ONOS-1993 Implement API-level permission checking + security util code location replacement Change-Id: I7bf20eda9c12ed2a44334504333b093057764cd2

commit: 541ef71e6c20aa008ce4facb5a70a4d2bce83284 [log] [tgz]
author: Changhoon Yoon <chyoon87@kaist.ac.kr> Sat May 23 17:18:34 2015 +0900
committer: Gerrit Code Review <gerrit@onlab.us> Thu May 28 07:06:12 2015 +0000
tree: 778b459d5545f2f0dcd522af1760723a4f49191c
parent: 52c98bd074ef2c52eb59fdc91a07b353eb6451a5 [diff] [blame]
diff --git a/core/net/src/main/java/org/onosproject/net/packet/impl/PacketManager.java b/core/net/src/main/java/org/onosproject/net/packet/impl/PacketManager.java
index 27763f9..26c4102 100644
--- a/core/net/src/main/java/org/onosproject/net/packet/impl/PacketManager.java
+++ b/core/net/src/main/java/org/onosproject/net/packet/impl/PacketManager.java

@@ -23,6 +23,7 @@
 import org.apache.felix.scr.annotations.Service;
 import org.onosproject.core.ApplicationId;
 import org.onosproject.core.CoreService;
+import org.onosproject.core.Permission;
 import org.onosproject.net.Device;
 import org.onosproject.net.device.DeviceEvent;
 import org.onosproject.net.device.DeviceListener;
@@ -60,6 +61,8 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 import static org.slf4j.LoggerFactory.getLogger;
+import static org.onosproject.security.AppGuard.checkPermission;
+
 
 /**
  * Provides a basic implementation of the packet SB &amp; NB APIs.
@@ -113,12 +116,16 @@
 
     @Override
     public void addProcessor(PacketProcessor processor, int priority) {
+        checkPermission(Permission.PACKET_EVENT);
+
         checkNotNull(processor, "Processor cannot be null");
         processors.put(priority, processor);
     }
 
     @Override
     public void removeProcessor(PacketProcessor processor) {
+        checkPermission(Permission.PACKET_EVENT);
+
         checkNotNull(processor, "Processor cannot be null");
         processors.values().remove(processor);
     }
@@ -126,6 +133,8 @@
     @Override
     public void requestPackets(TrafficSelector selector, PacketPriority priority,
                                ApplicationId appId) {
+        checkPermission(Permission.PACKET_READ);
+
         checkNotNull(selector, "Selector cannot be null");
         checkNotNull(appId, "Application ID cannot be null");
 
@@ -140,6 +149,8 @@
     @Override
     public void requestPackets(TrafficSelector selector, PacketPriority priority,
                                ApplicationId appId, FlowRule.Type tableType) {
+        checkPermission(Permission.PACKET_READ);
+
         checkNotNull(selector, "Selector cannot be null");
         checkNotNull(appId, "Application ID cannot be null");
         checkNotNull(tableType, "Table Type cannot be null. For requesting packets +"
@@ -205,6 +216,8 @@
 
     @Override
     public void emit(OutboundPacket packet) {
+        checkPermission(Permission.PACKET_WRITE);
+
         checkNotNull(packet, "Packet cannot be null");
 
         store.emit(packet);
commit	541ef71e6c20aa008ce4facb5a70a4d2bce83284	[log] [tgz]
author	Changhoon Yoon <chyoon87@kaist.ac.kr>	Sat May 23 17:18:34 2015 +0900
committer	Gerrit Code Review <gerrit@onlab.us>	Thu May 28 07:06:12 2015 +0000
tree	778b459d5545f2f0dcd522af1760723a4f49191c
parent	52c98bd074ef2c52eb59fdc91a07b353eb6451a5 [diff] [blame]