diff options
author | CNlucius <lukai1@huawei.com> | 2016-09-13 11:40:12 +0800 |
---|---|---|
committer | CNlucius <lukai1@huawei.com> | 2016-09-13 11:41:53 +0800 |
commit | b731e2f1dd0972409b136aebc7b463dd72c9cfad (patch) | |
tree | 5107d7d80c19ad8076c2c97c2b5ef8d1cf3ab903 /framework/src/onos/core/security | |
parent | ee93993458266114c29271a481ef9ce7ce621b2a (diff) |
ONOSFW-171
O/S-SFC-ONOS scenario documentation
Change-Id: I51ae1cf736ea24ab6680f8edca1b2bf5dd598365
Signed-off-by: CNlucius <lukai1@huawei.com>
Diffstat (limited to 'framework/src/onos/core/security')
12 files changed, 0 insertions, 1474 deletions
diff --git a/framework/src/onos/core/security/pom.xml b/framework/src/onos/core/security/pom.xml deleted file mode 100644 index 4635c686..00000000 --- a/framework/src/onos/core/security/pom.xml +++ /dev/null @@ -1,80 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - ~ Copyright 2015 Open Networking Laboratory - ~ - ~ Licensed under the Apache License, Version 2.0 (the "License"); - ~ you may not use this file except in compliance with the License. - ~ You may obtain a copy of the License at - ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 - ~ - ~ Unless required by applicable law or agreed to in writing, software - ~ distributed under the License is distributed on an "AS IS" BASIS, - ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ~ See the License for the specific language governing permissions and - ~ limitations under the License. - --> -<project xmlns="http://maven.apache.org/POM/4.0.0" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - <modelVersion>4.0.0</modelVersion> - - <parent> - <artifactId>onos-core</artifactId> - <groupId>org.onosproject</groupId> - <version>1.4.0-rc1</version> - <relativePath>../pom.xml</relativePath> - </parent> - - <artifactId>onos-security</artifactId> - <packaging>bundle</packaging> - - - <description>Security-Mode ONOS project</description> - - <dependencies> - <dependency> - <groupId>org.osgi</groupId> - <artifactId>org.osgi.core</artifactId> - </dependency> - <dependency> - <groupId>org.osgi</groupId> - <artifactId>org.osgi.compendium</artifactId> - </dependency> - <dependency> - <groupId>org.apache.felix</groupId> - <artifactId>org.apache.felix.scr.annotations</artifactId> - </dependency> - <dependency> - <groupId>org.onosproject</groupId> - <artifactId>onos-api</artifactId> - </dependency> - <dependency> - <groupId>org.onosproject</groupId> - <artifactId>onos-core-serializers</artifactId> - <version>${project.version}</version> - </dependency> - <dependency> - <groupId>org.apache.karaf.features</groupId> - <artifactId>org.apache.karaf.features.core</artifactId> - </dependency> - <!-- Adding dependency to pull the artifact from Maven Central. - Note: This is just needed for the onos-security feature. --> - <dependency> - <groupId>org.onosproject</groupId> - <artifactId>org.apache.felix.framework.security</artifactId> - <version>2.2.0.onos</version> - <scope>provided</scope> - </dependency> - </dependencies> - - <build> - <plugins> - <plugin> - <groupId>org.apache.felix</groupId> - <artifactId>maven-scr-plugin</artifactId> - </plugin> - </plugins> - </build> - -</project>
\ No newline at end of file diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java deleted file mode 100644 index b043765a..00000000 --- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java +++ /dev/null @@ -1,448 +0,0 @@ -/* - * Copyright 2015 Open Networking Laboratory - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.onosproject.security.impl; - - -import com.google.common.collect.ImmutableSet; -import com.google.common.collect.Lists; -import com.google.common.collect.Sets; -import org.onosproject.security.AppPermission; -import org.onosproject.app.ApplicationAdminService; -import org.onosproject.app.ApplicationService; -import org.onosproject.cfg.ComponentConfigService; -import org.onosproject.cluster.ClusterAdminService; -import org.onosproject.cluster.ClusterService; -import org.onosproject.core.CoreService; -import org.onosproject.cluster.LeadershipService; -import org.onosproject.mastership.MastershipAdminService; -import org.onosproject.mastership.MastershipService; -import org.onosproject.net.device.DeviceAdminService; -import org.onosproject.net.device.DeviceService; -import org.onosproject.net.device.DeviceClockService; -import org.onosproject.net.driver.DriverAdminService; -import org.onosproject.net.driver.DriverService; -import org.onosproject.net.flow.FlowRuleService; -import org.onosproject.net.flowobjective.FlowObjectiveService; -import org.onosproject.net.group.GroupService; -import org.onosproject.net.host.HostAdminService; -import org.onosproject.net.host.HostService; -import org.onosproject.net.intent.IntentService; -import org.onosproject.net.intent.IntentExtensionService; -import org.onosproject.net.intent.IntentClockService; -import org.onosproject.net.intent.PartitionService; -import org.onosproject.net.link.LinkAdminService; -import org.onosproject.net.link.LinkService; -import org.onosproject.net.packet.PacketService; -import org.onosproject.net.proxyarp.ProxyArpService; -import org.onosproject.net.resource.link.LinkResourceService; -import org.onosproject.net.statistic.StatisticService; -import org.onosproject.net.topology.PathService; -import org.onosproject.net.topology.TopologyService; -import org.onosproject.security.SecurityAdminService; -import org.onosproject.store.service.StorageAdminService; -import org.onosproject.store.service.StorageService; -import org.osgi.framework.BundlePermission; -import org.osgi.framework.CapabilityPermission; -import org.osgi.framework.ServicePermission; -import org.osgi.framework.PackagePermission; -import org.osgi.framework.AdaptPermission; -import org.osgi.service.cm.ConfigurationPermission; - -import javax.net.ssl.SSLPermission; -import javax.security.auth.AuthPermission; -import javax.security.auth.PrivateCredentialPermission; -import javax.security.auth.kerberos.DelegationPermission; -import javax.sound.sampled.AudioPermission; -import java.io.FilePermission; -import java.io.SerializablePermission; -import java.net.NetPermission; -import java.net.SocketPermission; -import java.security.Permissions; -import java.sql.SQLPermission; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.List; -import java.util.PropertyPermission; -import java.util.Set; -import java.util.concurrent.ConcurrentHashMap; -import java.security.Permission; -import java.util.logging.LoggingPermission; - -import static org.onosproject.security.AppPermission.Type.*; - -public final class DefaultPolicyBuilder { - - protected static ConcurrentHashMap<AppPermission.Type, - Set<String>> serviceDirectory = getServiceDirectory(); - - protected static List<Permission> defaultPermissions = getDefaultPerms(); - protected static List<Permission> adminServicePermissions = getAdminDefaultPerms(); - - private DefaultPolicyBuilder(){ - } - - public static List<Permission> getUserApplicationPermissions(Set<org.onosproject.security.Permission> permissions) { - List<Permission> perms = Lists.newArrayList(); - perms.addAll(defaultPermissions); - perms.addAll(convertToJavaPermissions(permissions)); - return optimizePermissions(perms); - } - - public static List<Permission> getAdminApplicationPermissions( - Set<org.onosproject.security.Permission> permissions) { - List<Permission> perms = Lists.newArrayList(); - perms.addAll(defaultPermissions); - perms.addAll(adminServicePermissions); - for (AppPermission.Type perm : serviceDirectory.keySet()) { - perms.add(new AppPermission(perm)); - } - perms.addAll(convertToJavaPermissions(permissions)); - return optimizePermissions(perms); - } - - public static List<Permission> convertToJavaPermissions(Set<org.onosproject.security.Permission> permissions) { - List<Permission> result = Lists.newArrayList(); - for (org.onosproject.security.Permission perm : permissions) { - Permission javaPerm = getPermission(perm); - if (javaPerm != null) { - if (javaPerm instanceof AppPermission) { - if (((AppPermission) javaPerm).getType() != null) { - AppPermission ap = (AppPermission) javaPerm; - result.add(ap); - if (serviceDirectory.containsKey(ap.getType())) { - for (String service : serviceDirectory.get(ap.getType())) { - result.add(new ServicePermission(service, ServicePermission.GET)); - } - } - } - } else if (javaPerm instanceof ServicePermission) { - if (!javaPerm.getName().contains(SecurityAdminService.class.getName())) { - result.add(javaPerm); - } - } else { - result.add(javaPerm); - } - - } - } - return result; - } - - public static Set<org.onosproject.security.Permission> convertToOnosPermissions(List<Permission> permissions) { - Set<org.onosproject.security.Permission> result = Sets.newHashSet(); - for (Permission perm : permissions) { - org.onosproject.security.Permission onosPerm = getOnosPermission(perm); - if (onosPerm != null) { - result.add(onosPerm); - } - } - return result; - } - - public static List<Permission> getDefaultPerms() { - List<Permission> permSet = Lists.newArrayList(); - permSet.add(new PackagePermission("*", PackagePermission.EXPORTONLY)); - permSet.add(new PackagePermission("*", PackagePermission.IMPORT)); - permSet.add(new AdaptPermission("*", AdaptPermission.ADAPT)); - permSet.add(new ConfigurationPermission("*", ConfigurationPermission.CONFIGURE)); - return permSet; - } - - private static List<Permission> getAdminDefaultPerms() { - List<Permission> permSet = Lists.newArrayList(); - permSet.add(new ServicePermission(ApplicationAdminService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(ClusterAdminService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(MastershipAdminService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(DeviceAdminService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(HostAdminService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(LinkAdminService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(DriverAdminService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(StorageAdminService.class.getName(), ServicePermission.GET)); -// permSet.add(new ServicePermission(LabelResourceAdminService.class.getName(), ServicePermission.GET)); -// permSet.add(new ServicePermission(TunnelAdminService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(ApplicationService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(ComponentConfigService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(CoreService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(ClusterService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(LeadershipService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(MastershipService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(DeviceService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(DeviceClockService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(DriverService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(FlowRuleService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(FlowObjectiveService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(GroupService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(HostService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(IntentService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(IntentClockService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(IntentExtensionService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(PartitionService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(LinkService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(LinkResourceService.class.getName(), ServicePermission.GET)); -// permSet.add(new ServicePermission(LabelResourceService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(PacketService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(ProxyArpService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(StatisticService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(PathService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(TopologyService.class.getName(), ServicePermission.GET)); -// permSet.add(new ServicePermission(TunnelService.class.getName(), ServicePermission.GET)); - permSet.add(new ServicePermission(StorageService.class.getName(), ServicePermission.GET)); - return permSet; - } - - public static Set<String> getNBServiceList() { - Set<String> permString = new HashSet<>(); - for (Permission perm : getAdminDefaultPerms()) { - permString.add(perm.getName()); - } - return permString; - } - - private static ConcurrentHashMap<AppPermission.Type, Set<String>> getServiceDirectory() { - - ConcurrentHashMap<AppPermission.Type, Set<String>> serviceDirectory = new ConcurrentHashMap<>(); - - serviceDirectory.put(APP_READ, ImmutableSet.of( - ApplicationService.class.getName(), CoreService.class.getName())); - serviceDirectory.put(APP_EVENT, ImmutableSet.of( - ApplicationService.class.getName(), CoreService.class.getName())); - serviceDirectory.put(CONFIG_READ, ImmutableSet.of( - ComponentConfigService.class.getName())); - serviceDirectory.put(CONFIG_WRITE, ImmutableSet.of( - ComponentConfigService.class.getName())); - serviceDirectory.put(CLUSTER_READ, ImmutableSet.of( - ClusterService.class.getName(), LeadershipService.class.getName(), - MastershipService.class.getName())); - serviceDirectory.put(CLUSTER_WRITE, ImmutableSet.of( - LeadershipService.class.getName(), MastershipService.class.getName())); - serviceDirectory.put(CLUSTER_EVENT, ImmutableSet.of( - ClusterService.class.getName(), LeadershipService.class.getName(), - MastershipService.class.getName())); - serviceDirectory.put(DEVICE_READ, ImmutableSet.of( - DeviceService.class.getName(), DeviceClockService.class.getName())); - serviceDirectory.put(DEVICE_EVENT, ImmutableSet.of( - DeviceService.class.getName())); - serviceDirectory.put(DRIVER_READ, ImmutableSet.of( - DriverService.class.getName())); - serviceDirectory.put(DRIVER_WRITE, ImmutableSet.of( - DriverService.class.getName())); - serviceDirectory.put(FLOWRULE_READ, ImmutableSet.of( - FlowRuleService.class.getName())); - serviceDirectory.put(FLOWRULE_WRITE, ImmutableSet.of( - FlowRuleService.class.getName(), FlowObjectiveService.class.getName())); - serviceDirectory.put(FLOWRULE_EVENT, ImmutableSet.of( - FlowRuleService.class.getName())); - serviceDirectory.put(GROUP_READ, ImmutableSet.of( - GroupService.class.getName())); - serviceDirectory.put(GROUP_WRITE, ImmutableSet.of( - GroupService.class.getName())); - serviceDirectory.put(GROUP_EVENT, ImmutableSet.of( - GroupService.class.getName())); - serviceDirectory.put(HOST_READ, ImmutableSet.of( - HostService.class.getName())); - serviceDirectory.put(HOST_WRITE, ImmutableSet.of( - HostService.class.getName())); - serviceDirectory.put(HOST_EVENT, ImmutableSet.of( - HostService.class.getName())); - serviceDirectory.put(INTENT_READ, ImmutableSet.of( - IntentService.class.getName(), PartitionService.class.getName(), - IntentClockService.class.getName())); - serviceDirectory.put(INTENT_WRITE, ImmutableSet.of( - IntentService.class.getName())); - serviceDirectory.put(INTENT_EVENT, ImmutableSet.of( - IntentService.class.getName())); -// serviceDirectory.put(LINK_READ, ImmutableSet.of( -// LinkService.class.getName(), LinkResourceService.class.getName(), -// LabelResourceService.class.getName())); -// serviceDirectory.put(LINK_WRITE, ImmutableSet.of( -// LinkResourceService.class.getName(), LabelResourceService.class.getName())); -// serviceDirectory.put(LINK_EVENT, ImmutableSet.of( -// LinkService.class.getName(), LinkResourceService.class.getName(), -// LabelResourceService.class.getName())); - serviceDirectory.put(PACKET_READ, ImmutableSet.of( - PacketService.class.getName(), ProxyArpService.class.getName())); - serviceDirectory.put(PACKET_WRITE, ImmutableSet.of( - PacketService.class.getName(), ProxyArpService.class.getName())); - serviceDirectory.put(PACKET_EVENT, ImmutableSet.of( - PacketService.class.getName())); - serviceDirectory.put(STATISTIC_READ, ImmutableSet.of( - StatisticService.class.getName())); - serviceDirectory.put(TOPOLOGY_READ, ImmutableSet.of( - TopologyService.class.getName(), PathService.class.getName())); - serviceDirectory.put(TOPOLOGY_EVENT, ImmutableSet.of( - TopologyService.class.getName())); -// serviceDirectory.put(TUNNEL_READ, ImmutableSet.of( -// TunnelService.class.getName())); -// serviceDirectory.put(TUNNEL_WRITE, ImmutableSet.of( -// TunnelService.class.getName())); -// serviceDirectory.put(TUNNEL_EVENT, ImmutableSet.of( -// TunnelService.class.getName())); - serviceDirectory.put(STORAGE_WRITE, ImmutableSet.of( - StorageService.class.getName())); - - return serviceDirectory; - } - - - public static org.onosproject.security.Permission getOnosPermission(Permission permission) { - if (permission instanceof AppPermission) { - return new org.onosproject.security.Permission(AppPermission.class.getName(), permission.getName(), ""); - } else if (permission instanceof FilePermission) { - return new org.onosproject.security.Permission( - FilePermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof SerializablePermission) { - return new org.onosproject.security.Permission( - SerializablePermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof NetPermission) { - return new org.onosproject.security.Permission( - NetPermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof RuntimePermission) { - return new org.onosproject.security.Permission( - RuntimePermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof SocketPermission) { - return new org.onosproject.security.Permission( - SocketPermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof SQLPermission) { - return new org.onosproject.security.Permission( - SQLPermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof PropertyPermission) { - return new org.onosproject.security.Permission( - PropertyPermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof LoggingPermission) { - return new org.onosproject.security.Permission( - LoggingPermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof SSLPermission) { - return new org.onosproject.security.Permission( - SSLPermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof AuthPermission) { - return new org.onosproject.security.Permission( - AuthPermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof PrivateCredentialPermission) { - return new org.onosproject.security.Permission( - PrivateCredentialPermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof DelegationPermission) { - return new org.onosproject.security.Permission( - DelegationPermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof javax.security.auth.kerberos.ServicePermission) { - return new org.onosproject.security.Permission( - javax.security.auth.kerberos.ServicePermission.class.getName(), permission.getName(), - permission.getActions()); - } else if (permission instanceof AudioPermission) { - return new org.onosproject.security.Permission( - AudioPermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof AdaptPermission) { - return new org.onosproject.security.Permission( - AdaptPermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof BundlePermission) { - return new org.onosproject.security.Permission( - BundlePermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof CapabilityPermission) { - return new org.onosproject.security.Permission( - CapabilityPermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof PackagePermission) { - return new org.onosproject.security.Permission( - PackagePermission.class.getName(), permission.getName(), permission.getActions()); - } else if (permission instanceof ServicePermission) { - return new org.onosproject.security.Permission( - ServicePermission.class.getName(), permission.getName(), permission.getActions()); - } - return null; - } - - private static Permission getPermission(org.onosproject.security.Permission permission) { - - String classname = permission.getClassName(); - String name = permission.getName(); - String actions = permission.getActions(); - - if (classname == null || name == null) { - return null; - } - classname = classname.trim(); - name = name.trim(); - actions = actions.trim(); - - if (AppPermission.class.getName().equals(classname)) { - return new AppPermission(name); - } else if (FilePermission.class.getName().equals(classname)) { - return new FilePermission(name, actions); - } else if (SerializablePermission.class.getName().equals(classname)) { - return new SerializablePermission(name, actions); - } else if (NetPermission.class.getName().equals(classname)) { - return new NetPermission(name, actions); - } else if (RuntimePermission.class.getName().equals(classname)) { - return new RuntimePermission(name, actions); - } else if (SocketPermission.class.getName().equals(classname)) { - return new SocketPermission(name, actions); - } else if (SQLPermission.class.getName().equals(classname)) { - return new SQLPermission(name, actions); - } else if (PropertyPermission.class.getName().equals(classname)) { - return new PropertyPermission(name, actions); - } else if (LoggingPermission.class.getName().equals(classname)) { - return new LoggingPermission(name, actions); - } else if (SSLPermission.class.getName().equals(classname)) { - return new SSLPermission(name, actions); - } else if (AuthPermission.class.getName().equals(classname)) { - return new AuthPermission(name, actions); - } else if (PrivateCredentialPermission.class.getName().equals(classname)) { - return new PrivateCredentialPermission(name, actions); - } else if (DelegationPermission.class.getName().equals(classname)) { - return new DelegationPermission(name, actions); - } else if (javax.security.auth.kerberos.ServicePermission.class.getName().equals(classname)) { - return new javax.security.auth.kerberos.ServicePermission(name, actions); - } else if (AudioPermission.class.getName().equals(classname)) { - return new AudioPermission(name, actions); - } else if (AdaptPermission.class.getName().equals(classname)) { - return new AdaptPermission(name, actions); - } else if (BundlePermission.class.getName().equals(classname)) { - return new BundlePermission(name, actions); - } else if (CapabilityPermission.class.getName().equals(classname)) { - return new CapabilityPermission(name, actions); - } else if (PackagePermission.class.getName().equals(classname)) { - return new PackagePermission(name, actions); - } else if (ServicePermission.class.getName().equals(classname)) { - return new ServicePermission(name, actions); - } - - //AllPermission, SecurityPermission, UnresolvedPermission - //AWTPermission, AdminPermission(osgi), ReflectPermission not allowed - return null; - - } - private static List<Permission> optimizePermissions(List<Permission> perms) { - Permissions permissions = listToPermissions(perms); - return permissionsToList(permissions); - } - - private static List<Permission> permissionsToList(Permissions perms) { - List<Permission> permissions = new ArrayList<>(); - Enumeration<Permission> e = perms.elements(); - while (e.hasMoreElements()) { - permissions.add(e.nextElement()); - } - return permissions; - } - - private static Permissions listToPermissions(List<Permission> perms) { - Permissions permissions = new Permissions(); - for (Permission perm : perms) { - permissions.add(perm); - } - return permissions; - } -} - diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/SecurityModeManager.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/SecurityModeManager.java deleted file mode 100644 index 325f49be..00000000 --- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/SecurityModeManager.java +++ /dev/null @@ -1,305 +0,0 @@ -/* - * Copyright 2015 Open Networking Laboratory - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.onosproject.security.impl; - -import com.google.common.collect.Lists; - -import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.Reference; -import org.apache.felix.scr.annotations.ReferenceCardinality; -import org.apache.felix.scr.annotations.Activate; -import org.apache.felix.scr.annotations.Deactivate; -import org.apache.felix.scr.annotations.Service; - -import org.onosproject.app.ApplicationAdminService; -import org.onosproject.app.ApplicationState; -import org.onosproject.core.Application; -import org.onosproject.core.ApplicationId; - -import org.onosproject.event.EventDeliveryService; -import org.onosproject.event.ListenerRegistry; -import org.onosproject.security.AppPermission; -import org.onosproject.security.SecurityAdminService; -import org.onosproject.security.store.SecurityModeEvent; -import org.onosproject.security.store.SecurityModeListener; -import org.onosproject.security.store.SecurityModeStore; -import org.onosproject.security.store.SecurityModeStoreDelegate; -import org.osgi.framework.BundleContext; -import org.osgi.framework.FrameworkUtil; -import org.osgi.framework.ServicePermission; -import org.osgi.service.log.LogEntry; -import org.osgi.service.log.LogListener; -import org.osgi.service.log.LogReaderService; -import org.osgi.service.permissionadmin.PermissionInfo; - -import java.security.AccessControlException; -import java.security.Permission; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.concurrent.ConcurrentHashMap; - -import org.osgi.service.permissionadmin.PermissionAdmin; -import org.slf4j.Logger; - -import static org.slf4j.LoggerFactory.getLogger; - -/** - * Security-Mode ONOS management implementation. - * - * Note: Activating Security-Mode ONOS has significant performance implications in Drake. - * See the wiki for instructions on how to activate it. - */ - -@Component(immediate = true) -@Service -public class SecurityModeManager implements SecurityAdminService { - - @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY) - protected SecurityModeStore store; - - @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY) - protected ApplicationAdminService appAdminService; - - @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY) - protected LogReaderService logReaderService; - - @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY) - protected EventDeliveryService eventDispatcher; - - private final Logger log = getLogger(getClass()); - - protected final ListenerRegistry<SecurityModeEvent, SecurityModeListener> - listenerRegistry = new ListenerRegistry<>(); - - private final SecurityModeStoreDelegate delegate = new InternalStoreDelegate(); - - private SecurityLogListener securityLogListener = new SecurityLogListener(); - - private PermissionAdmin permissionAdmin = getPermissionAdmin(); - - - @Activate - public void activate() { - - eventDispatcher.addSink(SecurityModeEvent.class, listenerRegistry); - // add Listeners - logReaderService.addLogListener(securityLogListener); - - store.setDelegate(delegate); - - if (System.getSecurityManager() == null) { - log.warn("J2EE security manager is disabled."); - deactivate(); - return; - } - if (permissionAdmin == null) { - log.warn("Permission Admin not found."); - deactivate(); - return; - } - - log.info("Security-Mode Started"); - } - - @Deactivate - public void deactivate() { - eventDispatcher.removeSink(SecurityModeEvent.class); - logReaderService.removeLogListener(securityLogListener); - store.unsetDelegate(delegate); - log.info("Stopped"); - - } - - @Override - public boolean isSecured(ApplicationId appId) { - if (store.getState(appId) == null) { - store.registerApplication(appId); - } - return store.isSecured(appId); - } - - - @Override - public void review(ApplicationId appId) { - if (store.getState(appId) == null) { - store.registerApplication(appId); - } - store.reviewPolicy(appId); - } - - @Override - public void acceptPolicy(ApplicationId appId) { - if (store.getState(appId) == null) { - store.registerApplication(appId); - } - store.acceptPolicy(appId, DefaultPolicyBuilder.convertToOnosPermissions(getMaximumPermissions(appId))); - } - - @Override - public void register(ApplicationId appId) { - store.registerApplication(appId); - } - - @Override - public Map<Integer, List<Permission>> getPrintableSpecifiedPermissions(ApplicationId appId) { - return getPrintablePermissionMap(getMaximumPermissions(appId)); - } - - @Override - public Map<Integer, List<Permission>> getPrintableGrantedPermissions(ApplicationId appId) { - return getPrintablePermissionMap( - DefaultPolicyBuilder.convertToJavaPermissions(store.getGrantedPermissions(appId))); - } - - @Override - public Map<Integer, List<Permission>> getPrintableRequestedPermissions(ApplicationId appId) { - return getPrintablePermissionMap( - DefaultPolicyBuilder.convertToJavaPermissions(store.getRequestedPermissions(appId))); - } - - private class SecurityLogListener implements LogListener { - @Override - public void logged(LogEntry entry) { - if (entry.getException() != null && - entry.getException() instanceof AccessControlException) { - String location = entry.getBundle().getLocation(); - Permission javaPerm = - ((AccessControlException) entry.getException()).getPermission(); - org.onosproject.security.Permission permission = DefaultPolicyBuilder.getOnosPermission(javaPerm); - if (permission == null) { - log.warn("Unsupported permission requested."); - return; - } - store.getApplicationIds(location).stream().filter( - appId -> store.isSecured(appId) && - appAdminService.getState(appId) == ApplicationState.ACTIVE).forEach(appId -> { - store.requestPermission(appId, permission); - print("[POLICY VIOLATION] APP: %s / Bundle: %s / Permission: %s ", - appId.name(), location, permission.toString()); - }); - } - } - } - - private class InternalStoreDelegate implements SecurityModeStoreDelegate { - @Override - public void notify(SecurityModeEvent event) { - if (event.type() == SecurityModeEvent.Type.POLICY_ACCEPTED) { - setLocalPermissions(event.subject()); - log.info("{} POLICY ACCEPTED and ENFORCED", event.subject().name()); - } else if (event.type() == SecurityModeEvent.Type.POLICY_VIOLATED) { - log.info("{} POLICY VIOLATED", event.subject().name()); - } else if (event.type() == SecurityModeEvent.Type.POLICY_REVIEWED) { - log.info("{} POLICY REVIEWED", event.subject().name()); - } - eventDispatcher.post(event); - } - } - - /** - * TYPES. - * 0 - APP_PERM - * 1 - ADMIN SERVICE - * 2 - NB_SERVICE - * 3 - ETC_SERVICE - * 4 - ETC - * @param perms - */ - private Map<Integer, List<Permission>> getPrintablePermissionMap(List<Permission> perms) { - ConcurrentHashMap<Integer, List<Permission>> sortedMap = new ConcurrentHashMap<>(); - sortedMap.put(0, new ArrayList()); - sortedMap.put(1, new ArrayList()); - sortedMap.put(2, new ArrayList()); - sortedMap.put(3, new ArrayList()); - sortedMap.put(4, new ArrayList()); - for (Permission perm : perms) { - if (perm instanceof ServicePermission) { - if (DefaultPolicyBuilder.getNBServiceList().contains(perm.getName())) { - if (perm.getName().contains("Admin")) { - sortedMap.get(1).add(perm); - } else { - sortedMap.get(2).add(perm); - } - } else { - sortedMap.get(3).add(perm); - } - } else if (perm instanceof AppPermission) { - sortedMap.get(0).add(perm); - } else { - sortedMap.get(4).add(perm); - } - } - return sortedMap; - } - - private void setLocalPermissions(ApplicationId applicationId) { - for (String location : store.getBundleLocations(applicationId)) { - permissionAdmin.setPermissions(location, permissionsToInfo(store.getGrantedPermissions(applicationId))); - } - } - - private PermissionInfo[] permissionsToInfo(Set<org.onosproject.security.Permission> permissions) { - List<PermissionInfo> result = Lists.newArrayList(); - for (org.onosproject.security.Permission perm : permissions) { - result.add(new PermissionInfo(perm.getClassName(), perm.getName(), perm.getActions())); - } - PermissionInfo[] permissionInfos = new PermissionInfo[result.size()]; - return result.toArray(permissionInfos); - } - - - - private List<Permission> getMaximumPermissions(ApplicationId appId) { - Application app = appAdminService.getApplication(appId); - if (app == null) { - print("Unknown application."); - return null; - } - List<Permission> appPerms; - switch (app.role()) { - case ADMIN: - appPerms = DefaultPolicyBuilder.getAdminApplicationPermissions(app.permissions()); - break; - case USER: - appPerms = DefaultPolicyBuilder.getUserApplicationPermissions(app.permissions()); - break; - case UNSPECIFIED: - default: - appPerms = DefaultPolicyBuilder.getDefaultPerms(); - break; - } - - return appPerms; - } - - - private void print(String format, Object... args) { - System.out.println(String.format("SM-ONOS: " + format, args)); - log.warn(String.format(format, args)); - } - - private PermissionAdmin getPermissionAdmin() { - BundleContext context = getBundleContext(); - return (PermissionAdmin) context.getService(context.getServiceReference(PermissionAdmin.class.getName())); - } - - private BundleContext getBundleContext() { - return FrameworkUtil.getBundle(this.getClass()).getBundleContext(); - - } -}
\ No newline at end of file diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/package-info.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/package-info.java deleted file mode 100644 index 387f6ecf..00000000 --- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/impl/package-info.java +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright 2015 Open Networking Laboratory - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Implementation of the security mode. - */ -package org.onosproject.security.impl;
\ No newline at end of file diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/DistributedSecurityModeStore.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/DistributedSecurityModeStore.java deleted file mode 100644 index ac16966c..00000000 --- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/DistributedSecurityModeStore.java +++ /dev/null @@ -1,315 +0,0 @@ -/* - * Copyright 2015 Open Networking Laboratory - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.onosproject.security.store; - -import com.google.common.collect.ImmutableSet; -import com.google.common.collect.Sets; - -import org.apache.felix.scr.annotations.Activate; -import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.Deactivate; -import org.apache.felix.scr.annotations.Reference; -import org.apache.felix.scr.annotations.ReferenceCardinality; -import org.apache.felix.scr.annotations.Service; -import org.apache.karaf.features.BundleInfo; -import org.apache.karaf.features.Feature; -import org.apache.karaf.features.FeaturesService; - -import org.onlab.util.KryoNamespace; -import org.onosproject.app.ApplicationAdminService; -import org.onosproject.core.Application; -import org.onosproject.core.ApplicationId; -import org.onosproject.security.Permission; -import org.onosproject.store.AbstractStore; -import org.onosproject.store.serializers.KryoNamespaces; -import org.onosproject.store.service.ConsistentMap; -import org.onosproject.store.service.EventuallyConsistentMap; -import org.onosproject.store.service.LogicalClockService; -import org.onosproject.store.service.MapEvent; -import org.onosproject.store.service.MapEventListener; -import org.onosproject.store.service.Serializer; -import org.onosproject.store.service.StorageService; -import org.slf4j.Logger; - -import java.util.HashSet; -import java.util.Set; -import java.util.concurrent.ConcurrentHashMap; -import java.util.stream.Collectors; - -import static org.onosproject.security.store.SecurityModeState.*; -import static org.slf4j.LoggerFactory.getLogger; - -/** - * Manages application permissions granted/requested to applications. - * Uses both gossip-based and RAFT-based distributed data store. - */ -@Component(immediate = true) -@Service -public class DistributedSecurityModeStore - extends AbstractStore<SecurityModeEvent, SecurityModeStoreDelegate> - implements SecurityModeStore { - - private final Logger log = getLogger(getClass()); - - private ConsistentMap<ApplicationId, SecurityInfo> states; - private EventuallyConsistentMap<ApplicationId, Set<Permission>> violations; - - private ConcurrentHashMap<String, Set<ApplicationId>> localBundleAppDirectory; - private ConcurrentHashMap<ApplicationId, Set<String>> localAppBundleDirectory; - - @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY) - protected StorageService storageService; - - @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY) - protected LogicalClockService clockService; - - @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY) - protected ApplicationAdminService applicationAdminService; - - @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY) - protected FeaturesService featuresService; - - private static final Serializer STATE_SERIALIZER = Serializer.using(new KryoNamespace.Builder() - .register(KryoNamespaces.API) - .register(SecurityModeState.class) - .register(SecurityInfo.class) - .register(Permission.class) - .build()); - - private static final KryoNamespace.Builder VIOLATION_SERIALIZER = KryoNamespace.newBuilder() - .register(KryoNamespaces.API) - .register(Permission.class); - - @Activate - public void activate() { - states = storageService.<ApplicationId, SecurityInfo>consistentMapBuilder() - .withName("smonos-sdata") - .withSerializer(STATE_SERIALIZER) - .build(); - - states.addListener(new SecurityStateListener()); - - violations = storageService.<ApplicationId, Set<Permission>>eventuallyConsistentMapBuilder() - .withName("smonos-rperms") - .withSerializer(VIOLATION_SERIALIZER) - .withTimestampProvider((k, v) -> clockService.getTimestamp()) - .build(); - - localBundleAppDirectory = new ConcurrentHashMap<>(); - localAppBundleDirectory = new ConcurrentHashMap<>(); - - log.info("Started"); - - } - - @Deactivate - public void deactivate() { - violations.destroy(); - log.info("Stopped"); - } - - - @Override - public Set<String> getBundleLocations(ApplicationId appId) { - Set<String> locations = localAppBundleDirectory.get(appId); - return locations != null ? locations : Sets.newHashSet(); - } - - @Override - public Set<ApplicationId> getApplicationIds(String location) { - Set<ApplicationId> appIds = localBundleAppDirectory.get(location); - return appIds != null ? appIds : Sets.newHashSet(); - } - - @Override - public Set<Permission> getRequestedPermissions(ApplicationId appId) { - Set<Permission> permissions = violations.get(appId); - return permissions != null ? permissions : ImmutableSet.of(); - } - - @Override - public Set<Permission> getGrantedPermissions(ApplicationId appId) { - return states.asJavaMap().getOrDefault(appId, new SecurityInfo(ImmutableSet.of(), null)).getPermissions(); - } - - @Override - public void requestPermission(ApplicationId appId, Permission permission) { - - states.computeIf(appId, securityInfo -> (securityInfo == null || securityInfo.getState() != POLICY_VIOLATED), - (id, securityInfo) -> new SecurityInfo(securityInfo.getPermissions(), POLICY_VIOLATED)); - violations.compute(appId, (k, v) -> v == null ? Sets.newHashSet(permission) : addAndGet(v, permission)); - } - - private Set<Permission> addAndGet(Set<Permission> oldSet, Permission newPerm) { - oldSet.add(newPerm); - return oldSet; - } - - @Override - public boolean isSecured(ApplicationId appId) { - SecurityInfo info = states.get(appId).value(); - return info == null ? false : info.getState().equals(SECURED); - } - - @Override - public void reviewPolicy(ApplicationId appId) { - Application app = applicationAdminService.getApplication(appId); - if (app == null) { - log.warn("Unknown Application"); - return; - } - states.computeIfPresent(appId, (applicationId, securityInfo) -> { - if (securityInfo.getState().equals(INSTALLED)) { - return new SecurityInfo(ImmutableSet.of(), REVIEWED); - } - return securityInfo; - }); - } - - @Override - public void acceptPolicy(ApplicationId appId, Set<Permission> permissionSet) { - - Application app = applicationAdminService.getApplication(appId); - if (app == null) { - log.warn("Unknown Application"); - return; - } - - states.computeIf(appId, - securityInfo -> (securityInfo != null), - (id, securityInfo) -> { - switch (securityInfo.getState()) { - case POLICY_VIOLATED: - System.out.println( - "This application has violated the security policy. Please uninstall."); - return securityInfo; - case SECURED: - System.out.println( - "The policy has been accepted already. To review policy, review [app.name]"); - return securityInfo; - case INSTALLED: - System.out.println("Please review the security policy prior to accept them"); - log.warn("Application has not been reviewed"); - return securityInfo; - case REVIEWED: - return new SecurityInfo(permissionSet, SECURED); - default: - return securityInfo; - } - }); - } - - private final class SecurityStateListener - implements MapEventListener<ApplicationId, SecurityInfo> { - - @Override - public void event(MapEvent<ApplicationId, SecurityInfo> event) { - - if (delegate == null) { - return; - } - ApplicationId appId = event.key(); - SecurityInfo info = event.value().value(); - - if (event.type() == MapEvent.Type.INSERT || event.type() == MapEvent.Type.UPDATE) { - switch (info.getState()) { - case POLICY_VIOLATED: - notifyDelegate(new SecurityModeEvent(SecurityModeEvent.Type.POLICY_VIOLATED, appId)); - break; - case SECURED: - notifyDelegate(new SecurityModeEvent(SecurityModeEvent.Type.POLICY_ACCEPTED, appId)); - default: - break; - } - } else if (event.type() == MapEvent.Type.REMOVE) { - removeAppFromDirectories(appId); - } - } - } - - private void removeAppFromDirectories(ApplicationId appId) { - for (String location : localAppBundleDirectory.get(appId)) { - localBundleAppDirectory.get(location).remove(appId); - } - violations.remove(appId); - states.remove(appId); - localAppBundleDirectory.remove(appId); - } - - @Override - public boolean registerApplication(ApplicationId appId) { - Application app = applicationAdminService.getApplication(appId); - if (app == null) { - log.warn("Unknown application."); - return false; - } - localAppBundleDirectory.put(appId, getBundleLocations(app)); - for (String location : localAppBundleDirectory.get(appId)) { - if (!localBundleAppDirectory.containsKey(location)) { - localBundleAppDirectory.put(location, new HashSet<>()); - } - if (!localBundleAppDirectory.get(location).contains(appId)) { - localBundleAppDirectory.get(location).add(appId); - } - } - states.put(appId, new SecurityInfo(Sets.newHashSet(), INSTALLED)); - return true; - } - - @Override - public void unregisterApplication(ApplicationId appId) { - if (localAppBundleDirectory.containsKey(appId)) { - for (String location : localAppBundleDirectory.get(appId)) { - if (localBundleAppDirectory.get(location).size() == 1) { - localBundleAppDirectory.remove(location); - } else { - localBundleAppDirectory.get(location).remove(appId); - } - } - localAppBundleDirectory.remove(appId); - } - } - - @Override - public SecurityModeState getState(ApplicationId appId) { - return states.asJavaMap().getOrDefault(appId, new SecurityInfo(null, null)).getState(); - } - - private Set<String> getBundleLocations(Application app) { - Set<String> locations = new HashSet<>(); - for (String name : app.features()) { - try { - Feature feature = featuresService.getFeature(name); - locations.addAll( - feature.getBundles().stream().map(BundleInfo::getLocation).collect(Collectors.toList())); - } catch (Exception e) { - return locations; - } - } - return locations; - } - - @Override - public void setDelegate(SecurityModeStoreDelegate delegate) { - super.setDelegate(delegate); - } - - @Override - public void unsetDelegate(SecurityModeStoreDelegate delegate) { - super.setDelegate(delegate); - } -}
\ No newline at end of file diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityInfo.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityInfo.java deleted file mode 100644 index 4dcb7dae..00000000 --- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityInfo.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright 2015 Open Networking Laboratory - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.onosproject.security.store; - -import org.onosproject.security.Permission; - -import java.util.Set; - -/** - * Security-Mode ONOS security policy and state representation for distributed store. - */ -public class SecurityInfo { - - protected Set<Permission> grantedPermissions; - protected SecurityModeState state; - - public SecurityInfo(Set<Permission> perms, SecurityModeState state) { - this.grantedPermissions = perms; - this.state = state; - } - public Set<Permission> getPermissions() { - return grantedPermissions; - } - public SecurityModeState getState() { - return state; - } -} diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeEvent.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeEvent.java deleted file mode 100644 index 59da67b5..00000000 --- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeEvent.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright 2015 Open Networking Laboratory - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.onosproject.security.store; - -import org.onosproject.core.ApplicationId; -import org.onosproject.event.AbstractEvent; - -/** - * Security-Mode ONOS notifications. - */ -public class SecurityModeEvent extends AbstractEvent<SecurityModeEvent.Type, ApplicationId> { - - protected SecurityModeEvent(Type type, ApplicationId subject) { - super(type, subject); - } - - public enum Type { - - /** - * Signifies that security policy has been accepted. - */ - POLICY_ACCEPTED, - - /** - * Signifies that security policy has been reviewed. - */ - POLICY_REVIEWED, - - /** - * Signifies that application has violated security policy. - */ - POLICY_VIOLATED, - } -} diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeListener.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeListener.java deleted file mode 100644 index 2745e0c0..00000000 --- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeListener.java +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright 2015 Open Networking Laboratory - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.onosproject.security.store; - -import org.onosproject.event.EventListener; - -/** - * Security-Mode ONOS event listener. - */ -public interface SecurityModeListener extends EventListener<SecurityModeEvent> { -} diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeState.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeState.java deleted file mode 100644 index 999c5f9f..00000000 --- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeState.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 2015 Open Networking Laboratory - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.onosproject.security.store; - -/** - * Representation of Security-Mode ONOS application review state. - */ -public enum SecurityModeState { - - /** - * Indicates that operator has accepted application security policy. - */ - SECURED, - - /** - * Indicates that application security policy has been reviewed. - */ - REVIEWED, - - /** - * Indicates that application has been installed. - */ - INSTALLED, - - /** - * Indicates that application has violated security policy. - */ - POLICY_VIOLATED, -} diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeStore.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeStore.java deleted file mode 100644 index 7e6b6533..00000000 --- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeStore.java +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright 2015 Open Networking Laboratory - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.onosproject.security.store; - -import org.onosproject.core.ApplicationId; -import org.onosproject.security.Permission; -import org.onosproject.store.Store; - -import java.util.Set; - -/** - * Security-Mode ONOS distributed store service. - */ -public interface SecurityModeStore extends Store<SecurityModeEvent, SecurityModeStoreDelegate> { - - /** - * Updates the local bundle-application directories. - * @param appId application identifier - * @return true if successfully registered. - */ - boolean registerApplication(ApplicationId appId); - - /** - * Removes application info from the local bundle-application directories. - * @param appId application identifier - */ - void unregisterApplication(ApplicationId appId); - - /** - * Returns state of the specified application. - * @param appId application identifier - * @return Security-Mode State of application - */ - SecurityModeState getState(ApplicationId appId); - - /** - * Returns bundle locations of specified application. - * @param appId application identifier - * @return set of bundle location strings - */ - Set<String> getBundleLocations(ApplicationId appId); - - /** - * Returns application identifiers that are associated with given bundle location. - * @param location OSGi bundle location - * @return set of application identifiers - */ - Set<ApplicationId> getApplicationIds(String location); - - /** - * Returns a list of permissions that have been requested by given application. - * @param appId application identifier - * @return list of permissions - */ - Set<Permission> getRequestedPermissions(ApplicationId appId); - - /** - * Returns an array of permissions that have been granted to given application. - * @param appId application identifier - * @return array of permissionInfo - */ - Set<Permission> getGrantedPermissions(ApplicationId appId); - - /** - * Request permission that is required to run given application. - * @param appId application identifier - * @param permission permission - */ - void requestPermission(ApplicationId appId, Permission permission); - - /** - * Returns true if given application has been secured. - * @param appId application identifier - * @return true indicates secured - */ - boolean isSecured(ApplicationId appId); - - /** - * Notifies SM-ONOS that operator has reviewed the policy. - * @param appId application identifier - */ - void reviewPolicy(ApplicationId appId); - - /** - * Accept the current security policy of given application. - * @param appId application identifier - * @param permissionSet array of PermissionInfo - */ - void acceptPolicy(ApplicationId appId, Set<Permission> permissionSet); -}
\ No newline at end of file diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeStoreDelegate.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeStoreDelegate.java deleted file mode 100644 index d933a148..00000000 --- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/SecurityModeStoreDelegate.java +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright 2015 Open Networking Laboratory - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.onosproject.security.store; - -import org.onosproject.store.StoreDelegate; - -/** - * Security-Mode distributed store delegate abstraction. - */ -public interface SecurityModeStoreDelegate extends StoreDelegate<SecurityModeEvent> { -} diff --git a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/package-info.java b/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/package-info.java deleted file mode 100644 index a47f8eaf..00000000 --- a/framework/src/onos/core/security/src/main/java/org/onosproject/security/store/package-info.java +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright 2015 Open Networking Laboratory - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Security-Mode ONOS distributed store. - */ -package org.onosproject.security.store; |