - if (oldPermSet != null) {
82 - newPermSet.addAll(oldPermSet);
83 - } else {
84 - newPermSet.addAll(app.permissions());
85 - }
86 - applicationAdminService.setPermissions(appId, ImmutableSet.copyOf(newPermSet));
87 -
88 - } else if (command.equals(REMOVE)) {
89 - ApplicationId appId = applicationAdminService.getId(name);
90 - Application app = applicationAdminService.getApplication(appId);
91 - if (appId == null) {
92 - print("No such application: %s", name);
93 - return;
94 - }
95 - Set<Permission> oldPermSet = applicationAdminService.getPermissions(appId);
96 - if (oldPermSet == null) {
97 - oldPermSet = app.permissions();
98 - }
99 - Set<String> clearPermSet = Sets.newHashSet(permissions);
100 - newPermSet.addAll(oldPermSet.stream().filter(
101 - perm -> !clearPermSet.contains(perm.name().toUpperCase())).collect(Collectors.toList()));
102 - applicationAdminService.setPermissions(appId, ImmutableSet.copyOf(newPermSet));
103 - } else if (command.equals(CLEAR)) {
104 - ApplicationId appId = applicationAdminService.getId(name);
105 - if (appId == null) {
106 - print("No such application: %s", name);
107 - return;
108 - }
109 - applicationAdminService.setPermissions(appId, ImmutableSet.of());
110 - print("Cleared the permission list of %s.", appId.name());
111 - } else if (command.equals(LIST)) {
112 - ApplicationId appId = applicationAdminService.getId(name);
113 - if (appId == null) {
114 - print("No such application: %s", name);
115 - return;
116 - }
117 - Application app = applicationAdminService.getApplication(appId);
118 - Set<Permission> userPermissions = applicationAdminService.getPermissions(appId);
119 - Set<Permission> defaultPermissions = app.permissions();
120 - print("Application Role");
121 - print("\trole=%s", app.role().name());
122 -
123 - if (defaultPermissions != null) {
124 - if (!defaultPermissions.isEmpty()) {
125 - print("Default permissions (specified in app.xml)");
126 - for (Permission perm : defaultPermissions) {
127 - print("\tpermission=%s", perm.name());
128 - }
129 - } else {
130 - print("(No default permissions specified in app.xml)");
131 - }
132 - }
133 - if (userPermissions != null) {
134 - if (!userPermissions.isEmpty()) {
135 - print("User permissions");
136 - for (Permission perm : userPermissions) {
137 - print("\tpermission=%s", perm.name());
138 - }
139 - } else {
140 - print("(User has removed all the permissions");
141 - }
142 - }
143 -
144 - }
145 - }
146 -}
...@@ -18,6 +18,7 @@ package org.onosproject.cli.security; ...@@ -18,6 +18,7 @@ package org.onosproject.cli.security;
18 18
19 import org.apache.karaf.shell.console.completer.StringsCompleter; 19 import org.apache.karaf.shell.console.completer.StringsCompleter;
20 import org.onosproject.app.ApplicationService; 20 import org.onosproject.app.ApplicationService;
21 +import org.onosproject.app.ApplicationState;
21 import org.onosproject.cli.AbstractCompleter; 22 import org.onosproject.cli.AbstractCompleter;
22 import org.onosproject.core.Application; 23 import org.onosproject.core.Application;
23 24
...@@ -25,27 +26,33 @@ import java.util.Iterator; ...@@ -25,27 +26,33 @@ import java.util.Iterator;
25 import java.util.List; 26 import java.util.List;
26 import java.util.SortedSet; 27 import java.util.SortedSet;
27 28
29 +import static org.onosproject.app.ApplicationState.INSTALLED;
28 import static org.onosproject.cli.AbstractShellCommand.get; 30 import static org.onosproject.cli.AbstractShellCommand.get;
29 31
30 /** 32 /**
31 - * Application name completer for permission command. 33 + * Application name completer for security review command.
32 */ 34 */
33 -public class PermissionApplicationNameCompleter extends AbstractCompleter { 35 +public class ReviewApplicationNameCompleter extends AbstractCompleter {
34 @Override 36 @Override
35 public int complete(String buffer, int cursor, List<String> candidates) { 37 public int complete(String buffer, int cursor, List<String> candidates) {
36 // Delegate string completer 38 // Delegate string completer
37 StringsCompleter delegate = new StringsCompleter(); 39 StringsCompleter delegate = new StringsCompleter();
38 40
39 - // Fetch our service and feed it's offerings to the string completer
40 ApplicationService service = get(ApplicationService.class); 41 ApplicationService service = get(ApplicationService.class);
41 Iterator<Application> it = service.getApplications().iterator(); 42 Iterator<Application> it = service.getApplications().iterator();
42 SortedSet<String> strings = delegate.getStrings(); 43 SortedSet<String> strings = delegate.getStrings();
43 while (it.hasNext()) { 44 while (it.hasNext()) {
44 Application app = it.next(); 45 Application app = it.next();
45 - strings.add(app.id().name()); 46 + ApplicationState state = service.getState(app.id());
47 +// if (previousApps.contains(app.id().name())) {
48 +// continue;
49 +// }
50 + if (state == INSTALLED) {
51 + strings.add(app.id().name());
52 + }
46 } 53 }
47 54
48 // Now let the completer do the work for figuring out what to offer. 55 // Now let the completer do the work for figuring out what to offer.
49 return delegate.complete(buffer, cursor, candidates); 56 return delegate.complete(buffer, cursor, candidates);
50 } 57 }
51 -} 58 +}
...\ No newline at end of file ...\ No newline at end of file
......
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.cli.security;
18 +
19 +import org.apache.karaf.shell.commands.Argument;
20 +import org.apache.karaf.shell.commands.Command;
21 +import org.onosproject.app.ApplicationAdminService;
22 +import org.onosproject.cli.AbstractShellCommand;
23 +import org.onosproject.core.Application;
24 +import org.onosproject.core.ApplicationId;
25 +import org.onosproject.security.SecurityAdminService;
26 +import org.onosproject.security.SecurityUtil;
27 +
28 +import java.security.Permission;
29 +import java.util.List;
30 +import java.util.Map;
31 +
32 +
33 +/**
34 + * Application security policy review commands.
35 + */
36 +@Command(scope = "onos", name = "review",
37 + description = "Application security policy review interface")
38 +public class ReviewCommand extends AbstractShellCommand {
39 +
40 + @Argument(index = 0, name = "name", description = "Application name",
41 + required = true, multiValued = false)
42 + String name = null;
43 +
44 + @Argument(index = 1, name = "accept", description = "Option to accept policy",
45 + required = false, multiValued = false)
46 + String accept = null;
47 +
48 + @Override
49 + protected void execute() {
50 + ApplicationAdminService applicationAdminService = get(ApplicationAdminService.class);
51 + ApplicationId appId = applicationAdminService.getId(name);
52 + if (appId == null) {
53 + print("No such application: %s", name);
54 + return;
55 + }
56 + Application app = applicationAdminService.getApplication(appId);
57 + SecurityAdminService smService = SecurityUtil.getSecurityService();
58 + if (smService == null) {
59 + print("Security Mode is disabled");
60 + return;
61 + }
62 + if (accept == null) {
63 + smService.review(appId);
64 + printPolicy(smService, app);
65 + } else if (accept.trim().equals("accept")) {
66 + smService.acceptPolicy(appId);
67 + printPolicy(smService, app);
68 + } else {
69 + print("Unknown command");
70 + }
71 + }
72 +
73 + private void printPolicy(SecurityAdminService smService, Application app) {
74 + print("\n*******************************");
75 + print(" SM-ONOS APP REVIEW ");
76 + print("*******************************");
77 +
78 + print("Application name: %s ", app.id().name());
79 + print("Application role: " + app.role());
80 + print("\nDeveloper specified permissions: ");
81 + printMap(smService.getPrintableSpecifiedPermissions(app.id()));
82 + print("\nPermissions granted: ");
83 + printMap(smService.getPrintableGrantedPermissions(app.id()));
84 + print("\nAdditional permissions requested on runtime (POLICY VIOLATIONS): ");
85 + printMap(smService.getPrintableRequestedPermissions(app.id()));
86 + print("");
87 +
88 + }
89 + private void printMap(Map<Integer, List<Permission>> assortedMap) {
90 + for (Integer type : assortedMap.keySet()) {
91 + switch (type) {
92 + case 0:
93 + for (Permission perm: assortedMap.get(0)) {
94 + print("\t[APP PERMISSION] " + perm.getName());
95 + }
96 + break;
97 + case 1:
98 + for (Permission perm: assortedMap.get(1)) {
99 + print("\t[NB-ADMIN SERVICE] " + perm.getName() + "(" + perm.getActions() + ")");
100 + }
101 + break;
102 + case 2:
103 + for (Permission perm: assortedMap.get(2)) {
104 + print("\t[NB SERVICE] " + perm.getName() + "(" + perm.getActions() + ")");
105 + }
106 + break;
107 + case 3:
108 + for (Permission perm: assortedMap.get(3)) {
109 + print("\t[Other SERVICE] " + perm.getName() + "(" + perm.getActions() + ")");
110 + }
111 + break;
112 + case 4:
113 + for (Permission perm: assortedMap.get(4)) {
114 + print("\t[Other] " + perm.getClass().getSimpleName() +
115 + " " + perm.getName() + " (" + perm.getActions() + ")");
116 + }
117 + default:
118 + break;
119 + }
120 + }
121 + }
122 +}
...@@ -21,11 +21,9 @@ ...@@ -21,11 +21,9 @@
21 </command> 21 </command>
22 22
23 <command> 23 <command>
24 - <action class="org.onosproject.cli.security.PermissionCommand"/> 24 + <action class="org.onosproject.cli.security.ReviewCommand"/>
25 <completers> 25 <completers>
26 - <ref component-id="permCommandCompleter"/> 26 + <ref component-id="reviewAppNameCompleter"/>
27 - <ref component-id="permAppNameCompleter"/>
28 - <ref component-id="permNameCompleter"/>
29 </completers> 27 </completers>
30 </command> 28 </command>
31 29
...@@ -435,9 +433,7 @@ ...@@ -435,9 +433,7 @@
435 </command> 433 </command>
436 </command-bundle> 434 </command-bundle>
437 435
438 - <bean id="permAppNameCompleter" class="org.onosproject.cli.security.PermissionApplicationNameCompleter"/> 436 + <bean id="reviewAppNameCompleter" class="org.onosproject.cli.security.ReviewApplicationNameCompleter"/>
439 - <bean id="permCommandCompleter" class="org.onosproject.cli.security.PermissionCommandCompleter"/>
440 - <bean id="permNameCompleter" class="org.onosproject.cli.security.PermissionNameCompleter"/>
441 <bean id="appCommandCompleter" class="org.onosproject.cli.app.ApplicationCommandCompleter"/> 437 <bean id="appCommandCompleter" class="org.onosproject.cli.app.ApplicationCommandCompleter"/>
442 <bean id="appNameCompleter" class="org.onosproject.cli.app.ApplicationNameCompleter"/> 438 <bean id="appNameCompleter" class="org.onosproject.cli.app.ApplicationNameCompleter"/>
443 <bean id="allAppNameCompleter" class="org.onosproject.cli.app.AllApplicationNamesCompleter"/> 439 <bean id="allAppNameCompleter" class="org.onosproject.cli.app.AllApplicationNamesCompleter"/>
......
...@@ -17,7 +17,7 @@ package org.onosproject.app; ...@@ -17,7 +17,7 @@ package org.onosproject.app;
17 17
18 import org.onosproject.core.Application; 18 import org.onosproject.core.Application;
19 import org.onosproject.core.ApplicationId; 19 import org.onosproject.core.ApplicationId;
20 -import org.onosproject.core.Permission; 20 +import org.onosproject.security.Permission;
21 21
22 import java.io.InputStream; 22 import java.io.InputStream;
23 import java.util.Set; 23 import java.util.Set;
......
...@@ -16,8 +16,8 @@ ...@@ -16,8 +16,8 @@
16 package org.onosproject.app; 16 package org.onosproject.app;
17 17
18 import org.onosproject.core.ApplicationRole; 18 import org.onosproject.core.ApplicationRole;
19 -import org.onosproject.core.Permission;
20 import org.onosproject.core.Version; 19 import org.onosproject.core.Version;
20 +import org.onosproject.security.Permission;
21 21
22 import java.net.URI; 22 import java.net.URI;
23 import java.util.List; 23 import java.util.List;
......
...@@ -17,8 +17,8 @@ package org.onosproject.app; ...@@ -17,8 +17,8 @@ package org.onosproject.app;
17 17
18 import org.onosproject.core.Application; 18 import org.onosproject.core.Application;
19 import org.onosproject.core.ApplicationId; 19 import org.onosproject.core.ApplicationId;
20 -import org.onosproject.core.Permission;
21 import org.onosproject.event.ListenerService; 20 import org.onosproject.event.ListenerService;
21 +import org.onosproject.security.Permission;
22 22
23 import java.util.Set; 23 import java.util.Set;
24 24
......
...@@ -17,7 +17,7 @@ package org.onosproject.app; ...@@ -17,7 +17,7 @@ package org.onosproject.app;
17 17
18 import org.onosproject.core.Application; 18 import org.onosproject.core.Application;
19 import org.onosproject.core.ApplicationId; 19 import org.onosproject.core.ApplicationId;
20 -import org.onosproject.core.Permission; 20 +import org.onosproject.security.Permission;
21 import org.onosproject.store.Store; 21 import org.onosproject.store.Store;
22 22
23 import java.io.InputStream; 23 import java.io.InputStream;
......
...@@ -16,8 +16,8 @@ ...@@ -16,8 +16,8 @@
16 package org.onosproject.app; 16 package org.onosproject.app;
17 17
18 import org.onosproject.core.ApplicationRole; 18 import org.onosproject.core.ApplicationRole;
19 -import org.onosproject.core.Permission;
20 import org.onosproject.core.Version; 19 import org.onosproject.core.Version;
20 +import org.onosproject.security.Permission;
21 21
22 import java.net.URI; 22 import java.net.URI;
23 import java.util.List; 23 import java.util.List;
......
...@@ -15,6 +15,8 @@ ...@@ -15,6 +15,8 @@
15 */ 15 */
16 package org.onosproject.core; 16 package org.onosproject.core;
17 17
18 +import org.onosproject.security.Permission;
19 +
18 import java.net.URI; 20 import java.net.URI;
19 import java.util.List; 21 import java.util.List;
20 import java.util.Optional; 22 import java.util.Optional;
......
...@@ -23,9 +23,9 @@ public enum ApplicationRole { ...@@ -23,9 +23,9 @@ public enum ApplicationRole {
23 ADMIN, 23 ADMIN,
24 24
25 /** 25 /**
26 - * Indicates that an application has a REGULAR role. 26 + * Indicates that an application has a USER role.
27 */ 27 */
28 - REGULAR, 28 + USER,
29 29
30 /** 30 /**
31 * Indicates that an application role has not been specified. 31 * Indicates that an application role has not been specified.
......
...@@ -15,6 +15,8 @@ ...@@ -15,6 +15,8 @@
15 */ 15 */
16 package org.onosproject.core; 16 package org.onosproject.core;
17 17
18 +import org.onosproject.security.Permission;
19 +
18 import java.net.URI; 20 import java.net.URI;
19 import java.util.Set; 21 import java.util.Set;
20 import java.util.Optional; 22 import java.util.Optional;
......
1 -/*
2 - * Copyright 2015 Open Networking Laboratory
3 - *
4 - * Licensed under the Apache License, Version 2.0 (the "License");
5 - * you may not use this file except in compliance with the License.
6 - * You may obtain a copy of the License at
7 - *
8 - * http://www.apache.org/licenses/LICENSE-2.0
9 - *
10 - * Unless required by applicable law or agreed to in writing, software
11 - * distributed under the License is distributed on an "AS IS" BASIS,
12 - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 - * See the License for the specific language governing permissions and
14 - * limitations under the License.
15 - */
16 -package org.onosproject.core;
17 -
18 -/**
19 - * Representation of an application permission.
20 - */
21 -public enum Permission {
22 - APP_READ,
23 - APP_EVENT,
24 - CONFIG_READ,
25 - CONFIG_WRITE,
26 - CLUSTER_READ,
27 - CLUSTER_WRITE,
28 - CLUSTER_EVENT,
29 - DEVICE_READ,
30 - DEVICE_EVENT,
31 - DRIVER_READ,
32 - DRIVER_WRITE,
33 - FLOWRULE_READ,
34 - FLOWRULE_WRITE,
35 - FLOWRULE_EVENT,
36 - GROUP_READ,
37 - GROUP_WRITE,
38 - GROUP_EVENT,
39 - HOST_READ,
40 - HOST_WRITE,
41 - HOST_EVENT,
42 - INTENT_READ,
43 - INTENT_WRITE,
44 - INTENT_EVENT,
45 - LINK_READ,
46 - LINK_WRITE,
47 - LINK_EVENT,
48 - PACKET_READ,
49 - PACKET_WRITE,
50 - PACKET_EVENT,
51 - STATISTIC_READ,
52 - TOPOLOGY_READ,
53 - TOPOLOGY_EVENT,
54 - TUNNEL_READ,
55 - TUNNEL_WRITE,
56 - TUNNEL_EVENT,
57 - STORAGE_WRITE
58 -}
...@@ -15,7 +15,6 @@ ...@@ -15,7 +15,6 @@
15 */ 15 */
16 package org.onosproject.net.packet; 16 package org.onosproject.net.packet;
17 17
18 -import org.onosproject.core.Permission;
19 import org.onosproject.net.flow.DefaultTrafficTreatment; 18 import org.onosproject.net.flow.DefaultTrafficTreatment;
20 import org.onosproject.net.flow.TrafficTreatment; 19 import org.onosproject.net.flow.TrafficTreatment;
21 import org.onosproject.net.flow.TrafficTreatment.Builder; 20 import org.onosproject.net.flow.TrafficTreatment.Builder;
...@@ -23,7 +22,7 @@ import org.onosproject.net.flow.TrafficTreatment.Builder; ...@@ -23,7 +22,7 @@ import org.onosproject.net.flow.TrafficTreatment.Builder;
23 import java.util.concurrent.atomic.AtomicBoolean; 22 import java.util.concurrent.atomic.AtomicBoolean;
24 23
25 import static org.onosproject.security.AppGuard.checkPermission; 24 import static org.onosproject.security.AppGuard.checkPermission;
26 - 25 +import static org.onosproject.security.AppPermission.Type.*;
27 26
28 /** 27 /**
29 * Default implementation of a packet context. 28 * Default implementation of a packet context.
...@@ -57,29 +56,25 @@ public abstract class DefaultPacketContext implements PacketContext { ...@@ -57,29 +56,25 @@ public abstract class DefaultPacketContext implements PacketContext {
57 56
58 @Override 57 @Override
59 public long time() { 58 public long time() {
60 - checkPermission(Permission.PACKET_READ); 59 + checkPermission(PACKET_READ);
61 -
62 return time; 60 return time;
63 } 61 }
64 62
65 @Override 63 @Override
66 public InboundPacket inPacket() { 64 public InboundPacket inPacket() {
67 - checkPermission(Permission.PACKET_READ); 65 + checkPermission(PACKET_READ);
68 -
69 return inPkt; 66 return inPkt;
70 } 67 }
71 68
72 @Override 69 @Override
73 public OutboundPacket outPacket() { 70 public OutboundPacket outPacket() {
74 - checkPermission(Permission.PACKET_READ); 71 + checkPermission(PACKET_READ);
75 -
76 return outPkt; 72 return outPkt;
77 } 73 }
78 74
79 @Override 75 @Override
80 public Builder treatmentBuilder() { 76 public Builder treatmentBuilder() {
81 - checkPermission(Permission.PACKET_READ); 77 + checkPermission(PACKET_READ);
82 -
83 return builder; 78 return builder;
84 } 79 }
85 80
...@@ -88,15 +83,13 @@ public abstract class DefaultPacketContext implements PacketContext { ...@@ -88,15 +83,13 @@ public abstract class DefaultPacketContext implements PacketContext {
88 83
89 @Override 84 @Override
90 public boolean block() { 85 public boolean block() {
91 - checkPermission(Permission.PACKET_WRITE); 86 + checkPermission(PACKET_WRITE);
92 -
93 return this.block.getAndSet(true); 87 return this.block.getAndSet(true);
94 } 88 }
95 89
96 @Override 90 @Override
97 public boolean isHandled() { 91 public boolean isHandled() {
98 - checkPermission(Permission.PACKET_READ); 92 + checkPermission(PACKET_READ);
99 -
100 return this.block.get(); 93 return this.block.get();
101 } 94 }
102 } 95 }
...\ No newline at end of file ...\ No newline at end of file
......
...@@ -16,7 +16,6 @@ ...@@ -16,7 +16,6 @@
16 16
17 package org.onosproject.security; 17 package org.onosproject.security;
18 18
19 -import org.onosproject.core.Permission;
20 19
21 /** 20 /**
22 * Aids SM-ONOS to perform API-level permission checking. 21 * Aids SM-ONOS to perform API-level permission checking.
...@@ -30,10 +29,10 @@ public final class AppGuard { ...@@ -30,10 +29,10 @@ public final class AppGuard {
30 * Checks if the caller has the required permission only when security-mode is enabled. 29 * Checks if the caller has the required permission only when security-mode is enabled.
31 * @param permission permission to be checked 30 * @param permission permission to be checked
32 */ 31 */
33 - public static void checkPermission(Permission permission) { 32 + public static void checkPermission(AppPermission.Type permission) {
34 SecurityManager sm = System.getSecurityManager(); 33 SecurityManager sm = System.getSecurityManager();
35 if (sm != null) { 34 if (sm != null) {
36 - System.getSecurityManager().checkPermission(new AppPermission(permission.name())); 35 + System.getSecurityManager().checkPermission(new AppPermission(permission));
37 } 36 }
38 } 37 }
39 } 38 }
......
...@@ -23,12 +23,57 @@ import java.security.BasicPermission; ...@@ -23,12 +23,57 @@ import java.security.BasicPermission;
23 */ 23 */
24 public class AppPermission extends BasicPermission { 24 public class AppPermission extends BasicPermission {
25 25
26 + public enum Type {
27 + APP_READ,
28 + APP_EVENT,
29 + CONFIG_READ,
30 + CONFIG_WRITE,
31 + CLUSTER_READ,
32 + CLUSTER_WRITE,
33 + CLUSTER_EVENT,
34 + DEVICE_READ,
35 + DEVICE_EVENT,
36 + DRIVER_READ,
37 + DRIVER_WRITE,
38 + FLOWRULE_READ,
39 + FLOWRULE_WRITE,
40 + FLOWRULE_EVENT,
41 + GROUP_READ,
42 + GROUP_WRITE,
43 + GROUP_EVENT,
44 + HOST_READ,
45 + HOST_WRITE,
46 + HOST_EVENT,
47 + INTENT_READ,
48 + INTENT_WRITE,
49 + INTENT_EVENT,
50 + LINK_READ,
51 + LINK_WRITE,
52 + LINK_EVENT,
53 + PACKET_READ,
54 + PACKET_WRITE,
55 + PACKET_EVENT,
56 + STATISTIC_READ,
57 + TOPOLOGY_READ,
58 + TOPOLOGY_EVENT,
59 + TUNNEL_READ,
60 + TUNNEL_WRITE,
61 + TUNNEL_EVENT,
62 + STORAGE_WRITE
63 + }
64 +
65 + protected Type type;
26 /** 66 /**
27 * Creates new application permission using the supplied data. 67 * Creates new application permission using the supplied data.
28 * @param name permission name 68 * @param name permission name
29 */ 69 */
30 public AppPermission(String name) { 70 public AppPermission(String name) {
31 super(name.toUpperCase(), ""); 71 super(name.toUpperCase(), "");
72 + try {
73 + type = Type.valueOf(name);
74 + } catch (IllegalArgumentException e) {
75 + type = null;
76 + }
32 } 77 }
33 78
34 /** 79 /**
...@@ -38,6 +83,28 @@ public class AppPermission extends BasicPermission { ...@@ -38,6 +83,28 @@ public class AppPermission extends BasicPermission {
38 */ 83 */
39 public AppPermission(String name, String actions) { 84 public AppPermission(String name, String actions) {
40 super(name.toUpperCase(), actions); 85 super(name.toUpperCase(), actions);
86 + try {
87 + type = Type.valueOf(name);
88 + } catch (IllegalArgumentException e) {
89 + type = null;
90 + }
91 + }
92 +
93 + /**
94 + * Crates new application permission using the supplied data.
95 + * @param type permission type
96 + */
97 + public AppPermission(Type type) {
98 + super(type.name(), "");
99 + this.type = type;
100 + }
101 +
102 + /**
103 + * Returns type of permission.
104 + * @return application permission type
105 + */
106 + public Type getType() {
107 + return this.type;
41 } 108 }
42 109
43 } 110 }
......
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.security;
18 +
19 +public class Permission {
20 +
21 + protected String classname;
22 + protected String name;
23 + protected String actions;
24 +
25 + public Permission(String classname, String name, String actions) {
26 + this.classname = classname;
27 + this.name = name;
28 + if (actions == null) {
29 + this.actions = "";
30 + } else {
31 + this.actions = actions;
32 + }
33 + }
34 +
35 + public Permission(String classname, String name) {
36 + this.classname = classname;
37 + this.name = name;
38 + this.actions = "";
39 + }
40 +
41 + public String getClassName() {
42 + return classname;
43 + }
44 +
45 + public String getName() {
46 + return name;
47 + }
48 +
49 + public String getActions() {
50 + return actions;
51 + }
52 +
53 + @Override
54 + public int hashCode() {
55 + return 0;
56 + }
57 +
58 + @Override
59 + public boolean equals(Object thatPerm) {
60 + if (this == thatPerm) {
61 + return true;
62 + }
63 +
64 + if (!(thatPerm instanceof Permission)) {
65 + return false;
66 + }
67 +
68 + Permission that = (Permission) thatPerm;
69 + return (this.classname.equals(that.classname)) && (this.name.equals(that.name))
70 + && (this.actions.equals(that.actions));
71 + }
72 +
73 + @Override
74 + public String toString() {
75 + return String.format("(%s, %s, %s)", classname, name, actions);
76 + }
77 +}
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.security;
18 +
19 +import org.onosproject.core.ApplicationId;
20 +
21 +import java.security.Permission;
22 +import java.util.List;
23 +import java.util.Map;
24 +
25 +/**
26 + * Security-Mode ONOS service.
27 + */
28 +public interface SecurityAdminService {
29 +
30 + /**
31 + * Returns true if security policy has been enforced to specified application.
32 + * @param appId application identifier
33 + * @return true if secured.
34 + */
35 + boolean isSecured(ApplicationId appId);
36 +
37 + /**
38 + * Changes SecurityModeState of specified application to REVIEWED.
39 + * @param appId application identifier
40 + */
41 + void review(ApplicationId appId);
42 +
43 + /**
44 + * Accepts and enforces security policy to specified application.
45 + * @param appId application identifier
46 + */
47 + void acceptPolicy(ApplicationId appId);
48 +
49 + /**
50 + * Register application to SM-ONOS subsystem.
51 + * @param appId application identifier
52 + */
53 + void register(ApplicationId appId);
54 +
55 + /**
56 + * Returns sorted developer specified permission Map.
57 + * @param appId application identifier
58 + * @return Map of list of permissions sorted by permission type
59 + */
60 + Map<Integer, List<Permission>> getPrintableSpecifiedPermissions(ApplicationId appId);
61 +
62 + /**
63 + * Returns sorted granted permission Map.
64 + * @param appId application identifier
65 + * @return Map of list of permissions sorted by permission type
66 + */
67 + Map<Integer, List<Permission>> getPrintableGrantedPermissions(ApplicationId appId);
68 +
69 + /**
70 + * Returns sorted requested permission Map.
71 + * @param appId application identifier
72 + * @return Map of list of permissions sorted by permission type
73 + */
74 + Map<Integer, List<Permission>> getPrintableRequestedPermissions(ApplicationId appId);
75 +
76 +
77 +}
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.security;
18 +
19 +import org.onlab.osgi.DefaultServiceDirectory;
20 +import org.onlab.osgi.ServiceDirectory;
21 +import org.onlab.osgi.ServiceNotFoundException;
22 +import org.onosproject.core.ApplicationId;
23 +
24 +/**
25 + * Utility class to aid Security-Mode ONOS.
26 + */
27 +public final class SecurityUtil {
28 +
29 + protected static ServiceDirectory serviceDirectory = new DefaultServiceDirectory();
30 +
31 + private SecurityUtil() {
32 + }
33 +
34 + public static boolean isSecurityModeEnabled() {
35 + if (System.getSecurityManager() != null) {
36 + try {
37 + SecurityAdminService securityService = serviceDirectory.get(SecurityAdminService.class);
38 + if (securityService != null) {
39 + return true;
40 + }
41 + } catch (ServiceNotFoundException e) {
42 + return false;
43 + }
44 + }
45 + return false;
46 + }
47 +
48 + public static SecurityAdminService getSecurityService() {
49 + if (System.getSecurityManager() != null) {
50 + try {
51 + SecurityAdminService securityService = serviceDirectory.get(SecurityAdminService.class);
52 + if (securityService != null) {
53 + return securityService;
54 + }
55 + } catch (ServiceNotFoundException e) {
56 + return null;
57 + }
58 + }
59 + return null;
60 + }
61 +
62 + public static boolean isAppSecured(ApplicationId appId) {
63 + SecurityAdminService service = getSecurityService();
64 + if (service != null) {
65 + if (!service.isSecured(appId)) {
66 + System.out.println("\n*******************************");
67 + System.out.println(" SM-ONOS APP WARNING ");
68 + System.out.println("*******************************");
69 + System.out.println(appId.name() + " has not been secured.");
70 + System.out.println("Please review before activating.");
71 + return false;
72 + }
73 + }
74 + return true;
75 + }
76 + public static void register(ApplicationId appId) {
77 + SecurityAdminService service = getSecurityService();
78 + if (service != null) {
79 + service.register(appId);
80 + }
81 + }
82 +}
...@@ -17,7 +17,7 @@ package org.onosproject.app; ...@@ -17,7 +17,7 @@ package org.onosproject.app;
17 17
18 import org.onosproject.core.Application; 18 import org.onosproject.core.Application;
19 import org.onosproject.core.ApplicationId; 19 import org.onosproject.core.ApplicationId;
20 -import org.onosproject.core.Permission; 20 +import org.onosproject.security.Permission;
21 21
22 import java.io.InputStream; 22 import java.io.InputStream;
23 import java.util.Set; 23 import java.util.Set;
......
...@@ -17,7 +17,7 @@ package org.onosproject.app; ...@@ -17,7 +17,7 @@ package org.onosproject.app;
17 17
18 import org.onosproject.core.Application; 18 import org.onosproject.core.Application;
19 import org.onosproject.core.ApplicationId; 19 import org.onosproject.core.ApplicationId;
20 -import org.onosproject.core.Permission; 20 +import org.onosproject.security.Permission;
21 21
22 import java.util.Set; 22 import java.util.Set;
23 23
......
...@@ -17,7 +17,7 @@ package org.onosproject.app; ...@@ -17,7 +17,7 @@ package org.onosproject.app;
17 17
18 import org.onosproject.core.Application; 18 import org.onosproject.core.Application;
19 import org.onosproject.core.ApplicationId; 19 import org.onosproject.core.ApplicationId;
20 -import org.onosproject.core.Permission; 20 +import org.onosproject.security.Permission;
21 import org.onosproject.store.AbstractStore; 21 import org.onosproject.store.AbstractStore;
22 22
23 import java.io.InputStream; 23 import java.io.InputStream;
......
...@@ -19,8 +19,9 @@ import com.google.common.collect.ImmutableList; ...@@ -19,8 +19,9 @@ import com.google.common.collect.ImmutableList;
19 import com.google.common.collect.ImmutableSet; 19 import com.google.common.collect.ImmutableSet;
20 import org.junit.Test; 20 import org.junit.Test;
21 import org.onosproject.core.ApplicationRole; 21 import org.onosproject.core.ApplicationRole;
22 -import org.onosproject.core.Permission;
23 import org.onosproject.core.Version; 22 import org.onosproject.core.Version;
23 +import org.onosproject.security.AppPermission;
24 +import org.onosproject.security.Permission;
24 25
25 import java.net.URI; 26 import java.net.URI;
26 import java.util.List; 27 import java.util.List;
...@@ -40,7 +41,9 @@ public class DefaultApplicationDescriptionTest { ...@@ -40,7 +41,9 @@ public class DefaultApplicationDescriptionTest {
40 public static final String DESC = "Awesome application from Circus, Inc."; 41 public static final String DESC = "Awesome application from Circus, Inc.";
41 public static final String ORIGIN = "Circus"; 42 public static final String ORIGIN = "Circus";
42 public static final ApplicationRole ROLE = ApplicationRole.ADMIN; 43 public static final ApplicationRole ROLE = ApplicationRole.ADMIN;
43 - public static final Set<Permission> PERMS = ImmutableSet.of(Permission.FLOWRULE_WRITE, Permission.FLOWRULE_READ); 44 + public static final Set<Permission> PERMS = ImmutableSet.of(
45 + new Permission(AppPermission.class.getName(), "FLOWRULE_WRITE"),
46 + new Permission(AppPermission.class.getName(), "FLOWRULE_READ"));
44 public static final URI FURL = URI.create("mvn:org.foo-features/1.2a/xml/features"); 47 public static final URI FURL = URI.create("mvn:org.foo-features/1.2a/xml/features");
45 public static final List<String> FEATURES = ImmutableList.of("foo", "bar"); 48 public static final List<String> FEATURES = ImmutableList.of("foo", "bar");
46 49
......
...@@ -33,6 +33,10 @@ ...@@ -33,6 +33,10 @@
33 33
34 <dependencies> 34 <dependencies>
35 <dependency> 35 <dependency>
36 + <groupId>org.osgi</groupId>
37 + <artifactId>org.osgi.core</artifactId>
38 + </dependency>
39 + <dependency>
36 <groupId>org.onosproject</groupId> 40 <groupId>org.onosproject</groupId>
37 <artifactId>onos-api</artifactId> 41 <artifactId>onos-api</artifactId>
38 </dependency> 42 </dependency>
......
...@@ -20,6 +20,7 @@ import com.google.common.collect.ImmutableSet; ...@@ -20,6 +20,7 @@ import com.google.common.collect.ImmutableSet;
20 import com.google.common.io.ByteStreams; 20 import com.google.common.io.ByteStreams;
21 import com.google.common.io.Files; 21 import com.google.common.io.Files;
22 import org.apache.commons.configuration.ConfigurationException; 22 import org.apache.commons.configuration.ConfigurationException;
23 +import org.apache.commons.configuration.HierarchicalConfiguration;
23 import org.apache.commons.configuration.XMLConfiguration; 24 import org.apache.commons.configuration.XMLConfiguration;
24 import org.onlab.util.Tools; 25 import org.onlab.util.Tools;
25 import org.onosproject.app.ApplicationDescription; 26 import org.onosproject.app.ApplicationDescription;
...@@ -28,9 +29,11 @@ import org.onosproject.app.ApplicationException; ...@@ -28,9 +29,11 @@ import org.onosproject.app.ApplicationException;
28 import org.onosproject.app.ApplicationStoreDelegate; 29 import org.onosproject.app.ApplicationStoreDelegate;
29 import org.onosproject.app.DefaultApplicationDescription; 30 import org.onosproject.app.DefaultApplicationDescription;
30 import org.onosproject.core.ApplicationRole; 31 import org.onosproject.core.ApplicationRole;
31 -import org.onosproject.core.Permission;
32 import org.onosproject.core.Version; 32 import org.onosproject.core.Version;
33 +import org.onosproject.security.AppPermission;
34 +import org.onosproject.security.Permission;
33 import org.onosproject.store.AbstractStore; 35 import org.onosproject.store.AbstractStore;
36 +
34 import org.slf4j.Logger; 37 import org.slf4j.Logger;
35 import org.slf4j.LoggerFactory; 38 import org.slf4j.LoggerFactory;
36 39
...@@ -79,7 +82,9 @@ public class ApplicationArchive ...@@ -79,7 +82,9 @@ public class ApplicationArchive
79 private static final String DESCRIPTION = "description"; 82 private static final String DESCRIPTION = "description";
80 83
81 private static final String ROLE = "security.role"; 84 private static final String ROLE = "security.role";
82 - private static final String PERMISSIONS = "security.permissions.permission"; 85 + private static final String APP_PERMISSIONS = "security.permissions.app-perm";
86 + private static final String NET_PERMISSIONS = "security.permissions.net-perm";
87 + private static final String JAVA_PERMISSIONS = "security.permissions.java-perm";
83 88
84 private static final String OAR = ".oar"; 89 private static final String OAR = ".oar";
85 private static final String APP_XML = "app.xml"; 90 private static final String APP_XML = "app.xml";
...@@ -386,13 +391,25 @@ public class ApplicationArchive ...@@ -386,13 +391,25 @@ public class ApplicationArchive
386 // Returns the set of Permissions specified in the app.xml file 391 // Returns the set of Permissions specified in the app.xml file
387 private ImmutableSet<Permission> getPermissions(XMLConfiguration cfg) { 392 private ImmutableSet<Permission> getPermissions(XMLConfiguration cfg) {
388 List<Permission> permissionList = new ArrayList(); 393 List<Permission> permissionList = new ArrayList();
389 - for (Object o : cfg.getList(PERMISSIONS)) { 394 +
395 + for (Object o : cfg.getList(APP_PERMISSIONS)) {
390 String name = (String) o; 396 String name = (String) o;
391 - try { 397 + permissionList.add(new Permission(AppPermission.class.getName(), name));
392 - Permission perm = Permission.valueOf(name); 398 + }
393 - permissionList.add(perm); 399 + for (Object o : cfg.getList(NET_PERMISSIONS)) {
394 - } catch (IllegalArgumentException e) { 400 + //TODO: TO BE FLESHED OUT WHEN NETWORK PERMISSIONS ARE SUPPORTED
395 - log.debug("Unknown permission specified: %s", name); 401 + break;
402 + }
403 +
404 + List<HierarchicalConfiguration> fields =
405 + cfg.configurationsAt(JAVA_PERMISSIONS);
406 + for (HierarchicalConfiguration sub : fields) {
407 + String classname = sub.getString("classname");
408 + String name = sub.getString("name");
409 + String actions = sub.getString("actions");
410 +
411 + if (classname != null && name != null) {
412 + permissionList.add(new Permission(classname, name, actions));
396 } 413 }
397 } 414 }
398 return ImmutableSet.copyOf(permissionList); 415 return ImmutableSet.copyOf(permissionList);
......
...@@ -31,7 +31,7 @@ import org.onosproject.core.Application; ...@@ -31,7 +31,7 @@ import org.onosproject.core.Application;
31 import org.onosproject.core.ApplicationId; 31 import org.onosproject.core.ApplicationId;
32 import org.onosproject.core.ApplicationIdStore; 32 import org.onosproject.core.ApplicationIdStore;
33 import org.onosproject.core.DefaultApplication; 33 import org.onosproject.core.DefaultApplication;
34 -import org.onosproject.core.Permission; 34 +import org.onosproject.security.Permission;
35 import org.slf4j.Logger; 35 import org.slf4j.Logger;
36 36
37 import java.io.InputStream; 37 import java.io.InputStream;
......
...@@ -28,7 +28,8 @@ import org.onosproject.core.Application; ...@@ -28,7 +28,8 @@ import org.onosproject.core.Application;
28 import org.onosproject.core.ApplicationId; 28 import org.onosproject.core.ApplicationId;
29 import org.onosproject.core.ApplicationIdStoreAdapter; 29 import org.onosproject.core.ApplicationIdStoreAdapter;
30 import org.onosproject.core.DefaultApplicationId; 30 import org.onosproject.core.DefaultApplicationId;
31 -import org.onosproject.core.Permission; 31 +import org.onosproject.security.AppPermission;
32 +import org.onosproject.security.Permission;
32 33
33 import java.io.File; 34 import java.io.File;
34 import java.io.IOException; 35 import java.io.IOException;
...@@ -114,7 +115,8 @@ public class SimpleApplicationStoreTest { ...@@ -114,7 +115,8 @@ public class SimpleApplicationStoreTest {
114 @Test 115 @Test
115 public void permissions() { 116 public void permissions() {
116 Application app = createTestApp(); 117 Application app = createTestApp();
117 - ImmutableSet<Permission> permissions = ImmutableSet.of(Permission.FLOWRULE_WRITE); 118 + ImmutableSet<Permission> permissions =
119 + ImmutableSet.of(new Permission(AppPermission.class.getName(), "FLOWRULE_WRITE"));
118 store.setPermissions(app.id(), permissions); 120 store.setPermissions(app.id(), permissions);
119 assertEquals("incorrect app perms", 1, store.getPermissions(app.id()).size()); 121 assertEquals("incorrect app perms", 1, store.getPermissions(app.id()).size());
120 assertEquals("incorrect app state", INSTALLED, store.getState(app.id())); 122 assertEquals("incorrect app state", INSTALLED, store.getState(app.id()));
......
1 -<?xml version="1.0" encoding="UTF-8"?>
2 <!-- 1 <!--
3 ~ Copyright 2015 Open Networking Laboratory 2 ~ Copyright 2015 Open Networking Laboratory
4 ~ 3 ~
...@@ -21,8 +20,10 @@ ...@@ -21,8 +20,10 @@
21 <security> 20 <security>
22 <role>ADMIN</role> 21 <role>ADMIN</role>
23 <permissions> 22 <permissions>
24 - <permission>FLOWRULE_WRITE</permission> 23 + <app-perm>FLOWRULE_WRITE</app-perm>
25 - <permission>FLOWRULE_READ</permission> 24 + <app-perm>FLOWRULE_READ</app-perm>
26 </permissions> 25 </permissions>
26 +
27 </security> 27 </security>
28 +
28 </app> 29 </app>
......
...@@ -33,7 +33,8 @@ import org.onosproject.app.ApplicationStoreDelegate; ...@@ -33,7 +33,8 @@ import org.onosproject.app.ApplicationStoreDelegate;
33 import org.onosproject.event.AbstractListenerManager; 33 import org.onosproject.event.AbstractListenerManager;
34 import org.onosproject.core.Application; 34 import org.onosproject.core.Application;
35 import org.onosproject.core.ApplicationId; 35 import org.onosproject.core.ApplicationId;
36 -import org.onosproject.core.Permission; 36 +import org.onosproject.security.Permission;
37 +import org.onosproject.security.SecurityUtil;
37 import org.slf4j.Logger; 38 import org.slf4j.Logger;
38 39
39 import java.io.InputStream; 40 import java.io.InputStream;
...@@ -41,6 +42,7 @@ import java.util.Set; ...@@ -41,6 +42,7 @@ import java.util.Set;
41 42
42 import static com.google.common.base.Preconditions.checkNotNull; 43 import static com.google.common.base.Preconditions.checkNotNull;
43 import static org.onosproject.app.ApplicationEvent.Type.*; 44 import static org.onosproject.app.ApplicationEvent.Type.*;
45 +import static org.onosproject.security.AppPermission.Type.*;
44 import static org.onosproject.security.AppGuard.checkPermission; 46 import static org.onosproject.security.AppGuard.checkPermission;
45 import static org.slf4j.LoggerFactory.getLogger; 47 import static org.slf4j.LoggerFactory.getLogger;
46 48
...@@ -87,34 +89,34 @@ public class ApplicationManager ...@@ -87,34 +89,34 @@ public class ApplicationManager
87 89
88 @Override 90 @Override
89 public Set<Application> getApplications() { 91 public Set<Application> getApplications() {
90 - checkPermission(Permission.APP_READ); 92 + checkPermission(APP_READ);
91 return store.getApplications(); 93 return store.getApplications();
92 } 94 }
93 95
94 @Override 96 @Override
95 public ApplicationId getId(String name) { 97 public ApplicationId getId(String name) {
96 - checkPermission(Permission.APP_READ); 98 + checkPermission(APP_READ);
97 checkNotNull(name, "Name cannot be null"); 99 checkNotNull(name, "Name cannot be null");
98 return store.getId(name); 100 return store.getId(name);
99 } 101 }
100 102
101 @Override 103 @Override
102 public Application getApplication(ApplicationId appId) { 104 public Application getApplication(ApplicationId appId) {
103 - checkPermission(Permission.APP_READ); 105 + checkPermission(APP_READ);
104 checkNotNull(appId, APP_ID_NULL); 106 checkNotNull(appId, APP_ID_NULL);
105 return store.getApplication(appId); 107 return store.getApplication(appId);
106 } 108 }
107 109
108 @Override 110 @Override
109 public ApplicationState getState(ApplicationId appId) { 111 public ApplicationState getState(ApplicationId appId) {
110 - checkPermission(Permission.APP_READ); 112 + checkPermission(APP_READ);
111 checkNotNull(appId, APP_ID_NULL); 113 checkNotNull(appId, APP_ID_NULL);
112 return store.getState(appId); 114 return store.getState(appId);
113 } 115 }
114 116
115 @Override 117 @Override
116 public Set<Permission> getPermissions(ApplicationId appId) { 118 public Set<Permission> getPermissions(ApplicationId appId) {
117 - checkPermission(Permission.APP_READ); 119 + checkPermission(APP_READ);
118 checkNotNull(appId, APP_ID_NULL); 120 checkNotNull(appId, APP_ID_NULL);
119 return store.getPermissions(appId); 121 return store.getPermissions(appId);
120 } 122 }
...@@ -122,7 +124,9 @@ public class ApplicationManager ...@@ -122,7 +124,9 @@ public class ApplicationManager
122 @Override 124 @Override
123 public Application install(InputStream appDescStream) { 125 public Application install(InputStream appDescStream) {
124 checkNotNull(appDescStream, "Application archive stream cannot be null"); 126 checkNotNull(appDescStream, "Application archive stream cannot be null");
125 - return store.create(appDescStream); 127 + Application app = store.create(appDescStream);
128 + SecurityUtil.register(app.id());
129 + return app;
126 } 130 }
127 131
128 @Override 132 @Override
...@@ -138,6 +142,9 @@ public class ApplicationManager ...@@ -138,6 +142,9 @@ public class ApplicationManager
138 @Override 142 @Override
139 public void activate(ApplicationId appId) { 143 public void activate(ApplicationId appId) {
140 checkNotNull(appId, APP_ID_NULL); 144 checkNotNull(appId, APP_ID_NULL);
145 + if (!SecurityUtil.isAppSecured(appId)) {
146 + return;
147 + }
141 store.activate(appId); 148 store.activate(appId);
142 } 149 }
143 150
......
...@@ -31,7 +31,6 @@ import org.onosproject.cfg.ComponentConfigService; ...@@ -31,7 +31,6 @@ import org.onosproject.cfg.ComponentConfigService;
31 import org.onosproject.cfg.ComponentConfigStore; 31 import org.onosproject.cfg.ComponentConfigStore;
32 import org.onosproject.cfg.ComponentConfigStoreDelegate; 32 import org.onosproject.cfg.ComponentConfigStoreDelegate;
33 import org.onosproject.cfg.ConfigProperty; 33 import org.onosproject.cfg.ConfigProperty;
34 -import org.onosproject.core.Permission;
35 import org.osgi.service.cm.Configuration; 34 import org.osgi.service.cm.Configuration;
36 import org.osgi.service.cm.ConfigurationAdmin; 35 import org.osgi.service.cm.ConfigurationAdmin;
37 import org.slf4j.Logger; 36 import org.slf4j.Logger;
...@@ -50,6 +49,7 @@ import static com.google.common.base.Preconditions.checkArgument; ...@@ -50,6 +49,7 @@ import static com.google.common.base.Preconditions.checkArgument;
50 import static com.google.common.base.Preconditions.checkNotNull; 49 import static com.google.common.base.Preconditions.checkNotNull;
51 import static org.onosproject.security.AppGuard.checkPermission; 50 import static org.onosproject.security.AppGuard.checkPermission;
52 import static org.slf4j.LoggerFactory.getLogger; 51 import static org.slf4j.LoggerFactory.getLogger;
52 +import static org.onosproject.security.AppPermission.Type.*;
53 53
54 54
55 /** 55 /**
...@@ -99,14 +99,14 @@ public class ComponentConfigManager implements ComponentConfigService { ...@@ -99,14 +99,14 @@ public class ComponentConfigManager implements ComponentConfigService {
99 99
100 @Override 100 @Override
101 public Set<String> getComponentNames() { 101 public Set<String> getComponentNames() {
102 - checkPermission(Permission.CONFIG_READ); 102 + checkPermission(CONFIG_READ);
103 103
104 return ImmutableSet.copyOf(properties.keySet()); 104 return ImmutableSet.copyOf(properties.keySet());
105 } 105 }
106 106
107 @Override 107 @Override
108 public void registerProperties(Class<?> componentClass) { 108 public void registerProperties(Class<?> componentClass) {
109 - checkPermission(Permission.CONFIG_WRITE); 109 + checkPermission(CONFIG_WRITE);
110 110
111 String componentName = componentClass.getName(); 111 String componentName = componentClass.getName();
112 String resourceName = componentClass.getSimpleName() + RESOURCE_EXT; 112 String resourceName = componentClass.getSimpleName() + RESOURCE_EXT;
...@@ -130,7 +130,7 @@ public class ComponentConfigManager implements ComponentConfigService { ...@@ -130,7 +130,7 @@ public class ComponentConfigManager implements ComponentConfigService {
130 130
131 @Override 131 @Override
132 public void unregisterProperties(Class<?> componentClass, boolean clear) { 132 public void unregisterProperties(Class<?> componentClass, boolean clear) {
133 - checkPermission(Permission.CONFIG_WRITE); 133 + checkPermission(CONFIG_WRITE);
134 134
135 String componentName = componentClass.getName(); 135 String componentName = componentClass.getName();
136 checkNotNull(componentName, COMPONENT_NULL); 136 checkNotNull(componentName, COMPONENT_NULL);
...@@ -148,7 +148,7 @@ public class ComponentConfigManager implements ComponentConfigService { ...@@ -148,7 +148,7 @@ public class ComponentConfigManager implements ComponentConfigService {
148 148
149 @Override 149 @Override
150 public Set<ConfigProperty> getProperties(String componentName) { 150 public Set<ConfigProperty> getProperties(String componentName) {
151 - checkPermission(Permission.CONFIG_READ); 151 + checkPermission(CONFIG_READ);
152 152
153 Map<String, ConfigProperty> map = properties.get(componentName); 153 Map<String, ConfigProperty> map = properties.get(componentName);
154 return map != null ? ImmutableSet.copyOf(map.values()) : null; 154 return map != null ? ImmutableSet.copyOf(map.values()) : null;
...@@ -156,7 +156,7 @@ public class ComponentConfigManager implements ComponentConfigService { ...@@ -156,7 +156,7 @@ public class ComponentConfigManager implements ComponentConfigService {
156 156
157 @Override 157 @Override
158 public void setProperty(String componentName, String name, String value) { 158 public void setProperty(String componentName, String name, String value) {
159 - checkPermission(Permission.CONFIG_WRITE); 159 + checkPermission(CONFIG_WRITE);
160 160
161 checkNotNull(componentName, COMPONENT_NULL); 161 checkNotNull(componentName, COMPONENT_NULL);
162 checkNotNull(name, PROPERTY_NULL); 162 checkNotNull(name, PROPERTY_NULL);
...@@ -165,7 +165,7 @@ public class ComponentConfigManager implements ComponentConfigService { ...@@ -165,7 +165,7 @@ public class ComponentConfigManager implements ComponentConfigService {
165 165
166 @Override 166 @Override
167 public void unsetProperty(String componentName, String name) { 167 public void unsetProperty(String componentName, String name) {
168 - checkPermission(Permission.CONFIG_WRITE); 168 + checkPermission(CONFIG_WRITE);
169 169
170 checkNotNull(componentName, COMPONENT_NULL); 170 checkNotNull(componentName, COMPONENT_NULL);
171 checkNotNull(name, PROPERTY_NULL); 171 checkNotNull(name, PROPERTY_NULL);
......
...@@ -34,7 +34,6 @@ import org.onosproject.cluster.ClusterStoreDelegate; ...@@ -34,7 +34,6 @@ import org.onosproject.cluster.ClusterStoreDelegate;
34 import org.onosproject.cluster.ControllerNode; 34 import org.onosproject.cluster.ControllerNode;
35 import org.onosproject.cluster.NodeId; 35 import org.onosproject.cluster.NodeId;
36 import org.onosproject.event.AbstractListenerManager; 36 import org.onosproject.event.AbstractListenerManager;
37 -import org.onosproject.core.Permission;
38 import org.slf4j.Logger; 37 import org.slf4j.Logger;
39 38
40 import java.util.Set; 39 import java.util.Set;
...@@ -43,6 +42,8 @@ import static com.google.common.base.Preconditions.checkArgument; ...@@ -43,6 +42,8 @@ import static com.google.common.base.Preconditions.checkArgument;
43 import static com.google.common.base.Preconditions.checkNotNull; 42 import static com.google.common.base.Preconditions.checkNotNull;
44 import static org.onosproject.security.AppGuard.checkPermission; 43 import static org.onosproject.security.AppGuard.checkPermission;
45 import static org.slf4j.LoggerFactory.getLogger; 44 import static org.slf4j.LoggerFactory.getLogger;
45 +import static org.onosproject.security.AppPermission.Type.*;
46 +
46 47
47 48
48 /** 49 /**
...@@ -86,26 +87,26 @@ public class ClusterManager ...@@ -86,26 +87,26 @@ public class ClusterManager
86 87
87 @Override 88 @Override
88 public ControllerNode getLocalNode() { 89 public ControllerNode getLocalNode() {
89 - checkPermission(Permission.CLUSTER_READ); 90 + checkPermission(CLUSTER_READ);
90 return store.getLocalNode(); 91 return store.getLocalNode();
91 } 92 }
92 93
93 @Override 94 @Override
94 public Set<ControllerNode> getNodes() { 95 public Set<ControllerNode> getNodes() {
95 - checkPermission(Permission.CLUSTER_READ); 96 + checkPermission(CLUSTER_READ);
96 return store.getNodes(); 97 return store.getNodes();
97 } 98 }
98 99
99 @Override 100 @Override
100 public ControllerNode getNode(NodeId nodeId) { 101 public ControllerNode getNode(NodeId nodeId) {
101 - checkPermission(Permission.CLUSTER_READ); 102 + checkPermission(CLUSTER_READ);
102 checkNotNull(nodeId, INSTANCE_ID_NULL); 103 checkNotNull(nodeId, INSTANCE_ID_NULL);
103 return store.getNode(nodeId); 104 return store.getNode(nodeId);
104 } 105 }
105 106
106 @Override 107 @Override
107 public ControllerNode.State getState(NodeId nodeId) { 108 public ControllerNode.State getState(NodeId nodeId) {
108 - checkPermission(Permission.CLUSTER_READ); 109 + checkPermission(CLUSTER_READ);
109 checkNotNull(nodeId, INSTANCE_ID_NULL); 110 checkNotNull(nodeId, INSTANCE_ID_NULL);
110 return store.getState(nodeId); 111 return store.getState(nodeId);
111 } 112 }
...@@ -113,7 +114,7 @@ public class ClusterManager ...@@ -113,7 +114,7 @@ public class ClusterManager
113 114
114 @Override 115 @Override
115 public DateTime getLastUpdated(NodeId nodeId) { 116 public DateTime getLastUpdated(NodeId nodeId) {
116 - checkPermission(Permission.CLUSTER_READ); 117 + checkPermission(CLUSTER_READ);
117 return store.getLastUpdated(nodeId); 118 return store.getLastUpdated(nodeId);
118 } 119 }
119 120
......
...@@ -32,7 +32,6 @@ import org.onosproject.cluster.NodeId; ...@@ -32,7 +32,6 @@ import org.onosproject.cluster.NodeId;
32 import org.onosproject.cluster.RoleInfo; 32 import org.onosproject.cluster.RoleInfo;
33 import org.onosproject.event.AbstractListenerManager; 33 import org.onosproject.event.AbstractListenerManager;
34 import org.onosproject.core.MetricsHelper; 34 import org.onosproject.core.MetricsHelper;
35 -import org.onosproject.core.Permission;
36 import org.onosproject.mastership.MastershipAdminService; 35 import org.onosproject.mastership.MastershipAdminService;
37 import org.onosproject.mastership.MastershipEvent; 36 import org.onosproject.mastership.MastershipEvent;
38 import org.onosproject.mastership.MastershipListener; 37 import org.onosproject.mastership.MastershipListener;
...@@ -62,6 +61,8 @@ import static org.onosproject.cluster.ControllerNode.State.ACTIVE; ...@@ -62,6 +61,8 @@ import static org.onosproject.cluster.ControllerNode.State.ACTIVE;
62 import static org.onosproject.net.MastershipRole.MASTER; 61 import static org.onosproject.net.MastershipRole.MASTER;
63 import static org.onosproject.security.AppGuard.checkPermission; 62 import static org.onosproject.security.AppGuard.checkPermission;
64 import static org.slf4j.LoggerFactory.getLogger; 63 import static org.slf4j.LoggerFactory.getLogger;
64 +import static org.onosproject.security.AppPermission.Type.*;
65 +
65 66
66 67
67 @Component(immediate = true) 68 @Component(immediate = true)
...@@ -136,7 +137,7 @@ public class MastershipManager ...@@ -136,7 +137,7 @@ public class MastershipManager
136 137
137 @Override 138 @Override
138 public MastershipRole getLocalRole(DeviceId deviceId) { 139 public MastershipRole getLocalRole(DeviceId deviceId) {
139 - checkPermission(Permission.CLUSTER_READ); 140 + checkPermission(CLUSTER_READ);
140 141
141 checkNotNull(deviceId, DEVICE_ID_NULL); 142 checkNotNull(deviceId, DEVICE_ID_NULL);
142 return store.getRole(clusterService.getLocalNode().id(), deviceId); 143 return store.getRole(clusterService.getLocalNode().id(), deviceId);
...@@ -144,7 +145,7 @@ public class MastershipManager ...@@ -144,7 +145,7 @@ public class MastershipManager
144 145
145 @Override 146 @Override
146 public CompletableFuture<Void> relinquishMastership(DeviceId deviceId) { 147 public CompletableFuture<Void> relinquishMastership(DeviceId deviceId) {
147 - checkPermission(Permission.CLUSTER_WRITE); 148 + checkPermission(CLUSTER_WRITE);
148 return store.relinquishRole(localNodeId, deviceId) 149 return store.relinquishRole(localNodeId, deviceId)
149 .thenAccept(this::post) 150 .thenAccept(this::post)
150 .thenApply(v -> null); 151 .thenApply(v -> null);
...@@ -152,7 +153,7 @@ public class MastershipManager ...@@ -152,7 +153,7 @@ public class MastershipManager
152 153
153 @Override 154 @Override
154 public CompletableFuture<MastershipRole> requestRoleFor(DeviceId deviceId) { 155 public CompletableFuture<MastershipRole> requestRoleFor(DeviceId deviceId) {
155 - checkPermission(Permission.CLUSTER_WRITE); 156 + checkPermission(CLUSTER_WRITE);
156 157
157 checkNotNull(deviceId, DEVICE_ID_NULL); 158 checkNotNull(deviceId, DEVICE_ID_NULL);
158 final Context timer = startTimer(requestRoleTimer); 159 final Context timer = startTimer(requestRoleTimer);
...@@ -162,7 +163,7 @@ public class MastershipManager ...@@ -162,7 +163,7 @@ public class MastershipManager
162 163
163 @Override 164 @Override
164 public NodeId getMasterFor(DeviceId deviceId) { 165 public NodeId getMasterFor(DeviceId deviceId) {
165 - checkPermission(Permission.CLUSTER_READ); 166 + checkPermission(CLUSTER_READ);
166 167
167 checkNotNull(deviceId, DEVICE_ID_NULL); 168 checkNotNull(deviceId, DEVICE_ID_NULL);
168 return store.getMaster(deviceId); 169 return store.getMaster(deviceId);
...@@ -170,7 +171,7 @@ public class MastershipManager ...@@ -170,7 +171,7 @@ public class MastershipManager
170 171
171 @Override 172 @Override
172 public Set<DeviceId> getDevicesOf(NodeId nodeId) { 173 public Set<DeviceId> getDevicesOf(NodeId nodeId) {
173 - checkPermission(Permission.CLUSTER_READ); 174 + checkPermission(CLUSTER_READ);
174 175
175 checkNotNull(nodeId, NODE_ID_NULL); 176 checkNotNull(nodeId, NODE_ID_NULL);
176 return store.getDevices(nodeId); 177 return store.getDevices(nodeId);
...@@ -178,7 +179,7 @@ public class MastershipManager ...@@ -178,7 +179,7 @@ public class MastershipManager
178 179
179 @Override 180 @Override
180 public RoleInfo getNodesFor(DeviceId deviceId) { 181 public RoleInfo getNodesFor(DeviceId deviceId) {
181 - checkPermission(Permission.CLUSTER_READ); 182 + checkPermission(CLUSTER_READ);
182 183
183 checkNotNull(deviceId, DEVICE_ID_NULL); 184 checkNotNull(deviceId, DEVICE_ID_NULL);
184 return store.getNodes(deviceId); 185 return store.getNodes(deviceId);
......
...@@ -31,7 +31,6 @@ import org.onosproject.core.ApplicationIdStore; ...@@ -31,7 +31,6 @@ import org.onosproject.core.ApplicationIdStore;
31 import org.onosproject.core.CoreService; 31 import org.onosproject.core.CoreService;
32 import org.onosproject.core.IdBlockStore; 32 import org.onosproject.core.IdBlockStore;
33 import org.onosproject.core.IdGenerator; 33 import org.onosproject.core.IdGenerator;
34 -import org.onosproject.core.Permission;
35 import org.onosproject.core.Version; 34 import org.onosproject.core.Version;
36 import org.onosproject.event.EventDeliveryService; 35 import org.onosproject.event.EventDeliveryService;
37 import org.osgi.service.component.ComponentContext; 36 import org.osgi.service.component.ComponentContext;
...@@ -46,6 +45,8 @@ import java.util.Set; ...@@ -46,6 +45,8 @@ import java.util.Set;
46 import static com.google.common.base.Preconditions.checkNotNull; 45 import static com.google.common.base.Preconditions.checkNotNull;
47 import static com.google.common.base.Strings.isNullOrEmpty; 46 import static com.google.common.base.Strings.isNullOrEmpty;
48 import static org.onosproject.security.AppGuard.checkPermission; 47 import static org.onosproject.security.AppGuard.checkPermission;
48 +import static org.onosproject.security.AppPermission.Type.*;
49 +
49 50
50 51
51 /** 52 /**
...@@ -100,28 +101,28 @@ public class CoreManager implements CoreService { ...@@ -100,28 +101,28 @@ public class CoreManager implements CoreService {
100 101
101 @Override 102 @Override
102 public Version version() { 103 public Version version() {
103 - checkPermission(Permission.APP_READ); 104 + checkPermission(APP_READ);
104 105
105 return version; 106 return version;
106 } 107 }
107 108
108 @Override 109 @Override
109 public Set<ApplicationId> getAppIds() { 110 public Set<ApplicationId> getAppIds() {
110 - checkPermission(Permission.APP_READ); 111 + checkPermission(APP_READ);
111 112
112 return applicationIdStore.getAppIds(); 113 return applicationIdStore.getAppIds();
113 } 114 }
114 115
115 @Override 116 @Override
116 public ApplicationId getAppId(Short id) { 117 public ApplicationId getAppId(Short id) {
117 - checkPermission(Permission.APP_READ); 118 + checkPermission(APP_READ);
118 119
119 return applicationIdStore.getAppId(id); 120 return applicationIdStore.getAppId(id);
120 } 121 }
121 122
122 @Override 123 @Override
123 public ApplicationId getAppId(String name) { 124 public ApplicationId getAppId(String name) {
124 - checkPermission(Permission.APP_READ); 125 + checkPermission(APP_READ);
125 126
126 return applicationIdStore.getAppId(name); 127 return applicationIdStore.getAppId(name);
127 } 128 }
......
...@@ -27,7 +27,6 @@ import org.apache.felix.scr.annotations.Service; ...@@ -27,7 +27,6 @@ import org.apache.felix.scr.annotations.Service;
27 import org.onosproject.cluster.ClusterService; 27 import org.onosproject.cluster.ClusterService;
28 import org.onosproject.cluster.NodeId; 28 import org.onosproject.cluster.NodeId;
29 import org.onosproject.net.provider.AbstractListenerProviderRegistry; 29 import org.onosproject.net.provider.AbstractListenerProviderRegistry;
30 -import org.onosproject.core.Permission;
31 import org.onosproject.net.config.NetworkConfigEvent; 30 import org.onosproject.net.config.NetworkConfigEvent;
32 import org.onosproject.net.config.NetworkConfigListener; 31 import org.onosproject.net.config.NetworkConfigListener;
33 import org.onosproject.net.config.NetworkConfigService; 32 import org.onosproject.net.config.NetworkConfigService;
...@@ -77,6 +76,7 @@ import static org.onlab.util.Tools.groupedThreads; ...@@ -77,6 +76,7 @@ import static org.onlab.util.Tools.groupedThreads;
77 import static org.onosproject.net.MastershipRole.*; 76 import static org.onosproject.net.MastershipRole.*;
78 import static org.onosproject.security.AppGuard.checkPermission; 77 import static org.onosproject.security.AppGuard.checkPermission;
79 import static org.slf4j.LoggerFactory.getLogger; 78 import static org.slf4j.LoggerFactory.getLogger;
79 +import static org.onosproject.security.AppPermission.Type.*;
80 80
81 81
82 /** 82 /**
...@@ -151,60 +151,60 @@ public class DeviceManager ...@@ -151,60 +151,60 @@ public class DeviceManager
151 151
152 @Override 152 @Override
153 public int getDeviceCount() { 153 public int getDeviceCount() {
154 - checkPermission(Permission.DEVICE_READ); 154 + checkPermission(DEVICE_READ);
155 return store.getDeviceCount(); 155 return store.getDeviceCount();
156 } 156 }
157 157
158 @Override 158 @Override
159 public Iterable<Device> getDevices() { 159 public Iterable<Device> getDevices() {
160 - checkPermission(Permission.DEVICE_READ); 160 + checkPermission(DEVICE_READ);
161 return store.getDevices(); 161 return store.getDevices();
162 } 162 }
163 163
164 @Override 164 @Override
165 public Iterable<Device> getAvailableDevices() { 165 public Iterable<Device> getAvailableDevices() {
166 - checkPermission(Permission.DEVICE_READ); 166 + checkPermission(DEVICE_READ);
167 return store.getAvailableDevices(); 167 return store.getAvailableDevices();
168 } 168 }
169 169
170 @Override 170 @Override
171 public Device getDevice(DeviceId deviceId) { 171 public Device getDevice(DeviceId deviceId) {
172 - checkPermission(Permission.DEVICE_READ); 172 + checkPermission(DEVICE_READ);
173 checkNotNull(deviceId, DEVICE_ID_NULL); 173 checkNotNull(deviceId, DEVICE_ID_NULL);
174 return store.getDevice(deviceId); 174 return store.getDevice(deviceId);
175 } 175 }
176 176
177 @Override 177 @Override
178 public MastershipRole getRole(DeviceId deviceId) { 178 public MastershipRole getRole(DeviceId deviceId) {
179 - checkPermission(Permission.DEVICE_READ); 179 + checkPermission(DEVICE_READ);
180 checkNotNull(deviceId, DEVICE_ID_NULL); 180 checkNotNull(deviceId, DEVICE_ID_NULL);
181 return mastershipService.getLocalRole(deviceId); 181 return mastershipService.getLocalRole(deviceId);
182 } 182 }
183 183
184 @Override 184 @Override
185 public List<Port> getPorts(DeviceId deviceId) { 185 public List<Port> getPorts(DeviceId deviceId) {
186 - checkPermission(Permission.DEVICE_READ); 186 + checkPermission(DEVICE_READ);
187 checkNotNull(deviceId, DEVICE_ID_NULL); 187 checkNotNull(deviceId, DEVICE_ID_NULL);
188 return store.getPorts(deviceId); 188 return store.getPorts(deviceId);
189 } 189 }
190 190
191 @Override 191 @Override
192 public List<PortStatistics> getPortStatistics(DeviceId deviceId) { 192 public List<PortStatistics> getPortStatistics(DeviceId deviceId) {
193 - checkPermission(Permission.DEVICE_READ); 193 + checkPermission(DEVICE_READ);
194 checkNotNull(deviceId, DEVICE_ID_NULL); 194 checkNotNull(deviceId, DEVICE_ID_NULL);
195 return store.getPortStatistics(deviceId); 195 return store.getPortStatistics(deviceId);
196 } 196 }
197 197
198 @Override 198 @Override
199 public List<PortStatistics> getPortDeltaStatistics(DeviceId deviceId) { 199 public List<PortStatistics> getPortDeltaStatistics(DeviceId deviceId) {
200 - checkPermission(Permission.DEVICE_READ); 200 + checkPermission(DEVICE_READ);
201 checkNotNull(deviceId, DEVICE_ID_NULL); 201 checkNotNull(deviceId, DEVICE_ID_NULL);
202 return store.getPortDeltaStatistics(deviceId); 202 return store.getPortDeltaStatistics(deviceId);
203 } 203 }
204 204
205 @Override 205 @Override
206 public Port getPort(DeviceId deviceId, PortNumber portNumber) { 206 public Port getPort(DeviceId deviceId, PortNumber portNumber) {
207 - checkPermission(Permission.DEVICE_READ); 207 + checkPermission(DEVICE_READ);
208 checkNotNull(deviceId, DEVICE_ID_NULL); 208 checkNotNull(deviceId, DEVICE_ID_NULL);
209 checkNotNull(portNumber, PORT_NUMBER_NULL); 209 checkNotNull(portNumber, PORT_NUMBER_NULL);
210 return store.getPort(deviceId, portNumber); 210 return store.getPort(deviceId, portNumber);
...@@ -212,7 +212,7 @@ public class DeviceManager ...@@ -212,7 +212,7 @@ public class DeviceManager
212 212
213 @Override 213 @Override
214 public boolean isAvailable(DeviceId deviceId) { 214 public boolean isAvailable(DeviceId deviceId) {
215 - checkPermission(Permission.DEVICE_READ); 215 + checkPermission(DEVICE_READ);
216 216
217 checkNotNull(deviceId, DEVICE_ID_NULL); 217 checkNotNull(deviceId, DEVICE_ID_NULL);
218 return store.isAvailable(deviceId); 218 return store.isAvailable(deviceId);
...@@ -664,7 +664,7 @@ public class DeviceManager ...@@ -664,7 +664,7 @@ public class DeviceManager
664 664
665 @Override 665 @Override
666 public Iterable<Device> getDevices(Type type) { 666 public Iterable<Device> getDevices(Type type) {
667 - checkPermission(Permission.DEVICE_READ); 667 + checkPermission(DEVICE_READ);
668 Set<Device> results = new HashSet<>(); 668 Set<Device> results = new HashSet<>();
669 Iterable<Device> devices = store.getDevices(); 669 Iterable<Device> devices = store.getDevices();
670 if (devices != null) { 670 if (devices != null) {
...@@ -679,7 +679,7 @@ public class DeviceManager ...@@ -679,7 +679,7 @@ public class DeviceManager
679 679
680 @Override 680 @Override
681 public Iterable<Device> getAvailableDevices(Type type) { 681 public Iterable<Device> getAvailableDevices(Type type) {
682 - checkPermission(Permission.DEVICE_READ); 682 + checkPermission(DEVICE_READ);
683 Set<Device> results = new HashSet<>(); 683 Set<Device> results = new HashSet<>();
684 Iterable<Device> availableDevices = store.getAvailableDevices(); 684 Iterable<Device> availableDevices = store.getAvailableDevices();
685 if (availableDevices != null) { 685 if (availableDevices != null) {
......
...@@ -24,7 +24,6 @@ import org.apache.felix.scr.annotations.Deactivate; ...@@ -24,7 +24,6 @@ import org.apache.felix.scr.annotations.Deactivate;
24 import org.apache.felix.scr.annotations.Reference; 24 import org.apache.felix.scr.annotations.Reference;
25 import org.apache.felix.scr.annotations.ReferenceCardinality; 25 import org.apache.felix.scr.annotations.ReferenceCardinality;
26 import org.apache.felix.scr.annotations.Service; 26 import org.apache.felix.scr.annotations.Service;
27 -import org.onosproject.core.Permission;
28 import org.onosproject.net.Device; 27 import org.onosproject.net.Device;
29 import org.onosproject.net.DeviceId; 28 import org.onosproject.net.DeviceId;
30 import org.onosproject.net.device.DeviceService; 29 import org.onosproject.net.device.DeviceService;
...@@ -47,6 +46,8 @@ import java.util.stream.Collectors; ...@@ -47,6 +46,8 @@ import java.util.stream.Collectors;
47 import static org.onlab.util.Tools.nullIsNotFound; 46 import static org.onlab.util.Tools.nullIsNotFound;
48 import static org.onosproject.net.AnnotationKeys.DRIVER; 47 import static org.onosproject.net.AnnotationKeys.DRIVER;
49 import static org.onosproject.security.AppGuard.checkPermission; 48 import static org.onosproject.security.AppGuard.checkPermission;
49 +import static org.onosproject.security.AppPermission.Type.*;
50 +
50 51
51 52
52 /** 53 /**
...@@ -108,7 +109,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS ...@@ -108,7 +109,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS
108 109
109 @Override 110 @Override
110 public Set<Driver> getDrivers() { 111 public Set<Driver> getDrivers() {
111 - checkPermission(Permission.DRIVER_READ); 112 + checkPermission(DRIVER_READ);
112 113
113 ImmutableSet.Builder<Driver> builder = ImmutableSet.builder(); 114 ImmutableSet.Builder<Driver> builder = ImmutableSet.builder();
114 drivers.values().forEach(builder::add); 115 drivers.values().forEach(builder::add);
...@@ -117,7 +118,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS ...@@ -117,7 +118,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS
117 118
118 @Override 119 @Override
119 public Set<Driver> getDrivers(Class<? extends Behaviour> withBehaviour) { 120 public Set<Driver> getDrivers(Class<? extends Behaviour> withBehaviour) {
120 - checkPermission(Permission.DRIVER_READ); 121 + checkPermission(DRIVER_READ);
121 122
122 return drivers.values().stream() 123 return drivers.values().stream()
123 .filter(d -> d.hasBehaviour(withBehaviour)) 124 .filter(d -> d.hasBehaviour(withBehaviour))
...@@ -126,14 +127,14 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS ...@@ -126,14 +127,14 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS
126 127
127 @Override 128 @Override
128 public Driver getDriver(String driverName) { 129 public Driver getDriver(String driverName) {
129 - checkPermission(Permission.DRIVER_READ); 130 + checkPermission(DRIVER_READ);
130 131
131 return nullIsNotFound(drivers.get(driverName), NO_DRIVER); 132 return nullIsNotFound(drivers.get(driverName), NO_DRIVER);
132 } 133 }
133 134
134 @Override 135 @Override
135 public Driver getDriver(String mfr, String hw, String sw) { 136 public Driver getDriver(String mfr, String hw, String sw) {
136 - checkPermission(Permission.DRIVER_READ); 137 + checkPermission(DRIVER_READ);
137 138
138 // First attempt a literal search. 139 // First attempt a literal search.
139 Driver driver = driverByKey.get(key(mfr, hw, sw)); 140 Driver driver = driverByKey.get(key(mfr, hw, sw));
...@@ -160,7 +161,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS ...@@ -160,7 +161,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS
160 161
161 @Override 162 @Override
162 public Driver getDriver(DeviceId deviceId) { 163 public Driver getDriver(DeviceId deviceId) {
163 - checkPermission(Permission.DRIVER_READ); 164 + checkPermission(DRIVER_READ);
164 165
165 Device device = nullIsNotFound(deviceService.getDevice(deviceId), NO_DEVICE); 166 Device device = nullIsNotFound(deviceService.getDevice(deviceId), NO_DEVICE);
166 String driverName = device.annotations().value(DRIVER); 167 String driverName = device.annotations().value(DRIVER);
...@@ -174,7 +175,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS ...@@ -174,7 +175,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS
174 175
175 @Override 176 @Override
176 public DriverHandler createHandler(DeviceId deviceId, String... credentials) { 177 public DriverHandler createHandler(DeviceId deviceId, String... credentials) {
177 - checkPermission(Permission.DRIVER_WRITE); 178 + checkPermission(DRIVER_WRITE);
178 179
179 Driver driver = getDriver(deviceId); 180 Driver driver = getDriver(deviceId);
180 return new DefaultDriverHandler(new DefaultDriverData(driver, deviceId)); 181 return new DefaultDriverHandler(new DefaultDriverData(driver, deviceId));
......
...@@ -36,7 +36,6 @@ import org.onosproject.net.provider.AbstractListenerProviderRegistry; ...@@ -36,7 +36,6 @@ import org.onosproject.net.provider.AbstractListenerProviderRegistry;
36 import org.onosproject.core.ApplicationId; 36 import org.onosproject.core.ApplicationId;
37 import org.onosproject.core.CoreService; 37 import org.onosproject.core.CoreService;
38 import org.onosproject.core.IdGenerator; 38 import org.onosproject.core.IdGenerator;
39 -import org.onosproject.core.Permission;
40 import org.onosproject.net.Device; 39 import org.onosproject.net.Device;
41 import org.onosproject.net.DeviceId; 40 import org.onosproject.net.DeviceId;
42 import org.onosproject.net.device.DeviceService; 41 import org.onosproject.net.device.DeviceService;
...@@ -79,6 +78,8 @@ import static org.onosproject.net.flow.FlowRuleEvent.Type.RULE_ADD_REQUESTED; ...@@ -79,6 +78,8 @@ import static org.onosproject.net.flow.FlowRuleEvent.Type.RULE_ADD_REQUESTED;
79 import static org.onosproject.net.flow.FlowRuleEvent.Type.RULE_REMOVE_REQUESTED; 78 import static org.onosproject.net.flow.FlowRuleEvent.Type.RULE_REMOVE_REQUESTED;
80 import static org.onosproject.security.AppGuard.checkPermission; 79 import static org.onosproject.security.AppGuard.checkPermission;
81 import static org.slf4j.LoggerFactory.getLogger; 80 import static org.slf4j.LoggerFactory.getLogger;
81 +import static org.onosproject.security.AppPermission.Type.*;
82 +
82 83
83 84
84 /** 85 /**
...@@ -165,19 +166,19 @@ public class FlowRuleManager ...@@ -165,19 +166,19 @@ public class FlowRuleManager
165 166
166 @Override 167 @Override
167 public int getFlowRuleCount() { 168 public int getFlowRuleCount() {
168 - checkPermission(Permission.FLOWRULE_READ); 169 + checkPermission(FLOWRULE_READ);
169 return store.getFlowRuleCount(); 170 return store.getFlowRuleCount();
170 } 171 }
171 172
172 @Override 173 @Override
173 public Iterable<FlowEntry> getFlowEntries(DeviceId deviceId) { 174 public Iterable<FlowEntry> getFlowEntries(DeviceId deviceId) {
174 - checkPermission(Permission.FLOWRULE_READ); 175 + checkPermission(FLOWRULE_READ);
175 return store.getFlowEntries(deviceId); 176 return store.getFlowEntries(deviceId);
176 } 177 }
177 178
178 @Override 179 @Override
179 public void applyFlowRules(FlowRule... flowRules) { 180 public void applyFlowRules(FlowRule... flowRules) {
180 - checkPermission(Permission.FLOWRULE_WRITE); 181 + checkPermission(FLOWRULE_WRITE);
181 182
182 FlowRuleOperations.Builder builder = FlowRuleOperations.builder(); 183 FlowRuleOperations.Builder builder = FlowRuleOperations.builder();
183 for (int i = 0; i < flowRules.length; i++) { 184 for (int i = 0; i < flowRules.length; i++) {
...@@ -188,7 +189,7 @@ public class FlowRuleManager ...@@ -188,7 +189,7 @@ public class FlowRuleManager
188 189
189 @Override 190 @Override
190 public void removeFlowRules(FlowRule... flowRules) { 191 public void removeFlowRules(FlowRule... flowRules) {
191 - checkPermission(Permission.FLOWRULE_WRITE); 192 + checkPermission(FLOWRULE_WRITE);
192 193
193 FlowRuleOperations.Builder builder = FlowRuleOperations.builder(); 194 FlowRuleOperations.Builder builder = FlowRuleOperations.builder();
194 for (int i = 0; i < flowRules.length; i++) { 195 for (int i = 0; i < flowRules.length; i++) {
...@@ -199,13 +200,13 @@ public class FlowRuleManager ...@@ -199,13 +200,13 @@ public class FlowRuleManager
199 200
200 @Override 201 @Override
201 public void removeFlowRulesById(ApplicationId id) { 202 public void removeFlowRulesById(ApplicationId id) {
202 - checkPermission(Permission.FLOWRULE_WRITE); 203 + checkPermission(FLOWRULE_WRITE);
203 removeFlowRules(Iterables.toArray(getFlowRulesById(id), FlowRule.class)); 204 removeFlowRules(Iterables.toArray(getFlowRulesById(id), FlowRule.class));
204 } 205 }
205 206
206 @Override 207 @Override
207 public Iterable<FlowRule> getFlowRulesById(ApplicationId id) { 208 public Iterable<FlowRule> getFlowRulesById(ApplicationId id) {
208 - checkPermission(Permission.FLOWRULE_READ); 209 + checkPermission(FLOWRULE_READ);
209 210
210 Set<FlowRule> flowEntries = Sets.newHashSet(); 211 Set<FlowRule> flowEntries = Sets.newHashSet();
211 for (Device d : deviceService.getDevices()) { 212 for (Device d : deviceService.getDevices()) {
...@@ -220,7 +221,7 @@ public class FlowRuleManager ...@@ -220,7 +221,7 @@ public class FlowRuleManager
220 221
221 @Override 222 @Override
222 public Iterable<FlowRule> getFlowRulesByGroupId(ApplicationId appId, short groupId) { 223 public Iterable<FlowRule> getFlowRulesByGroupId(ApplicationId appId, short groupId) {
223 - checkPermission(Permission.FLOWRULE_READ); 224 + checkPermission(FLOWRULE_READ);
224 225
225 Set<FlowRule> matches = Sets.newHashSet(); 226 Set<FlowRule> matches = Sets.newHashSet();
226 long toLookUp = ((long) appId.id() << 16) | groupId; 227 long toLookUp = ((long) appId.id() << 16) | groupId;
...@@ -236,7 +237,7 @@ public class FlowRuleManager ...@@ -236,7 +237,7 @@ public class FlowRuleManager
236 237
237 @Override 238 @Override
238 public void apply(FlowRuleOperations ops) { 239 public void apply(FlowRuleOperations ops) {
239 - checkPermission(Permission.FLOWRULE_WRITE); 240 + checkPermission(FLOWRULE_WRITE);
240 operationsService.submit(new FlowOperationsProcessor(ops)); 241 operationsService.submit(new FlowOperationsProcessor(ops));
241 } 242 }
242 243
......
...@@ -27,7 +27,6 @@ import org.onlab.osgi.DefaultServiceDirectory; ...@@ -27,7 +27,6 @@ import org.onlab.osgi.DefaultServiceDirectory;
27 import org.onlab.osgi.ServiceDirectory; 27 import org.onlab.osgi.ServiceDirectory;
28 import org.onlab.util.ItemNotFoundException; 28 import org.onlab.util.ItemNotFoundException;
29 import org.onosproject.cluster.ClusterService; 29 import org.onosproject.cluster.ClusterService;
30 -import org.onosproject.core.Permission;
31 import org.onosproject.mastership.MastershipEvent; 30 import org.onosproject.mastership.MastershipEvent;
32 import org.onosproject.mastership.MastershipListener; 31 import org.onosproject.mastership.MastershipListener;
33 import org.onosproject.mastership.MastershipService; 32 import org.onosproject.mastership.MastershipService;
...@@ -62,6 +61,8 @@ import static com.google.common.base.Preconditions.checkNotNull; ...@@ -62,6 +61,8 @@ import static com.google.common.base.Preconditions.checkNotNull;
62 import static java.util.concurrent.Executors.newFixedThreadPool; 61 import static java.util.concurrent.Executors.newFixedThreadPool;
63 import static org.onlab.util.Tools.groupedThreads; 62 import static org.onlab.util.Tools.groupedThreads;
64 import static org.onosproject.security.AppGuard.checkPermission; 63 import static org.onosproject.security.AppGuard.checkPermission;
64 +import static org.onosproject.security.AppPermission.Type.*;
65 +
65 66
66 67
67 /** 68 /**
...@@ -193,13 +194,13 @@ public class FlowObjectiveManager implements FlowObjectiveService { ...@@ -193,13 +194,13 @@ public class FlowObjectiveManager implements FlowObjectiveService {
193 194
194 @Override 195 @Override
195 public void filter(DeviceId deviceId, FilteringObjective filteringObjective) { 196 public void filter(DeviceId deviceId, FilteringObjective filteringObjective) {
196 - checkPermission(Permission.FLOWRULE_WRITE); 197 + checkPermission(FLOWRULE_WRITE);
197 executorService.submit(new ObjectiveInstaller(deviceId, filteringObjective)); 198 executorService.submit(new ObjectiveInstaller(deviceId, filteringObjective));
198 } 199 }
199 200
200 @Override 201 @Override
201 public void forward(DeviceId deviceId, ForwardingObjective forwardingObjective) { 202 public void forward(DeviceId deviceId, ForwardingObjective forwardingObjective) {
202 - checkPermission(Permission.FLOWRULE_WRITE); 203 + checkPermission(FLOWRULE_WRITE);
203 if (queueObjective(deviceId, forwardingObjective)) { 204 if (queueObjective(deviceId, forwardingObjective)) {
204 return; 205 return;
205 } 206 }
...@@ -208,13 +209,13 @@ public class FlowObjectiveManager implements FlowObjectiveService { ...@@ -208,13 +209,13 @@ public class FlowObjectiveManager implements FlowObjectiveService {
208 209
209 @Override 210 @Override
210 public void next(DeviceId deviceId, NextObjective nextObjective) { 211 public void next(DeviceId deviceId, NextObjective nextObjective) {
211 - checkPermission(Permission.FLOWRULE_WRITE); 212 + checkPermission(FLOWRULE_WRITE);
212 executorService.submit(new ObjectiveInstaller(deviceId, nextObjective)); 213 executorService.submit(new ObjectiveInstaller(deviceId, nextObjective));
213 } 214 }
214 215
215 @Override 216 @Override
216 public int allocateNextId() { 217 public int allocateNextId() {
217 - checkPermission(Permission.FLOWRULE_WRITE); 218 + checkPermission(FLOWRULE_WRITE);
218 return flowObjectiveStore.allocateNextId(); 219 return flowObjectiveStore.allocateNextId();
219 } 220 }
220 221
......
...@@ -27,7 +27,6 @@ import org.onlab.osgi.DefaultServiceDirectory; ...@@ -27,7 +27,6 @@ import org.onlab.osgi.DefaultServiceDirectory;
27 import org.onlab.osgi.ServiceDirectory; 27 import org.onlab.osgi.ServiceDirectory;
28 import org.onlab.util.ItemNotFoundException; 28 import org.onlab.util.ItemNotFoundException;
29 import org.onosproject.cluster.ClusterService; 29 import org.onosproject.cluster.ClusterService;
30 -import org.onosproject.core.Permission;
31 import org.onosproject.mastership.MastershipEvent; 30 import org.onosproject.mastership.MastershipEvent;
32 import org.onosproject.mastership.MastershipListener; 31 import org.onosproject.mastership.MastershipListener;
33 import org.onosproject.mastership.MastershipService; 32 import org.onosproject.mastership.MastershipService;
...@@ -65,6 +64,7 @@ import static com.google.common.base.Preconditions.checkNotNull; ...@@ -65,6 +64,7 @@ import static com.google.common.base.Preconditions.checkNotNull;
65 import static java.util.concurrent.Executors.newFixedThreadPool; 64 import static java.util.concurrent.Executors.newFixedThreadPool;
66 import static org.onlab.util.Tools.groupedThreads; 65 import static org.onlab.util.Tools.groupedThreads;
67 import static org.onosproject.security.AppGuard.checkPermission; 66 import static org.onosproject.security.AppGuard.checkPermission;
67 +import static org.onosproject.security.AppPermission.Type.*;
68 68
69 69
70 /** 70 /**
...@@ -217,7 +217,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService { ...@@ -217,7 +217,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService {
217 217
218 @Override 218 @Override
219 public void filter(DeviceId deviceId, FilteringObjective filteringObjective) { 219 public void filter(DeviceId deviceId, FilteringObjective filteringObjective) {
220 - checkPermission(Permission.FLOWRULE_WRITE); 220 + checkPermission(FLOWRULE_WRITE);
221 221
222 List<FilteringObjective> filteringObjectives 222 List<FilteringObjective> filteringObjectives
223 = this.deviceCompositionTreeMap.get(deviceId).updateFilter(filteringObjective); 223 = this.deviceCompositionTreeMap.get(deviceId).updateFilter(filteringObjective);
...@@ -228,7 +228,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService { ...@@ -228,7 +228,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService {
228 228
229 @Override 229 @Override
230 public void forward(DeviceId deviceId, ForwardingObjective forwardingObjective) { 230 public void forward(DeviceId deviceId, ForwardingObjective forwardingObjective) {
231 - checkPermission(Permission.FLOWRULE_WRITE); 231 + checkPermission(FLOWRULE_WRITE);
232 232
233 if (queueObjective(deviceId, forwardingObjective)) { 233 if (queueObjective(deviceId, forwardingObjective)) {
234 return; 234 return;
...@@ -242,7 +242,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService { ...@@ -242,7 +242,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService {
242 242
243 @Override 243 @Override
244 public void next(DeviceId deviceId, NextObjective nextObjective) { 244 public void next(DeviceId deviceId, NextObjective nextObjective) {
245 - checkPermission(Permission.FLOWRULE_WRITE); 245 + checkPermission(FLOWRULE_WRITE);
246 246
247 List<NextObjective> nextObjectives = this.deviceCompositionTreeMap.get(deviceId).updateNext(nextObjective); 247 List<NextObjective> nextObjectives = this.deviceCompositionTreeMap.get(deviceId).updateNext(nextObjective);
248 for (NextObjective tmp : nextObjectives) { 248 for (NextObjective tmp : nextObjectives) {
...@@ -252,7 +252,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService { ...@@ -252,7 +252,7 @@ public class FlowObjectiveCompositionManager implements FlowObjectiveService {
252 252
253 @Override 253 @Override
254 public int allocateNextId() { 254 public int allocateNextId() {
255 - checkPermission(Permission.FLOWRULE_WRITE); 255 + checkPermission(FLOWRULE_WRITE);
256 256
257 return flowObjectiveStore.allocateNextId(); 257 return flowObjectiveStore.allocateNextId();
258 } 258 }
......
...@@ -23,7 +23,6 @@ import org.apache.felix.scr.annotations.ReferenceCardinality; ...@@ -23,7 +23,6 @@ import org.apache.felix.scr.annotations.ReferenceCardinality;
23 import org.apache.felix.scr.annotations.Service; 23 import org.apache.felix.scr.annotations.Service;
24 import org.onosproject.net.provider.AbstractListenerProviderRegistry; 24 import org.onosproject.net.provider.AbstractListenerProviderRegistry;
25 import org.onosproject.core.ApplicationId; 25 import org.onosproject.core.ApplicationId;
26 -import org.onosproject.core.Permission;
27 import org.onosproject.net.DeviceId; 26 import org.onosproject.net.DeviceId;
28 import org.onosproject.net.device.DeviceEvent; 27 import org.onosproject.net.device.DeviceEvent;
29 import org.onosproject.net.device.DeviceListener; 28 import org.onosproject.net.device.DeviceListener;
...@@ -51,6 +50,8 @@ import java.util.Collections; ...@@ -51,6 +50,8 @@ import java.util.Collections;
51 50
52 import static org.onosproject.security.AppGuard.checkPermission; 51 import static org.onosproject.security.AppGuard.checkPermission;
53 import static org.slf4j.LoggerFactory.getLogger; 52 import static org.slf4j.LoggerFactory.getLogger;
53 +import static org.onosproject.security.AppPermission.Type.*;
54 +
54 55
55 56
56 /** 57 /**
...@@ -96,7 +97,7 @@ public class GroupManager ...@@ -96,7 +97,7 @@ public class GroupManager
96 */ 97 */
97 @Override 98 @Override
98 public void addGroup(GroupDescription groupDesc) { 99 public void addGroup(GroupDescription groupDesc) {
99 - checkPermission(Permission.GROUP_WRITE); 100 + checkPermission(GROUP_WRITE);
100 store.storeGroupDescription(groupDesc); 101 store.storeGroupDescription(groupDesc);
101 } 102 }
102 103
...@@ -115,7 +116,7 @@ public class GroupManager ...@@ -115,7 +116,7 @@ public class GroupManager
115 */ 116 */
116 @Override 117 @Override
117 public Group getGroup(DeviceId deviceId, GroupKey appCookie) { 118 public Group getGroup(DeviceId deviceId, GroupKey appCookie) {
118 - checkPermission(Permission.GROUP_READ); 119 + checkPermission(GROUP_READ);
119 return store.getGroup(deviceId, appCookie); 120 return store.getGroup(deviceId, appCookie);
120 } 121 }
121 122
...@@ -137,7 +138,7 @@ public class GroupManager ...@@ -137,7 +138,7 @@ public class GroupManager
137 GroupBuckets buckets, 138 GroupBuckets buckets,
138 GroupKey newCookie, 139 GroupKey newCookie,
139 ApplicationId appId) { 140 ApplicationId appId) {
140 - checkPermission(Permission.GROUP_WRITE); 141 + checkPermission(GROUP_WRITE);
141 store.updateGroupDescription(deviceId, 142 store.updateGroupDescription(deviceId,
142 oldCookie, 143 oldCookie,
143 UpdateType.ADD, 144 UpdateType.ADD,
...@@ -163,7 +164,7 @@ public class GroupManager ...@@ -163,7 +164,7 @@ public class GroupManager
163 GroupBuckets buckets, 164 GroupBuckets buckets,
164 GroupKey newCookie, 165 GroupKey newCookie,
165 ApplicationId appId) { 166 ApplicationId appId) {
166 - checkPermission(Permission.GROUP_WRITE); 167 + checkPermission(GROUP_WRITE);
167 store.updateGroupDescription(deviceId, 168 store.updateGroupDescription(deviceId,
168 oldCookie, 169 oldCookie,
169 UpdateType.REMOVE, 170 UpdateType.REMOVE,
...@@ -185,7 +186,7 @@ public class GroupManager ...@@ -185,7 +186,7 @@ public class GroupManager
185 public void removeGroup(DeviceId deviceId, 186 public void removeGroup(DeviceId deviceId,
186 GroupKey appCookie, 187 GroupKey appCookie,
187 ApplicationId appId) { 188 ApplicationId appId) {
188 - checkPermission(Permission.GROUP_WRITE); 189 + checkPermission(GROUP_WRITE);
189 store.deleteGroupDescription(deviceId, appCookie); 190 store.deleteGroupDescription(deviceId, appCookie);
190 } 191 }
191 192
...@@ -200,13 +201,13 @@ public class GroupManager ...@@ -200,13 +201,13 @@ public class GroupManager
200 @Override 201 @Override
201 public Iterable<Group> getGroups(DeviceId deviceId, 202 public Iterable<Group> getGroups(DeviceId deviceId,
202 ApplicationId appId) { 203 ApplicationId appId) {
203 - checkPermission(Permission.GROUP_READ); 204 + checkPermission(GROUP_READ);
204 return store.getGroups(deviceId); 205 return store.getGroups(deviceId);
205 } 206 }
206 207
207 @Override 208 @Override
208 public Iterable<Group> getGroups(DeviceId deviceId) { 209 public Iterable<Group> getGroups(DeviceId deviceId) {
209 - checkPermission(Permission.GROUP_READ); 210 + checkPermission(GROUP_READ);
210 return store.getGroups(deviceId); 211 return store.getGroups(deviceId);
211 } 212 }
212 213
......
...@@ -26,7 +26,6 @@ import org.onlab.packet.MacAddress; ...@@ -26,7 +26,6 @@ import org.onlab.packet.MacAddress;
26 import org.onlab.packet.VlanId; 26 import org.onlab.packet.VlanId;
27 import org.onosproject.incubator.net.intf.InterfaceService; 27 import org.onosproject.incubator.net.intf.InterfaceService;
28 import org.onosproject.net.provider.AbstractListenerProviderRegistry; 28 import org.onosproject.net.provider.AbstractListenerProviderRegistry;
29 -import org.onosproject.core.Permission;
30 import org.onosproject.net.config.NetworkConfigEvent; 29 import org.onosproject.net.config.NetworkConfigEvent;
31 import org.onosproject.net.config.NetworkConfigListener; 30 import org.onosproject.net.config.NetworkConfigListener;
32 import org.onosproject.net.config.NetworkConfigService; 31 import org.onosproject.net.config.NetworkConfigService;
...@@ -57,6 +56,7 @@ import static com.google.common.base.Preconditions.checkNotNull; ...@@ -57,6 +56,7 @@ import static com.google.common.base.Preconditions.checkNotNull;
57 import static com.google.common.base.Preconditions.checkState; 56 import static com.google.common.base.Preconditions.checkState;
58 import static org.onosproject.security.AppGuard.checkPermission; 57 import static org.onosproject.security.AppGuard.checkPermission;
59 import static org.slf4j.LoggerFactory.getLogger; 58 import static org.slf4j.LoggerFactory.getLogger;
59 +import static org.onosproject.security.AppPermission.Type.*;
60 60
61 /** 61 /**
62 * Provides basic implementation of the host SB &amp; NB APIs. 62 * Provides basic implementation of the host SB &amp; NB APIs.
...@@ -118,66 +118,66 @@ public class HostManager ...@@ -118,66 +118,66 @@ public class HostManager
118 118
119 @Override 119 @Override
120 public int getHostCount() { 120 public int getHostCount() {
121 - checkPermission(Permission.HOST_READ); 121 + checkPermission(HOST_READ);
122 return store.getHostCount(); 122 return store.getHostCount();
123 } 123 }
124 124
125 @Override 125 @Override
126 public Iterable<Host> getHosts() { 126 public Iterable<Host> getHosts() {
127 - checkPermission(Permission.HOST_READ); 127 + checkPermission(HOST_READ);
128 return store.getHosts(); 128 return store.getHosts();
129 } 129 }
130 130
131 @Override 131 @Override
132 public Host getHost(HostId hostId) { 132 public Host getHost(HostId hostId) {
133 - checkPermission(Permission.HOST_READ); 133 + checkPermission(HOST_READ);
134 checkNotNull(hostId, HOST_ID_NULL); 134 checkNotNull(hostId, HOST_ID_NULL);
135 return store.getHost(hostId); 135 return store.getHost(hostId);
136 } 136 }
137 137
138 @Override 138 @Override
139 public Set<Host> getHostsByVlan(VlanId vlanId) { 139 public Set<Host> getHostsByVlan(VlanId vlanId) {
140 - checkPermission(Permission.HOST_READ); 140 + checkPermission(HOST_READ);
141 return store.getHosts(vlanId); 141 return store.getHosts(vlanId);
142 } 142 }
143 143
144 @Override 144 @Override
145 public Set<Host> getHostsByMac(MacAddress mac) { 145 public Set<Host> getHostsByMac(MacAddress mac) {
146 - checkPermission(Permission.HOST_READ); 146 + checkPermission(HOST_READ);
147 checkNotNull(mac, "MAC address cannot be null"); 147 checkNotNull(mac, "MAC address cannot be null");
148 return store.getHosts(mac); 148 return store.getHosts(mac);
149 } 149 }
150 150
151 @Override 151 @Override
152 public Set<Host> getHostsByIp(IpAddress ip) { 152 public Set<Host> getHostsByIp(IpAddress ip) {
153 - checkPermission(Permission.HOST_READ); 153 + checkPermission(HOST_READ);
154 checkNotNull(ip, "IP address cannot be null"); 154 checkNotNull(ip, "IP address cannot be null");
155 return store.getHosts(ip); 155 return store.getHosts(ip);
156 } 156 }
157 157
158 @Override 158 @Override
159 public Set<Host> getConnectedHosts(ConnectPoint connectPoint) { 159 public Set<Host> getConnectedHosts(ConnectPoint connectPoint) {
160 - checkPermission(Permission.HOST_READ); 160 + checkPermission(HOST_READ);
161 checkNotNull(connectPoint, "Connection point cannot be null"); 161 checkNotNull(connectPoint, "Connection point cannot be null");
162 return store.getConnectedHosts(connectPoint); 162 return store.getConnectedHosts(connectPoint);
163 } 163 }
164 164
165 @Override 165 @Override
166 public Set<Host> getConnectedHosts(DeviceId deviceId) { 166 public Set<Host> getConnectedHosts(DeviceId deviceId) {
167 - checkPermission(Permission.HOST_READ); 167 + checkPermission(HOST_READ);
168 checkNotNull(deviceId, "Device ID cannot be null"); 168 checkNotNull(deviceId, "Device ID cannot be null");
169 return store.getConnectedHosts(deviceId); 169 return store.getConnectedHosts(deviceId);
170 } 170 }
171 171
172 @Override 172 @Override
173 public void startMonitoringIp(IpAddress ip) { 173 public void startMonitoringIp(IpAddress ip) {
174 - checkPermission(Permission.HOST_EVENT); 174 + checkPermission(HOST_EVENT);
175 monitor.addMonitoringFor(ip); 175 monitor.addMonitoringFor(ip);
176 } 176 }
177 177
178 @Override 178 @Override
179 public void stopMonitoringIp(IpAddress ip) { 179 public void stopMonitoringIp(IpAddress ip) {
180 - checkPermission(Permission.HOST_EVENT); 180 + checkPermission(HOST_EVENT);
181 monitor.stopMonitoring(ip); 181 monitor.stopMonitoring(ip);
182 } 182 }
183 183
...@@ -212,13 +212,13 @@ public class HostManager ...@@ -212,13 +212,13 @@ public class HostManager
212 212
213 @Override 213 @Override
214 public Set<PortAddresses> getAddressBindings() { 214 public Set<PortAddresses> getAddressBindings() {
215 - checkPermission(Permission.HOST_READ); 215 + checkPermission(HOST_READ);
216 return store.getAddressBindings(); 216 return store.getAddressBindings();
217 } 217 }
218 218
219 @Override 219 @Override
220 public Set<PortAddresses> getAddressBindingsForPort(ConnectPoint connectPoint) { 220 public Set<PortAddresses> getAddressBindingsForPort(ConnectPoint connectPoint) {
221 - checkPermission(Permission.HOST_READ); 221 + checkPermission(HOST_READ);
222 return store.getAddressBindingsForPort(connectPoint); 222 return store.getAddressBindingsForPort(connectPoint);
223 } 223 }
224 224
......
...@@ -25,7 +25,6 @@ import org.apache.felix.scr.annotations.Service; ...@@ -25,7 +25,6 @@ import org.apache.felix.scr.annotations.Service;
25 import org.onosproject.event.AbstractListenerManager; 25 import org.onosproject.event.AbstractListenerManager;
26 import org.onosproject.core.CoreService; 26 import org.onosproject.core.CoreService;
27 import org.onosproject.core.IdGenerator; 27 import org.onosproject.core.IdGenerator;
28 -import org.onosproject.core.Permission;
29 import org.onosproject.net.flow.FlowRule; 28 import org.onosproject.net.flow.FlowRule;
30 import org.onosproject.net.flow.FlowRuleOperations; 29 import org.onosproject.net.flow.FlowRuleOperations;
31 import org.onosproject.net.flow.FlowRuleOperationsContext; 30 import org.onosproject.net.flow.FlowRuleOperationsContext;
...@@ -67,6 +66,8 @@ import static org.onosproject.net.intent.constraint.PartialFailureConstraint.int ...@@ -67,6 +66,8 @@ import static org.onosproject.net.intent.constraint.PartialFailureConstraint.int
67 import static org.onosproject.net.intent.impl.phase.IntentProcessPhase.newInitialPhase; 66 import static org.onosproject.net.intent.impl.phase.IntentProcessPhase.newInitialPhase;
68 import static org.onosproject.security.AppGuard.checkPermission; 67 import static org.onosproject.security.AppGuard.checkPermission;
69 import static org.slf4j.LoggerFactory.getLogger; 68 import static org.slf4j.LoggerFactory.getLogger;
69 +import static org.onosproject.security.AppPermission.Type.*;
70 +
70 71
71 /** 72 /**
72 * An implementation of intent service. 73 * An implementation of intent service.
...@@ -138,7 +139,7 @@ public class IntentManager ...@@ -138,7 +139,7 @@ public class IntentManager
138 139
139 @Override 140 @Override
140 public void submit(Intent intent) { 141 public void submit(Intent intent) {
141 - checkPermission(Permission.INTENT_WRITE); 142 + checkPermission(INTENT_WRITE);
142 checkNotNull(intent, INTENT_NULL); 143 checkNotNull(intent, INTENT_NULL);
143 IntentData data = new IntentData(intent, IntentState.INSTALL_REQ, null); 144 IntentData data = new IntentData(intent, IntentState.INSTALL_REQ, null);
144 store.addPending(data); 145 store.addPending(data);
...@@ -146,7 +147,7 @@ public class IntentManager ...@@ -146,7 +147,7 @@ public class IntentManager
146 147
147 @Override 148 @Override
148 public void withdraw(Intent intent) { 149 public void withdraw(Intent intent) {
149 - checkPermission(Permission.INTENT_WRITE); 150 + checkPermission(INTENT_WRITE);
150 checkNotNull(intent, INTENT_NULL); 151 checkNotNull(intent, INTENT_NULL);
151 IntentData data = new IntentData(intent, IntentState.WITHDRAW_REQ, null); 152 IntentData data = new IntentData(intent, IntentState.WITHDRAW_REQ, null);
152 store.addPending(data); 153 store.addPending(data);
...@@ -154,7 +155,7 @@ public class IntentManager ...@@ -154,7 +155,7 @@ public class IntentManager
154 155
155 @Override 156 @Override
156 public void purge(Intent intent) { 157 public void purge(Intent intent) {
157 - checkPermission(Permission.INTENT_WRITE); 158 + checkPermission(INTENT_WRITE);
158 checkNotNull(intent, INTENT_NULL); 159 checkNotNull(intent, INTENT_NULL);
159 IntentData data = new IntentData(intent, IntentState.PURGE_REQ, null); 160 IntentData data = new IntentData(intent, IntentState.PURGE_REQ, null);
160 store.addPending(data); 161 store.addPending(data);
...@@ -162,45 +163,45 @@ public class IntentManager ...@@ -162,45 +163,45 @@ public class IntentManager
162 163
163 @Override 164 @Override
164 public Intent getIntent(Key key) { 165 public Intent getIntent(Key key) {
165 - checkPermission(Permission.INTENT_READ); 166 + checkPermission(INTENT_READ);
166 return store.getIntent(key); 167 return store.getIntent(key);
167 } 168 }
168 169
169 @Override 170 @Override
170 public Iterable<Intent> getIntents() { 171 public Iterable<Intent> getIntents() {
171 - checkPermission(Permission.INTENT_READ); 172 + checkPermission(INTENT_READ);
172 return store.getIntents(); 173 return store.getIntents();
173 } 174 }
174 175
175 @Override 176 @Override
176 public Iterable<IntentData> getIntentData() { 177 public Iterable<IntentData> getIntentData() {
177 - checkPermission(Permission.INTENT_READ); 178 + checkPermission(INTENT_READ);
178 return store.getIntentData(false, 0); 179 return store.getIntentData(false, 0);
179 } 180 }
180 181
181 @Override 182 @Override
182 public long getIntentCount() { 183 public long getIntentCount() {
183 - checkPermission(Permission.INTENT_READ); 184 + checkPermission(INTENT_READ);
184 return store.getIntentCount(); 185 return store.getIntentCount();
185 } 186 }
186 187
187 @Override 188 @Override
188 public IntentState getIntentState(Key intentKey) { 189 public IntentState getIntentState(Key intentKey) {
189 - checkPermission(Permission.INTENT_READ); 190 + checkPermission(INTENT_READ);
190 checkNotNull(intentKey, INTENT_ID_NULL); 191 checkNotNull(intentKey, INTENT_ID_NULL);
191 return store.getIntentState(intentKey); 192 return store.getIntentState(intentKey);
192 } 193 }
193 194
194 @Override 195 @Override
195 public List<Intent> getInstallableIntents(Key intentKey) { 196 public List<Intent> getInstallableIntents(Key intentKey) {
196 - checkPermission(Permission.INTENT_READ); 197 + checkPermission(INTENT_READ);
197 checkNotNull(intentKey, INTENT_ID_NULL); 198 checkNotNull(intentKey, INTENT_ID_NULL);
198 return store.getInstallableIntents(intentKey); 199 return store.getInstallableIntents(intentKey);
199 } 200 }
200 201
201 @Override 202 @Override
202 public boolean isLocal(Key intentKey) { 203 public boolean isLocal(Key intentKey) {
203 - checkPermission(Permission.INTENT_READ); 204 + checkPermission(INTENT_READ);
204 return store.isMaster(intentKey); 205 return store.isMaster(intentKey);
205 } 206 }
206 207
...@@ -221,7 +222,7 @@ public class IntentManager ...@@ -221,7 +222,7 @@ public class IntentManager
221 222
222 @Override 223 @Override
223 public Iterable<Intent> getPending() { 224 public Iterable<Intent> getPending() {
224 - checkPermission(Permission.INTENT_READ); 225 + checkPermission(INTENT_READ);
225 226
226 return store.getPending(); 227 return store.getPending();
227 } 228 }
......
...@@ -25,7 +25,6 @@ import org.apache.felix.scr.annotations.Reference; ...@@ -25,7 +25,6 @@ import org.apache.felix.scr.annotations.Reference;
25 import org.apache.felix.scr.annotations.ReferenceCardinality; 25 import org.apache.felix.scr.annotations.ReferenceCardinality;
26 import org.apache.felix.scr.annotations.Service; 26 import org.apache.felix.scr.annotations.Service;
27 import org.onosproject.net.provider.AbstractListenerProviderRegistry; 27 import org.onosproject.net.provider.AbstractListenerProviderRegistry;
28 -import org.onosproject.core.Permission;
29 import org.onosproject.net.config.NetworkConfigEvent; 28 import org.onosproject.net.config.NetworkConfigEvent;
30 import org.onosproject.net.config.NetworkConfigListener; 29 import org.onosproject.net.config.NetworkConfigListener;
31 import org.onosproject.net.config.NetworkConfigService; 30 import org.onosproject.net.config.NetworkConfigService;
...@@ -59,6 +58,7 @@ import static com.google.common.base.Preconditions.checkState; ...@@ -59,6 +58,7 @@ import static com.google.common.base.Preconditions.checkState;
59 import static org.onosproject.net.LinkKey.linkKey; 58 import static org.onosproject.net.LinkKey.linkKey;
60 import static org.onosproject.security.AppGuard.checkPermission; 59 import static org.onosproject.security.AppGuard.checkPermission;
61 import static org.slf4j.LoggerFactory.getLogger; 60 import static org.slf4j.LoggerFactory.getLogger;
61 +import static org.onosproject.security.AppPermission.Type.*;
62 62
63 63
64 /** 64 /**
...@@ -111,19 +111,19 @@ public class LinkManager ...@@ -111,19 +111,19 @@ public class LinkManager
111 111
112 @Override 112 @Override
113 public int getLinkCount() { 113 public int getLinkCount() {
114 - checkPermission(Permission.LINK_READ); 114 + checkPermission(LINK_READ);
115 return store.getLinkCount(); 115 return store.getLinkCount();
116 } 116 }
117 117
118 @Override 118 @Override
119 public Iterable<Link> getLinks() { 119 public Iterable<Link> getLinks() {
120 - checkPermission(Permission.LINK_READ); 120 + checkPermission(LINK_READ);
121 return store.getLinks(); 121 return store.getLinks();
122 } 122 }
123 123
124 @Override 124 @Override
125 public Iterable<Link> getActiveLinks() { 125 public Iterable<Link> getActiveLinks() {
126 - checkPermission(Permission.LINK_READ); 126 + checkPermission(LINK_READ);
127 return FluentIterable.from(getLinks()) 127 return FluentIterable.from(getLinks())
128 .filter(new Predicate<Link>() { 128 .filter(new Predicate<Link>() {
129 129
...@@ -136,7 +136,7 @@ public class LinkManager ...@@ -136,7 +136,7 @@ public class LinkManager
136 136
137 @Override 137 @Override
138 public Set<Link> getDeviceLinks(DeviceId deviceId) { 138 public Set<Link> getDeviceLinks(DeviceId deviceId) {
139 - checkPermission(Permission.LINK_READ); 139 + checkPermission(LINK_READ);
140 checkNotNull(deviceId, DEVICE_ID_NULL); 140 checkNotNull(deviceId, DEVICE_ID_NULL);
141 return Sets.union(store.getDeviceEgressLinks(deviceId), 141 return Sets.union(store.getDeviceEgressLinks(deviceId),
142 store.getDeviceIngressLinks(deviceId)); 142 store.getDeviceIngressLinks(deviceId));
...@@ -144,21 +144,21 @@ public class LinkManager ...@@ -144,21 +144,21 @@ public class LinkManager
144 144
145 @Override 145 @Override
146 public Set<Link> getDeviceEgressLinks(DeviceId deviceId) { 146 public Set<Link> getDeviceEgressLinks(DeviceId deviceId) {
147 - checkPermission(Permission.LINK_READ); 147 + checkPermission(LINK_READ);
148 checkNotNull(deviceId, DEVICE_ID_NULL); 148 checkNotNull(deviceId, DEVICE_ID_NULL);
149 return store.getDeviceEgressLinks(deviceId); 149 return store.getDeviceEgressLinks(deviceId);
150 } 150 }
151 151
152 @Override 152 @Override
153 public Set<Link> getDeviceIngressLinks(DeviceId deviceId) { 153 public Set<Link> getDeviceIngressLinks(DeviceId deviceId) {
154 - checkPermission(Permission.LINK_READ); 154 + checkPermission(LINK_READ);
155 checkNotNull(deviceId, DEVICE_ID_NULL); 155 checkNotNull(deviceId, DEVICE_ID_NULL);
156 return store.getDeviceIngressLinks(deviceId); 156 return store.getDeviceIngressLinks(deviceId);
157 } 157 }
158 158
159 @Override 159 @Override
160 public Set<Link> getLinks(ConnectPoint connectPoint) { 160 public Set<Link> getLinks(ConnectPoint connectPoint) {
161 - checkPermission(Permission.LINK_READ); 161 + checkPermission(LINK_READ);
162 checkNotNull(connectPoint, CONNECT_POINT_NULL); 162 checkNotNull(connectPoint, CONNECT_POINT_NULL);
163 return Sets.union(store.getEgressLinks(connectPoint), 163 return Sets.union(store.getEgressLinks(connectPoint),
164 store.getIngressLinks(connectPoint)); 164 store.getIngressLinks(connectPoint));
...@@ -166,21 +166,21 @@ public class LinkManager ...@@ -166,21 +166,21 @@ public class LinkManager
166 166
167 @Override 167 @Override
168 public Set<Link> getEgressLinks(ConnectPoint connectPoint) { 168 public Set<Link> getEgressLinks(ConnectPoint connectPoint) {
169 - checkPermission(Permission.LINK_READ); 169 + checkPermission(LINK_READ);
170 checkNotNull(connectPoint, CONNECT_POINT_NULL); 170 checkNotNull(connectPoint, CONNECT_POINT_NULL);
171 return store.getEgressLinks(connectPoint); 171 return store.getEgressLinks(connectPoint);
172 } 172 }
173 173
174 @Override 174 @Override
175 public Set<Link> getIngressLinks(ConnectPoint connectPoint) { 175 public Set<Link> getIngressLinks(ConnectPoint connectPoint) {
176 - checkPermission(Permission.LINK_READ); 176 + checkPermission(LINK_READ);
177 checkNotNull(connectPoint, CONNECT_POINT_NULL); 177 checkNotNull(connectPoint, CONNECT_POINT_NULL);
178 return store.getIngressLinks(connectPoint); 178 return store.getIngressLinks(connectPoint);
179 } 179 }
180 180
181 @Override 181 @Override
182 public Link getLink(ConnectPoint src, ConnectPoint dst) { 182 public Link getLink(ConnectPoint src, ConnectPoint dst) {
183 - checkPermission(Permission.LINK_READ); 183 + checkPermission(LINK_READ);
184 checkNotNull(src, CONNECT_POINT_NULL); 184 checkNotNull(src, CONNECT_POINT_NULL);
185 checkNotNull(dst, CONNECT_POINT_NULL); 185 checkNotNull(dst, CONNECT_POINT_NULL);
186 return store.getLink(src, dst); 186 return store.getLink(src, dst);
......
...@@ -23,7 +23,6 @@ import org.apache.felix.scr.annotations.ReferenceCardinality; ...@@ -23,7 +23,6 @@ import org.apache.felix.scr.annotations.ReferenceCardinality;
23 import org.apache.felix.scr.annotations.Service; 23 import org.apache.felix.scr.annotations.Service;
24 import org.onosproject.core.ApplicationId; 24 import org.onosproject.core.ApplicationId;
25 import org.onosproject.core.CoreService; 25 import org.onosproject.core.CoreService;
26 -import org.onosproject.core.Permission;
27 import org.onosproject.net.Device; 26 import org.onosproject.net.Device;
28 import org.onosproject.net.device.DeviceEvent; 27 import org.onosproject.net.device.DeviceEvent;
29 import org.onosproject.net.device.DeviceListener; 28 import org.onosproject.net.device.DeviceListener;
...@@ -63,7 +62,7 @@ import static com.google.common.base.Preconditions.checkNotNull; ...@@ -63,7 +62,7 @@ import static com.google.common.base.Preconditions.checkNotNull;
63 import static org.onlab.util.Tools.groupedThreads; 62 import static org.onlab.util.Tools.groupedThreads;
64 import static org.onosproject.security.AppGuard.checkPermission; 63 import static org.onosproject.security.AppGuard.checkPermission;
65 import static org.slf4j.LoggerFactory.getLogger; 64 import static org.slf4j.LoggerFactory.getLogger;
66 - 65 +import static org.onosproject.security.AppPermission.Type.*;
67 66
68 /** 67 /**
69 * Provides a basic implementation of the packet SB &amp; NB APIs. 68 * Provides a basic implementation of the packet SB &amp; NB APIs.
...@@ -126,14 +125,14 @@ public class PacketManager ...@@ -126,14 +125,14 @@ public class PacketManager
126 125
127 @Override 126 @Override
128 public void addProcessor(PacketProcessor processor, int priority) { 127 public void addProcessor(PacketProcessor processor, int priority) {
129 - checkPermission(Permission.PACKET_EVENT); 128 + checkPermission(PACKET_EVENT);
130 checkNotNull(processor, "Processor cannot be null"); 129 checkNotNull(processor, "Processor cannot be null");
131 processors.put(priority, processor); 130 processors.put(priority, processor);
132 } 131 }
133 132
134 @Override 133 @Override
135 public void removeProcessor(PacketProcessor processor) { 134 public void removeProcessor(PacketProcessor processor) {
136 - checkPermission(Permission.PACKET_EVENT); 135 + checkPermission(PACKET_EVENT);
137 checkNotNull(processor, "Processor cannot be null"); 136 checkNotNull(processor, "Processor cannot be null");
138 processors.values().remove(processor); 137 processors.values().remove(processor);
139 } 138 }
...@@ -141,7 +140,7 @@ public class PacketManager ...@@ -141,7 +140,7 @@ public class PacketManager
141 @Override 140 @Override
142 public void requestPackets(TrafficSelector selector, PacketPriority priority, 141 public void requestPackets(TrafficSelector selector, PacketPriority priority,
143 ApplicationId appId) { 142 ApplicationId appId) {
144 - checkPermission(Permission.PACKET_READ); 143 + checkPermission(PACKET_READ);
145 checkNotNull(selector, "Selector cannot be null"); 144 checkNotNull(selector, "Selector cannot be null");
146 checkNotNull(appId, "Application ID cannot be null"); 145 checkNotNull(appId, "Application ID cannot be null");
147 146
...@@ -154,7 +153,7 @@ public class PacketManager ...@@ -154,7 +153,7 @@ public class PacketManager
154 @Override 153 @Override
155 public void cancelPackets(TrafficSelector selector, PacketPriority priority, 154 public void cancelPackets(TrafficSelector selector, PacketPriority priority,
156 ApplicationId appId) { 155 ApplicationId appId) {
157 - checkPermission(Permission.PACKET_READ); 156 + checkPermission(PACKET_READ);
158 checkNotNull(selector, "Selector cannot be null"); 157 checkNotNull(selector, "Selector cannot be null");
159 checkNotNull(appId, "Application ID cannot be null"); 158 checkNotNull(appId, "Application ID cannot be null");
160 159
...@@ -246,7 +245,7 @@ public class PacketManager ...@@ -246,7 +245,7 @@ public class PacketManager
246 245
247 @Override 246 @Override
248 public void emit(OutboundPacket packet) { 247 public void emit(OutboundPacket packet) {
249 - checkPermission(Permission.PACKET_WRITE); 248 + checkPermission(PACKET_WRITE);
250 checkNotNull(packet, "Packet cannot be null"); 249 checkNotNull(packet, "Packet cannot be null");
251 store.emit(packet); 250 store.emit(packet);
252 } 251 }
......
...@@ -33,7 +33,6 @@ import org.onlab.packet.VlanId; ...@@ -33,7 +33,6 @@ import org.onlab.packet.VlanId;
33 import org.onlab.packet.ndp.NeighborAdvertisement; 33 import org.onlab.packet.ndp.NeighborAdvertisement;
34 import org.onlab.packet.ndp.NeighborDiscoveryOptions; 34 import org.onlab.packet.ndp.NeighborDiscoveryOptions;
35 import org.onlab.packet.ndp.NeighborSolicitation; 35 import org.onlab.packet.ndp.NeighborSolicitation;
36 -import org.onosproject.core.Permission;
37 import org.onosproject.incubator.net.intf.Interface; 36 import org.onosproject.incubator.net.intf.Interface;
38 import org.onosproject.incubator.net.intf.InterfaceService; 37 import org.onosproject.incubator.net.intf.InterfaceService;
39 import org.onosproject.net.ConnectPoint; 38 import org.onosproject.net.ConnectPoint;
...@@ -61,6 +60,7 @@ import static org.onlab.packet.VlanId.vlanId; ...@@ -61,6 +60,7 @@ import static org.onlab.packet.VlanId.vlanId;
61 import static org.onosproject.net.HostId.hostId; 60 import static org.onosproject.net.HostId.hostId;
62 import static org.onosproject.security.AppGuard.checkPermission; 61 import static org.onosproject.security.AppGuard.checkPermission;
63 import static org.slf4j.LoggerFactory.getLogger; 62 import static org.slf4j.LoggerFactory.getLogger;
63 +import static org.onosproject.security.AppPermission.Type.*;
64 64
65 65
66 @Component(immediate = true) 66 @Component(immediate = true)
...@@ -110,7 +110,8 @@ public class ProxyArpManager implements ProxyArpService { ...@@ -110,7 +110,8 @@ public class ProxyArpManager implements ProxyArpService {
110 110
111 @Override 111 @Override
112 public boolean isKnown(IpAddress addr) { 112 public boolean isKnown(IpAddress addr) {
113 - checkPermission(Permission.PACKET_READ); 113 + checkPermission(PACKET_READ);
114 +
114 checkNotNull(addr, MAC_ADDR_NULL); 115 checkNotNull(addr, MAC_ADDR_NULL);
115 Set<Host> hosts = hostService.getHostsByIp(addr); 116 Set<Host> hosts = hostService.getHostsByIp(addr);
116 return !hosts.isEmpty(); 117 return !hosts.isEmpty();
...@@ -118,7 +119,8 @@ public class ProxyArpManager implements ProxyArpService { ...@@ -118,7 +119,8 @@ public class ProxyArpManager implements ProxyArpService {
118 119
119 @Override 120 @Override
120 public void reply(Ethernet eth, ConnectPoint inPort) { 121 public void reply(Ethernet eth, ConnectPoint inPort) {
121 - checkPermission(Permission.PACKET_WRITE); 122 + checkPermission(PACKET_WRITE);
123 +
122 checkNotNull(eth, REQUEST_NULL); 124 checkNotNull(eth, REQUEST_NULL);
123 125
124 if (eth.getEtherType() == Ethernet.TYPE_ARP) { 126 if (eth.getEtherType() == Ethernet.TYPE_ARP) {
...@@ -316,7 +318,8 @@ public class ProxyArpManager implements ProxyArpService { ...@@ -316,7 +318,8 @@ public class ProxyArpManager implements ProxyArpService {
316 318
317 @Override 319 @Override
318 public void forward(Ethernet eth, ConnectPoint inPort) { 320 public void forward(Ethernet eth, ConnectPoint inPort) {
319 - checkPermission(Permission.PACKET_WRITE); 321 + checkPermission(PACKET_WRITE);
322 +
320 checkNotNull(eth, REQUEST_NULL); 323 checkNotNull(eth, REQUEST_NULL);
321 324
322 Host h = hostService.getHost(hostId(eth.getDestinationMAC(), 325 Host h = hostService.getHost(hostId(eth.getDestinationMAC(),
...@@ -333,7 +336,7 @@ public class ProxyArpManager implements ProxyArpService { ...@@ -333,7 +336,7 @@ public class ProxyArpManager implements ProxyArpService {
333 336
334 @Override 337 @Override
335 public boolean handlePacket(PacketContext context) { 338 public boolean handlePacket(PacketContext context) {
336 - checkPermission(Permission.PACKET_WRITE); 339 + checkPermission(PACKET_WRITE);
337 340
338 InboundPacket pkt = context.inPacket(); 341 InboundPacket pkt = context.inPacket();
339 Ethernet ethPkt = pkt.parsed(); 342 Ethernet ethPkt = pkt.parsed();
......
...@@ -23,7 +23,6 @@ import org.apache.felix.scr.annotations.Reference; ...@@ -23,7 +23,6 @@ import org.apache.felix.scr.annotations.Reference;
23 import org.apache.felix.scr.annotations.ReferenceCardinality; 23 import org.apache.felix.scr.annotations.ReferenceCardinality;
24 import org.apache.felix.scr.annotations.Service; 24 import org.apache.felix.scr.annotations.Service;
25 import org.onosproject.event.AbstractListenerManager; 25 import org.onosproject.event.AbstractListenerManager;
26 -import org.onosproject.core.Permission;
27 import org.onosproject.net.Link; 26 import org.onosproject.net.Link;
28 import org.onosproject.net.intent.IntentId; 27 import org.onosproject.net.intent.IntentId;
29 import org.onosproject.net.resource.ResourceAllocation; 28 import org.onosproject.net.resource.ResourceAllocation;
...@@ -58,6 +57,7 @@ import static com.google.common.base.Preconditions.checkArgument; ...@@ -58,6 +57,7 @@ import static com.google.common.base.Preconditions.checkArgument;
58 import static com.google.common.base.Preconditions.checkNotNull; 57 import static com.google.common.base.Preconditions.checkNotNull;
59 import static org.onosproject.security.AppGuard.checkPermission; 58 import static org.onosproject.security.AppGuard.checkPermission;
60 import static org.slf4j.LoggerFactory.getLogger; 59 import static org.slf4j.LoggerFactory.getLogger;
60 +import static org.onosproject.security.AppPermission.Type.*;
61 61
62 62
63 /** 63 /**
...@@ -150,7 +150,7 @@ public class LinkResourceManager ...@@ -150,7 +150,7 @@ public class LinkResourceManager
150 150
151 @Override 151 @Override
152 public LinkResourceAllocations requestResources(LinkResourceRequest req) { 152 public LinkResourceAllocations requestResources(LinkResourceRequest req) {
153 - checkPermission(Permission.LINK_WRITE); 153 + checkPermission(LINK_WRITE);
154 154
155 // TODO Concatenate multiple bandwidth requests. 155 // TODO Concatenate multiple bandwidth requests.
156 // TODO Support multiple lambda resource requests. 156 // TODO Support multiple lambda resource requests.
...@@ -213,7 +213,7 @@ public class LinkResourceManager ...@@ -213,7 +213,7 @@ public class LinkResourceManager
213 213
214 @Override 214 @Override
215 public void releaseResources(LinkResourceAllocations allocations) { 215 public void releaseResources(LinkResourceAllocations allocations) {
216 - checkPermission(Permission.LINK_WRITE); 216 + checkPermission(LINK_WRITE);
217 final LinkResourceEvent event = store.releaseResources(allocations); 217 final LinkResourceEvent event = store.releaseResources(allocations);
218 if (event != null) { 218 if (event != null) {
219 post(event); 219 post(event);
...@@ -223,32 +223,32 @@ public class LinkResourceManager ...@@ -223,32 +223,32 @@ public class LinkResourceManager
223 @Override 223 @Override
224 public LinkResourceAllocations updateResources(LinkResourceRequest req, 224 public LinkResourceAllocations updateResources(LinkResourceRequest req,
225 LinkResourceAllocations oldAllocations) { 225 LinkResourceAllocations oldAllocations) {
226 - checkPermission(Permission.LINK_WRITE); 226 + checkPermission(LINK_WRITE);
227 releaseResources(oldAllocations); 227 releaseResources(oldAllocations);
228 return requestResources(req); 228 return requestResources(req);
229 } 229 }
230 230
231 @Override 231 @Override
232 public Iterable<LinkResourceAllocations> getAllocations() { 232 public Iterable<LinkResourceAllocations> getAllocations() {
233 - checkPermission(Permission.LINK_READ); 233 + checkPermission(LINK_READ);
234 return store.getAllocations(); 234 return store.getAllocations();
235 } 235 }
236 236
237 @Override 237 @Override
238 public Iterable<LinkResourceAllocations> getAllocations(Link link) { 238 public Iterable<LinkResourceAllocations> getAllocations(Link link) {
239 - checkPermission(Permission.LINK_READ); 239 + checkPermission(LINK_READ);
240 return store.getAllocations(link); 240 return store.getAllocations(link);
241 } 241 }
242 242
243 @Override 243 @Override
244 public LinkResourceAllocations getAllocations(IntentId intentId) { 244 public LinkResourceAllocations getAllocations(IntentId intentId) {
245 - checkPermission(Permission.LINK_READ); 245 + checkPermission(LINK_READ);
246 return store.getAllocations(intentId); 246 return store.getAllocations(intentId);
247 } 247 }
248 248
249 @Override 249 @Override
250 public Iterable<ResourceRequest> getAvailableResources(Link link) { 250 public Iterable<ResourceRequest> getAvailableResources(Link link) {
251 - checkPermission(Permission.LINK_READ); 251 + checkPermission(LINK_READ);
252 252
253 Set<ResourceAllocation> freeRes = store.getFreeResources(link); 253 Set<ResourceAllocation> freeRes = store.getFreeResources(link);
254 Set<ResourceRequest> result = new HashSet<>(); 254 Set<ResourceRequest> result = new HashSet<>();
...@@ -274,7 +274,7 @@ public class LinkResourceManager ...@@ -274,7 +274,7 @@ public class LinkResourceManager
274 @Override 274 @Override
275 public Iterable<ResourceRequest> getAvailableResources(Link link, 275 public Iterable<ResourceRequest> getAvailableResources(Link link,
276 LinkResourceAllocations allocations) { 276 LinkResourceAllocations allocations) {
277 - checkPermission(Permission.LINK_READ); 277 + checkPermission(LINK_READ);
278 278
279 Set<ResourceAllocation> allocatedRes = allocations.getResourceAllocation(link); 279 Set<ResourceAllocation> allocatedRes = allocations.getResourceAllocation(link);
280 Set<ResourceRequest> result = Sets.newHashSet(getAvailableResources(link)); 280 Set<ResourceRequest> result = Sets.newHashSet(getAvailableResources(link));
......
...@@ -27,7 +27,6 @@ import org.apache.felix.scr.annotations.ReferenceCardinality; ...@@ -27,7 +27,6 @@ import org.apache.felix.scr.annotations.ReferenceCardinality;
27 import org.apache.felix.scr.annotations.Service; 27 import org.apache.felix.scr.annotations.Service;
28 import org.onosproject.core.ApplicationId; 28 import org.onosproject.core.ApplicationId;
29 import org.onosproject.core.GroupId; 29 import org.onosproject.core.GroupId;
30 -import org.onosproject.core.Permission;
31 import org.onosproject.net.ConnectPoint; 30 import org.onosproject.net.ConnectPoint;
32 import org.onosproject.net.Link; 31 import org.onosproject.net.Link;
33 import org.onosproject.net.Path; 32 import org.onosproject.net.Path;
...@@ -51,6 +50,7 @@ import java.util.Set; ...@@ -51,6 +50,7 @@ import java.util.Set;
51 import static com.google.common.base.Preconditions.checkNotNull; 50 import static com.google.common.base.Preconditions.checkNotNull;
52 import static org.slf4j.LoggerFactory.getLogger; 51 import static org.slf4j.LoggerFactory.getLogger;
53 import static org.onosproject.security.AppGuard.checkPermission; 52 import static org.onosproject.security.AppGuard.checkPermission;
53 +import static org.onosproject.security.AppPermission.Type.*;
54 54
55 55
56 /** 56 /**
...@@ -86,14 +86,14 @@ public class StatisticManager implements StatisticService { ...@@ -86,14 +86,14 @@ public class StatisticManager implements StatisticService {
86 86
87 @Override 87 @Override
88 public Load load(Link link) { 88 public Load load(Link link) {
89 - checkPermission(Permission.STATISTIC_READ); 89 + checkPermission(STATISTIC_READ);
90 90
91 return load(link.src()); 91 return load(link.src());
92 } 92 }
93 93
94 @Override 94 @Override
95 public Load load(Link link, ApplicationId appId, Optional<GroupId> groupId) { 95 public Load load(Link link, ApplicationId appId, Optional<GroupId> groupId) {
96 - checkPermission(Permission.STATISTIC_READ); 96 + checkPermission(STATISTIC_READ);
97 97
98 Statistics stats = getStatistics(link.src()); 98 Statistics stats = getStatistics(link.src());
99 if (!stats.isValid()) { 99 if (!stats.isValid()) {
...@@ -114,14 +114,14 @@ public class StatisticManager implements StatisticService { ...@@ -114,14 +114,14 @@ public class StatisticManager implements StatisticService {
114 114
115 @Override 115 @Override
116 public Load load(ConnectPoint connectPoint) { 116 public Load load(ConnectPoint connectPoint) {
117 - checkPermission(Permission.STATISTIC_READ); 117 + checkPermission(STATISTIC_READ);
118 118
119 return loadInternal(connectPoint); 119 return loadInternal(connectPoint);
120 } 120 }
121 121
122 @Override 122 @Override
123 public Link max(Path path) { 123 public Link max(Path path) {
124 - checkPermission(Permission.STATISTIC_READ); 124 + checkPermission(STATISTIC_READ);
125 125
126 if (path.links().isEmpty()) { 126 if (path.links().isEmpty()) {
127 return null; 127 return null;
...@@ -140,7 +140,7 @@ public class StatisticManager implements StatisticService { ...@@ -140,7 +140,7 @@ public class StatisticManager implements StatisticService {
140 140
141 @Override 141 @Override
142 public Link min(Path path) { 142 public Link min(Path path) {
143 - checkPermission(Permission.STATISTIC_READ); 143 + checkPermission(STATISTIC_READ);
144 144
145 if (path.links().isEmpty()) { 145 if (path.links().isEmpty()) {
146 return null; 146 return null;
...@@ -159,7 +159,7 @@ public class StatisticManager implements StatisticService { ...@@ -159,7 +159,7 @@ public class StatisticManager implements StatisticService {
159 159
160 @Override 160 @Override
161 public FlowRule highestHitter(ConnectPoint connectPoint) { 161 public FlowRule highestHitter(ConnectPoint connectPoint) {
162 - checkPermission(Permission.STATISTIC_READ); 162 + checkPermission(STATISTIC_READ);
163 163
164 Set<FlowEntry> hitters = statisticStore.getCurrentStatistic(connectPoint); 164 Set<FlowEntry> hitters = statisticStore.getCurrentStatistic(connectPoint);
165 if (hitters.isEmpty()) { 165 if (hitters.isEmpty()) {
......
...@@ -24,7 +24,6 @@ import org.apache.felix.scr.annotations.Deactivate; ...@@ -24,7 +24,6 @@ import org.apache.felix.scr.annotations.Deactivate;
24 import org.apache.felix.scr.annotations.Reference; 24 import org.apache.felix.scr.annotations.Reference;
25 import org.apache.felix.scr.annotations.ReferenceCardinality; 25 import org.apache.felix.scr.annotations.ReferenceCardinality;
26 import org.apache.felix.scr.annotations.Service; 26 import org.apache.felix.scr.annotations.Service;
27 -import org.onosproject.core.Permission;
28 import org.onosproject.net.ConnectPoint; 27 import org.onosproject.net.ConnectPoint;
29 import org.onosproject.net.DefaultEdgeLink; 28 import org.onosproject.net.DefaultEdgeLink;
30 import org.onosproject.net.DefaultPath; 29 import org.onosproject.net.DefaultPath;
...@@ -51,6 +50,7 @@ import java.util.Set; ...@@ -51,6 +50,7 @@ import java.util.Set;
51 import static com.google.common.base.Preconditions.checkNotNull; 50 import static com.google.common.base.Preconditions.checkNotNull;
52 import static org.slf4j.LoggerFactory.getLogger; 51 import static org.slf4j.LoggerFactory.getLogger;
53 import static org.onosproject.security.AppGuard.checkPermission; 52 import static org.onosproject.security.AppGuard.checkPermission;
53 +import static org.onosproject.security.AppPermission.Type.*;
54 54
55 55
56 /** 56 /**
...@@ -88,14 +88,14 @@ public class PathManager implements PathService { ...@@ -88,14 +88,14 @@ public class PathManager implements PathService {
88 88
89 @Override 89 @Override
90 public Set<Path> getPaths(ElementId src, ElementId dst) { 90 public Set<Path> getPaths(ElementId src, ElementId dst) {
91 - checkPermission(Permission.TOPOLOGY_READ); 91 + checkPermission(TOPOLOGY_READ);
92 92
93 return getPaths(src, dst, null); 93 return getPaths(src, dst, null);
94 } 94 }
95 95
96 @Override 96 @Override
97 public Set<Path> getPaths(ElementId src, ElementId dst, LinkWeight weight) { 97 public Set<Path> getPaths(ElementId src, ElementId dst, LinkWeight weight) {
98 - checkPermission(Permission.TOPOLOGY_READ); 98 + checkPermission(TOPOLOGY_READ);
99 99
100 checkNotNull(src, ELEMENT_ID_NULL); 100 checkNotNull(src, ELEMENT_ID_NULL);
101 checkNotNull(dst, ELEMENT_ID_NULL); 101 checkNotNull(dst, ELEMENT_ID_NULL);
......
...@@ -22,7 +22,6 @@ import org.apache.felix.scr.annotations.Reference; ...@@ -22,7 +22,6 @@ import org.apache.felix.scr.annotations.Reference;
22 import org.apache.felix.scr.annotations.ReferenceCardinality; 22 import org.apache.felix.scr.annotations.ReferenceCardinality;
23 import org.apache.felix.scr.annotations.Service; 23 import org.apache.felix.scr.annotations.Service;
24 import org.onosproject.net.provider.AbstractListenerProviderRegistry; 24 import org.onosproject.net.provider.AbstractListenerProviderRegistry;
25 -import org.onosproject.core.Permission;
26 import org.onosproject.event.Event; 25 import org.onosproject.event.Event;
27 import org.onosproject.net.ConnectPoint; 26 import org.onosproject.net.ConnectPoint;
28 import org.onosproject.net.DeviceId; 27 import org.onosproject.net.DeviceId;
...@@ -51,6 +50,8 @@ import java.util.Set; ...@@ -51,6 +50,8 @@ import java.util.Set;
51 import static com.google.common.base.Preconditions.checkNotNull; 50 import static com.google.common.base.Preconditions.checkNotNull;
52 import static org.onosproject.security.AppGuard.checkPermission; 51 import static org.onosproject.security.AppGuard.checkPermission;
53 import static org.slf4j.LoggerFactory.getLogger; 52 import static org.slf4j.LoggerFactory.getLogger;
53 +import static org.onosproject.security.AppPermission.Type.*;
54 +
54 55
55 /** 56 /**
56 * Provides basic implementation of the topology SB &amp; NB APIs. 57 * Provides basic implementation of the topology SB &amp; NB APIs.
...@@ -91,27 +92,27 @@ public class TopologyManager ...@@ -91,27 +92,27 @@ public class TopologyManager
91 92
92 @Override 93 @Override
93 public Topology currentTopology() { 94 public Topology currentTopology() {
94 - checkPermission(Permission.TOPOLOGY_READ); 95 + checkPermission(TOPOLOGY_READ);
95 return store.currentTopology(); 96 return store.currentTopology();
96 } 97 }
97 98
98 @Override 99 @Override
99 public boolean isLatest(Topology topology) { 100 public boolean isLatest(Topology topology) {
100 - checkPermission(Permission.TOPOLOGY_READ); 101 + checkPermission(TOPOLOGY_READ);
101 checkNotNull(topology, TOPOLOGY_NULL); 102 checkNotNull(topology, TOPOLOGY_NULL);
102 return store.isLatest(topology); 103 return store.isLatest(topology);
103 } 104 }
104 105
105 @Override 106 @Override
106 public Set<TopologyCluster> getClusters(Topology topology) { 107 public Set<TopologyCluster> getClusters(Topology topology) {
107 - checkPermission(Permission.TOPOLOGY_READ); 108 + checkPermission(TOPOLOGY_READ);
108 checkNotNull(topology, TOPOLOGY_NULL); 109 checkNotNull(topology, TOPOLOGY_NULL);
109 return store.getClusters(topology); 110 return store.getClusters(topology);
110 } 111 }
111 112
112 @Override 113 @Override
113 public TopologyCluster getCluster(Topology topology, ClusterId clusterId) { 114 public TopologyCluster getCluster(Topology topology, ClusterId clusterId) {
114 - checkPermission(Permission.TOPOLOGY_READ); 115 + checkPermission(TOPOLOGY_READ);
115 checkNotNull(topology, TOPOLOGY_NULL); 116 checkNotNull(topology, TOPOLOGY_NULL);
116 checkNotNull(topology, CLUSTER_ID_NULL); 117 checkNotNull(topology, CLUSTER_ID_NULL);
117 return store.getCluster(topology, clusterId); 118 return store.getCluster(topology, clusterId);
...@@ -119,7 +120,7 @@ public class TopologyManager ...@@ -119,7 +120,7 @@ public class TopologyManager
119 120
120 @Override 121 @Override
121 public Set<DeviceId> getClusterDevices(Topology topology, TopologyCluster cluster) { 122 public Set<DeviceId> getClusterDevices(Topology topology, TopologyCluster cluster) {
122 - checkPermission(Permission.TOPOLOGY_READ); 123 + checkPermission(TOPOLOGY_READ);
123 checkNotNull(topology, TOPOLOGY_NULL); 124 checkNotNull(topology, TOPOLOGY_NULL);
124 checkNotNull(topology, CLUSTER_NULL); 125 checkNotNull(topology, CLUSTER_NULL);
125 return store.getClusterDevices(topology, cluster); 126 return store.getClusterDevices(topology, cluster);
...@@ -127,7 +128,7 @@ public class TopologyManager ...@@ -127,7 +128,7 @@ public class TopologyManager
127 128
128 @Override 129 @Override
129 public Set<Link> getClusterLinks(Topology topology, TopologyCluster cluster) { 130 public Set<Link> getClusterLinks(Topology topology, TopologyCluster cluster) {
130 - checkPermission(Permission.TOPOLOGY_READ); 131 + checkPermission(TOPOLOGY_READ);
131 checkNotNull(topology, TOPOLOGY_NULL); 132 checkNotNull(topology, TOPOLOGY_NULL);
132 checkNotNull(topology, CLUSTER_NULL); 133 checkNotNull(topology, CLUSTER_NULL);
133 return store.getClusterLinks(topology, cluster); 134 return store.getClusterLinks(topology, cluster);
...@@ -135,14 +136,14 @@ public class TopologyManager ...@@ -135,14 +136,14 @@ public class TopologyManager
135 136
136 @Override 137 @Override
137 public TopologyGraph getGraph(Topology topology) { 138 public TopologyGraph getGraph(Topology topology) {
138 - checkPermission(Permission.TOPOLOGY_READ); 139 + checkPermission(TOPOLOGY_READ);
139 checkNotNull(topology, TOPOLOGY_NULL); 140 checkNotNull(topology, TOPOLOGY_NULL);
140 return store.getGraph(topology); 141 return store.getGraph(topology);
141 } 142 }
142 143
143 @Override 144 @Override
144 public Set<Path> getPaths(Topology topology, DeviceId src, DeviceId dst) { 145 public Set<Path> getPaths(Topology topology, DeviceId src, DeviceId dst) {
145 - checkPermission(Permission.TOPOLOGY_READ); 146 + checkPermission(TOPOLOGY_READ);
146 checkNotNull(topology, TOPOLOGY_NULL); 147 checkNotNull(topology, TOPOLOGY_NULL);
147 checkNotNull(src, DEVICE_ID_NULL); 148 checkNotNull(src, DEVICE_ID_NULL);
148 checkNotNull(dst, DEVICE_ID_NULL); 149 checkNotNull(dst, DEVICE_ID_NULL);
...@@ -151,7 +152,7 @@ public class TopologyManager ...@@ -151,7 +152,7 @@ public class TopologyManager
151 152
152 @Override 153 @Override
153 public Set<Path> getPaths(Topology topology, DeviceId src, DeviceId dst, LinkWeight weight) { 154 public Set<Path> getPaths(Topology topology, DeviceId src, DeviceId dst, LinkWeight weight) {
154 - checkPermission(Permission.TOPOLOGY_READ); 155 + checkPermission(TOPOLOGY_READ);
155 156
156 checkNotNull(topology, TOPOLOGY_NULL); 157 checkNotNull(topology, TOPOLOGY_NULL);
157 checkNotNull(src, DEVICE_ID_NULL); 158 checkNotNull(src, DEVICE_ID_NULL);
...@@ -162,7 +163,7 @@ public class TopologyManager ...@@ -162,7 +163,7 @@ public class TopologyManager
162 163
163 @Override 164 @Override
164 public boolean isInfrastructure(Topology topology, ConnectPoint connectPoint) { 165 public boolean isInfrastructure(Topology topology, ConnectPoint connectPoint) {
165 - checkPermission(Permission.TOPOLOGY_READ); 166 + checkPermission(TOPOLOGY_READ);
166 checkNotNull(topology, TOPOLOGY_NULL); 167 checkNotNull(topology, TOPOLOGY_NULL);
167 checkNotNull(connectPoint, CONNECTION_POINT_NULL); 168 checkNotNull(connectPoint, CONNECTION_POINT_NULL);
168 return store.isInfrastructure(topology, connectPoint); 169 return store.isInfrastructure(topology, connectPoint);
...@@ -170,7 +171,7 @@ public class TopologyManager ...@@ -170,7 +171,7 @@ public class TopologyManager
170 171
171 @Override 172 @Override
172 public boolean isBroadcastPoint(Topology topology, ConnectPoint connectPoint) { 173 public boolean isBroadcastPoint(Topology topology, ConnectPoint connectPoint) {
173 - checkPermission(Permission.TOPOLOGY_READ); 174 + checkPermission(TOPOLOGY_READ);
174 checkNotNull(topology, TOPOLOGY_NULL); 175 checkNotNull(topology, TOPOLOGY_NULL);
175 checkNotNull(connectPoint, CONNECTION_POINT_NULL); 176 checkNotNull(connectPoint, CONNECTION_POINT_NULL);
176 return store.isBroadcastPoint(topology, connectPoint); 177 return store.isBroadcastPoint(topology, connectPoint);
......
1 -<?xml version="1.0" encoding="UTF-8"?>
2 -<!--
3 - ~ Copyright 2015 Open Networking Laboratory
4 - ~
5 - ~ Licensed under the Apache License, Version 2.0 (the "License");
6 - ~ you may not use this file except in compliance with the License.
7 - ~ You may obtain a copy of the License at
8 - ~
9 - ~ http://www.apache.org/licenses/LICENSE-2.0
10 - ~
11 - ~ Unless required by applicable law or agreed to in writing, software
12 - ~ distributed under the License is distributed on an "AS IS" BASIS,
13 - ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 - ~ See the License for the specific language governing permissions and
15 - ~ limitations under the License.
16 - -->
17 -
18 -<project xmlns="http://maven.apache.org/POM/4.0.0"
19 - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
20 - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
21 - <parent>
22 - <artifactId>onos-security</artifactId>
23 - <groupId>org.onosproject</groupId>
24 - <version>1.3.0-SNAPSHOT</version>
25 - <relativePath>../pom.xml</relativePath>
26 - </parent>
27 - <modelVersion>4.0.0</modelVersion>
28 - <packaging>bundle</packaging>
29 -
30 - <artifactId>onos-security-impl</artifactId>
31 -
32 - <description>Security-mode ONOS components</description>
33 -
34 - <dependencies>
35 - <dependency>
36 - <groupId>org.osgi</groupId>
37 - <artifactId>org.osgi.core</artifactId>
38 - </dependency>
39 - <dependency>
40 - <groupId>org.onosproject</groupId>
41 - <artifactId>onos-api</artifactId>
42 - </dependency>
43 - <dependency>
44 - <groupId>org.apache.karaf.features</groupId>
45 - <artifactId>org.apache.karaf.features.core</artifactId>
46 - </dependency>
47 - </dependencies>
48 -
49 -</project>
...\ No newline at end of file ...\ No newline at end of file
1 -package org.onosproject.security.impl;
2 -
3 -
4 -import com.google.common.collect.ImmutableSet;
5 -import com.google.common.collect.Sets;
6 -import org.onosproject.core.Permission;
7 -import org.onosproject.security.AppPermission;
8 -import org.osgi.service.permissionadmin.PermissionInfo;
9 -
10 -import org.onosproject.app.ApplicationAdminService;
11 -import org.onosproject.app.ApplicationService;
12 -import org.onosproject.cfg.ComponentConfigService;
13 -import org.onosproject.cluster.ClusterAdminService;
14 -import org.onosproject.cluster.ClusterService;
15 -import org.onosproject.core.CoreService;
16 -import org.onosproject.cluster.LeadershipService;
17 -import org.onosproject.mastership.MastershipAdminService;
18 -import org.onosproject.mastership.MastershipService;
19 -import org.onosproject.net.device.DeviceAdminService;
20 -import org.onosproject.net.device.DeviceService;
21 -import org.onosproject.net.device.DeviceClockService;
22 -import org.onosproject.net.driver.DriverAdminService;
23 -import org.onosproject.net.driver.DriverService;
24 -import org.onosproject.net.flow.FlowRuleService;
25 -import org.onosproject.net.flowobjective.FlowObjectiveService;
26 -import org.onosproject.net.group.GroupService;
27 -import org.onosproject.net.host.HostAdminService;
28 -import org.onosproject.net.host.HostService;
29 -import org.onosproject.net.intent.IntentService;
30 -import org.onosproject.net.intent.IntentExtensionService;
31 -import org.onosproject.net.intent.IntentClockService;
32 -import org.onosproject.net.intent.PartitionService;
33 -import org.onosproject.net.link.LinkAdminService;
34 -import org.onosproject.net.link.LinkService;
35 -import org.onosproject.net.packet.PacketService;
36 -import org.onosproject.net.proxyarp.ProxyArpService;
37 -import org.onosproject.net.resource.link.LinkResourceService;
38 -import org.onosproject.net.statistic.StatisticService;
39 -import org.onosproject.net.topology.PathService;
40 -import org.onosproject.net.topology.TopologyService;
41 -import org.onosproject.store.service.StorageAdminService;
42 -import org.onosproject.store.service.StorageService;
43 -import org.osgi.framework.ServicePermission;
44 -import org.osgi.framework.PackagePermission;
45 -import org.osgi.framework.AdaptPermission;
46 -
47 -
48 -import java.util.Collections;
49 -import java.util.Map;
50 -import java.util.Set;
51 -import java.util.concurrent.ConcurrentHashMap;
52 -import java.util.stream.Collectors;
53 -
54 -public final class PolicyBuilder {
55 -
56 - private PolicyBuilder(){
57 - }
58 -
59 - public static PermissionInfo[] getApplicationPermissions(Map<Permission, Set<String>> serviceDirectory,
60 - Set<Permission> permissions) {
61 - Set<PermissionInfo> permSet = Sets.newHashSet();
62 - Collections.addAll(permSet, getDefaultPerms());
63 - for (Permission perm : permissions) {
64 - permSet.add(new PermissionInfo(AppPermission.class.getName(), perm.name(), ""));
65 - permSet.addAll(serviceDirectory.get(perm).stream().map(service -> new PermissionInfo(
66 - ServicePermission.class.getName(), service, ServicePermission.GET)).collect(Collectors.toList()));
67 - }
68 - PermissionInfo[] permissionInfos = new PermissionInfo[permSet.size()];
69 - return permSet.toArray(permissionInfos);
70 - }
71 -
72 - public static PermissionInfo[] getAdminApplicationPermissions(Map<Permission, Set<String>> serviceDirectory) {
73 - Set<PermissionInfo> permSet = Sets.newHashSet();
74 - Collections.addAll(permSet, getDefaultPerms());
75 - Collections.addAll(permSet, getAdminDefaultPerms());
76 - permSet.addAll(serviceDirectory.keySet().stream().map(perm ->
77 - new PermissionInfo(AppPermission.class.getName(), perm.name(), "")).collect(Collectors.toList()));
78 - PermissionInfo[] permissionInfos = new PermissionInfo[permSet.size()];
79 - return permSet.toArray(permissionInfos);
80 - }
81 -
82 - public static PermissionInfo[] getDefaultPerms() {
83 - return new PermissionInfo[]{
84 - new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.EXPORTONLY),
85 - new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.IMPORT),
86 - new PermissionInfo(AdaptPermission.class.getName(), "*", AdaptPermission.ADAPT),
87 - };
88 - }
89 - public static PermissionInfo[] getAdminDefaultPerms() {
90 - return new PermissionInfo[]{
91 - new PermissionInfo(ServicePermission.class.getName(),
92 - ApplicationAdminService.class.getName(), ServicePermission.GET),
93 - new PermissionInfo(ServicePermission.class.getName(),
94 - ClusterAdminService.class.getName(), ServicePermission.GET),
95 - new PermissionInfo(ServicePermission.class.getName(),
96 - MastershipAdminService.class.getName(), ServicePermission.GET),
97 - new PermissionInfo(ServicePermission.class.getName(),
98 - DeviceAdminService.class.getName(), ServicePermission.GET),
99 - new PermissionInfo(ServicePermission.class.getName(),
100 - HostAdminService.class.getName(), ServicePermission.GET),
101 - new PermissionInfo(ServicePermission.class.getName(),
102 - LinkAdminService.class.getName(), ServicePermission.GET),
103 - new PermissionInfo(ServicePermission.class.getName(),
104 - DriverAdminService.class.getName(), ServicePermission.GET),
105 - new PermissionInfo(ServicePermission.class.getName(),
106 - StorageAdminService.class.getName(), ServicePermission.GET),
107 -// new PermissionInfo(ServicePermission.class.getName(),
108 -// LabelResourceAdminService.class.getName(), ServicePermission.GET),
109 -// new PermissionInfo(ServicePermission.class.getName(),
110 -// TunnelAdminService.class.getName(), ServicePermission.GET),
111 - new PermissionInfo(ServicePermission.class.getName(),
112 - ApplicationService.class.getName(), ServicePermission.GET),
113 - new PermissionInfo(ServicePermission.class.getName(),
114 - ComponentConfigService.class.getName(), ServicePermission.GET),
115 - new PermissionInfo(ServicePermission.class.getName(),
116 - CoreService.class.getName(), ServicePermission.GET),
117 - new PermissionInfo(ServicePermission.class.getName(),
118 - ClusterService.class.getName(), ServicePermission.GET),
119 - new PermissionInfo(ServicePermission.class.getName(),
120 - LeadershipService.class.getName(), ServicePermission.GET),
121 - new PermissionInfo(ServicePermission.class.getName(),
122 - MastershipService.class.getName(), ServicePermission.GET),
123 - new PermissionInfo(ServicePermission.class.getName(),
124 - DeviceService.class.getName(), ServicePermission.GET),
125 - new PermissionInfo(ServicePermission.class.getName(),
126 - DeviceClockService.class.getName(), ServicePermission.GET),
127 - new PermissionInfo(ServicePermission.class.getName(),
128 - DriverService.class.getName(), ServicePermission.GET),
129 - new PermissionInfo(ServicePermission.class.getName(),
130 - FlowRuleService.class.getName(), ServicePermission.GET),
131 - new PermissionInfo(ServicePermission.class.getName(),
132 - FlowObjectiveService.class.getName(), ServicePermission.GET),
133 - new PermissionInfo(ServicePermission.class.getName(),
134 - GroupService.class.getName(), ServicePermission.GET),
135 - new PermissionInfo(ServicePermission.class.getName(),
136 - HostService.class.getName(), ServicePermission.GET),
137 - new PermissionInfo(ServicePermission.class.getName(),
138 - IntentService.class.getName(), ServicePermission.GET),
139 - new PermissionInfo(ServicePermission.class.getName(),
140 - IntentClockService.class.getName(), ServicePermission.GET),
141 - new PermissionInfo(ServicePermission.class.getName(),
142 - IntentExtensionService.class.getName(), ServicePermission.GET),
143 - new PermissionInfo(ServicePermission.class.getName(),
144 - PartitionService.class.getName(), ServicePermission.GET),
145 - new PermissionInfo(ServicePermission.class.getName(),
146 - LinkService.class.getName(), ServicePermission.GET),
147 - new PermissionInfo(ServicePermission.class.getName(),
148 - LinkResourceService.class.getName(), ServicePermission.GET),
149 -// new PermissionInfo(ServicePermission.class.getName(),
150 -// LabelResourceService.class.getName(), ServicePermission.GET),
151 - new PermissionInfo(ServicePermission.class.getName(),
152 - PacketService.class.getName(), ServicePermission.GET),
153 - new PermissionInfo(ServicePermission.class.getName(),
154 - ProxyArpService.class.getName(), ServicePermission.GET),
155 - new PermissionInfo(ServicePermission.class.getName(),
156 - StatisticService.class.getName(), ServicePermission.GET),
157 - new PermissionInfo(ServicePermission.class.getName(),
158 - PathService.class.getName(), ServicePermission.GET),
159 - new PermissionInfo(ServicePermission.class.getName(),
160 - TopologyService.class.getName(), ServicePermission.GET),
161 -// new PermissionInfo(ServicePermission.class.getName(),
162 -// TunnelService.class.getName(), ServicePermission.GET),
163 - new PermissionInfo(ServicePermission.class.getName(),
164 - StorageService.class.getName(), ServicePermission.GET),
165 - };
166 - }
167 -
168 -
169 - public static Map<Permission, Set<String>> getServiceDirectory() {
170 -
171 - Map<Permission, Set<String>> serviceDirectory = new ConcurrentHashMap<>();
172 -
173 - serviceDirectory.put(Permission.APP_READ, ImmutableSet.of(
174 - ApplicationService.class.getName(), CoreService.class.getName()));
175 - serviceDirectory.put(Permission.APP_EVENT, ImmutableSet.of(
176 - ApplicationService.class.getName(), CoreService.class.getName()));
177 - serviceDirectory.put(Permission.CONFIG_READ, ImmutableSet.of(
178 - ComponentConfigService.class.getName()));
179 - serviceDirectory.put(Permission.CONFIG_WRITE, ImmutableSet.of(
180 - ComponentConfigService.class.getName()));
181 - serviceDirectory.put(Permission.CLUSTER_READ, ImmutableSet.of(
182 - ClusterService.class.getName(), LeadershipService.class.getName(),
183 - MastershipService.class.getName()));
184 - serviceDirectory.put(Permission.CLUSTER_WRITE, ImmutableSet.of(
185 - LeadershipService.class.getName(), MastershipService.class.getName()));
186 - serviceDirectory.put(Permission.CLUSTER_EVENT, ImmutableSet.of(
187 - ClusterService.class.getName(), LeadershipService.class.getName(),
188 - MastershipService.class.getName()));
189 - serviceDirectory.put(Permission.DEVICE_READ, ImmutableSet.of(
190 - DeviceService.class.getName(), DeviceClockService.class.getName()));
191 - serviceDirectory.put(Permission.DEVICE_EVENT, ImmutableSet.of(
192 - DeviceService.class.getName()));
193 - serviceDirectory.put(Permission.DRIVER_READ, ImmutableSet.of(
194 - DriverService.class.getName()));
195 - serviceDirectory.put(Permission.DRIVER_WRITE, ImmutableSet.of(
196 - DriverService.class.getName()));
197 - serviceDirectory.put(Permission.FLOWRULE_READ, ImmutableSet.of(
198 - FlowRuleService.class.getName()));
199 - serviceDirectory.put(Permission.FLOWRULE_WRITE, ImmutableSet.of(
200 - FlowRuleService.class.getName(), FlowObjectiveService.class.getName()));
201 - serviceDirectory.put(Permission.FLOWRULE_EVENT, ImmutableSet.of(
202 - FlowRuleService.class.getName()));
203 - serviceDirectory.put(Permission.GROUP_READ, ImmutableSet.of(
204 - GroupService.class.getName()));
205 - serviceDirectory.put(Permission.GROUP_WRITE, ImmutableSet.of(
206 - GroupService.class.getName()));
207 - serviceDirectory.put(Permission.GROUP_EVENT, ImmutableSet.of(
208 - GroupService.class.getName()));
209 - serviceDirectory.put(Permission.HOST_WRITE, ImmutableSet.of(
210 - HostService.class.getName()));
211 - serviceDirectory.put(Permission.HOST_EVENT, ImmutableSet.of(
212 - HostService.class.getName()));
213 - serviceDirectory.put(Permission.INTENT_READ, ImmutableSet.of(
214 - IntentService.class.getName(), PartitionService.class.getName(),
215 - IntentClockService.class.getName()));
216 - serviceDirectory.put(Permission.INTENT_WRITE, ImmutableSet.of(
217 - IntentService.class.getName()));
218 - serviceDirectory.put(Permission.INTENT_EVENT, ImmutableSet.of(
219 - IntentService.class.getName()));
220 -// serviceDirectory.put(Permission.LINK_READ, ImmutableSet.of(
221 -// LinkService.class.getName(), LinkResourceService.class.getName(),
222 -// LabelResourceService.class.getName()));
223 -// serviceDirectory.put(Permission.LINK_WRITE, ImmutableSet.of(
224 -// LinkResourceService.class.getName(), LabelResourceService.class.getName()));
225 -// serviceDirectory.put(Permission.LINK_EVENT, ImmutableSet.of(
226 -// LinkService.class.getName(), LinkResourceService.class.getName(),
227 -// LabelResourceService.class.getName()));
228 - serviceDirectory.put(Permission.PACKET_READ, ImmutableSet.of(
229 - PacketService.class.getName(), ProxyArpService.class.getName()));
230 - serviceDirectory.put(Permission.PACKET_WRITE, ImmutableSet.of(
231 - PacketService.class.getName(), ProxyArpService.class.getName()));
232 - serviceDirectory.put(Permission.PACKET_EVENT, ImmutableSet.of(
233 - PacketService.class.getName()));
234 - serviceDirectory.put(Permission.STATISTIC_READ, ImmutableSet.of(
235 - StatisticService.class.getName()));
236 - serviceDirectory.put(Permission.TOPOLOGY_READ, ImmutableSet.of(
237 - TopologyService.class.getName(), PathService.class.getName()));
238 - serviceDirectory.put(Permission.TOPOLOGY_EVENT, ImmutableSet.of(
239 - TopologyService.class.getName()));
240 -// serviceDirectory.put(Permission.TUNNEL_READ, ImmutableSet.of(
241 -// TunnelService.class.getName()));
242 -// serviceDirectory.put(Permission.TUNNEL_WRITE, ImmutableSet.of(
243 -// TunnelService.class.getName()));
244 -// serviceDirectory.put(Permission.TUNNEL_EVENT, ImmutableSet.of(
245 -// TunnelService.class.getName()));
246 - serviceDirectory.put(Permission.STORAGE_WRITE, ImmutableSet.of(
247 - StorageService.class.getName()));
248 -
249 - return serviceDirectory;
250 - }
251 -}
252 -
253 -
254 -// public static PermissionInfo[] getNonAdminPerms() {
255 -// return new PermissionInfo[]{
256 -// new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.EXPORTONLY),
257 -// new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.IMPORT),
258 -// new PermissionInfo(AdaptPermission.class.getName(), "*", AdaptPermission.ADAPT),
259 -// new PermissionInfo(ServicePermission.class.getName(),
260 -// ApplicationService.class.getName(), ServicePermission.GET),
261 -// new PermissionInfo(ServicePermission.class.getName(),
262 -// ComponentConfigService.class.getName(), ServicePermission.GET),
263 -// new PermissionInfo(ServicePermission.class.getName(),
264 -// CoreService.class.getName(), ServicePermission.GET),
265 -// new PermissionInfo(ServicePermission.class.getName(),
266 -// ClusterService.class.getName(), ServicePermission.GET),
267 -// new PermissionInfo(ServicePermission.class.getName(),
268 -// LeadershipService.class.getName(), ServicePermission.GET),
269 -// new PermissionInfo(ServicePermission.class.getName(),
270 -// MastershipService.class.getName(), ServicePermission.GET),
271 -// new PermissionInfo(ServicePermission.class.getName(),
272 -// DeviceService.class.getName(), ServicePermission.GET),
273 -// new PermissionInfo(ServicePermission.class.getName(),
274 -// DeviceClockService.class.getName(), ServicePermission.GET),
275 -// new PermissionInfo(ServicePermission.class.getName(),
276 -// DriverService.class.getName(), ServicePermission.GET),
277 -// new PermissionInfo(ServicePermission.class.getName(),
278 -// FlowRuleService.class.getName(), ServicePermission.GET),
279 -// new PermissionInfo(ServicePermission.class.getName(),
280 -// FlowObjectiveService.class.getName(), ServicePermission.GET),
281 -// new PermissionInfo(ServicePermission.class.getName(),
282 -// GroupService.class.getName(), ServicePermission.GET),
283 -// new PermissionInfo(ServicePermission.class.getName(),
284 -// HostService.class.getName(), ServicePermission.GET),
285 -// new PermissionInfo(ServicePermission.class.getName(),
286 -// HostClockService.class.getName(), ServicePermission.GET),
287 -// new PermissionInfo(ServicePermission.class.getName(),
288 -// IntentService.class.getName(), ServicePermission.GET),
289 -// new PermissionInfo(ServicePermission.class.getName(),
290 -// IntentClockService.class.getName(), ServicePermission.GET),
291 -// new PermissionInfo(ServicePermission.class.getName(),
292 -// IntentExtensionService.class.getName(), ServicePermission.GET),
293 -// new PermissionInfo(ServicePermission.class.getName(),
294 -// PartitionService.class.getName(), ServicePermission.GET),
295 -// new PermissionInfo(ServicePermission.class.getName(),
296 -// LinkService.class.getName(), ServicePermission.GET),
297 -// new PermissionInfo(ServicePermission.class.getName(),
298 -// LinkResourceService.class.getName(), ServicePermission.GET),
299 -// new PermissionInfo(ServicePermission.class.getName(),
300 -// LabelResourceService.class.getName(), ServicePermission.GET),
301 -// new PermissionInfo(ServicePermission.class.getName(),
302 -// PacketService.class.getName(), ServicePermission.GET),
303 -// new PermissionInfo(ServicePermission.class.getName(),
304 -// ProxyArpService.class.getName(), ServicePermission.GET),
305 -// new PermissionInfo(ServicePermission.class.getName(),
306 -// StatisticService.class.getName(), ServicePermission.GET),
307 -// new PermissionInfo(ServicePermission.class.getName(),
308 -// PathService.class.getName(), ServicePermission.GET),
309 -// new PermissionInfo(ServicePermission.class.getName(),
310 -// TopologyService.class.getName(), ServicePermission.GET),
311 -// new PermissionInfo(ServicePermission.class.getName(),
312 -// TunnelService.class.getName(), ServicePermission.GET),
313 -// new PermissionInfo(ServicePermission.class.getName(),
314 -// StorageService.class.getName(), ServicePermission.GET),
315 -// };
316 -// }
1 -package org.onosproject.security.impl;
2 -
3 -import org.apache.felix.scr.annotations.Component;
4 -import org.apache.felix.scr.annotations.Reference;
5 -import org.apache.felix.scr.annotations.ReferenceCardinality;
6 -import org.apache.felix.scr.annotations.Activate;
7 -import org.apache.felix.scr.annotations.Deactivate;
8 -import org.apache.karaf.features.BundleInfo;
9 -import org.apache.karaf.features.Feature;
10 -import org.apache.karaf.features.FeaturesService;
11 -
12 -import org.onosproject.app.ApplicationAdminService;
13 -import org.onosproject.app.ApplicationEvent;
14 -import org.onosproject.app.ApplicationListener;
15 -import org.onosproject.app.ApplicationState;
16 -import org.onosproject.core.Application;
17 -import org.onosproject.core.ApplicationId;
18 -import org.onosproject.core.Permission;
19 -import org.onosproject.security.AppPermission;
20 -import org.osgi.framework.Bundle;
21 -import org.osgi.framework.BundleContext;
22 -import org.osgi.framework.BundleEvent;
23 -import org.osgi.framework.BundleListener;
24 -import org.osgi.framework.FrameworkUtil;
25 -import org.osgi.framework.PackagePermission;
26 -import org.osgi.framework.ServicePermission;
27 -import org.osgi.service.log.LogEntry;
28 -import org.osgi.service.log.LogListener;
29 -import org.osgi.service.log.LogReaderService;
30 -import org.osgi.service.permissionadmin.PermissionInfo;
31 -
32 -import java.security.AccessControlException;
33 -import java.security.AllPermission;
34 -import java.util.ArrayList;
35 -import java.util.List;
36 -import java.util.Map;
37 -import java.util.Set;
38 -import java.util.concurrent.ConcurrentHashMap;
39 -import java.util.stream.Collectors;
40 -
41 -import org.osgi.service.permissionadmin.PermissionAdmin;
42 -import org.slf4j.Logger;
43 -
44 -import static org.slf4j.LoggerFactory.getLogger;
45 -
46 -/**
47 - * Security-Mode ONOS management implementation.
48 - */
49 -
50 -//TODO : implement a dedicated distributed store for SM-ONOS
51 -
52 -@Component(immediate = true)
53 -public class SecurityModeManager {
54 -
55 - @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
56 - protected ApplicationAdminService appAdminService;
57 -
58 - @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
59 - protected FeaturesService featuresService;
60 -
61 - @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
62 - protected LogReaderService logReaderService;
63 -
64 - private final Logger log = getLogger(getClass());
65 -
66 - private SecurityBundleListener securityBundleListener = new SecurityBundleListener();
67 -
68 - private SecurityApplicationListener securityApplicationListener = new SecurityApplicationListener();
69 -
70 - private SecurityLogListener securityLogListener = new SecurityLogListener();
71 -
72 - private Bundle bundle = null;
73 -
74 - private BundleContext bundleContext = null;
75 -
76 - private PermissionAdmin permissionAdmin = null;
77 -
78 - private Map<String, ApplicationId> appTracker = null;
79 -
80 - private Map<Permission, Set<String>> serviceDirectory = null;
81 -
82 -
83 - @Activate
84 - public void activate() {
85 - if (System.getSecurityManager() == null) {
86 - log.warn("J2EE security manager is disabled.");
87 - deactivate();
88 - return;
89 - }
90 - bundle = FrameworkUtil.getBundle(this.getClass());
91 - bundleContext = bundle.getBundleContext();
92 -
93 - bundleContext.addBundleListener(securityBundleListener);
94 - appAdminService.addListener(securityApplicationListener);
95 - logReaderService.addLogListener(securityLogListener);
96 - appTracker = new ConcurrentHashMap<>();
97 -
98 - permissionAdmin = getPermissionAdmin(bundleContext);
99 - if (permissionAdmin == null) {
100 - log.warn("Permission Admin not found.");
101 - this.deactivate();
102 - return;
103 - }
104 -
105 - serviceDirectory = PolicyBuilder.getServiceDirectory();
106 -
107 - PermissionInfo[] allPerm = {
108 - new PermissionInfo(AllPermission.class.getName(), "", ""), };
109 -
110 - permissionAdmin.setPermissions(bundle.getLocation(), allPerm);
111 - log.warn("Security-Mode Started");
112 - }
113 -
114 -
115 - @Deactivate
116 - public void deactivate() {
117 - bundleContext.removeBundleListener(securityBundleListener);
118 - appAdminService.removeListener(securityApplicationListener);
119 - logReaderService.removeLogListener(securityLogListener);
120 - log.info("Stopped");
121 -
122 - }
123 -
124 - private class SecurityApplicationListener implements ApplicationListener {
125 -
126 - @Override
127 - public void event(ApplicationEvent event) {
128 - //App needs to be restarted
129 - if (event.type() == ApplicationEvent.Type.APP_PERMISSIONS_CHANGED) {
130 - if (appAdminService.getState(event.subject().id()) == ApplicationState.ACTIVE) {
131 - appAdminService.deactivate(event.subject().id());
132 - print("Permissions updated (%s). Deactivating...",
133 - event.subject().id().name());
134 - }
135 - }
136 - }
137 - }
138 -
139 - private class SecurityBundleListener implements BundleListener {
140 -
141 - @Override
142 - public void bundleChanged(BundleEvent event) {
143 - switch (event.getType()) {
144 - case BundleEvent.INSTALLED:
145 - setPermissions(event);
146 - break;
147 - case BundleEvent.UNINSTALLED:
148 - clearPermissions(event);
149 - break;
150 - default:
151 - break;
152 - }
153 - }
154 - }
155 -
156 - private void clearPermissions(BundleEvent bundleEvent) {
157 - if (appTracker.containsKey(bundleEvent.getBundle().getLocation())) {
158 - permissionAdmin.setPermissions(bundleEvent.getBundle().getLocation(), new PermissionInfo[]{});
159 - appTracker.remove(bundleEvent.getBundle().getLocation());
160 - }
161 - }
162 -
163 - // find the location of the installed bundle and enforce policy
164 - private void setPermissions(BundleEvent bundleEvent) {
165 - for (Application app : appAdminService.getApplications()) {
166 - if (getBundleLocations(app).contains(bundleEvent.getBundle().getLocation())) {
167 - String location = bundleEvent.getBundle().getLocation();
168 -
169 - Set<org.onosproject.core.Permission> permissions =
170 - appAdminService.getPermissions(app.id());
171 -
172 - //Permissions granted by user overrides the permissions specified in App.Xml file
173 - if (permissions == null) {
174 - permissions = app.permissions();
175 - }
176 -
177 - if (permissions.isEmpty()) {
178 - print("Application %s has not been granted any permission.", app.id().name());
179 - }
180 -
181 - PermissionInfo[] perms = null;
182 -
183 - switch (app.role()) {
184 - case ADMIN:
185 - perms = PolicyBuilder.getAdminApplicationPermissions(serviceDirectory);
186 - break;
187 - case REGULAR:
188 - perms = PolicyBuilder.getApplicationPermissions(serviceDirectory, permissions);
189 - break;
190 - case UNSPECIFIED:
191 - default:
192 - //no role has been assigned.
193 - perms = PolicyBuilder.getDefaultPerms();
194 - log.warn("Application %s has no role assigned.", app.id().name());
195 - break;
196 - }
197 - permissionAdmin.setPermissions(location, perms);
198 - appTracker.put(location, app.id());
199 - break;
200 - }
201 - }
202 - }
203 -
204 - //TODO: dispatch security policy violation event via distributed store
205 - //immediately notify and deactivate the application upon policy violation
206 - private class SecurityLogListener implements LogListener {
207 - @Override
208 - public void logged(LogEntry entry) {
209 - if (entry != null) {
210 - if (entry.getException() != null) {
211 - ApplicationId applicationId = appTracker.get(entry.getBundle().getLocation());
212 - if (applicationId != null) {
213 - if (appAdminService.getState(applicationId).equals(ApplicationState.ACTIVE)) {
214 - if (entry.getException() instanceof AccessControlException) {
215 - java.security.Permission permission =
216 - ((AccessControlException) entry.getException()).getPermission();
217 - handleException(applicationId.name(), permission);
218 - appAdminService.deactivate(applicationId);
219 - }
220 - }
221 - }
222 - }
223 - }
224 - }
225 - }
226 -
227 - private void handleException(String name, java.security.Permission perm) {
228 - if (perm instanceof ServicePermission || perm instanceof PackagePermission) {
229 - print("%s has attempted to %s %s.", name, perm.getActions(), perm.getName());
230 - } else if (perm instanceof AppPermission) {
231 - print("%s has attempted to call an NB API that requires %s permission.",
232 - name, perm.getName().toUpperCase());
233 - } else {
234 - print("%s has attempted to perform an action that requires %s", name, perm.toString());
235 - }
236 - print("POLICY VIOLATION: Deactivating %s.", name);
237 -
238 - }
239 - private void print(String format, Object... args) {
240 - System.out.println(String.format("SM-ONOS: " + format, args));
241 - log.warn(String.format(format, args));
242 - }
243 -
244 - private List<String> getBundleLocations(Application app) {
245 - List<String> locations = new ArrayList();
246 - for (String name : app.features()) {
247 - try {
248 - Feature feature = featuresService.getFeature(name);
249 - locations.addAll(
250 - feature.getBundles().stream().map(BundleInfo::getLocation).collect(Collectors.toList()));
251 - } catch (Exception e) {
252 - return locations;
253 - }
254 - }
255 - return locations;
256 - }
257 -
258 - private PermissionAdmin getPermissionAdmin(BundleContext context) {
259 - return (PermissionAdmin) context.getService(context.getServiceReference(PermissionAdmin.class.getName()));
260 - }
261 -
262 -}
...@@ -12,10 +12,46 @@ ...@@ -12,10 +12,46 @@
12 </parent> 12 </parent>
13 13
14 <artifactId>onos-security</artifactId> 14 <artifactId>onos-security</artifactId>
15 - <packaging>pom</packaging> 15 + <packaging>bundle</packaging>
16 - <modules> 16 +
17 - <module>impl</module> 17 +
18 - </modules> 18 + <description>Security-Mode ONOS project</description>
19 +
20 + <dependencies>
21 + <dependency>
22 + <groupId>org.osgi</groupId>
23 + <artifactId>org.osgi.core</artifactId>
24 + </dependency>
25 + <dependency>
26 + <groupId>org.osgi</groupId>
27 + <artifactId>org.osgi.compendium</artifactId>
28 + </dependency>
29 + <dependency>
30 + <groupId>org.apache.felix</groupId>
31 + <artifactId>org.apache.felix.scr.annotations</artifactId>
32 + </dependency>
33 + <dependency>
34 + <groupId>org.onosproject</groupId>
35 + <artifactId>onos-api</artifactId>
36 + </dependency>
37 + <dependency>
38 + <groupId>org.onosproject</groupId>
39 + <artifactId>onos-core-serializers</artifactId>
40 + <version>${project.version}</version>
41 + </dependency>
42 + <dependency>
43 + <groupId>org.apache.karaf.features</groupId>
44 + <artifactId>org.apache.karaf.features.core</artifactId>
45 + </dependency>
46 + </dependencies>
47 +
48 + <build>
49 + <plugins>
50 + <plugin>
51 + <groupId>org.apache.felix</groupId>
52 + <artifactId>maven-scr-plugin</artifactId>
53 + </plugin>
54 + </plugins>
55 + </build>
19 56
20 - <description>Security-mode ONOS project root</description>
21 </project> 57 </project>
...\ No newline at end of file ...\ No newline at end of file
......
1 +package org.onosproject.security.impl;
2 +
3 +
4 +import com.google.common.collect.ImmutableSet;
5 +import com.google.common.collect.Lists;
6 +import com.google.common.collect.Sets;
7 +import org.onosproject.security.AppPermission;
8 +import org.onosproject.app.ApplicationAdminService;
9 +import org.onosproject.app.ApplicationService;
10 +import org.onosproject.cfg.ComponentConfigService;
11 +import org.onosproject.cluster.ClusterAdminService;
12 +import org.onosproject.cluster.ClusterService;
13 +import org.onosproject.core.CoreService;
14 +import org.onosproject.cluster.LeadershipService;
15 +import org.onosproject.mastership.MastershipAdminService;
16 +import org.onosproject.mastership.MastershipService;
17 +import org.onosproject.net.device.DeviceAdminService;
18 +import org.onosproject.net.device.DeviceService;
19 +import org.onosproject.net.device.DeviceClockService;
20 +import org.onosproject.net.driver.DriverAdminService;
21 +import org.onosproject.net.driver.DriverService;
22 +import org.onosproject.net.flow.FlowRuleService;
23 +import org.onosproject.net.flowobjective.FlowObjectiveService;
24 +import org.onosproject.net.group.GroupService;
25 +import org.onosproject.net.host.HostAdminService;
26 +import org.onosproject.net.host.HostService;
27 +import org.onosproject.net.intent.IntentService;
28 +import org.onosproject.net.intent.IntentExtensionService;
29 +import org.onosproject.net.intent.IntentClockService;
30 +import org.onosproject.net.intent.PartitionService;
31 +import org.onosproject.net.link.LinkAdminService;
32 +import org.onosproject.net.link.LinkService;
33 +import org.onosproject.net.packet.PacketService;
34 +import org.onosproject.net.proxyarp.ProxyArpService;
35 +import org.onosproject.net.resource.link.LinkResourceService;
36 +import org.onosproject.net.statistic.StatisticService;
37 +import org.onosproject.net.topology.PathService;
38 +import org.onosproject.net.topology.TopologyService;
39 +import org.onosproject.security.SecurityAdminService;
40 +import org.onosproject.store.service.StorageAdminService;
41 +import org.onosproject.store.service.StorageService;
42 +import org.osgi.framework.BundlePermission;
43 +import org.osgi.framework.CapabilityPermission;
44 +import org.osgi.framework.ServicePermission;
45 +import org.osgi.framework.PackagePermission;
46 +import org.osgi.framework.AdaptPermission;
47 +import org.osgi.service.cm.ConfigurationPermission;
48 +
49 +import javax.net.ssl.SSLPermission;
50 +import javax.security.auth.AuthPermission;
51 +import javax.security.auth.PrivateCredentialPermission;
52 +import javax.security.auth.kerberos.DelegationPermission;
53 +import javax.sound.sampled.AudioPermission;
54 +import java.io.FilePermission;
55 +import java.io.SerializablePermission;
56 +import java.net.NetPermission;
57 +import java.net.SocketPermission;
58 +import java.security.Permissions;
59 +import java.sql.SQLPermission;
60 +import java.util.ArrayList;
61 +import java.util.Enumeration;
62 +import java.util.HashSet;
63 +import java.util.List;
64 +import java.util.PropertyPermission;
65 +import java.util.Set;
66 +import java.util.concurrent.ConcurrentHashMap;
67 +import java.security.Permission;
68 +import java.util.logging.LoggingPermission;
69 +
70 +import static org.onosproject.security.AppPermission.Type.*;
71 +
72 +public final class DefaultPolicyBuilder {
73 +
74 + protected static ConcurrentHashMap<AppPermission.Type,
75 + Set<String>> serviceDirectory = getServiceDirectory();
76 +
77 + protected static List<Permission> defaultPermissions = getDefaultPerms();
78 + protected static List<Permission> adminServicePermissions = getAdminDefaultPerms();
79 +
80 + private DefaultPolicyBuilder(){
81 + }
82 +
83 + public static List<Permission> getUserApplicationPermissions(Set<org.onosproject.security.Permission> permissions) {
84 + List<Permission> perms = Lists.newArrayList();
85 + perms.addAll(defaultPermissions);
86 + perms.addAll(convertToJavaPermissions(permissions));
87 + return optimizePermissions(perms);
88 + }
89 +
90 + public static List<Permission> getAdminApplicationPermissions(
91 + Set<org.onosproject.security.Permission> permissions) {
92 + List<Permission> perms = Lists.newArrayList();
93 + perms.addAll(defaultPermissions);
94 + perms.addAll(adminServicePermissions);
95 + for (AppPermission.Type perm : serviceDirectory.keySet()) {
96 + perms.add(new AppPermission(perm));
97 + }
98 + perms.addAll(convertToJavaPermissions(permissions));
99 + return optimizePermissions(perms);
100 + }
101 +
102 + public static List<Permission> convertToJavaPermissions(Set<org.onosproject.security.Permission> permissions) {
103 + List<Permission> result = Lists.newArrayList();
104 + for (org.onosproject.security.Permission perm : permissions) {
105 + Permission javaPerm = getPermission(perm);
106 + if (javaPerm != null) {
107 + if (javaPerm instanceof AppPermission) {
108 + if (((AppPermission) javaPerm).getType() != null) {
109 + AppPermission ap = (AppPermission) javaPerm;
110 + result.add(ap);
111 + if (serviceDirectory.containsKey(ap.getType())) {
112 + for (String service : serviceDirectory.get(ap.getType())) {
113 + result.add(new ServicePermission(service, ServicePermission.GET));
114 + }
115 + }
116 + }
117 + } else if (javaPerm instanceof ServicePermission) {
118 + if (!javaPerm.getName().contains(SecurityAdminService.class.getName())) {
119 + result.add(javaPerm);
120 + }
121 + } else {
122 + result.add(javaPerm);
123 + }
124 +
125 + }
126 + }
127 + return result;
128 + }
129 +
130 + public static Set<org.onosproject.security.Permission> convertToOnosPermissions(List<Permission> permissions) {
131 + Set<org.onosproject.security.Permission> result = Sets.newHashSet();
132 + for (Permission perm : permissions) {
133 + org.onosproject.security.Permission onosPerm = getOnosPermission(perm);
134 + if (onosPerm != null) {
135 + result.add(onosPerm);
136 + }
137 + }
138 + return result;
139 + }
140 +
141 + public static List<Permission> getDefaultPerms() {
142 + List<Permission> permSet = Lists.newArrayList();
143 + permSet.add(new PackagePermission("*", PackagePermission.EXPORTONLY));
144 + permSet.add(new PackagePermission("*", PackagePermission.IMPORT));
145 + permSet.add(new AdaptPermission("*", AdaptPermission.ADAPT));
146 + permSet.add(new ConfigurationPermission("*", ConfigurationPermission.CONFIGURE));
147 + return permSet;
148 + }
149 +
150 + private static List<Permission> getAdminDefaultPerms() {
151 + List<Permission> permSet = Lists.newArrayList();
152 + permSet.add(new ServicePermission(ApplicationAdminService.class.getName(), ServicePermission.GET));
153 + permSet.add(new ServicePermission(ClusterAdminService.class.getName(), ServicePermission.GET));
154 + permSet.add(new ServicePermission(MastershipAdminService.class.getName(), ServicePermission.GET));
155 + permSet.add(new ServicePermission(DeviceAdminService.class.getName(), ServicePermission.GET));
156 + permSet.add(new ServicePermission(HostAdminService.class.getName(), ServicePermission.GET));
157 + permSet.add(new ServicePermission(LinkAdminService.class.getName(), ServicePermission.GET));
158 + permSet.add(new ServicePermission(DriverAdminService.class.getName(), ServicePermission.GET));
159 + permSet.add(new ServicePermission(StorageAdminService.class.getName(), ServicePermission.GET));
160 +// permSet.add(new ServicePermission(LabelResourceAdminService.class.getName(), ServicePermission.GET));
161 +// permSet.add(new ServicePermission(TunnelAdminService.class.getName(), ServicePermission.GET));
162 + permSet.add(new ServicePermission(ApplicationService.class.getName(), ServicePermission.GET));
163 + permSet.add(new ServicePermission(ComponentConfigService.class.getName(), ServicePermission.GET));
164 + permSet.add(new ServicePermission(CoreService.class.getName(), ServicePermission.GET));
165 + permSet.add(new ServicePermission(ClusterService.class.getName(), ServicePermission.GET));
166 + permSet.add(new ServicePermission(LeadershipService.class.getName(), ServicePermission.GET));
167 + permSet.add(new ServicePermission(MastershipService.class.getName(), ServicePermission.GET));
168 + permSet.add(new ServicePermission(DeviceService.class.getName(), ServicePermission.GET));
169 + permSet.add(new ServicePermission(DeviceClockService.class.getName(), ServicePermission.GET));
170 + permSet.add(new ServicePermission(DriverService.class.getName(), ServicePermission.GET));
171 + permSet.add(new ServicePermission(FlowRuleService.class.getName(), ServicePermission.GET));
172 + permSet.add(new ServicePermission(FlowObjectiveService.class.getName(), ServicePermission.GET));
173 + permSet.add(new ServicePermission(GroupService.class.getName(), ServicePermission.GET));
174 + permSet.add(new ServicePermission(HostService.class.getName(), ServicePermission.GET));
175 + permSet.add(new ServicePermission(IntentService.class.getName(), ServicePermission.GET));
176 + permSet.add(new ServicePermission(IntentClockService.class.getName(), ServicePermission.GET));
177 + permSet.add(new ServicePermission(IntentExtensionService.class.getName(), ServicePermission.GET));
178 + permSet.add(new ServicePermission(PartitionService.class.getName(), ServicePermission.GET));
179 + permSet.add(new ServicePermission(LinkService.class.getName(), ServicePermission.GET));
180 + permSet.add(new ServicePermission(LinkResourceService.class.getName(), ServicePermission.GET));
181 +// permSet.add(new ServicePermission(LabelResourceService.class.getName(), ServicePermission.GET));
182 + permSet.add(new ServicePermission(PacketService.class.getName(), ServicePermission.GET));
183 + permSet.add(new ServicePermission(ProxyArpService.class.getName(), ServicePermission.GET));
184 + permSet.add(new ServicePermission(StatisticService.class.getName(), ServicePermission.GET));
185 + permSet.add(new ServicePermission(PathService.class.getName(), ServicePermission.GET));
186 + permSet.add(new ServicePermission(TopologyService.class.getName(), ServicePermission.GET));
187 +// permSet.add(new ServicePermission(TunnelService.class.getName(), ServicePermission.GET));
188 + permSet.add(new ServicePermission(StorageService.class.getName(), ServicePermission.GET));
189 + return permSet;
190 + }
191 +
192 + public static Set<String> getNBServiceList() {
193 + Set<String> permString = new HashSet<>();
194 + for (Permission perm : getAdminDefaultPerms()) {
195 + permString.add(perm.getName());
196 + }
197 + return permString;
198 + }
199 +
200 + private static ConcurrentHashMap<AppPermission.Type, Set<String>> getServiceDirectory() {
201 +
202 + ConcurrentHashMap<AppPermission.Type, Set<String>> serviceDirectory = new ConcurrentHashMap<>();
203 +
204 + serviceDirectory.put(APP_READ, ImmutableSet.of(
205 + ApplicationService.class.getName(), CoreService.class.getName()));
206 + serviceDirectory.put(APP_EVENT, ImmutableSet.of(
207 + ApplicationService.class.getName(), CoreService.class.getName()));
208 + serviceDirectory.put(CONFIG_READ, ImmutableSet.of(
209 + ComponentConfigService.class.getName()));
210 + serviceDirectory.put(CONFIG_WRITE, ImmutableSet.of(
211 + ComponentConfigService.class.getName()));
212 + serviceDirectory.put(CLUSTER_READ, ImmutableSet.of(
213 + ClusterService.class.getName(), LeadershipService.class.getName(),
214 + MastershipService.class.getName()));
215 + serviceDirectory.put(CLUSTER_WRITE, ImmutableSet.of(
216 + LeadershipService.class.getName(), MastershipService.class.getName()));
217 + serviceDirectory.put(CLUSTER_EVENT, ImmutableSet.of(
218 + ClusterService.class.getName(), LeadershipService.class.getName(),
219 + MastershipService.class.getName()));
220 + serviceDirectory.put(DEVICE_READ, ImmutableSet.of(
221 + DeviceService.class.getName(), DeviceClockService.class.getName()));
222 + serviceDirectory.put(DEVICE_EVENT, ImmutableSet.of(
223 + DeviceService.class.getName()));
224 + serviceDirectory.put(DRIVER_READ, ImmutableSet.of(
225 + DriverService.class.getName()));
226 + serviceDirectory.put(DRIVER_WRITE, ImmutableSet.of(
227 + DriverService.class.getName()));
228 + serviceDirectory.put(FLOWRULE_READ, ImmutableSet.of(
229 + FlowRuleService.class.getName()));
230 + serviceDirectory.put(FLOWRULE_WRITE, ImmutableSet.of(
231 + FlowRuleService.class.getName(), FlowObjectiveService.class.getName()));
232 + serviceDirectory.put(FLOWRULE_EVENT, ImmutableSet.of(
233 + FlowRuleService.class.getName()));
234 + serviceDirectory.put(GROUP_READ, ImmutableSet.of(
235 + GroupService.class.getName()));
236 + serviceDirectory.put(GROUP_WRITE, ImmutableSet.of(
237 + GroupService.class.getName()));
238 + serviceDirectory.put(GROUP_EVENT, ImmutableSet.of(
239 + GroupService.class.getName()));
240 + serviceDirectory.put(HOST_READ, ImmutableSet.of(
241 + HostService.class.getName()));
242 + serviceDirectory.put(HOST_WRITE, ImmutableSet.of(
243 + HostService.class.getName()));
244 + serviceDirectory.put(HOST_EVENT, ImmutableSet.of(
245 + HostService.class.getName()));
246 + serviceDirectory.put(INTENT_READ, ImmutableSet.of(
247 + IntentService.class.getName(), PartitionService.class.getName(),
248 + IntentClockService.class.getName()));
249 + serviceDirectory.put(INTENT_WRITE, ImmutableSet.of(
250 + IntentService.class.getName()));
251 + serviceDirectory.put(INTENT_EVENT, ImmutableSet.of(
252 + IntentService.class.getName()));
253 +// serviceDirectory.put(LINK_READ, ImmutableSet.of(
254 +// LinkService.class.getName(), LinkResourceService.class.getName(),
255 +// LabelResourceService.class.getName()));
256 +// serviceDirectory.put(LINK_WRITE, ImmutableSet.of(
257 +// LinkResourceService.class.getName(), LabelResourceService.class.getName()));
258 +// serviceDirectory.put(LINK_EVENT, ImmutableSet.of(
259 +// LinkService.class.getName(), LinkResourceService.class.getName(),
260 +// LabelResourceService.class.getName()));
261 + serviceDirectory.put(PACKET_READ, ImmutableSet.of(
262 + PacketService.class.getName(), ProxyArpService.class.getName()));
263 + serviceDirectory.put(PACKET_WRITE, ImmutableSet.of(
264 + PacketService.class.getName(), ProxyArpService.class.getName()));
265 + serviceDirectory.put(PACKET_EVENT, ImmutableSet.of(
266 + PacketService.class.getName()));
267 + serviceDirectory.put(STATISTIC_READ, ImmutableSet.of(
268 + StatisticService.class.getName()));
269 + serviceDirectory.put(TOPOLOGY_READ, ImmutableSet.of(
270 + TopologyService.class.getName(), PathService.class.getName()));
271 + serviceDirectory.put(TOPOLOGY_EVENT, ImmutableSet.of(
272 + TopologyService.class.getName()));
273 +// serviceDirectory.put(TUNNEL_READ, ImmutableSet.of(
274 +// TunnelService.class.getName()));
275 +// serviceDirectory.put(TUNNEL_WRITE, ImmutableSet.of(
276 +// TunnelService.class.getName()));
277 +// serviceDirectory.put(TUNNEL_EVENT, ImmutableSet.of(
278 +// TunnelService.class.getName()));
279 + serviceDirectory.put(STORAGE_WRITE, ImmutableSet.of(
280 + StorageService.class.getName()));
281 +
282 + return serviceDirectory;
283 + }
284 +
285 +
286 + public static org.onosproject.security.Permission getOnosPermission(Permission permission) {
287 + if (permission instanceof AppPermission) {
288 + return new org.onosproject.security.Permission(AppPermission.class.getName(), permission.getName(), "");
289 + } else if (permission instanceof FilePermission) {
290 + return new org.onosproject.security.Permission(
291 + FilePermission.class.getName(), permission.getName(), permission.getActions());
292 + } else if (permission instanceof SerializablePermission) {
293 + return new org.onosproject.security.Permission(
294 + SerializablePermission.class.getName(), permission.getName(), permission.getActions());
295 + } else if (permission instanceof NetPermission) {
296 + return new org.onosproject.security.Permission(
297 + NetPermission.class.getName(), permission.getName(), permission.getActions());
298 + } else if (permission instanceof RuntimePermission) {
299 + return new org.onosproject.security.Permission(
300 + RuntimePermission.class.getName(), permission.getName(), permission.getActions());
301 + } else if (permission instanceof SocketPermission) {
302 + return new org.onosproject.security.Permission(
303 + SocketPermission.class.getName(), permission.getName(), permission.getActions());
304 + } else if (permission instanceof SQLPermission) {
305 + return new org.onosproject.security.Permission(
306 + SQLPermission.class.getName(), permission.getName(), permission.getActions());
307 + } else if (permission instanceof PropertyPermission) {
308 + return new org.onosproject.security.Permission(
309 + PropertyPermission.class.getName(), permission.getName(), permission.getActions());
310 + } else if (permission instanceof LoggingPermission) {
311 + return new org.onosproject.security.Permission(
312 + LoggingPermission.class.getName(), permission.getName(), permission.getActions());
313 + } else if (permission instanceof SSLPermission) {
314 + return new org.onosproject.security.Permission(
315 + SSLPermission.class.getName(), permission.getName(), permission.getActions());
316 + } else if (permission instanceof AuthPermission) {
317 + return new org.onosproject.security.Permission(
318 + AuthPermission.class.getName(), permission.getName(), permission.getActions());
319 + } else if (permission instanceof PrivateCredentialPermission) {
320 + return new org.onosproject.security.Permission(
321 + PrivateCredentialPermission.class.getName(), permission.getName(), permission.getActions());
322 + } else if (permission instanceof DelegationPermission) {
323 + return new org.onosproject.security.Permission(
324 + DelegationPermission.class.getName(), permission.getName(), permission.getActions());
325 + } else if (permission instanceof javax.security.auth.kerberos.ServicePermission) {
326 + return new org.onosproject.security.Permission(
327 + javax.security.auth.kerberos.ServicePermission.class.getName(), permission.getName(),
328 + permission.getActions());
329 + } else if (permission instanceof AudioPermission) {
330 + return new org.onosproject.security.Permission(
331 + AudioPermission.class.getName(), permission.getName(), permission.getActions());
332 + } else if (permission instanceof AdaptPermission) {
333 + return new org.onosproject.security.Permission(
334 + AdaptPermission.class.getName(), permission.getName(), permission.getActions());
335 + } else if (permission instanceof BundlePermission) {
336 + return new org.onosproject.security.Permission(
337 + BundlePermission.class.getName(), permission.getName(), permission.getActions());
338 + } else if (permission instanceof CapabilityPermission) {
339 + return new org.onosproject.security.Permission(
340 + CapabilityPermission.class.getName(), permission.getName(), permission.getActions());
341 + } else if (permission instanceof PackagePermission) {
342 + return new org.onosproject.security.Permission(
343 + PackagePermission.class.getName(), permission.getName(), permission.getActions());
344 + } else if (permission instanceof ServicePermission) {
345 + return new org.onosproject.security.Permission(
346 + ServicePermission.class.getName(), permission.getName(), permission.getActions());
347 + }
348 + return null;
349 + }
350 +
351 + private static Permission getPermission(org.onosproject.security.Permission permission) {
352 +
353 + String classname = permission.getClassName();
354 + String name = permission.getName();
355 + String actions = permission.getActions();
356 +
357 + if (classname == null || name == null) {
358 + return null;
359 + }
360 + classname = classname.trim();
361 + name = name.trim();
362 + actions = actions.trim();
363 +
364 + if (AppPermission.class.getName().equals(classname)) {
365 + return new AppPermission(name);
366 + } else if (FilePermission.class.getName().equals(classname)) {
367 + return new FilePermission(name, actions);
368 + } else if (SerializablePermission.class.getName().equals(classname)) {
369 + return new SerializablePermission(name, actions);
370 + } else if (NetPermission.class.getName().equals(classname)) {
371 + return new NetPermission(name, actions);
372 + } else if (RuntimePermission.class.getName().equals(classname)) {
373 + return new RuntimePermission(name, actions);
374 + } else if (SocketPermission.class.getName().equals(classname)) {
375 + return new SocketPermission(name, actions);
376 + } else if (SQLPermission.class.getName().equals(classname)) {
377 + return new SQLPermission(name, actions);
378 + } else if (PropertyPermission.class.getName().equals(classname)) {
379 + return new PropertyPermission(name, actions);
380 + } else if (LoggingPermission.class.getName().equals(classname)) {
381 + return new LoggingPermission(name, actions);
382 + } else if (SSLPermission.class.getName().equals(classname)) {
383 + return new SSLPermission(name, actions);
384 + } else if (AuthPermission.class.getName().equals(classname)) {
385 + return new AuthPermission(name, actions);
386 + } else if (PrivateCredentialPermission.class.getName().equals(classname)) {
387 + return new PrivateCredentialPermission(name, actions);
388 + } else if (DelegationPermission.class.getName().equals(classname)) {
389 + return new DelegationPermission(name, actions);
390 + } else if (javax.security.auth.kerberos.ServicePermission.class.getName().equals(classname)) {
391 + return new javax.security.auth.kerberos.ServicePermission(name, actions);
392 + } else if (AudioPermission.class.getName().equals(classname)) {
393 + return new AudioPermission(name, actions);
394 + } else if (AdaptPermission.class.getName().equals(classname)) {
395 + return new AdaptPermission(name, actions);
396 + } else if (BundlePermission.class.getName().equals(classname)) {
397 + return new BundlePermission(name, actions);
398 + } else if (CapabilityPermission.class.getName().equals(classname)) {
399 + return new CapabilityPermission(name, actions);
400 + } else if (PackagePermission.class.getName().equals(classname)) {
401 + return new PackagePermission(name, actions);
402 + } else if (ServicePermission.class.getName().equals(classname)) {
403 + return new ServicePermission(name, actions);
404 + }
405 +
406 + //AllPermission, SecurityPermission, UnresolvedPermission
407 + //AWTPermission, AdminPermission(osgi), ReflectPermission not allowed
408 + return null;
409 +
410 + }
411 + private static List<Permission> optimizePermissions(List<Permission> perms) {
412 + Permissions permissions = listToPermissions(perms);
413 + return permissionsToList(permissions);
414 + }
415 +
416 + private static List<Permission> permissionsToList(Permissions perms) {
417 + List<Permission> permissions = new ArrayList<>();
418 + Enumeration<Permission> e = perms.elements();
419 + while (e.hasMoreElements()) {
420 + permissions.add(e.nextElement());
421 + }
422 + return permissions;
423 + }
424 +
425 + private static Permissions listToPermissions(List<Permission> perms) {
426 + Permissions permissions = new Permissions();
427 + for (Permission perm : perms) {
428 + permissions.add(perm);
429 + }
430 + return permissions;
431 + }
432 +}
433 +
1 +package org.onosproject.security.impl;
2 +
3 +import com.google.common.collect.Lists;
4 +
5 +import org.apache.felix.scr.annotations.Component;
6 +import org.apache.felix.scr.annotations.Reference;
7 +import org.apache.felix.scr.annotations.ReferenceCardinality;
8 +import org.apache.felix.scr.annotations.Activate;
9 +import org.apache.felix.scr.annotations.Deactivate;
10 +import org.apache.felix.scr.annotations.Service;
11 +
12 +import org.onosproject.app.ApplicationAdminService;
13 +import org.onosproject.app.ApplicationState;
14 +import org.onosproject.core.Application;
15 +import org.onosproject.core.ApplicationId;
16 +
17 +import org.onosproject.event.EventDeliveryService;
18 +import org.onosproject.event.ListenerRegistry;
19 +import org.onosproject.security.AppPermission;
20 +import org.onosproject.security.SecurityAdminService;
21 +import org.onosproject.security.store.SecurityModeEvent;
22 +import org.onosproject.security.store.SecurityModeListener;
23 +import org.onosproject.security.store.SecurityModeStore;
24 +import org.onosproject.security.store.SecurityModeStoreDelegate;
25 +import org.osgi.framework.BundleContext;
26 +import org.osgi.framework.FrameworkUtil;
27 +import org.osgi.framework.ServicePermission;
28 +import org.osgi.service.log.LogEntry;
29 +import org.osgi.service.log.LogListener;
30 +import org.osgi.service.log.LogReaderService;
31 +import org.osgi.service.permissionadmin.PermissionInfo;
32 +
33 +import java.security.AccessControlException;
34 +import java.security.Permission;
35 +import java.util.ArrayList;
36 +import java.util.List;
37 +import java.util.Map;
38 +import java.util.Set;
39 +import java.util.concurrent.ConcurrentHashMap;
40 +
41 +import org.osgi.service.permissionadmin.PermissionAdmin;
42 +import org.slf4j.Logger;
43 +
44 +import static org.slf4j.LoggerFactory.getLogger;
45 +
46 +
47 +
48 +/**
49 + * Security-Mode ONOS management implementation.
50 + */
51 +
52 +@Component(immediate = true)
53 +@Service
54 +public class SecurityModeManager implements SecurityAdminService {
55 +
56 + @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
57 + protected SecurityModeStore store;
58 +
59 + @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
60 + protected ApplicationAdminService appAdminService;
61 +
62 + @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
63 + protected LogReaderService logReaderService;
64 +
65 + @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
66 + protected EventDeliveryService eventDispatcher;
67 +
68 + private final Logger log = getLogger(getClass());
69 +
70 + protected final ListenerRegistry<SecurityModeEvent, SecurityModeListener>
71 + listenerRegistry = new ListenerRegistry<>();
72 +
73 + private final SecurityModeStoreDelegate delegate = new InternalStoreDelegate();
74 +
75 + private SecurityLogListener securityLogListener = new SecurityLogListener();
76 +
77 + private PermissionAdmin permissionAdmin = getPermissionAdmin();
78 +
79 +
80 + @Activate
81 + public void activate() {
82 +
83 + eventDispatcher.addSink(SecurityModeEvent.class, listenerRegistry);
84 + // add Listeners
85 + logReaderService.addLogListener(securityLogListener);
86 +
87 + store.setDelegate(delegate);
88 +
89 + if (System.getSecurityManager() == null) {
90 + log.warn("J2EE security manager is disabled.");
91 + deactivate();
92 + return;
93 + }
94 + if (permissionAdmin == null) {
95 + log.warn("Permission Admin not found.");
96 + deactivate();
97 + return;
98 + }
99 +
100 + log.info("Security-Mode Started");
101 + }
102 +
103 + @Deactivate
104 + public void deactivate() {
105 + eventDispatcher.removeSink(SecurityModeEvent.class);
106 + logReaderService.removeLogListener(securityLogListener);
107 + store.unsetDelegate(delegate);
108 + log.info("Stopped");
109 +
110 + }
111 +
112 + @Override
113 + public boolean isSecured(ApplicationId appId) {
114 + if (store.getState(appId) == null) {
115 + store.registerApplication(appId);
116 + }
117 + return store.isSecured(appId);
118 + }
119 +
120 +
121 + @Override
122 + public void review(ApplicationId appId) {
123 + if (store.getState(appId) == null) {
124 + store.registerApplication(appId);
125 + }
126 + store.reviewPolicy(appId);
127 + }
128 +
129 + @Override
130 + public void acceptPolicy(ApplicationId appId) {
131 + if (store.getState(appId) == null) {
132 + store.registerApplication(appId);
133 + }
134 + store.acceptPolicy(appId, DefaultPolicyBuilder.convertToOnosPermissions(getMaximumPermissions(appId)));
135 + }
136 +
137 + @Override
138 + public void register(ApplicationId appId) {
139 + store.registerApplication(appId);
140 + }
141 +
142 + @Override
143 + public Map<Integer, List<Permission>> getPrintableSpecifiedPermissions(ApplicationId appId) {
144 + return getPrintablePermissionMap(getMaximumPermissions(appId));
145 + }
146 +
147 + @Override
148 + public Map<Integer, List<Permission>> getPrintableGrantedPermissions(ApplicationId appId) {
149 + return getPrintablePermissionMap(
150 + DefaultPolicyBuilder.convertToJavaPermissions(store.getGrantedPermissions(appId)));
151 + }
152 +
153 + @Override
154 + public Map<Integer, List<Permission>> getPrintableRequestedPermissions(ApplicationId appId) {
155 + return getPrintablePermissionMap(
156 + DefaultPolicyBuilder.convertToJavaPermissions(store.getRequestedPermissions(appId)));
157 + }
158 +
159 + private class SecurityLogListener implements LogListener {
160 + @Override
161 + public void logged(LogEntry entry) {
162 + if (entry.getException() != null &&
163 + entry.getException() instanceof AccessControlException) {
164 + String location = entry.getBundle().getLocation();
165 + Permission javaPerm =
166 + ((AccessControlException) entry.getException()).getPermission();
167 + org.onosproject.security.Permission permission = DefaultPolicyBuilder.getOnosPermission(javaPerm);
168 + if (permission == null) {
169 + log.warn("Unsupported permission requested.");
170 + return;
171 + }
172 + store.getApplicationIds(location).stream().filter(
173 + appId -> store.isSecured(appId) &&
174 + appAdminService.getState(appId) == ApplicationState.ACTIVE).forEach(appId -> {
175 + store.requestPermission(appId, permission);
176 + print("[POLICY VIOLATION] APP: %s / Bundle: %s / Permission: %s ",
177 + appId.name(), location, permission.toString());
178 + });
179 + }
180 + }
181 + }
182 +
183 + private class InternalStoreDelegate implements SecurityModeStoreDelegate {
184 + @Override
185 + public void notify(SecurityModeEvent event) {
186 + if (event.type() == SecurityModeEvent.Type.POLICY_ACCEPTED) {
187 + setLocalPermissions(event.subject());
188 + log.info("{} POLICY ACCEPTED and ENFORCED", event.subject().name());
189 + } else if (event.type() == SecurityModeEvent.Type.POLICY_VIOLATED) {
190 + log.info("{} POLICY VIOLATED", event.subject().name());
191 + } else if (event.type() == SecurityModeEvent.Type.POLICY_REVIEWED) {
192 + log.info("{} POLICY REVIEWED", event.subject().name());
193 + }
194 + eventDispatcher.post(event);
195 + }
196 + }
197 +
198 + /**
199 + * TYPES.
200 + * 0 - APP_PERM
201 + * 1 - ADMIN SERVICE
202 + * 2 - NB_SERVICE
203 + * 3 - ETC_SERVICE
204 + * 4 - ETC
205 + * @param perms
206 + */
207 + private Map<Integer, List<Permission>> getPrintablePermissionMap(List<Permission> perms) {
208 + ConcurrentHashMap<Integer, List<Permission>> sortedMap = new ConcurrentHashMap<>();
209 + sortedMap.put(0, new ArrayList());
210 + sortedMap.put(1, new ArrayList());
211 + sortedMap.put(2, new ArrayList());
212 + sortedMap.put(3, new ArrayList());
213 + sortedMap.put(4, new ArrayList());
214 + for (Permission perm : perms) {
215 + if (perm instanceof ServicePermission) {
216 + if (DefaultPolicyBuilder.getNBServiceList().contains(perm.getName())) {
217 + if (perm.getName().contains("Admin")) {
218 + sortedMap.get(1).add(perm);
219 + } else {
220 + sortedMap.get(2).add(perm);
221 + }
222 + } else {
223 + sortedMap.get(3).add(perm);
224 + }
225 + } else if (perm instanceof AppPermission) {
226 + sortedMap.get(0).add(perm);
227 + } else {
228 + sortedMap.get(4).add(perm);
229 + }
230 + }
231 + return sortedMap;
232 + }
233 +
234 + private void setLocalPermissions(ApplicationId applicationId) {
235 + for (String location : store.getBundleLocations(applicationId)) {
236 + permissionAdmin.setPermissions(location, permissionsToInfo(store.getGrantedPermissions(applicationId)));
237 + }
238 + }
239 +
240 + private PermissionInfo[] permissionsToInfo(Set<org.onosproject.security.Permission> permissions) {
241 + List<PermissionInfo> result = Lists.newArrayList();
242 + for (org.onosproject.security.Permission perm : permissions) {
243 + result.add(new PermissionInfo(perm.getClassName(), perm.getName(), perm.getActions()));
244 + }
245 + PermissionInfo[] permissionInfos = new PermissionInfo[result.size()];
246 + return result.toArray(permissionInfos);
247 + }
248 +
249 +
250 +
251 + private List<Permission> getMaximumPermissions(ApplicationId appId) {
252 + Application app = appAdminService.getApplication(appId);
253 + if (app == null) {
254 + print("Unknown application.");
255 + return null;
256 + }
257 + List<Permission> appPerms;
258 + switch (app.role()) {
259 + case ADMIN:
260 + appPerms = DefaultPolicyBuilder.getAdminApplicationPermissions(app.permissions());
261 + break;
262 + case USER:
263 + appPerms = DefaultPolicyBuilder.getUserApplicationPermissions(app.permissions());
264 + break;
265 + case UNSPECIFIED:
266 + default:
267 + appPerms = DefaultPolicyBuilder.getDefaultPerms();
268 + break;
269 + }
270 +
271 + return appPerms;
272 + }
273 +
274 +
275 + private void print(String format, Object... args) {
276 + System.out.println(String.format("SM-ONOS: " + format, args));
277 + log.warn(String.format(format, args));
278 + }
279 +
280 + private PermissionAdmin getPermissionAdmin() {
281 + BundleContext context = getBundleContext();
282 + return (PermissionAdmin) context.getService(context.getServiceReference(PermissionAdmin.class.getName()));
283 + }
284 +
285 + private BundleContext getBundleContext() {
286 + return FrameworkUtil.getBundle(this.getClass()).getBundleContext();
287 +
288 + }
289 +}
...\ No newline at end of file ...\ No newline at end of file
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.security.store;
18 +
19 +import com.google.common.collect.ImmutableSet;
20 +import com.google.common.collect.Sets;
21 +
22 +import org.apache.felix.scr.annotations.Activate;
23 +import org.apache.felix.scr.annotations.Component;
24 +import org.apache.felix.scr.annotations.Deactivate;
25 +import org.apache.felix.scr.annotations.Reference;
26 +import org.apache.felix.scr.annotations.ReferenceCardinality;
27 +import org.apache.felix.scr.annotations.Service;
28 +import org.apache.karaf.features.BundleInfo;
29 +import org.apache.karaf.features.Feature;
30 +import org.apache.karaf.features.FeaturesService;
31 +
32 +import org.onlab.util.KryoNamespace;
33 +import org.onosproject.app.ApplicationAdminService;
34 +import org.onosproject.core.Application;
35 +import org.onosproject.core.ApplicationId;
36 +import org.onosproject.security.Permission;
37 +import org.onosproject.store.AbstractStore;
38 +import org.onosproject.store.serializers.KryoNamespaces;
39 +import org.onosproject.store.service.ConsistentMap;
40 +import org.onosproject.store.service.EventuallyConsistentMap;
41 +import org.onosproject.store.service.LogicalClockService;
42 +import org.onosproject.store.service.MapEvent;
43 +import org.onosproject.store.service.MapEventListener;
44 +import org.onosproject.store.service.Serializer;
45 +import org.onosproject.store.service.StorageService;
46 +import org.slf4j.Logger;
47 +
48 +import java.util.HashSet;
49 +import java.util.Set;
50 +import java.util.concurrent.ConcurrentHashMap;
51 +import java.util.stream.Collectors;
52 +
53 +import static org.onosproject.security.store.SecurityModeState.*;
54 +import static org.slf4j.LoggerFactory.getLogger;
55 +
56 +/**
57 + * Manages application permissions granted/requested to applications.
58 + * Uses both gossip-based and RAFT-based distributed data store.
59 + */
60 +@Component(immediate = true)
61 +@Service
62 +public class DistributedSecurityModeStore
63 + extends AbstractStore<SecurityModeEvent, SecurityModeStoreDelegate>
64 + implements SecurityModeStore {
65 +
66 + private final Logger log = getLogger(getClass());
67 +
68 + private ConsistentMap<ApplicationId, SecurityInfo> states;
69 + private EventuallyConsistentMap<ApplicationId, Set<Permission>> violations;
70 +
71 + private ConcurrentHashMap<String, Set<ApplicationId>> localBundleAppDirectory;
72 + private ConcurrentHashMap<ApplicationId, Set<String>> localAppBundleDirectory;
73 +
74 + @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
75 + protected StorageService storageService;
76 +
77 + @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
78 + protected LogicalClockService clockService;
79 +
80 + @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
81 + protected ApplicationAdminService applicationAdminService;
82 +
83 + @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
84 + protected FeaturesService featuresService;
85 +
86 + private static final Serializer STATE_SERIALIZER = Serializer.using(new KryoNamespace.Builder()
87 + .register(KryoNamespaces.API)
88 + .register(SecurityModeState.class)
89 + .register(SecurityInfo.class)
90 + .register(Permission.class)
91 + .build());
92 +
93 + private static final KryoNamespace.Builder VIOLATION_SERIALIZER = KryoNamespace.newBuilder()
94 + .register(KryoNamespaces.API)
95 + .register(Permission.class);
96 +
97 + @Activate
98 + public void activate() {
99 + states = storageService.<ApplicationId, SecurityInfo>consistentMapBuilder()
100 + .withName("smonos-sdata")
101 + .withSerializer(STATE_SERIALIZER)
102 + .build();
103 +
104 + states.addListener(new SecurityStateListener());
105 +
106 + violations = storageService.<ApplicationId, Set<Permission>>eventuallyConsistentMapBuilder()
107 + .withName("smonos-rperms")
108 + .withSerializer(VIOLATION_SERIALIZER)
109 + .withTimestampProvider((k, v) -> clockService.getTimestamp())
110 + .build();
111 +
112 + localBundleAppDirectory = new ConcurrentHashMap<>();
113 + localAppBundleDirectory = new ConcurrentHashMap<>();
114 +
115 + log.info("Started");
116 +
117 + }
118 +
119 + @Deactivate
120 + public void deactivate() {
121 + violations.destroy();
122 + log.info("Stopped");
123 + }
124 +
125 +
126 + @Override
127 + public Set<String> getBundleLocations(ApplicationId appId) {
128 + Set<String> locations = localAppBundleDirectory.get(appId);
129 + return locations != null ? locations : Sets.newHashSet();
130 + }
131 +
132 + @Override
133 + public Set<ApplicationId> getApplicationIds(String location) {
134 + Set<ApplicationId> appIds = localBundleAppDirectory.get(location);
135 + return appIds != null ? appIds : Sets.newHashSet();
136 + }
137 +
138 + @Override
139 + public Set<Permission> getRequestedPermissions(ApplicationId appId) {
140 + Set<Permission> permissions = violations.get(appId);
141 + return permissions != null ? permissions : ImmutableSet.of();
142 + }
143 +
144 + @Override
145 + public Set<Permission> getGrantedPermissions(ApplicationId appId) {
146 + return states.asJavaMap().getOrDefault(appId, new SecurityInfo(ImmutableSet.of(), null)).getPermissions();
147 + }
148 +
149 + @Override
150 + public void requestPermission(ApplicationId appId, Permission permission) {
151 +
152 + states.computeIf(appId, securityInfo -> (securityInfo == null || securityInfo.getState() != POLICY_VIOLATED),
153 + (id, securityInfo) -> new SecurityInfo(securityInfo.getPermissions(), POLICY_VIOLATED));
154 + violations.compute(appId, (k, v) -> v == null ? Sets.newHashSet(permission) : addAndGet(v, permission));
155 + }
156 +
157 + private Set<Permission> addAndGet(Set<Permission> oldSet, Permission newPerm) {
158 + oldSet.add(newPerm);
159 + return oldSet;
160 + }
161 +
162 + @Override
163 + public boolean isSecured(ApplicationId appId) {
164 + SecurityInfo info = states.get(appId).value();
165 + return info == null ? false : info.getState().equals(SECURED);
166 + }
167 +
168 + @Override
169 + public void reviewPolicy(ApplicationId appId) {
170 + Application app = applicationAdminService.getApplication(appId);
171 + if (app == null) {
172 + log.warn("Unknown Application");
173 + return;
174 + }
175 + states.computeIfPresent(appId, (applicationId, securityInfo) -> {
176 + if (securityInfo.getState().equals(INSTALLED)) {
177 + return new SecurityInfo(ImmutableSet.of(), REVIEWED);
178 + }
179 + return securityInfo;
180 + });
181 + }
182 +
183 + @Override
184 + public void acceptPolicy(ApplicationId appId, Set<Permission> permissionSet) {
185 +
186 + Application app = applicationAdminService.getApplication(appId);
187 + if (app == null) {
188 + log.warn("Unknown Application");
189 + return;
190 + }
191 +
192 + states.computeIf(appId,
193 + securityInfo -> (securityInfo != null),
194 + (id, securityInfo) -> {
195 + switch (securityInfo.getState()) {
196 + case POLICY_VIOLATED:
197 + System.out.println(
198 + "This application has violated the security policy. Please uninstall.");
199 + return securityInfo;
200 + case SECURED:
201 + System.out.println(
202 + "The policy has been accepted already. To review policy, review [app.name]");
203 + return securityInfo;
204 + case INSTALLED:
205 + System.out.println("Please review the security policy prior to accept them");
206 + log.warn("Application has not been reviewed");
207 + return securityInfo;
208 + case REVIEWED:
209 + return new SecurityInfo(permissionSet, SECURED);
210 + default:
211 + return securityInfo;
212 + }
213 + });
214 + }
215 +
216 + private final class SecurityStateListener
217 + implements MapEventListener<ApplicationId, SecurityInfo> {
218 +
219 + @Override
220 + public void event(MapEvent<ApplicationId, SecurityInfo> event) {
221 +
222 + if (delegate == null) {
223 + return;
224 + }
225 + ApplicationId appId = event.key();
226 + SecurityInfo info = event.value().value();
227 +
228 + if (event.type() == MapEvent.Type.INSERT || event.type() == MapEvent.Type.UPDATE) {
229 + switch (info.getState()) {
230 + case POLICY_VIOLATED:
231 + notifyDelegate(new SecurityModeEvent(SecurityModeEvent.Type.POLICY_VIOLATED, appId));
232 + break;
233 + case SECURED:
234 + notifyDelegate(new SecurityModeEvent(SecurityModeEvent.Type.POLICY_ACCEPTED, appId));
235 + default:
236 + break;
237 + }
238 + } else if (event.type() == MapEvent.Type.REMOVE) {
239 + removeAppFromDirectories(appId);
240 + }
241 + }
242 + }
243 +
244 + private void removeAppFromDirectories(ApplicationId appId) {
245 + for (String location : localAppBundleDirectory.get(appId)) {
246 + localBundleAppDirectory.get(location).remove(appId);
247 + }
248 + violations.remove(appId);
249 + states.remove(appId);
250 + localAppBundleDirectory.remove(appId);
251 + }
252 +
253 + @Override
254 + public boolean registerApplication(ApplicationId appId) {
255 + Application app = applicationAdminService.getApplication(appId);
256 + if (app == null) {
257 + log.warn("Unknown application.");
258 + return false;
259 + }
260 + localAppBundleDirectory.put(appId, getBundleLocations(app));
261 + for (String location : localAppBundleDirectory.get(appId)) {
262 + if (!localBundleAppDirectory.containsKey(location)) {
263 + localBundleAppDirectory.put(location, new HashSet<>());
264 + }
265 + if (!localBundleAppDirectory.get(location).contains(appId)) {
266 + localBundleAppDirectory.get(location).add(appId);
267 + }
268 + }
269 + states.put(appId, new SecurityInfo(Sets.newHashSet(), INSTALLED));
270 + return true;
271 + }
272 +
273 + @Override
274 + public void unregisterApplication(ApplicationId appId) {
275 + if (localAppBundleDirectory.containsKey(appId)) {
276 + for (String location : localAppBundleDirectory.get(appId)) {
277 + if (localBundleAppDirectory.get(location).size() == 1) {
278 + localBundleAppDirectory.remove(location);
279 + } else {
280 + localBundleAppDirectory.get(location).remove(appId);
281 + }
282 + }
283 + localAppBundleDirectory.remove(appId);
284 + }
285 + }
286 +
287 + @Override
288 + public SecurityModeState getState(ApplicationId appId) {
289 + return states.asJavaMap().getOrDefault(appId, new SecurityInfo(null, null)).getState();
290 + }
291 +
292 + private Set<String> getBundleLocations(Application app) {
293 + Set<String> locations = new HashSet<>();
294 + for (String name : app.features()) {
295 + try {
296 + Feature feature = featuresService.getFeature(name);
297 + locations.addAll(
298 + feature.getBundles().stream().map(BundleInfo::getLocation).collect(Collectors.toList()));
299 + } catch (Exception e) {
300 + return locations;
301 + }
302 + }
303 + return locations;
304 + }
305 +
306 + @Override
307 + public void setDelegate(SecurityModeStoreDelegate delegate) {
308 + super.setDelegate(delegate);
309 + }
310 +
311 + @Override
312 + public void unsetDelegate(SecurityModeStoreDelegate delegate) {
313 + super.setDelegate(delegate);
314 + }
315 +}
...\ No newline at end of file ...\ No newline at end of file
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.security.store;
18 +
19 +import org.onosproject.security.Permission;
20 +
21 +import java.util.Set;
22 +
23 +/**
24 + * Security-Mode ONOS security policy and state representation for distributed store.
25 + */
26 +public class SecurityInfo {
27 +
28 + protected Set<Permission> grantedPermissions;
29 + protected SecurityModeState state;
30 +
31 + public SecurityInfo(Set<Permission> perms, SecurityModeState state) {
32 + this.grantedPermissions = perms;
33 + this.state = state;
34 + }
35 + public Set<Permission> getPermissions() {
36 + return grantedPermissions;
37 + }
38 + public SecurityModeState getState() {
39 + return state;
40 + }
41 +}
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.security.store;
18 +
19 +import org.onosproject.core.ApplicationId;
20 +import org.onosproject.event.AbstractEvent;
21 +
22 +/**
23 + * Security-Mode ONOS notifications.
24 + */
25 +public class SecurityModeEvent extends AbstractEvent<SecurityModeEvent.Type, ApplicationId> {
26 +
27 + protected SecurityModeEvent(Type type, ApplicationId subject) {
28 + super(type, subject);
29 + }
30 +
31 + public enum Type {
32 +
33 + /**
34 + * Signifies that security policy has been accepted.
35 + */
36 + POLICY_ACCEPTED,
37 +
38 + /**
39 + * Signifies that security policy has been reviewed.
40 + */
41 + POLICY_REVIEWED,
42 +
43 + /**
44 + * Signifies that application has violated security policy.
45 + */
46 + POLICY_VIOLATED,
47 + }
48 +}
...@@ -14,20 +14,12 @@ ...@@ -14,20 +14,12 @@
14 * limitations under the License. 14 * limitations under the License.
15 */ 15 */
16 16
17 -package org.onosproject.cli.security; 17 +package org.onosproject.security.store;
18 18
19 -import com.google.common.collect.ImmutableList; 19 +import org.onosproject.event.EventListener;
20 -import org.onosproject.cli.AbstractChoicesCompleter;
21 20
22 -import java.util.List;
23 -
24 -import static org.onosproject.cli.security.PermissionCommand.*;
25 /** 21 /**
26 - * Permission command completer. 22 + * Security-Mode ONOS event listener.
27 */ 23 */
28 -public class PermissionCommandCompleter extends AbstractChoicesCompleter { 24 +public interface SecurityModeListener extends EventListener<SecurityModeEvent> {
29 - @Override
30 - protected List<String> choices() {
31 - return ImmutableList.of(ADD, REMOVE, CLEAR, LIST);
32 - }
33 } 25 }
......
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.security.store;
18 +
19 +/**
20 + * Representation of Security-Mode ONOS application review state.
21 + */
22 +public enum SecurityModeState {
23 +
24 + /**
25 + * Indicates that operator has accepted application security policy.
26 + */
27 + SECURED,
28 +
29 + /**
30 + * Indicates that application security policy has been reviewed.
31 + */
32 + REVIEWED,
33 +
34 + /**
35 + * Indicates that application has been installed.
36 + */
37 + INSTALLED,
38 +
39 + /**
40 + * Indicates that application has violated security policy.
41 + */
42 + POLICY_VIOLATED,
43 +}
1 +/*
2 + * Copyright 2015 Open Networking Laboratory
3 + *
4 + * Licensed under the Apache License, Version 2.0 (the "License");
5 + * you may not use this file except in compliance with the License.
6 + * You may obtain a copy of the License at
7 + *
8 + * http://www.apache.org/licenses/LICENSE-2.0
9 + *
10 + * Unless required by applicable law or agreed to in writing, software
11 + * distributed under the License is distributed on an "AS IS" BASIS,
12 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 + * See the License for the specific language governing permissions and
14 + * limitations under the License.
15 + */
16 +
17 +package org.onosproject.security.store;
18 +
19 +import org.onosproject.core.ApplicationId;
20 +import org.onosproject.security.Permission;
21 +import org.onosproject.store.Store;
22 +
23 +import java.util.Set;
24 +
25 +/**
26 + * Security-Mode ONOS distributed store service.
27 + */
28 +public interface SecurityModeStore extends Store<SecurityModeEvent, SecurityModeStoreDelegate> {
29 +
30 + /**
31 + * Updates the local bundle-application directories.
32 + * @param appId application identifier
33 + * @return true if successfully registered.
34 + */
35 + boolean registerApplication(ApplicationId appId);
36 +
37 + /**
38 + * Removes application info from the local bundle-application directories.
39 + * @param appId application identifier
40 + */
41 + void unregisterApplication(ApplicationId appId);
42 +
43 + /**
44 + * Returns state of the specified application.
45 + * @param appId application identifier
46 + * @return Security-Mode State of application
47 + */
48 + SecurityModeState getState(ApplicationId appId);
49 +
50 + /**
51 + * Returns bundle locations of specified application.
52 + * @param appId application identifier
53 + * @return set of bundle location strings
54 + */
55 + Set<String> getBundleLocations(ApplicationId appId);
56 +
57 + /**
58 + * Returns application identifiers that are associated with given bundle location.
59 + * @param location OSGi bundle location
60 + * @return set of application identifiers
61 + */
62 + Set<ApplicationId> getApplicationIds(String location);
63 +
64 + /**
65 + * Returns a list of permissions that have been requested by given application.
66 + * @param appId application identifier
67 + * @return list of permissions
68 + */
69 + Set<Permission> getRequestedPermissions(ApplicationId appId);
70 +
71 + /**
72 + * Returns an array of permissions that have been granted to given application.
73 + * @param appId application identifier
74 + * @return array of permissionInfo
75 + */
76 + Set<Permission> getGrantedPermissions(ApplicationId appId);
77 +
78 + /**
79 + * Request permission that is required to run given application.
80 + * @param appId application identifier
81 + * @param permission permission
82 + */
83 + void requestPermission(ApplicationId appId, Permission permission);
84 +
85 + /**
86 + * Returns true if given application has been secured.
87 + * @param appId application identifier
88 + * @return true indicates secured
89 + */
90 + boolean isSecured(ApplicationId appId);
91 +
92 + /**
93 + * Notifies SM-ONOS that operator has reviewed the policy.
94 + * @param appId application identifier
95 + */
96 + void reviewPolicy(ApplicationId appId);
97 +
98 + /**
99 + * Accept the current security policy of given application.
100 + * @param appId application identifier
101 + * @param permissionSet array of PermissionInfo
102 + */
103 + void acceptPolicy(ApplicationId appId, Set<Permission> permissionSet);
104 +}
...\ No newline at end of file ...\ No newline at end of file
...@@ -14,32 +14,12 @@ ...@@ -14,32 +14,12 @@
14 * limitations under the License. 14 * limitations under the License.
15 */ 15 */
16 16
17 -package org.onosproject.cli.security; 17 +package org.onosproject.security.store;
18 18
19 -import org.apache.karaf.shell.console.completer.ArgumentCompleter; 19 +import org.onosproject.store.StoreDelegate;
20 -import org.onosproject.cli.AbstractChoicesCompleter;
21 -import org.onosproject.core.Permission;
22 -
23 -import java.util.ArrayList;
24 -import java.util.List;
25 20
26 /** 21 /**
27 - * Permission Name Completer. 22 + * Security-Mode distributed store delegate abstraction.
28 */ 23 */
29 -public class PermissionNameCompleter extends AbstractChoicesCompleter { 24 +public interface SecurityModeStoreDelegate extends StoreDelegate<SecurityModeEvent> {
30 - @Override
31 - protected List<String> choices() {
32 - List<String> permNames = new ArrayList<>();
33 -
34 - ArgumentCompleter.ArgumentList list = getArgumentList();
35 - String cmd = list.getArguments()[1];
36 - if (cmd.equals("add") || cmd.equals("remove")) {
37 - for (Permission perm : Permission.values()) {
38 - permNames.add(perm.name());
39 - }
40 - }
41 - return permNames;
42 - }
43 -
44 -
45 } 25 }
......
...@@ -38,7 +38,7 @@ import org.onosproject.core.Application; ...@@ -38,7 +38,7 @@ import org.onosproject.core.Application;
38 import org.onosproject.core.ApplicationId; 38 import org.onosproject.core.ApplicationId;
39 import org.onosproject.core.ApplicationIdStore; 39 import org.onosproject.core.ApplicationIdStore;
40 import org.onosproject.core.DefaultApplication; 40 import org.onosproject.core.DefaultApplication;
41 -import org.onosproject.core.Permission; 41 +import org.onosproject.security.Permission;
42 import org.onosproject.store.cluster.messaging.ClusterCommunicationService; 42 import org.onosproject.store.cluster.messaging.ClusterCommunicationService;
43 import org.onosproject.store.cluster.messaging.MessageSubject; 43 import org.onosproject.store.cluster.messaging.MessageSubject;
44 import org.onosproject.store.serializers.KryoNamespaces; 44 import org.onosproject.store.serializers.KryoNamespaces;
......
...@@ -135,7 +135,7 @@ ...@@ -135,7 +135,7 @@
135 <feature>onos-api</feature> 135 <feature>onos-api</feature>
136 <!-- FIXME Release when stable (before Drake) --> 136 <!-- FIXME Release when stable (before Drake) -->
137 <bundle>mvn:org.onosproject/org.apache.felix.framework.security/2.2.0.onos-SNAPSHOT</bundle> 137 <bundle>mvn:org.onosproject/org.apache.felix.framework.security/2.2.0.onos-SNAPSHOT</bundle>
138 - <bundle>mvn:org.onosproject/onos-security-impl/@ONOS-VERSION</bundle> 138 + <bundle>mvn:org.onosproject/onos-security/@ONOS-VERSION</bundle>
139 </feature> 139 </feature>
140 140
141 </features> 141 </features>
......
...@@ -17,7 +17,6 @@ package org.onosproject.openflow.controller; ...@@ -17,7 +17,6 @@ package org.onosproject.openflow.controller;
17 17
18 import org.onlab.packet.DeserializationException; 18 import org.onlab.packet.DeserializationException;
19 import org.onlab.packet.Ethernet; 19 import org.onlab.packet.Ethernet;
20 -import org.onosproject.core.Permission;
21 import org.projectfloodlight.openflow.protocol.OFPacketIn; 20 import org.projectfloodlight.openflow.protocol.OFPacketIn;
22 import org.projectfloodlight.openflow.protocol.OFPacketOut; 21 import org.projectfloodlight.openflow.protocol.OFPacketOut;
23 import org.projectfloodlight.openflow.protocol.OFVersion; 22 import org.projectfloodlight.openflow.protocol.OFVersion;
...@@ -34,6 +33,7 @@ import java.util.Collections; ...@@ -34,6 +33,7 @@ import java.util.Collections;
34 import java.util.concurrent.atomic.AtomicBoolean; 33 import java.util.concurrent.atomic.AtomicBoolean;
35 34
36 import static org.onosproject.security.AppGuard.checkPermission; 35 import static org.onosproject.security.AppGuard.checkPermission;
36 +import static org.onosproject.security.AppPermission.Type.*;
37 37
38 38
39 /** 39 /**
...@@ -57,7 +57,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext ...@@ -57,7 +57,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext
57 57
58 @Override 58 @Override
59 public void send() { 59 public void send() {
60 - checkPermission(Permission.PACKET_WRITE); 60 + checkPermission(PACKET_WRITE);
61 61
62 if (block() && isBuilt.get()) { 62 if (block() && isBuilt.get()) {
63 sw.sendMsg(pktout); 63 sw.sendMsg(pktout);
...@@ -97,7 +97,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext ...@@ -97,7 +97,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext
97 97
98 @Override 98 @Override
99 public Ethernet parsed() { 99 public Ethernet parsed() {
100 - checkPermission(Permission.PACKET_READ); 100 + checkPermission(PACKET_READ);
101 101
102 try { 102 try {
103 return Ethernet.deserializer().deserialize(pktin.getData(), 0, pktin.getData().length); 103 return Ethernet.deserializer().deserialize(pktin.getData(), 0, pktin.getData().length);
...@@ -111,7 +111,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext ...@@ -111,7 +111,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext
111 111
112 @Override 112 @Override
113 public Dpid dpid() { 113 public Dpid dpid() {
114 - checkPermission(Permission.PACKET_READ); 114 + checkPermission(PACKET_READ);
115 115
116 return new Dpid(sw.getId()); 116 return new Dpid(sw.getId());
117 } 117 }
...@@ -130,7 +130,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext ...@@ -130,7 +130,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext
130 130
131 @Override 131 @Override
132 public Integer inPort() { 132 public Integer inPort() {
133 - checkPermission(Permission.PACKET_READ); 133 + checkPermission(PACKET_READ);
134 134
135 return pktinInPort().getPortNumber(); 135 return pktinInPort().getPortNumber();
136 } 136 }
...@@ -144,7 +144,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext ...@@ -144,7 +144,7 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext
144 144
145 @Override 145 @Override
146 public byte[] unparsed() { 146 public byte[] unparsed() {
147 - checkPermission(Permission.PACKET_READ); 147 + checkPermission(PACKET_READ);
148 148
149 return pktin.getData().clone(); 149 return pktin.getData().clone();
150 150
...@@ -160,21 +160,21 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext ...@@ -160,21 +160,21 @@ public final class DefaultOpenFlowPacketContext implements OpenFlowPacketContext
160 160
161 @Override 161 @Override
162 public boolean block() { 162 public boolean block() {
163 - checkPermission(Permission.PACKET_WRITE); 163 + checkPermission(PACKET_WRITE);
164 164
165 return free.getAndSet(false); 165 return free.getAndSet(false);
166 } 166 }
167 167
168 @Override 168 @Override
169 public boolean isHandled() { 169 public boolean isHandled() {
170 - checkPermission(Permission.PACKET_READ); 170 + checkPermission(PACKET_READ);
171 171
172 return !free.get(); 172 return !free.get();
173 } 173 }
174 174
175 @Override 175 @Override
176 public boolean isBuffered() { 176 public boolean isBuffered() {
177 - checkPermission(Permission.PACKET_READ); 177 + checkPermission(PACKET_READ);
178 178
179 return isBuffered; 179 return isBuffered;
180 } 180 }
......