ONOS-1993 Implement API-level permission checking + security util code location replacement

Change-Id: I7bf20eda9c12ed2a44334504333b093057764cd2
diff --git a/core/api/src/main/java/org/onosproject/net/packet/DefaultPacketContext.java b/core/api/src/main/java/org/onosproject/net/packet/DefaultPacketContext.java
index ffea2d8..b227b92 100644
--- a/core/api/src/main/java/org/onosproject/net/packet/DefaultPacketContext.java
+++ b/core/api/src/main/java/org/onosproject/net/packet/DefaultPacketContext.java
@@ -15,12 +15,16 @@
  */
 package org.onosproject.net.packet;
 
+import org.onosproject.core.Permission;
 import org.onosproject.net.flow.DefaultTrafficTreatment;
 import org.onosproject.net.flow.TrafficTreatment;
 import org.onosproject.net.flow.TrafficTreatment.Builder;
 
 import java.util.concurrent.atomic.AtomicBoolean;
 
+import static org.onosproject.security.AppGuard.checkPermission;
+
+
 /**
  * Default implementation of a packet context.
  */
@@ -53,21 +57,29 @@
 
     @Override
     public long time() {
+        checkPermission(Permission.PACKET_READ);
+
         return time;
     }
 
     @Override
     public InboundPacket inPacket() {
+        checkPermission(Permission.PACKET_READ);
+
         return inPkt;
     }
 
     @Override
     public OutboundPacket outPacket() {
+        checkPermission(Permission.PACKET_READ);
+
         return outPkt;
     }
 
     @Override
     public Builder treatmentBuilder() {
+        checkPermission(Permission.PACKET_READ);
+
         return builder;
     }
 
@@ -76,11 +88,15 @@
 
     @Override
     public boolean block() {
+        checkPermission(Permission.PACKET_WRITE);
+
         return this.block.getAndSet(true);
     }
 
     @Override
     public boolean isHandled() {
+        checkPermission(Permission.PACKET_READ);
+
         return this.block.get();
     }
-}
+}
\ No newline at end of file
diff --git a/core/api/src/main/java/org/onosproject/security/AppGuard.java b/core/api/src/main/java/org/onosproject/security/AppGuard.java
new file mode 100644
index 0000000..d3cc423
--- /dev/null
+++ b/core/api/src/main/java/org/onosproject/security/AppGuard.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2015 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security;
+
+import org.onosproject.core.Permission;
+
+/**
+ * Aids SM-ONOS to perform API-level permission checking.
+ */
+public final class AppGuard {
+
+    private AppGuard() {
+    }
+
+    /**
+     * Checks if the caller has the required permission only when security-mode is enabled.
+     * @param permission permission to be checked
+     */
+    public static void checkPermission(Permission permission) {
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            System.getSecurityManager().checkPermission(new AppPermission(permission.name()));
+        }
+    }
+}
diff --git a/core/api/src/main/java/org/onosproject/security/AppPermission.java b/core/api/src/main/java/org/onosproject/security/AppPermission.java
new file mode 100644
index 0000000..e5f8fa2
--- /dev/null
+++ b/core/api/src/main/java/org/onosproject/security/AppPermission.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2015 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security;
+
+import java.security.BasicPermission;
+
+/**
+ * Implementation of API access permission.
+ */
+public class AppPermission extends BasicPermission {
+
+    /**
+     * Creates new application permission using the supplied data.
+     * @param name permission name
+     */
+    public AppPermission(String name) {
+        super(name.toUpperCase(), "");
+    }
+
+    /**
+     * Creates new application permission using the supplied data.
+     * @param name permission name
+     * @param actions permission action
+     */
+    public AppPermission(String name, String actions) {
+        super(name.toUpperCase(), actions);
+    }
+
+}