aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/onos/core/security
diff options
context:
space:
mode:
authorCNlucius <lukai1@huawei.com>2016-09-13 11:40:12 +0800
committerCNlucius <lukai1@huawei.com>2016-09-13 11:41:53 +0800
commitb731e2f1dd0972409b136aebc7b463dd72c9cfad (patch)
tree5107d7d80c19ad8076c2c97c2b5ef8d1cf3ab903 /framework/src/onos/core/security
parentee93993458266114c29271a481ef9ce7ce621b2a (diff)
ONOSFW-171
O/S-SFC-ONOS scenario documentation Change-Id: I51ae1cf736ea24ab6680f8edca1b2bf5dd598365 Signed-off-by: CNlucius <lukai1@huawei.com>
Diffstat (limited to 'framework/src/onos/core/security')
-rw-r--r--framework/src/onos/core/security/pom.xml80
-rw-r--r--framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java448
-rw-r--r--framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/SecurityModeManager.java305
-rw-r--r--framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/package-info.java20
-rw-r--r--framework/src/onos/core/security/src/main/java/org/onosproject/security/store/DistributedSecurityModeStore.java315
-rw-r--r--framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityInfo.java41
-rw-r--r--framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeEvent.java48
-rw-r--r--framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeListener.java25
-rw-r--r--framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeState.java43
-rw-r--r--framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeStore.java104
-rw-r--r--framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeStoreDelegate.java25
-rw-r--r--framework/src/onos/core/security/src/main/java/org/onosproject/security/store/package-info.java20
12 files changed, 0 insertions, 1474 deletions
diff --git a/framework/src/onos/core/security/pom.xml b/framework/src/onos/core/security/pom.xml
deleted file mode 100644
index 4635c686..00000000
--- a/framework/src/onos/core/security/pom.xml
+++ /dev/null
@@ -1,80 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- ~ Copyright 2015 Open Networking Laboratory
- ~
- ~ Licensed under the Apache License, Version 2.0 (the "License");
- ~ you may not use this file except in compliance with the License.
- ~ You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
-
- <parent>
- <artifactId>onos-core</artifactId>
- <groupId>org.onosproject</groupId>
- <version>1.4.0-rc1</version>
- <relativePath>../pom.xml</relativePath>
- </parent>
-
- <artifactId>onos-security</artifactId>
- <packaging>bundle</packaging>
-
-
- <description>Security-Mode ONOS project</description>
-
- <dependencies>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
- <artifactId>org.osgi.compendium</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.felix</groupId>
- <artifactId>org.apache.felix.scr.annotations</artifactId>
- </dependency>
- <dependency>
- <groupId>org.onosproject</groupId>
- <artifactId>onos-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.onosproject</groupId>
- <artifactId>onos-core-serializers</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.karaf.features</groupId>
- <artifactId>org.apache.karaf.features.core</artifactId>
- </dependency>
- <!-- Adding dependency to pull the artifact from Maven Central.
- Note: This is just needed for the onos-security feature. -->
- <dependency>
- <groupId>org.onosproject</groupId>
- <artifactId>org.apache.felix.framework.security</artifactId>
- <version>2.2.0.onos</version>
- <scope>provided</scope>
- </dependency>
- </dependencies>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-scr-plugin</artifactId>
- </plugin>
- </plugins>
- </build>
-
-</project> \ No newline at end of file
diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java
deleted file mode 100644
index b043765a..00000000
--- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java
+++ /dev/null
@@ -1,448 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.onosproject.security.impl;
-
-
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Lists;
-import com.google.common.collect.Sets;
-import org.onosproject.security.AppPermission;
-import org.onosproject.app.ApplicationAdminService;
-import org.onosproject.app.ApplicationService;
-import org.onosproject.cfg.ComponentConfigService;
-import org.onosproject.cluster.ClusterAdminService;
-import org.onosproject.cluster.ClusterService;
-import org.onosproject.core.CoreService;
-import org.onosproject.cluster.LeadershipService;
-import org.onosproject.mastership.MastershipAdminService;
-import org.onosproject.mastership.MastershipService;
-import org.onosproject.net.device.DeviceAdminService;
-import org.onosproject.net.device.DeviceService;
-import org.onosproject.net.device.DeviceClockService;
-import org.onosproject.net.driver.DriverAdminService;
-import org.onosproject.net.driver.DriverService;
-import org.onosproject.net.flow.FlowRuleService;
-import org.onosproject.net.flowobjective.FlowObjectiveService;
-import org.onosproject.net.group.GroupService;
-import org.onosproject.net.host.HostAdminService;
-import org.onosproject.net.host.HostService;
-import org.onosproject.net.intent.IntentService;
-import org.onosproject.net.intent.IntentExtensionService;
-import org.onosproject.net.intent.IntentClockService;
-import org.onosproject.net.intent.PartitionService;
-import org.onosproject.net.link.LinkAdminService;
-import org.onosproject.net.link.LinkService;
-import org.onosproject.net.packet.PacketService;
-import org.onosproject.net.proxyarp.ProxyArpService;
-import org.onosproject.net.resource.link.LinkResourceService;
-import org.onosproject.net.statistic.StatisticService;
-import org.onosproject.net.topology.PathService;
-import org.onosproject.net.topology.TopologyService;
-import org.onosproject.security.SecurityAdminService;
-import org.onosproject.store.service.StorageAdminService;
-import org.onosproject.store.service.StorageService;
-import org.osgi.framework.BundlePermission;
-import org.osgi.framework.CapabilityPermission;
-import org.osgi.framework.ServicePermission;
-import org.osgi.framework.PackagePermission;
-import org.osgi.framework.AdaptPermission;
-import org.osgi.service.cm.ConfigurationPermission;
-
-import javax.net.ssl.SSLPermission;
-import javax.security.auth.AuthPermission;
-import javax.security.auth.PrivateCredentialPermission;
-import javax.security.auth.kerberos.DelegationPermission;
-import javax.sound.sampled.AudioPermission;
-import java.io.FilePermission;
-import java.io.SerializablePermission;
-import java.net.NetPermission;
-import java.net.SocketPermission;
-import java.security.Permissions;
-import java.sql.SQLPermission;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.List;
-import java.util.PropertyPermission;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
-import java.security.Permission;
-import java.util.logging.LoggingPermission;
-
-import static org.onosproject.security.AppPermission.Type.*;
-
-public final class DefaultPolicyBuilder {
-
- protected static ConcurrentHashMap<AppPermission.Type,
- Set<String>> serviceDirectory = getServiceDirectory();
-
- protected static List<Permission> defaultPermissions = getDefaultPerms();
- protected static List<Permission> adminServicePermissions = getAdminDefaultPerms();
-
- private DefaultPolicyBuilder(){
- }
-
- public static List<Permission> getUserApplicationPermissions(Set<org.onosproject.security.Permission> permissions) {
- List<Permission> perms = Lists.newArrayList();
- perms.addAll(defaultPermissions);
- perms.addAll(convertToJavaPermissions(permissions));
- return optimizePermissions(perms);
- }
-
- public static List<Permission> getAdminApplicationPermissions(
- Set<org.onosproject.security.Permission> permissions) {
- List<Permission> perms = Lists.newArrayList();
- perms.addAll(defaultPermissions);
- perms.addAll(adminServicePermissions);
- for (AppPermission.Type perm : serviceDirectory.keySet()) {
- perms.add(new AppPermission(perm));
- }
- perms.addAll(convertToJavaPermissions(permissions));
- return optimizePermissions(perms);
- }
-
- public static List<Permission> convertToJavaPermissions(Set<org.onosproject.security.Permission> permissions) {
- List<Permission> result = Lists.newArrayList();
- for (org.onosproject.security.Permission perm : permissions) {
- Permission javaPerm = getPermission(perm);
- if (javaPerm != null) {
- if (javaPerm instanceof AppPermission) {
- if (((AppPermission) javaPerm).getType() != null) {
- AppPermission ap = (AppPermission) javaPerm;
- result.add(ap);
- if (serviceDirectory.containsKey(ap.getType())) {
- for (String service : serviceDirectory.get(ap.getType())) {
- result.add(new ServicePermission(service, ServicePermission.GET));
- }
- }
- }
- } else if (javaPerm instanceof ServicePermission) {
- if (!javaPerm.getName().contains(SecurityAdminService.class.getName())) {
- result.add(javaPerm);
- }
- } else {
- result.add(javaPerm);
- }
-
- }
- }
- return result;
- }
-
- public static Set<org.onosproject.security.Permission> convertToOnosPermissions(List<Permission> permissions) {
- Set<org.onosproject.security.Permission> result = Sets.newHashSet();
- for (Permission perm : permissions) {
- org.onosproject.security.Permission onosPerm = getOnosPermission(perm);
- if (onosPerm != null) {
- result.add(onosPerm);
- }
- }
- return result;
- }
-
- public static List<Permission> getDefaultPerms() {
- List<Permission> permSet = Lists.newArrayList();
- permSet.add(new PackagePermission("*", PackagePermission.EXPORTONLY));
- permSet.add(new PackagePermission("*", PackagePermission.IMPORT));
- permSet.add(new AdaptPermission("*", AdaptPermission.ADAPT));
- permSet.add(new ConfigurationPermission("*", ConfigurationPermission.CONFIGURE));
- return permSet;
- }
-
- private static List<Permission> getAdminDefaultPerms() {
- List<Permission> permSet = Lists.newArrayList();
- permSet.add(new ServicePermission(ApplicationAdminService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(ClusterAdminService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(MastershipAdminService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(DeviceAdminService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(HostAdminService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(LinkAdminService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(DriverAdminService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(StorageAdminService.class.getName(), ServicePermission.GET));
-// permSet.add(new ServicePermission(LabelResourceAdminService.class.getName(), ServicePermission.GET));
-// permSet.add(new ServicePermission(TunnelAdminService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(ApplicationService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(ComponentConfigService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(CoreService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(ClusterService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(LeadershipService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(MastershipService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(DeviceService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(DeviceClockService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(DriverService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(FlowRuleService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(FlowObjectiveService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(GroupService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(HostService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(IntentService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(IntentClockService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(IntentExtensionService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(PartitionService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(LinkService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(LinkResourceService.class.getName(), ServicePermission.GET));
-// permSet.add(new ServicePermission(LabelResourceService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(PacketService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(ProxyArpService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(StatisticService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(PathService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(TopologyService.class.getName(), ServicePermission.GET));
-// permSet.add(new ServicePermission(TunnelService.class.getName(), ServicePermission.GET));
- permSet.add(new ServicePermission(StorageService.class.getName(), ServicePermission.GET));
- return permSet;
- }
-
- public static Set<String> getNBServiceList() {
- Set<String> permString = new HashSet<>();
- for (Permission perm : getAdminDefaultPerms()) {
- permString.add(perm.getName());
- }
- return permString;
- }
-
- private static ConcurrentHashMap<AppPermission.Type, Set<String>> getServiceDirectory() {
-
- ConcurrentHashMap<AppPermission.Type, Set<String>> serviceDirectory = new ConcurrentHashMap<>();
-
- serviceDirectory.put(APP_READ, ImmutableSet.of(
- ApplicationService.class.getName(), CoreService.class.getName()));
- serviceDirectory.put(APP_EVENT, ImmutableSet.of(
- ApplicationService.class.getName(), CoreService.class.getName()));
- serviceDirectory.put(CONFIG_READ, ImmutableSet.of(
- ComponentConfigService.class.getName()));
- serviceDirectory.put(CONFIG_WRITE, ImmutableSet.of(
- ComponentConfigService.class.getName()));
- serviceDirectory.put(CLUSTER_READ, ImmutableSet.of(
- ClusterService.class.getName(), LeadershipService.class.getName(),
- MastershipService.class.getName()));
- serviceDirectory.put(CLUSTER_WRITE, ImmutableSet.of(
- LeadershipService.class.getName(), MastershipService.class.getName()));
- serviceDirectory.put(CLUSTER_EVENT, ImmutableSet.of(
- ClusterService.class.getName(), LeadershipService.class.getName(),
- MastershipService.class.getName()));
- serviceDirectory.put(DEVICE_READ, ImmutableSet.of(
- DeviceService.class.getName(), DeviceClockService.class.getName()));
- serviceDirectory.put(DEVICE_EVENT, ImmutableSet.of(
- DeviceService.class.getName()));
- serviceDirectory.put(DRIVER_READ, ImmutableSet.of(
- DriverService.class.getName()));
- serviceDirectory.put(DRIVER_WRITE, ImmutableSet.of(
- DriverService.class.getName()));
- serviceDirectory.put(FLOWRULE_READ, ImmutableSet.of(
- FlowRuleService.class.getName()));
- serviceDirectory.put(FLOWRULE_WRITE, ImmutableSet.of(
- FlowRuleService.class.getName(), FlowObjectiveService.class.getName()));
- serviceDirectory.put(FLOWRULE_EVENT, ImmutableSet.of(
- FlowRuleService.class.getName()));
- serviceDirectory.put(GROUP_READ, ImmutableSet.of(
- GroupService.class.getName()));
- serviceDirectory.put(GROUP_WRITE, ImmutableSet.of(
- GroupService.class.getName()));
- serviceDirectory.put(GROUP_EVENT, ImmutableSet.of(
- GroupService.class.getName()));
- serviceDirectory.put(HOST_READ, ImmutableSet.of(
- HostService.class.getName()));
- serviceDirectory.put(HOST_WRITE, ImmutableSet.of(
- HostService.class.getName()));
- serviceDirectory.put(HOST_EVENT, ImmutableSet.of(
- HostService.class.getName()));
- serviceDirectory.put(INTENT_READ, ImmutableSet.of(
- IntentService.class.getName(), PartitionService.class.getName(),
- IntentClockService.class.getName()));
- serviceDirectory.put(INTENT_WRITE, ImmutableSet.of(
- IntentService.class.getName()));
- serviceDirectory.put(INTENT_EVENT, ImmutableSet.of(
- IntentService.class.getName()));
-// serviceDirectory.put(LINK_READ, ImmutableSet.of(
-// LinkService.class.getName(), LinkResourceService.class.getName(),
-// LabelResourceService.class.getName()));
-// serviceDirectory.put(LINK_WRITE, ImmutableSet.of(
-// LinkResourceService.class.getName(), LabelResourceService.class.getName()));
-// serviceDirectory.put(LINK_EVENT, ImmutableSet.of(
-// LinkService.class.getName(), LinkResourceService.class.getName(),
-// LabelResourceService.class.getName()));
- serviceDirectory.put(PACKET_READ, ImmutableSet.of(
- PacketService.class.getName(), ProxyArpService.class.getName()));
- serviceDirectory.put(PACKET_WRITE, ImmutableSet.of(
- PacketService.class.getName(), ProxyArpService.class.getName()));
- serviceDirectory.put(PACKET_EVENT, ImmutableSet.of(
- PacketService.class.getName()));
- serviceDirectory.put(STATISTIC_READ, ImmutableSet.of(
- StatisticService.class.getName()));
- serviceDirectory.put(TOPOLOGY_READ, ImmutableSet.of(
- TopologyService.class.getName(), PathService.class.getName()));
- serviceDirectory.put(TOPOLOGY_EVENT, ImmutableSet.of(
- TopologyService.class.getName()));
-// serviceDirectory.put(TUNNEL_READ, ImmutableSet.of(
-// TunnelService.class.getName()));
-// serviceDirectory.put(TUNNEL_WRITE, ImmutableSet.of(
-// TunnelService.class.getName()));
-// serviceDirectory.put(TUNNEL_EVENT, ImmutableSet.of(
-// TunnelService.class.getName()));
- serviceDirectory.put(STORAGE_WRITE, ImmutableSet.of(
- StorageService.class.getName()));
-
- return serviceDirectory;
- }
-
-
- public static org.onosproject.security.Permission getOnosPermission(Permission permission) {
- if (permission instanceof AppPermission) {
- return new org.onosproject.security.Permission(AppPermission.class.getName(), permission.getName(), "");
- } else if (permission instanceof FilePermission) {
- return new org.onosproject.security.Permission(
- FilePermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof SerializablePermission) {
- return new org.onosproject.security.Permission(
- SerializablePermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof NetPermission) {
- return new org.onosproject.security.Permission(
- NetPermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof RuntimePermission) {
- return new org.onosproject.security.Permission(
- RuntimePermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof SocketPermission) {
- return new org.onosproject.security.Permission(
- SocketPermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof SQLPermission) {
- return new org.onosproject.security.Permission(
- SQLPermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof PropertyPermission) {
- return new org.onosproject.security.Permission(
- PropertyPermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof LoggingPermission) {
- return new org.onosproject.security.Permission(
- LoggingPermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof SSLPermission) {
- return new org.onosproject.security.Permission(
- SSLPermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof AuthPermission) {
- return new org.onosproject.security.Permission(
- AuthPermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof PrivateCredentialPermission) {
- return new org.onosproject.security.Permission(
- PrivateCredentialPermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof DelegationPermission) {
- return new org.onosproject.security.Permission(
- DelegationPermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof javax.security.auth.kerberos.ServicePermission) {
- return new org.onosproject.security.Permission(
- javax.security.auth.kerberos.ServicePermission.class.getName(), permission.getName(),
- permission.getActions());
- } else if (permission instanceof AudioPermission) {
- return new org.onosproject.security.Permission(
- AudioPermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof AdaptPermission) {
- return new org.onosproject.security.Permission(
- AdaptPermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof BundlePermission) {
- return new org.onosproject.security.Permission(
- BundlePermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof CapabilityPermission) {
- return new org.onosproject.security.Permission(
- CapabilityPermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof PackagePermission) {
- return new org.onosproject.security.Permission(
- PackagePermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof ServicePermission) {
- return new org.onosproject.security.Permission(
- ServicePermission.class.getName(), permission.getName(), permission.getActions());
- }
- return null;
- }
-
- private static Permission getPermission(org.onosproject.security.Permission permission) {
-
- String classname = permission.getClassName();
- String name = permission.getName();
- String actions = permission.getActions();
-
- if (classname == null || name == null) {
- return null;
- }
- classname = classname.trim();
- name = name.trim();
- actions = actions.trim();
-
- if (AppPermission.class.getName().equals(classname)) {
- return new AppPermission(name);
- } else if (FilePermission.class.getName().equals(classname)) {
- return new FilePermission(name, actions);
- } else if (SerializablePermission.class.getName().equals(classname)) {
- return new SerializablePermission(name, actions);
- } else if (NetPermission.class.getName().equals(classname)) {
- return new NetPermission(name, actions);
- } else if (RuntimePermission.class.getName().equals(classname)) {
- return new RuntimePermission(name, actions);
- } else if (SocketPermission.class.getName().equals(classname)) {
- return new SocketPermission(name, actions);
- } else if (SQLPermission.class.getName().equals(classname)) {
- return new SQLPermission(name, actions);
- } else if (PropertyPermission.class.getName().equals(classname)) {
- return new PropertyPermission(name, actions);
- } else if (LoggingPermission.class.getName().equals(classname)) {
- return new LoggingPermission(name, actions);
- } else if (SSLPermission.class.getName().equals(classname)) {
- return new SSLPermission(name, actions);
- } else if (AuthPermission.class.getName().equals(classname)) {
- return new AuthPermission(name, actions);
- } else if (PrivateCredentialPermission.class.getName().equals(classname)) {
- return new PrivateCredentialPermission(name, actions);
- } else if (DelegationPermission.class.getName().equals(classname)) {
- return new DelegationPermission(name, actions);
- } else if (javax.security.auth.kerberos.ServicePermission.class.getName().equals(classname)) {
- return new javax.security.auth.kerberos.ServicePermission(name, actions);
- } else if (AudioPermission.class.getName().equals(classname)) {
- return new AudioPermission(name, actions);
- } else if (AdaptPermission.class.getName().equals(classname)) {
- return new AdaptPermission(name, actions);
- } else if (BundlePermission.class.getName().equals(classname)) {
- return new BundlePermission(name, actions);
- } else if (CapabilityPermission.class.getName().equals(classname)) {
- return new CapabilityPermission(name, actions);
- } else if (PackagePermission.class.getName().equals(classname)) {
- return new PackagePermission(name, actions);
- } else if (ServicePermission.class.getName().equals(classname)) {
- return new ServicePermission(name, actions);
- }
-
- //AllPermission, SecurityPermission, UnresolvedPermission
- //AWTPermission, AdminPermission(osgi), ReflectPermission not allowed
- return null;
-
- }
- private static List<Permission> optimizePermissions(List<Permission> perms) {
- Permissions permissions = listToPermissions(perms);
- return permissionsToList(permissions);
- }
-
- private static List<Permission> permissionsToList(Permissions perms) {
- List<Permission> permissions = new ArrayList<>();
- Enumeration<Permission> e = perms.elements();
- while (e.hasMoreElements()) {
- permissions.add(e.nextElement());
- }
- return permissions;
- }
-
- private static Permissions listToPermissions(List<Permission> perms) {
- Permissions permissions = new Permissions();
- for (Permission perm : perms) {
- permissions.add(perm);
- }
- return permissions;
- }
-}
-
diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/SecurityModeManager.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/SecurityModeManager.java
deleted file mode 100644
index 325f49be..00000000
--- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/SecurityModeManager.java
+++ /dev/null
@@ -1,305 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.onosproject.security.impl;
-
-import com.google.common.collect.Lists;
-
-import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.Reference;
-import org.apache.felix.scr.annotations.ReferenceCardinality;
-import org.apache.felix.scr.annotations.Activate;
-import org.apache.felix.scr.annotations.Deactivate;
-import org.apache.felix.scr.annotations.Service;
-
-import org.onosproject.app.ApplicationAdminService;
-import org.onosproject.app.ApplicationState;
-import org.onosproject.core.Application;
-import org.onosproject.core.ApplicationId;
-
-import org.onosproject.event.EventDeliveryService;
-import org.onosproject.event.ListenerRegistry;
-import org.onosproject.security.AppPermission;
-import org.onosproject.security.SecurityAdminService;
-import org.onosproject.security.store.SecurityModeEvent;
-import org.onosproject.security.store.SecurityModeListener;
-import org.onosproject.security.store.SecurityModeStore;
-import org.onosproject.security.store.SecurityModeStoreDelegate;
-import org.osgi.framework.BundleContext;
-import org.osgi.framework.FrameworkUtil;
-import org.osgi.framework.ServicePermission;
-import org.osgi.service.log.LogEntry;
-import org.osgi.service.log.LogListener;
-import org.osgi.service.log.LogReaderService;
-import org.osgi.service.permissionadmin.PermissionInfo;
-
-import java.security.AccessControlException;
-import java.security.Permission;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
-
-import org.osgi.service.permissionadmin.PermissionAdmin;
-import org.slf4j.Logger;
-
-import static org.slf4j.LoggerFactory.getLogger;
-
-/**
- * Security-Mode ONOS management implementation.
- *
- * Note: Activating Security-Mode ONOS has significant performance implications in Drake.
- * See the wiki for instructions on how to activate it.
- */
-
-@Component(immediate = true)
-@Service
-public class SecurityModeManager implements SecurityAdminService {
-
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected SecurityModeStore store;
-
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected ApplicationAdminService appAdminService;
-
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected LogReaderService logReaderService;
-
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected EventDeliveryService eventDispatcher;
-
- private final Logger log = getLogger(getClass());
-
- protected final ListenerRegistry<SecurityModeEvent, SecurityModeListener>
- listenerRegistry = new ListenerRegistry<>();
-
- private final SecurityModeStoreDelegate delegate = new InternalStoreDelegate();
-
- private SecurityLogListener securityLogListener = new SecurityLogListener();
-
- private PermissionAdmin permissionAdmin = getPermissionAdmin();
-
-
- @Activate
- public void activate() {
-
- eventDispatcher.addSink(SecurityModeEvent.class, listenerRegistry);
- // add Listeners
- logReaderService.addLogListener(securityLogListener);
-
- store.setDelegate(delegate);
-
- if (System.getSecurityManager() == null) {
- log.warn("J2EE security manager is disabled.");
- deactivate();
- return;
- }
- if (permissionAdmin == null) {
- log.warn("Permission Admin not found.");
- deactivate();
- return;
- }
-
- log.info("Security-Mode Started");
- }
-
- @Deactivate
- public void deactivate() {
- eventDispatcher.removeSink(SecurityModeEvent.class);
- logReaderService.removeLogListener(securityLogListener);
- store.unsetDelegate(delegate);
- log.info("Stopped");
-
- }
-
- @Override
- public boolean isSecured(ApplicationId appId) {
- if (store.getState(appId) == null) {
- store.registerApplication(appId);
- }
- return store.isSecured(appId);
- }
-
-
- @Override
- public void review(ApplicationId appId) {
- if (store.getState(appId) == null) {
- store.registerApplication(appId);
- }
- store.reviewPolicy(appId);
- }
-
- @Override
- public void acceptPolicy(ApplicationId appId) {
- if (store.getState(appId) == null) {
- store.registerApplication(appId);
- }
- store.acceptPolicy(appId, DefaultPolicyBuilder.convertToOnosPermissions(getMaximumPermissions(appId)));
- }
-
- @Override
- public void register(ApplicationId appId) {
- store.registerApplication(appId);
- }
-
- @Override
- public Map<Integer, List<Permission>> getPrintableSpecifiedPermissions(ApplicationId appId) {
- return getPrintablePermissionMap(getMaximumPermissions(appId));
- }
-
- @Override
- public Map<Integer, List<Permission>> getPrintableGrantedPermissions(ApplicationId appId) {
- return getPrintablePermissionMap(
- DefaultPolicyBuilder.convertToJavaPermissions(store.getGrantedPermissions(appId)));
- }
-
- @Override
- public Map<Integer, List<Permission>> getPrintableRequestedPermissions(ApplicationId appId) {
- return getPrintablePermissionMap(
- DefaultPolicyBuilder.convertToJavaPermissions(store.getRequestedPermissions(appId)));
- }
-
- private class SecurityLogListener implements LogListener {
- @Override
- public void logged(LogEntry entry) {
- if (entry.getException() != null &&
- entry.getException() instanceof AccessControlException) {
- String location = entry.getBundle().getLocation();
- Permission javaPerm =
- ((AccessControlException) entry.getException()).getPermission();
- org.onosproject.security.Permission permission = DefaultPolicyBuilder.getOnosPermission(javaPerm);
- if (permission == null) {
- log.warn("Unsupported permission requested.");
- return;
- }
- store.getApplicationIds(location).stream().filter(
- appId -> store.isSecured(appId) &&
- appAdminService.getState(appId) == ApplicationState.ACTIVE).forEach(appId -> {
- store.requestPermission(appId, permission);
- print("[POLICY VIOLATION] APP: %s / Bundle: %s / Permission: %s ",
- appId.name(), location, permission.toString());
- });
- }
- }
- }
-
- private class InternalStoreDelegate implements SecurityModeStoreDelegate {
- @Override
- public void notify(SecurityModeEvent event) {
- if (event.type() == SecurityModeEvent.Type.POLICY_ACCEPTED) {
- setLocalPermissions(event.subject());
- log.info("{} POLICY ACCEPTED and ENFORCED", event.subject().name());
- } else if (event.type() == SecurityModeEvent.Type.POLICY_VIOLATED) {
- log.info("{} POLICY VIOLATED", event.subject().name());
- } else if (event.type() == SecurityModeEvent.Type.POLICY_REVIEWED) {
- log.info("{} POLICY REVIEWED", event.subject().name());
- }
- eventDispatcher.post(event);
- }
- }
-
- /**
- * TYPES.
- * 0 - APP_PERM
- * 1 - ADMIN SERVICE
- * 2 - NB_SERVICE
- * 3 - ETC_SERVICE
- * 4 - ETC
- * @param perms
- */
- private Map<Integer, List<Permission>> getPrintablePermissionMap(List<Permission> perms) {
- ConcurrentHashMap<Integer, List<Permission>> sortedMap = new ConcurrentHashMap<>();
- sortedMap.put(0, new ArrayList());
- sortedMap.put(1, new ArrayList());
- sortedMap.put(2, new ArrayList());
- sortedMap.put(3, new ArrayList());
- sortedMap.put(4, new ArrayList());
- for (Permission perm : perms) {
- if (perm instanceof ServicePermission) {
- if (DefaultPolicyBuilder.getNBServiceList().contains(perm.getName())) {
- if (perm.getName().contains("Admin")) {
- sortedMap.get(1).add(perm);
- } else {
- sortedMap.get(2).add(perm);
- }
- } else {
- sortedMap.get(3).add(perm);
- }
- } else if (perm instanceof AppPermission) {
- sortedMap.get(0).add(perm);
- } else {
- sortedMap.get(4).add(perm);
- }
- }
- return sortedMap;
- }
-
- private void setLocalPermissions(ApplicationId applicationId) {
- for (String location : store.getBundleLocations(applicationId)) {
- permissionAdmin.setPermissions(location, permissionsToInfo(store.getGrantedPermissions(applicationId)));
- }
- }
-
- private PermissionInfo[] permissionsToInfo(Set<org.onosproject.security.Permission> permissions) {
- List<PermissionInfo> result = Lists.newArrayList();
- for (org.onosproject.security.Permission perm : permissions) {
- result.add(new PermissionInfo(perm.getClassName(), perm.getName(), perm.getActions()));
- }
- PermissionInfo[] permissionInfos = new PermissionInfo[result.size()];
- return result.toArray(permissionInfos);
- }
-
-
-
- private List<Permission> getMaximumPermissions(ApplicationId appId) {
- Application app = appAdminService.getApplication(appId);
- if (app == null) {
- print("Unknown application.");
- return null;
- }
- List<Permission> appPerms;
- switch (app.role()) {
- case ADMIN:
- appPerms = DefaultPolicyBuilder.getAdminApplicationPermissions(app.permissions());
- break;
- case USER:
- appPerms = DefaultPolicyBuilder.getUserApplicationPermissions(app.permissions());
- break;
- case UNSPECIFIED:
- default:
- appPerms = DefaultPolicyBuilder.getDefaultPerms();
- break;
- }
-
- return appPerms;
- }
-
-
- private void print(String format, Object... args) {
- System.out.println(String.format("SM-ONOS: " + format, args));
- log.warn(String.format(format, args));
- }
-
- private PermissionAdmin getPermissionAdmin() {
- BundleContext context = getBundleContext();
- return (PermissionAdmin) context.getService(context.getServiceReference(PermissionAdmin.class.getName()));
- }
-
- private BundleContext getBundleContext() {
- return FrameworkUtil.getBundle(this.getClass()).getBundleContext();
-
- }
-} \ No newline at end of file
diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/package-info.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/package-info.java
deleted file mode 100644
index 387f6ecf..00000000
--- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/package-info.java
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * Implementation of the security mode.
- */
-package org.onosproject.security.impl; \ No newline at end of file
diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/DistributedSecurityModeStore.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/DistributedSecurityModeStore.java
deleted file mode 100644
index ac16966c..00000000
--- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/DistributedSecurityModeStore.java
+++ /dev/null
@@ -1,315 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.onosproject.security.store;
-
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Sets;
-
-import org.apache.felix.scr.annotations.Activate;
-import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.Deactivate;
-import org.apache.felix.scr.annotations.Reference;
-import org.apache.felix.scr.annotations.ReferenceCardinality;
-import org.apache.felix.scr.annotations.Service;
-import org.apache.karaf.features.BundleInfo;
-import org.apache.karaf.features.Feature;
-import org.apache.karaf.features.FeaturesService;
-
-import org.onlab.util.KryoNamespace;
-import org.onosproject.app.ApplicationAdminService;
-import org.onosproject.core.Application;
-import org.onosproject.core.ApplicationId;
-import org.onosproject.security.Permission;
-import org.onosproject.store.AbstractStore;
-import org.onosproject.store.serializers.KryoNamespaces;
-import org.onosproject.store.service.ConsistentMap;
-import org.onosproject.store.service.EventuallyConsistentMap;
-import org.onosproject.store.service.LogicalClockService;
-import org.onosproject.store.service.MapEvent;
-import org.onosproject.store.service.MapEventListener;
-import org.onosproject.store.service.Serializer;
-import org.onosproject.store.service.StorageService;
-import org.slf4j.Logger;
-
-import java.util.HashSet;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.stream.Collectors;
-
-import static org.onosproject.security.store.SecurityModeState.*;
-import static org.slf4j.LoggerFactory.getLogger;
-
-/**
- * Manages application permissions granted/requested to applications.
- * Uses both gossip-based and RAFT-based distributed data store.
- */
-@Component(immediate = true)
-@Service
-public class DistributedSecurityModeStore
- extends AbstractStore<SecurityModeEvent, SecurityModeStoreDelegate>
- implements SecurityModeStore {
-
- private final Logger log = getLogger(getClass());
-
- private ConsistentMap<ApplicationId, SecurityInfo> states;
- private EventuallyConsistentMap<ApplicationId, Set<Permission>> violations;
-
- private ConcurrentHashMap<String, Set<ApplicationId>> localBundleAppDirectory;
- private ConcurrentHashMap<ApplicationId, Set<String>> localAppBundleDirectory;
-
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected StorageService storageService;
-
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected LogicalClockService clockService;
-
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected ApplicationAdminService applicationAdminService;
-
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected FeaturesService featuresService;
-
- private static final Serializer STATE_SERIALIZER = Serializer.using(new KryoNamespace.Builder()
- .register(KryoNamespaces.API)
- .register(SecurityModeState.class)
- .register(SecurityInfo.class)
- .register(Permission.class)
- .build());
-
- private static final KryoNamespace.Builder VIOLATION_SERIALIZER = KryoNamespace.newBuilder()
- .register(KryoNamespaces.API)
- .register(Permission.class);
-
- @Activate
- public void activate() {
- states = storageService.<ApplicationId, SecurityInfo>consistentMapBuilder()
- .withName("smonos-sdata")
- .withSerializer(STATE_SERIALIZER)
- .build();
-
- states.addListener(new SecurityStateListener());
-
- violations = storageService.<ApplicationId, Set<Permission>>eventuallyConsistentMapBuilder()
- .withName("smonos-rperms")
- .withSerializer(VIOLATION_SERIALIZER)
- .withTimestampProvider((k, v) -> clockService.getTimestamp())
- .build();
-
- localBundleAppDirectory = new ConcurrentHashMap<>();
- localAppBundleDirectory = new ConcurrentHashMap<>();
-
- log.info("Started");
-
- }
-
- @Deactivate
- public void deactivate() {
- violations.destroy();
- log.info("Stopped");
- }
-
-
- @Override
- public Set<String> getBundleLocations(ApplicationId appId) {
- Set<String> locations = localAppBundleDirectory.get(appId);
- return locations != null ? locations : Sets.newHashSet();
- }
-
- @Override
- public Set<ApplicationId> getApplicationIds(String location) {
- Set<ApplicationId> appIds = localBundleAppDirectory.get(location);
- return appIds != null ? appIds : Sets.newHashSet();
- }
-
- @Override
- public Set<Permission> getRequestedPermissions(ApplicationId appId) {
- Set<Permission> permissions = violations.get(appId);
- return permissions != null ? permissions : ImmutableSet.of();
- }
-
- @Override
- public Set<Permission> getGrantedPermissions(ApplicationId appId) {
- return states.asJavaMap().getOrDefault(appId, new SecurityInfo(ImmutableSet.of(), null)).getPermissions();
- }
-
- @Override
- public void requestPermission(ApplicationId appId, Permission permission) {
-
- states.computeIf(appId, securityInfo -> (securityInfo == null || securityInfo.getState() != POLICY_VIOLATED),
- (id, securityInfo) -> new SecurityInfo(securityInfo.getPermissions(), POLICY_VIOLATED));
- violations.compute(appId, (k, v) -> v == null ? Sets.newHashSet(permission) : addAndGet(v, permission));
- }
-
- private Set<Permission> addAndGet(Set<Permission> oldSet, Permission newPerm) {
- oldSet.add(newPerm);
- return oldSet;
- }
-
- @Override
- public boolean isSecured(ApplicationId appId) {
- SecurityInfo info = states.get(appId).value();
- return info == null ? false : info.getState().equals(SECURED);
- }
-
- @Override
- public void reviewPolicy(ApplicationId appId) {
- Application app = applicationAdminService.getApplication(appId);
- if (app == null) {
- log.warn("Unknown Application");
- return;
- }
- states.computeIfPresent(appId, (applicationId, securityInfo) -> {
- if (securityInfo.getState().equals(INSTALLED)) {
- return new SecurityInfo(ImmutableSet.of(), REVIEWED);
- }
- return securityInfo;
- });
- }
-
- @Override
- public void acceptPolicy(ApplicationId appId, Set<Permission> permissionSet) {
-
- Application app = applicationAdminService.getApplication(appId);
- if (app == null) {
- log.warn("Unknown Application");
- return;
- }
-
- states.computeIf(appId,
- securityInfo -> (securityInfo != null),
- (id, securityInfo) -> {
- switch (securityInfo.getState()) {
- case POLICY_VIOLATED:
- System.out.println(
- "This application has violated the security policy. Please uninstall.");
- return securityInfo;
- case SECURED:
- System.out.println(
- "The policy has been accepted already. To review policy, review [app.name]");
- return securityInfo;
- case INSTALLED:
- System.out.println("Please review the security policy prior to accept them");
- log.warn("Application has not been reviewed");
- return securityInfo;
- case REVIEWED:
- return new SecurityInfo(permissionSet, SECURED);
- default:
- return securityInfo;
- }
- });
- }
-
- private final class SecurityStateListener
- implements MapEventListener<ApplicationId, SecurityInfo> {
-
- @Override
- public void event(MapEvent<ApplicationId, SecurityInfo> event) {
-
- if (delegate == null) {
- return;
- }
- ApplicationId appId = event.key();
- SecurityInfo info = event.value().value();
-
- if (event.type() == MapEvent.Type.INSERT || event.type() == MapEvent.Type.UPDATE) {
- switch (info.getState()) {
- case POLICY_VIOLATED:
- notifyDelegate(new SecurityModeEvent(SecurityModeEvent.Type.POLICY_VIOLATED, appId));
- break;
- case SECURED:
- notifyDelegate(new SecurityModeEvent(SecurityModeEvent.Type.POLICY_ACCEPTED, appId));
- default:
- break;
- }
- } else if (event.type() == MapEvent.Type.REMOVE) {
- removeAppFromDirectories(appId);
- }
- }
- }
-
- private void removeAppFromDirectories(ApplicationId appId) {
- for (String location : localAppBundleDirectory.get(appId)) {
- localBundleAppDirectory.get(location).remove(appId);
- }
- violations.remove(appId);
- states.remove(appId);
- localAppBundleDirectory.remove(appId);
- }
-
- @Override
- public boolean registerApplication(ApplicationId appId) {
- Application app = applicationAdminService.getApplication(appId);
- if (app == null) {
- log.warn("Unknown application.");
- return false;
- }
- localAppBundleDirectory.put(appId, getBundleLocations(app));
- for (String location : localAppBundleDirectory.get(appId)) {
- if (!localBundleAppDirectory.containsKey(location)) {
- localBundleAppDirectory.put(location, new HashSet<>());
- }
- if (!localBundleAppDirectory.get(location).contains(appId)) {
- localBundleAppDirectory.get(location).add(appId);
- }
- }
- states.put(appId, new SecurityInfo(Sets.newHashSet(), INSTALLED));
- return true;
- }
-
- @Override
- public void unregisterApplication(ApplicationId appId) {
- if (localAppBundleDirectory.containsKey(appId)) {
- for (String location : localAppBundleDirectory.get(appId)) {
- if (localBundleAppDirectory.get(location).size() == 1) {
- localBundleAppDirectory.remove(location);
- } else {
- localBundleAppDirectory.get(location).remove(appId);
- }
- }
- localAppBundleDirectory.remove(appId);
- }
- }
-
- @Override
- public SecurityModeState getState(ApplicationId appId) {
- return states.asJavaMap().getOrDefault(appId, new SecurityInfo(null, null)).getState();
- }
-
- private Set<String> getBundleLocations(Application app) {
- Set<String> locations = new HashSet<>();
- for (String name : app.features()) {
- try {
- Feature feature = featuresService.getFeature(name);
- locations.addAll(
- feature.getBundles().stream().map(BundleInfo::getLocation).collect(Collectors.toList()));
- } catch (Exception e) {
- return locations;
- }
- }
- return locations;
- }
-
- @Override
- public void setDelegate(SecurityModeStoreDelegate delegate) {
- super.setDelegate(delegate);
- }
-
- @Override
- public void unsetDelegate(SecurityModeStoreDelegate delegate) {
- super.setDelegate(delegate);
- }
-} \ No newline at end of file
diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityInfo.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityInfo.java
deleted file mode 100644
index 4dcb7dae..00000000
--- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityInfo.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.onosproject.security.store;
-
-import org.onosproject.security.Permission;
-
-import java.util.Set;
-
-/**
- * Security-Mode ONOS security policy and state representation for distributed store.
- */
-public class SecurityInfo {
-
- protected Set<Permission> grantedPermissions;
- protected SecurityModeState state;
-
- public SecurityInfo(Set<Permission> perms, SecurityModeState state) {
- this.grantedPermissions = perms;
- this.state = state;
- }
- public Set<Permission> getPermissions() {
- return grantedPermissions;
- }
- public SecurityModeState getState() {
- return state;
- }
-}
diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeEvent.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeEvent.java
deleted file mode 100644
index 59da67b5..00000000
--- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeEvent.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.onosproject.security.store;
-
-import org.onosproject.core.ApplicationId;
-import org.onosproject.event.AbstractEvent;
-
-/**
- * Security-Mode ONOS notifications.
- */
-public class SecurityModeEvent extends AbstractEvent<SecurityModeEvent.Type, ApplicationId> {
-
- protected SecurityModeEvent(Type type, ApplicationId subject) {
- super(type, subject);
- }
-
- public enum Type {
-
- /**
- * Signifies that security policy has been accepted.
- */
- POLICY_ACCEPTED,
-
- /**
- * Signifies that security policy has been reviewed.
- */
- POLICY_REVIEWED,
-
- /**
- * Signifies that application has violated security policy.
- */
- POLICY_VIOLATED,
- }
-}
diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeListener.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeListener.java
deleted file mode 100644
index 2745e0c0..00000000
--- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeListener.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.onosproject.security.store;
-
-import org.onosproject.event.EventListener;
-
-/**
- * Security-Mode ONOS event listener.
- */
-public interface SecurityModeListener extends EventListener<SecurityModeEvent> {
-}
diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeState.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeState.java
deleted file mode 100644
index 999c5f9f..00000000
--- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeState.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.onosproject.security.store;
-
-/**
- * Representation of Security-Mode ONOS application review state.
- */
-public enum SecurityModeState {
-
- /**
- * Indicates that operator has accepted application security policy.
- */
- SECURED,
-
- /**
- * Indicates that application security policy has been reviewed.
- */
- REVIEWED,
-
- /**
- * Indicates that application has been installed.
- */
- INSTALLED,
-
- /**
- * Indicates that application has violated security policy.
- */
- POLICY_VIOLATED,
-}
diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeStore.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeStore.java
deleted file mode 100644
index 7e6b6533..00000000
--- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeStore.java
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.onosproject.security.store;
-
-import org.onosproject.core.ApplicationId;
-import org.onosproject.security.Permission;
-import org.onosproject.store.Store;
-
-import java.util.Set;
-
-/**
- * Security-Mode ONOS distributed store service.
- */
-public interface SecurityModeStore extends Store<SecurityModeEvent, SecurityModeStoreDelegate> {
-
- /**
- * Updates the local bundle-application directories.
- * @param appId application identifier
- * @return true if successfully registered.
- */
- boolean registerApplication(ApplicationId appId);
-
- /**
- * Removes application info from the local bundle-application directories.
- * @param appId application identifier
- */
- void unregisterApplication(ApplicationId appId);
-
- /**
- * Returns state of the specified application.
- * @param appId application identifier
- * @return Security-Mode State of application
- */
- SecurityModeState getState(ApplicationId appId);
-
- /**
- * Returns bundle locations of specified application.
- * @param appId application identifier
- * @return set of bundle location strings
- */
- Set<String> getBundleLocations(ApplicationId appId);
-
- /**
- * Returns application identifiers that are associated with given bundle location.
- * @param location OSGi bundle location
- * @return set of application identifiers
- */
- Set<ApplicationId> getApplicationIds(String location);
-
- /**
- * Returns a list of permissions that have been requested by given application.
- * @param appId application identifier
- * @return list of permissions
- */
- Set<Permission> getRequestedPermissions(ApplicationId appId);
-
- /**
- * Returns an array of permissions that have been granted to given application.
- * @param appId application identifier
- * @return array of permissionInfo
- */
- Set<Permission> getGrantedPermissions(ApplicationId appId);
-
- /**
- * Request permission that is required to run given application.
- * @param appId application identifier
- * @param permission permission
- */
- void requestPermission(ApplicationId appId, Permission permission);
-
- /**
- * Returns true if given application has been secured.
- * @param appId application identifier
- * @return true indicates secured
- */
- boolean isSecured(ApplicationId appId);
-
- /**
- * Notifies SM-ONOS that operator has reviewed the policy.
- * @param appId application identifier
- */
- void reviewPolicy(ApplicationId appId);
-
- /**
- * Accept the current security policy of given application.
- * @param appId application identifier
- * @param permissionSet array of PermissionInfo
- */
- void acceptPolicy(ApplicationId appId, Set<Permission> permissionSet);
-} \ No newline at end of file
diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeStoreDelegate.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeStoreDelegate.java
deleted file mode 100644
index d933a148..00000000
--- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeStoreDelegate.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.onosproject.security.store;
-
-import org.onosproject.store.StoreDelegate;
-
-/**
- * Security-Mode distributed store delegate abstraction.
- */
-public interface SecurityModeStoreDelegate extends StoreDelegate<SecurityModeEvent> {
-}
diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/package-info.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/package-info.java
deleted file mode 100644
index a47f8eaf..00000000
--- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/package-info.java
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * Copyright 2015 Open Networking Laboratory
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * Security-Mode ONOS distributed store.
- */
-package org.onosproject.security.store;