commit b856b813b5a42f07fc1092781cf0f13e24ea41c0
author Changhoon Yoon <chyoon87@kaist.ac.kr> Mon Aug 10 03:47:19 2015 +0900
committer Gerrit Code Review <gerrit@onlab.us> Fri Sep 04 18:09:49 2015 +0000
tree f0cb556690b04cc5c6d3a21c6b51a8fab76608c4
parent f28207bddfbdfbce2cd775a6361b18c3612ba565

ONOS-1767 SM-ONOS implementation

22a363e ONOS-17767 SM-ONOS impl

Change-Id: Ifca8129f2266bada68af735cf81a1d39f1ec8506

core/security/impl/pom.xml

diff --git a/core/security/impl/pom.xml b/core/security/impl/pom.xml
deleted file mode 100644
index 33791c9..0000000
--- a/core/security/impl/pom.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ Copyright 2015 Open Networking Laboratory
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~     http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <parent>
-        <artifactId>onos-security</artifactId>
-        <groupId>org.onosproject</groupId>
-        <version>1.3.0-SNAPSHOT</version>
-        <relativePath>../pom.xml</relativePath>
-    </parent>
-    <modelVersion>4.0.0</modelVersion>
-    <packaging>bundle</packaging>
-
-    <artifactId>onos-security-impl</artifactId>
-
-    <description>Security-mode ONOS components</description>
-
-    <dependencies>
-        <dependency>
-            <groupId>org.osgi</groupId>
-            <artifactId>org.osgi.core</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.onosproject</groupId>
-            <artifactId>onos-api</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.karaf.features</groupId>
-            <artifactId>org.apache.karaf.features.core</artifactId>
-        </dependency>
-    </dependencies>
-
-</project>
\ No newline at end of file

core/security/impl/src/main/java/org/onosproject/security/impl/PolicyBuilder.java

diff --git a/core/security/impl/src/main/java/org/onosproject/security/impl/PolicyBuilder.java b/core/security/impl/src/main/java/org/onosproject/security/impl/PolicyBuilder.java
deleted file mode 100644
index 3c15e08..0000000
--- a/core/security/impl/src/main/java/org/onosproject/security/impl/PolicyBuilder.java
+++ /dev/null
@@ -1,316 +0,0 @@
-package org.onosproject.security.impl;
-
-
-import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Sets;
-import org.onosproject.core.Permission;
-import org.onosproject.security.AppPermission;
-import org.osgi.service.permissionadmin.PermissionInfo;
-
-import org.onosproject.app.ApplicationAdminService;
-import org.onosproject.app.ApplicationService;
-import org.onosproject.cfg.ComponentConfigService;
-import org.onosproject.cluster.ClusterAdminService;
-import org.onosproject.cluster.ClusterService;
-import org.onosproject.core.CoreService;
-import org.onosproject.cluster.LeadershipService;
-import org.onosproject.mastership.MastershipAdminService;
-import org.onosproject.mastership.MastershipService;
-import org.onosproject.net.device.DeviceAdminService;
-import org.onosproject.net.device.DeviceService;
-import org.onosproject.net.device.DeviceClockService;
-import org.onosproject.net.driver.DriverAdminService;
-import org.onosproject.net.driver.DriverService;
-import org.onosproject.net.flow.FlowRuleService;
-import org.onosproject.net.flowobjective.FlowObjectiveService;
-import org.onosproject.net.group.GroupService;
-import org.onosproject.net.host.HostAdminService;
-import org.onosproject.net.host.HostService;
-import org.onosproject.net.intent.IntentService;
-import org.onosproject.net.intent.IntentExtensionService;
-import org.onosproject.net.intent.IntentClockService;
-import org.onosproject.net.intent.PartitionService;
-import org.onosproject.net.link.LinkAdminService;
-import org.onosproject.net.link.LinkService;
-import org.onosproject.net.packet.PacketService;
-import org.onosproject.net.proxyarp.ProxyArpService;
-import org.onosproject.net.resource.link.LinkResourceService;
-import org.onosproject.net.statistic.StatisticService;
-import org.onosproject.net.topology.PathService;
-import org.onosproject.net.topology.TopologyService;
-import org.onosproject.store.service.StorageAdminService;
-import org.onosproject.store.service.StorageService;
-import org.osgi.framework.ServicePermission;
-import org.osgi.framework.PackagePermission;
-import org.osgi.framework.AdaptPermission;
-
-
-import java.util.Collections;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.stream.Collectors;
-
-public final class PolicyBuilder {
-
-    private PolicyBuilder(){
-    }
-
-    public static PermissionInfo[] getApplicationPermissions(Map<Permission, Set<String>> serviceDirectory,
-                                                             Set<Permission> permissions) {
-        Set<PermissionInfo> permSet = Sets.newHashSet();
-        Collections.addAll(permSet, getDefaultPerms());
-        for (Permission perm : permissions) {
-            permSet.add(new PermissionInfo(AppPermission.class.getName(), perm.name(), ""));
-            permSet.addAll(serviceDirectory.get(perm).stream().map(service -> new PermissionInfo(
-                    ServicePermission.class.getName(), service, ServicePermission.GET)).collect(Collectors.toList()));
-        }
-        PermissionInfo[] permissionInfos = new PermissionInfo[permSet.size()];
-        return permSet.toArray(permissionInfos);
-    }
-
-    public static PermissionInfo[] getAdminApplicationPermissions(Map<Permission, Set<String>> serviceDirectory) {
-        Set<PermissionInfo> permSet = Sets.newHashSet();
-        Collections.addAll(permSet, getDefaultPerms());
-        Collections.addAll(permSet, getAdminDefaultPerms());
-        permSet.addAll(serviceDirectory.keySet().stream().map(perm ->
-                new PermissionInfo(AppPermission.class.getName(), perm.name(), "")).collect(Collectors.toList()));
-        PermissionInfo[] permissionInfos = new PermissionInfo[permSet.size()];
-        return permSet.toArray(permissionInfos);
-    }
-
-    public static PermissionInfo[] getDefaultPerms() {
-        return new PermissionInfo[]{
-                new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.EXPORTONLY),
-                new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.IMPORT),
-                new PermissionInfo(AdaptPermission.class.getName(), "*", AdaptPermission.ADAPT),
-        };
-    }
-    public static PermissionInfo[] getAdminDefaultPerms() {
-        return new PermissionInfo[]{
-                new PermissionInfo(ServicePermission.class.getName(),
-                        ApplicationAdminService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        ClusterAdminService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        MastershipAdminService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        DeviceAdminService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        HostAdminService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        LinkAdminService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        DriverAdminService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        StorageAdminService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        LabelResourceAdminService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        TunnelAdminService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        ApplicationService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        ComponentConfigService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        CoreService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        ClusterService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        LeadershipService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        MastershipService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        DeviceService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        DeviceClockService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        DriverService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        FlowRuleService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        FlowObjectiveService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        GroupService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        HostService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        IntentService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        IntentClockService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        IntentExtensionService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        PartitionService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        LinkService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        LinkResourceService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        LabelResourceService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        PacketService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        ProxyArpService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        StatisticService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        PathService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        TopologyService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        TunnelService.class.getName(), ServicePermission.GET),
-                new PermissionInfo(ServicePermission.class.getName(),
-                        StorageService.class.getName(), ServicePermission.GET),
-        };
-    }
-
-
-    public static Map<Permission, Set<String>> getServiceDirectory() {
-
-        Map<Permission, Set<String>> serviceDirectory = new ConcurrentHashMap<>();
-
-        serviceDirectory.put(Permission.APP_READ, ImmutableSet.of(
-                ApplicationService.class.getName(), CoreService.class.getName()));
-        serviceDirectory.put(Permission.APP_EVENT, ImmutableSet.of(
-                ApplicationService.class.getName(), CoreService.class.getName()));
-        serviceDirectory.put(Permission.CONFIG_READ, ImmutableSet.of(
-                ComponentConfigService.class.getName()));
-        serviceDirectory.put(Permission.CONFIG_WRITE, ImmutableSet.of(
-                ComponentConfigService.class.getName()));
-        serviceDirectory.put(Permission.CLUSTER_READ, ImmutableSet.of(
-                ClusterService.class.getName(), LeadershipService.class.getName(),
-                MastershipService.class.getName()));
-        serviceDirectory.put(Permission.CLUSTER_WRITE, ImmutableSet.of(
-                LeadershipService.class.getName(), MastershipService.class.getName()));
-        serviceDirectory.put(Permission.CLUSTER_EVENT, ImmutableSet.of(
-                ClusterService.class.getName(), LeadershipService.class.getName(),
-                MastershipService.class.getName()));
-        serviceDirectory.put(Permission.DEVICE_READ, ImmutableSet.of(
-                DeviceService.class.getName(), DeviceClockService.class.getName()));
-        serviceDirectory.put(Permission.DEVICE_EVENT, ImmutableSet.of(
-                DeviceService.class.getName()));
-        serviceDirectory.put(Permission.DRIVER_READ, ImmutableSet.of(
-                DriverService.class.getName()));
-        serviceDirectory.put(Permission.DRIVER_WRITE, ImmutableSet.of(
-                DriverService.class.getName()));
-        serviceDirectory.put(Permission.FLOWRULE_READ, ImmutableSet.of(
-                FlowRuleService.class.getName()));
-        serviceDirectory.put(Permission.FLOWRULE_WRITE, ImmutableSet.of(
-                FlowRuleService.class.getName(), FlowObjectiveService.class.getName()));
-        serviceDirectory.put(Permission.FLOWRULE_EVENT, ImmutableSet.of(
-                FlowRuleService.class.getName()));
-        serviceDirectory.put(Permission.GROUP_READ, ImmutableSet.of(
-                GroupService.class.getName()));
-        serviceDirectory.put(Permission.GROUP_WRITE, ImmutableSet.of(
-                GroupService.class.getName()));
-        serviceDirectory.put(Permission.GROUP_EVENT, ImmutableSet.of(
-                GroupService.class.getName()));
-        serviceDirectory.put(Permission.HOST_WRITE, ImmutableSet.of(
-                HostService.class.getName()));
-        serviceDirectory.put(Permission.HOST_EVENT, ImmutableSet.of(
-                HostService.class.getName()));
-        serviceDirectory.put(Permission.INTENT_READ, ImmutableSet.of(
-                IntentService.class.getName(), PartitionService.class.getName(),
-                IntentClockService.class.getName()));
-        serviceDirectory.put(Permission.INTENT_WRITE, ImmutableSet.of(
-                IntentService.class.getName()));
-        serviceDirectory.put(Permission.INTENT_EVENT, ImmutableSet.of(
-                IntentService.class.getName()));
-//        serviceDirectory.put(Permission.LINK_READ, ImmutableSet.of(
-//                LinkService.class.getName(), LinkResourceService.class.getName(),
-//                LabelResourceService.class.getName()));
-//        serviceDirectory.put(Permission.LINK_WRITE, ImmutableSet.of(
-//                LinkResourceService.class.getName(), LabelResourceService.class.getName()));
-//        serviceDirectory.put(Permission.LINK_EVENT, ImmutableSet.of(
-//                LinkService.class.getName(), LinkResourceService.class.getName(),
-//                LabelResourceService.class.getName()));
-        serviceDirectory.put(Permission.PACKET_READ, ImmutableSet.of(
-                PacketService.class.getName(), ProxyArpService.class.getName()));
-        serviceDirectory.put(Permission.PACKET_WRITE, ImmutableSet.of(
-                PacketService.class.getName(), ProxyArpService.class.getName()));
-        serviceDirectory.put(Permission.PACKET_EVENT, ImmutableSet.of(
-                PacketService.class.getName()));
-        serviceDirectory.put(Permission.STATISTIC_READ, ImmutableSet.of(
-                StatisticService.class.getName()));
-        serviceDirectory.put(Permission.TOPOLOGY_READ, ImmutableSet.of(
-                TopologyService.class.getName(), PathService.class.getName()));
-        serviceDirectory.put(Permission.TOPOLOGY_EVENT, ImmutableSet.of(
-                TopologyService.class.getName()));
-//        serviceDirectory.put(Permission.TUNNEL_READ, ImmutableSet.of(
-//                TunnelService.class.getName()));
-//        serviceDirectory.put(Permission.TUNNEL_WRITE, ImmutableSet.of(
-//                TunnelService.class.getName()));
-//        serviceDirectory.put(Permission.TUNNEL_EVENT, ImmutableSet.of(
-//                TunnelService.class.getName()));
-        serviceDirectory.put(Permission.STORAGE_WRITE, ImmutableSet.of(
-                StorageService.class.getName()));
-
-        return serviceDirectory;
-    }
-}
-
-
-//    public static PermissionInfo[] getNonAdminPerms() {
-//        return new PermissionInfo[]{
-//                new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.EXPORTONLY),
-//                new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.IMPORT),
-//                new PermissionInfo(AdaptPermission.class.getName(), "*", AdaptPermission.ADAPT),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        ApplicationService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        ComponentConfigService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        CoreService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        ClusterService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        LeadershipService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        MastershipService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        DeviceService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        DeviceClockService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        DriverService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        FlowRuleService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        FlowObjectiveService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        GroupService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        HostService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        HostClockService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        IntentService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        IntentClockService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        IntentExtensionService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        PartitionService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        LinkService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        LinkResourceService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        LabelResourceService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        PacketService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        ProxyArpService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        StatisticService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        PathService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        TopologyService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        TunnelService.class.getName(), ServicePermission.GET),
-//                new PermissionInfo(ServicePermission.class.getName(),
-//                        StorageService.class.getName(), ServicePermission.GET),
-//        };
-//    }

core/security/impl/src/main/java/org/onosproject/security/impl/SecurityModeManager.java

diff --git a/core/security/impl/src/main/java/org/onosproject/security/impl/SecurityModeManager.java b/core/security/impl/src/main/java/org/onosproject/security/impl/SecurityModeManager.java
deleted file mode 100644
index 021ff00..0000000
--- a/core/security/impl/src/main/java/org/onosproject/security/impl/SecurityModeManager.java
+++ /dev/null
@@ -1,262 +0,0 @@
-package org.onosproject.security.impl;
-
-import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.Reference;
-import org.apache.felix.scr.annotations.ReferenceCardinality;
-import org.apache.felix.scr.annotations.Activate;
-import org.apache.felix.scr.annotations.Deactivate;
-import org.apache.karaf.features.BundleInfo;
-import org.apache.karaf.features.Feature;
-import org.apache.karaf.features.FeaturesService;
-
-import org.onosproject.app.ApplicationAdminService;
-import org.onosproject.app.ApplicationEvent;
-import org.onosproject.app.ApplicationListener;
-import org.onosproject.app.ApplicationState;
-import org.onosproject.core.Application;
-import org.onosproject.core.ApplicationId;
-import org.onosproject.core.Permission;
-import org.onosproject.security.AppPermission;
-import org.osgi.framework.Bundle;
-import org.osgi.framework.BundleContext;
-import org.osgi.framework.BundleEvent;
-import org.osgi.framework.BundleListener;
-import org.osgi.framework.FrameworkUtil;
-import org.osgi.framework.PackagePermission;
-import org.osgi.framework.ServicePermission;
-import org.osgi.service.log.LogEntry;
-import org.osgi.service.log.LogListener;
-import org.osgi.service.log.LogReaderService;
-import org.osgi.service.permissionadmin.PermissionInfo;
-
-import java.security.AccessControlException;
-import java.security.AllPermission;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.stream.Collectors;
-
-import org.osgi.service.permissionadmin.PermissionAdmin;
-import org.slf4j.Logger;
-
-import static org.slf4j.LoggerFactory.getLogger;
-
-/**
- * Security-Mode ONOS management implementation.
- */
-
-//TODO : implement a dedicated distributed store for SM-ONOS
-
-@Component(immediate = true)
-public class SecurityModeManager {
-
-    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
-    protected ApplicationAdminService appAdminService;
-
-    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
-    protected FeaturesService featuresService;
-
-    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
-    protected LogReaderService logReaderService;
-
-    private final Logger log = getLogger(getClass());
-
-    private SecurityBundleListener securityBundleListener = new SecurityBundleListener();
-
-    private SecurityApplicationListener securityApplicationListener = new SecurityApplicationListener();
-
-    private SecurityLogListener securityLogListener = new SecurityLogListener();
-
-    private Bundle bundle = null;
-
-    private BundleContext bundleContext = null;
-
-    private PermissionAdmin permissionAdmin = null;
-
-    private Map<String, ApplicationId> appTracker = null;
-
-    private Map<Permission, Set<String>> serviceDirectory = null;
-
-
-    @Activate
-    public void activate() {
-        if (System.getSecurityManager() == null) {
-            log.warn("J2EE security manager is disabled.");
-            deactivate();
-            return;
-        }
-        bundle = FrameworkUtil.getBundle(this.getClass());
-        bundleContext = bundle.getBundleContext();
-
-        bundleContext.addBundleListener(securityBundleListener);
-        appAdminService.addListener(securityApplicationListener);
-        logReaderService.addLogListener(securityLogListener);
-        appTracker = new ConcurrentHashMap<>();
-
-        permissionAdmin = getPermissionAdmin(bundleContext);
-        if (permissionAdmin == null) {
-            log.warn("Permission Admin not found.");
-            this.deactivate();
-            return;
-        }
-
-        serviceDirectory = PolicyBuilder.getServiceDirectory();
-
-        PermissionInfo[] allPerm = {
-                new PermissionInfo(AllPermission.class.getName(), "", ""), };
-
-        permissionAdmin.setPermissions(bundle.getLocation(), allPerm);
-        log.warn("Security-Mode Started");
-    }
-
-
-    @Deactivate
-    public void deactivate() {
-        bundleContext.removeBundleListener(securityBundleListener);
-        appAdminService.removeListener(securityApplicationListener);
-        logReaderService.removeLogListener(securityLogListener);
-        log.info("Stopped");
-
-    }
-
-    private class SecurityApplicationListener implements ApplicationListener {
-
-        @Override
-        public void event(ApplicationEvent event) {
-            //App needs to be restarted
-            if (event.type() == ApplicationEvent.Type.APP_PERMISSIONS_CHANGED) {
-                if (appAdminService.getState(event.subject().id()) == ApplicationState.ACTIVE) {
-                    appAdminService.deactivate(event.subject().id());
-                    print("Permissions updated (%s). Deactivating...",
-                            event.subject().id().name());
-                }
-            }
-        }
-    }
-
-    private class SecurityBundleListener implements BundleListener {
-
-        @Override
-        public void bundleChanged(BundleEvent event) {
-            switch (event.getType()) {
-                case BundleEvent.INSTALLED:
-                    setPermissions(event);
-                    break;
-                case BundleEvent.UNINSTALLED:
-                    clearPermissions(event);
-                    break;
-                default:
-                    break;
-            }
-        }
-    }
-
-    private void clearPermissions(BundleEvent bundleEvent) {
-        if (appTracker.containsKey(bundleEvent.getBundle().getLocation())) {
-            permissionAdmin.setPermissions(bundleEvent.getBundle().getLocation(), new PermissionInfo[]{});
-            appTracker.remove(bundleEvent.getBundle().getLocation());
-        }
-    }
-
-    // find the location of the installed bundle and enforce policy
-    private void setPermissions(BundleEvent bundleEvent) {
-        for (Application app : appAdminService.getApplications()) {
-            if (getBundleLocations(app).contains(bundleEvent.getBundle().getLocation())) {
-                String location = bundleEvent.getBundle().getLocation();
-
-                Set<org.onosproject.core.Permission> permissions =
-                        appAdminService.getPermissions(app.id());
-
-                //Permissions granted by user overrides the permissions specified in App.Xml file
-                if (permissions == null) {
-                    permissions = app.permissions();
-                }
-
-                if (permissions.isEmpty()) {
-                    print("Application %s has not been granted any permission.", app.id().name());
-                }
-
-                PermissionInfo[] perms = null;
-
-                switch (app.role()) {
-                    case ADMIN:
-                        perms = PolicyBuilder.getAdminApplicationPermissions(serviceDirectory);
-                        break;
-                    case REGULAR:
-                        perms = PolicyBuilder.getApplicationPermissions(serviceDirectory, permissions);
-                        break;
-                    case UNSPECIFIED:
-                    default:
-                        //no role has been assigned.
-                        perms = PolicyBuilder.getDefaultPerms();
-                        log.warn("Application %s has no role assigned.", app.id().name());
-                        break;
-                }
-                permissionAdmin.setPermissions(location, perms);
-                appTracker.put(location, app.id());
-                break;
-            }
-        }
-    }
-
-    //TODO: dispatch security policy violation event via distributed store
-    //immediately notify and deactivate the application upon policy violation
-    private class SecurityLogListener implements LogListener {
-        @Override
-        public void logged(LogEntry entry) {
-            if (entry != null) {
-                if (entry.getException() != null) {
-                    ApplicationId applicationId = appTracker.get(entry.getBundle().getLocation());
-                    if (applicationId != null) {
-                        if (appAdminService.getState(applicationId).equals(ApplicationState.ACTIVE)) {
-                            if (entry.getException() instanceof AccessControlException) {
-                                java.security.Permission permission =
-                                        ((AccessControlException) entry.getException()).getPermission();
-                                handleException(applicationId.name(), permission);
-                                appAdminService.deactivate(applicationId);
-                            }
-                        }
-                    }
-                }
-            }
-        }
-    }
-
-    private void handleException(String name, java.security.Permission perm) {
-        if (perm instanceof ServicePermission || perm instanceof PackagePermission) {
-            print("%s has attempted to %s %s.", name, perm.getActions(), perm.getName());
-        } else if (perm instanceof AppPermission) {
-            print("%s has attempted to call an NB API that requires %s permission.",
-                    name, perm.getName().toUpperCase());
-        } else {
-            print("%s has attempted to perform an action that requires %s", name, perm.toString());
-        }
-        print("POLICY VIOLATION: Deactivating %s.", name);
-
-    }
-    private void print(String format, Object... args) {
-        System.out.println(String.format("SM-ONOS: " + format, args));
-        log.warn(String.format(format, args));
-    }
-
-    private List<String> getBundleLocations(Application app) {
-        List<String> locations = new ArrayList();
-        for (String name : app.features()) {
-            try {
-                Feature feature = featuresService.getFeature(name);
-                locations.addAll(
-                        feature.getBundles().stream().map(BundleInfo::getLocation).collect(Collectors.toList()));
-            } catch (Exception e) {
-                return locations;
-            }
-        }
-        return locations;
-    }
-
-    private PermissionAdmin getPermissionAdmin(BundleContext context) {
-        return (PermissionAdmin) context.getService(context.getServiceReference(PermissionAdmin.class.getName()));
-    }
-
-}

core/security/pom.xml

diff --git a/core/security/pom.xml b/core/security/pom.xml
index 852e166..eb1e4bc 100644
--- a/core/security/pom.xml
+++ b/core/security/pom.xml
@@ -12,10 +12,46 @@
     </parent>
 
     <artifactId>onos-security</artifactId>
-    <packaging>pom</packaging>
-    <modules>
-        <module>impl</module>
-    </modules>
+    <packaging>bundle</packaging>
 
-    <description>Security-mode ONOS project root</description>
+
+    <description>Security-Mode ONOS project</description>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.osgi</groupId>
+            <artifactId>org.osgi.core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.osgi</groupId>
+            <artifactId>org.osgi.compendium</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.felix</groupId>
+            <artifactId>org.apache.felix.scr.annotations</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.onosproject</groupId>
+            <artifactId>onos-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.onosproject</groupId>
+            <artifactId>onos-core-serializers</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.karaf.features</groupId>
+            <artifactId>org.apache.karaf.features.core</artifactId>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-scr-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
 </project>
\ No newline at end of file

core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java

diff --git a/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java b/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java
new file mode 100644
index 0000000..8ae1a1a
--- /dev/null
+++ b/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java
@@ -0,0 +1,433 @@
+package org.onosproject.security.impl;
+
+
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
+import org.onosproject.security.AppPermission;
+import org.onosproject.app.ApplicationAdminService;
+import org.onosproject.app.ApplicationService;
+import org.onosproject.cfg.ComponentConfigService;
+import org.onosproject.cluster.ClusterAdminService;
+import org.onosproject.cluster.ClusterService;
+import org.onosproject.core.CoreService;
+import org.onosproject.cluster.LeadershipService;
+import org.onosproject.mastership.MastershipAdminService;
+import org.onosproject.mastership.MastershipService;
+import org.onosproject.net.device.DeviceAdminService;
+import org.onosproject.net.device.DeviceService;
+import org.onosproject.net.device.DeviceClockService;
+import org.onosproject.net.driver.DriverAdminService;
+import org.onosproject.net.driver.DriverService;
+import org.onosproject.net.flow.FlowRuleService;
+import org.onosproject.net.flowobjective.FlowObjectiveService;
+import org.onosproject.net.group.GroupService;
+import org.onosproject.net.host.HostAdminService;
+import org.onosproject.net.host.HostService;
+import org.onosproject.net.intent.IntentService;
+import org.onosproject.net.intent.IntentExtensionService;
+import org.onosproject.net.intent.IntentClockService;
+import org.onosproject.net.intent.PartitionService;
+import org.onosproject.net.link.LinkAdminService;
+import org.onosproject.net.link.LinkService;
+import org.onosproject.net.packet.PacketService;
+import org.onosproject.net.proxyarp.ProxyArpService;
+import org.onosproject.net.resource.link.LinkResourceService;
+import org.onosproject.net.statistic.StatisticService;
+import org.onosproject.net.topology.PathService;
+import org.onosproject.net.topology.TopologyService;
+import org.onosproject.security.SecurityAdminService;
+import org.onosproject.store.service.StorageAdminService;
+import org.onosproject.store.service.StorageService;
+import org.osgi.framework.BundlePermission;
+import org.osgi.framework.CapabilityPermission;
+import org.osgi.framework.ServicePermission;
+import org.osgi.framework.PackagePermission;
+import org.osgi.framework.AdaptPermission;
+import org.osgi.service.cm.ConfigurationPermission;
+
+import javax.net.ssl.SSLPermission;
+import javax.security.auth.AuthPermission;
+import javax.security.auth.PrivateCredentialPermission;
+import javax.security.auth.kerberos.DelegationPermission;
+import javax.sound.sampled.AudioPermission;
+import java.io.FilePermission;
+import java.io.SerializablePermission;
+import java.net.NetPermission;
+import java.net.SocketPermission;
+import java.security.Permissions;
+import java.sql.SQLPermission;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.List;
+import java.util.PropertyPermission;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.security.Permission;
+import java.util.logging.LoggingPermission;
+
+import static org.onosproject.security.AppPermission.Type.*;
+
+public final class DefaultPolicyBuilder {
+
+    protected static ConcurrentHashMap<AppPermission.Type,
+            Set<String>> serviceDirectory = getServiceDirectory();
+
+    protected static List<Permission> defaultPermissions = getDefaultPerms();
+    protected static List<Permission> adminServicePermissions = getAdminDefaultPerms();
+
+    private DefaultPolicyBuilder(){
+    }
+
+    public static List<Permission> getUserApplicationPermissions(Set<org.onosproject.security.Permission> permissions) {
+        List<Permission> perms = Lists.newArrayList();
+        perms.addAll(defaultPermissions);
+        perms.addAll(convertToJavaPermissions(permissions));
+        return optimizePermissions(perms);
+    }
+
+    public static List<Permission> getAdminApplicationPermissions(
+            Set<org.onosproject.security.Permission> permissions) {
+        List<Permission> perms = Lists.newArrayList();
+        perms.addAll(defaultPermissions);
+        perms.addAll(adminServicePermissions);
+        for (AppPermission.Type perm : serviceDirectory.keySet()) {
+            perms.add(new AppPermission(perm));
+        }
+        perms.addAll(convertToJavaPermissions(permissions));
+        return optimizePermissions(perms);
+    }
+
+    public static List<Permission> convertToJavaPermissions(Set<org.onosproject.security.Permission> permissions) {
+        List<Permission> result = Lists.newArrayList();
+        for (org.onosproject.security.Permission perm : permissions) {
+            Permission javaPerm = getPermission(perm);
+            if (javaPerm != null) {
+                if (javaPerm instanceof AppPermission) {
+                    if (((AppPermission) javaPerm).getType() != null) {
+                        AppPermission ap = (AppPermission) javaPerm;
+                        result.add(ap);
+                        if (serviceDirectory.containsKey(ap.getType())) {
+                            for (String service : serviceDirectory.get(ap.getType())) {
+                                result.add(new ServicePermission(service, ServicePermission.GET));
+                            }
+                        }
+                    }
+                } else if (javaPerm instanceof ServicePermission) {
+                    if (!javaPerm.getName().contains(SecurityAdminService.class.getName())) {
+                        result.add(javaPerm);
+                    }
+                } else {
+                    result.add(javaPerm);
+                }
+
+            }
+        }
+        return result;
+    }
+
+    public static Set<org.onosproject.security.Permission> convertToOnosPermissions(List<Permission> permissions) {
+        Set<org.onosproject.security.Permission> result = Sets.newHashSet();
+        for (Permission perm : permissions) {
+            org.onosproject.security.Permission onosPerm = getOnosPermission(perm);
+            if (onosPerm != null) {
+                result.add(onosPerm);
+            }
+        }
+        return result;
+    }
+
+    public static List<Permission> getDefaultPerms() {
+        List<Permission> permSet = Lists.newArrayList();
+        permSet.add(new PackagePermission("*", PackagePermission.EXPORTONLY));
+        permSet.add(new PackagePermission("*", PackagePermission.IMPORT));
+        permSet.add(new AdaptPermission("*", AdaptPermission.ADAPT));
+        permSet.add(new ConfigurationPermission("*", ConfigurationPermission.CONFIGURE));
+        return permSet;
+    }
+
+    private static List<Permission> getAdminDefaultPerms() {
+        List<Permission> permSet = Lists.newArrayList();
+        permSet.add(new ServicePermission(ApplicationAdminService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(ClusterAdminService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(MastershipAdminService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(DeviceAdminService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(HostAdminService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(LinkAdminService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(DriverAdminService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(StorageAdminService.class.getName(), ServicePermission.GET));
+//      permSet.add(new ServicePermission(LabelResourceAdminService.class.getName(), ServicePermission.GET));
+//      permSet.add(new ServicePermission(TunnelAdminService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(ApplicationService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(ComponentConfigService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(CoreService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(ClusterService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(LeadershipService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(MastershipService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(DeviceService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(DeviceClockService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(DriverService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(FlowRuleService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(FlowObjectiveService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(GroupService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(HostService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(IntentService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(IntentClockService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(IntentExtensionService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(PartitionService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(LinkService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(LinkResourceService.class.getName(), ServicePermission.GET));
+//      permSet.add(new ServicePermission(LabelResourceService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(PacketService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(ProxyArpService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(StatisticService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(PathService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(TopologyService.class.getName(), ServicePermission.GET));
+//      permSet.add(new ServicePermission(TunnelService.class.getName(), ServicePermission.GET));
+        permSet.add(new ServicePermission(StorageService.class.getName(), ServicePermission.GET));
+        return permSet;
+    }
+
+    public static Set<String> getNBServiceList() {
+        Set<String> permString = new HashSet<>();
+        for (Permission perm : getAdminDefaultPerms()) {
+            permString.add(perm.getName());
+        }
+        return permString;
+    }
+
+    private static ConcurrentHashMap<AppPermission.Type, Set<String>> getServiceDirectory() {
+
+        ConcurrentHashMap<AppPermission.Type, Set<String>> serviceDirectory = new ConcurrentHashMap<>();
+
+        serviceDirectory.put(APP_READ, ImmutableSet.of(
+                ApplicationService.class.getName(), CoreService.class.getName()));
+        serviceDirectory.put(APP_EVENT, ImmutableSet.of(
+                ApplicationService.class.getName(), CoreService.class.getName()));
+        serviceDirectory.put(CONFIG_READ, ImmutableSet.of(
+                ComponentConfigService.class.getName()));
+        serviceDirectory.put(CONFIG_WRITE, ImmutableSet.of(
+                ComponentConfigService.class.getName()));
+        serviceDirectory.put(CLUSTER_READ, ImmutableSet.of(
+                ClusterService.class.getName(), LeadershipService.class.getName(),
+                MastershipService.class.getName()));
+        serviceDirectory.put(CLUSTER_WRITE, ImmutableSet.of(
+                LeadershipService.class.getName(), MastershipService.class.getName()));
+        serviceDirectory.put(CLUSTER_EVENT, ImmutableSet.of(
+                ClusterService.class.getName(), LeadershipService.class.getName(),
+                MastershipService.class.getName()));
+        serviceDirectory.put(DEVICE_READ, ImmutableSet.of(
+                DeviceService.class.getName(), DeviceClockService.class.getName()));
+        serviceDirectory.put(DEVICE_EVENT, ImmutableSet.of(
+                DeviceService.class.getName()));
+        serviceDirectory.put(DRIVER_READ, ImmutableSet.of(
+                DriverService.class.getName()));
+        serviceDirectory.put(DRIVER_WRITE, ImmutableSet.of(
+                DriverService.class.getName()));
+        serviceDirectory.put(FLOWRULE_READ, ImmutableSet.of(
+                FlowRuleService.class.getName()));
+        serviceDirectory.put(FLOWRULE_WRITE, ImmutableSet.of(
+                FlowRuleService.class.getName(), FlowObjectiveService.class.getName()));
+        serviceDirectory.put(FLOWRULE_EVENT, ImmutableSet.of(
+                FlowRuleService.class.getName()));
+        serviceDirectory.put(GROUP_READ, ImmutableSet.of(
+                GroupService.class.getName()));
+        serviceDirectory.put(GROUP_WRITE, ImmutableSet.of(
+                GroupService.class.getName()));
+        serviceDirectory.put(GROUP_EVENT, ImmutableSet.of(
+                GroupService.class.getName()));
+        serviceDirectory.put(HOST_READ, ImmutableSet.of(
+                HostService.class.getName()));
+        serviceDirectory.put(HOST_WRITE, ImmutableSet.of(
+                HostService.class.getName()));
+        serviceDirectory.put(HOST_EVENT, ImmutableSet.of(
+                HostService.class.getName()));
+        serviceDirectory.put(INTENT_READ, ImmutableSet.of(
+                IntentService.class.getName(), PartitionService.class.getName(),
+                IntentClockService.class.getName()));
+        serviceDirectory.put(INTENT_WRITE, ImmutableSet.of(
+                IntentService.class.getName()));
+        serviceDirectory.put(INTENT_EVENT, ImmutableSet.of(
+                IntentService.class.getName()));
+//        serviceDirectory.put(LINK_READ, ImmutableSet.of(
+//                LinkService.class.getName(), LinkResourceService.class.getName(),
+//                LabelResourceService.class.getName()));
+//        serviceDirectory.put(LINK_WRITE, ImmutableSet.of(
+//                LinkResourceService.class.getName(), LabelResourceService.class.getName()));
+//        serviceDirectory.put(LINK_EVENT, ImmutableSet.of(
+//                LinkService.class.getName(), LinkResourceService.class.getName(),
+//                LabelResourceService.class.getName()));
+        serviceDirectory.put(PACKET_READ, ImmutableSet.of(
+                PacketService.class.getName(), ProxyArpService.class.getName()));
+        serviceDirectory.put(PACKET_WRITE, ImmutableSet.of(
+                PacketService.class.getName(), ProxyArpService.class.getName()));
+        serviceDirectory.put(PACKET_EVENT, ImmutableSet.of(
+                PacketService.class.getName()));
+        serviceDirectory.put(STATISTIC_READ, ImmutableSet.of(
+                StatisticService.class.getName()));
+        serviceDirectory.put(TOPOLOGY_READ, ImmutableSet.of(
+                TopologyService.class.getName(), PathService.class.getName()));
+        serviceDirectory.put(TOPOLOGY_EVENT, ImmutableSet.of(
+                TopologyService.class.getName()));
+//        serviceDirectory.put(TUNNEL_READ, ImmutableSet.of(
+//                TunnelService.class.getName()));
+//        serviceDirectory.put(TUNNEL_WRITE, ImmutableSet.of(
+//                TunnelService.class.getName()));
+//        serviceDirectory.put(TUNNEL_EVENT, ImmutableSet.of(
+//                TunnelService.class.getName()));
+        serviceDirectory.put(STORAGE_WRITE, ImmutableSet.of(
+                StorageService.class.getName()));
+
+        return serviceDirectory;
+    }
+
+
+    public static org.onosproject.security.Permission getOnosPermission(Permission permission) {
+        if (permission instanceof AppPermission) {
+            return new org.onosproject.security.Permission(AppPermission.class.getName(), permission.getName(), "");
+        } else if (permission instanceof FilePermission) {
+            return new org.onosproject.security.Permission(
+                    FilePermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof SerializablePermission) {
+            return new org.onosproject.security.Permission(
+                    SerializablePermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof NetPermission) {
+            return new org.onosproject.security.Permission(
+                    NetPermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof RuntimePermission) {
+            return new org.onosproject.security.Permission(
+                    RuntimePermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof SocketPermission) {
+            return new org.onosproject.security.Permission(
+                    SocketPermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof SQLPermission) {
+            return new org.onosproject.security.Permission(
+                    SQLPermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof PropertyPermission) {
+            return new org.onosproject.security.Permission(
+                    PropertyPermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof LoggingPermission) {
+            return new org.onosproject.security.Permission(
+                    LoggingPermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof SSLPermission) {
+            return new org.onosproject.security.Permission(
+                    SSLPermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof AuthPermission) {
+            return new org.onosproject.security.Permission(
+                    AuthPermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof PrivateCredentialPermission) {
+            return new org.onosproject.security.Permission(
+                    PrivateCredentialPermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof DelegationPermission) {
+            return new org.onosproject.security.Permission(
+                    DelegationPermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof javax.security.auth.kerberos.ServicePermission) {
+            return new org.onosproject.security.Permission(
+                    javax.security.auth.kerberos.ServicePermission.class.getName(), permission.getName(),
+                    permission.getActions());
+        } else if (permission instanceof AudioPermission) {
+            return new org.onosproject.security.Permission(
+                    AudioPermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof AdaptPermission) {
+            return new org.onosproject.security.Permission(
+                    AdaptPermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof BundlePermission) {
+            return new org.onosproject.security.Permission(
+                    BundlePermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof CapabilityPermission) {
+            return new org.onosproject.security.Permission(
+                    CapabilityPermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof PackagePermission) {
+            return new org.onosproject.security.Permission(
+                    PackagePermission.class.getName(), permission.getName(), permission.getActions());
+        } else if (permission instanceof ServicePermission) {
+            return new org.onosproject.security.Permission(
+                    ServicePermission.class.getName(), permission.getName(), permission.getActions());
+        }
+        return null;
+    }
+
+    private static Permission getPermission(org.onosproject.security.Permission permission) {
+
+        String classname = permission.getClassName();
+        String name = permission.getName();
+        String actions = permission.getActions();
+
+        if (classname == null || name == null) {
+            return null;
+        }
+        classname = classname.trim();
+        name = name.trim();
+        actions = actions.trim();
+
+        if (AppPermission.class.getName().equals(classname)) {
+            return new AppPermission(name);
+        } else if (FilePermission.class.getName().equals(classname)) {
+            return new FilePermission(name, actions);
+        } else if (SerializablePermission.class.getName().equals(classname)) {
+            return new SerializablePermission(name, actions);
+        } else if (NetPermission.class.getName().equals(classname)) {
+            return new NetPermission(name, actions);
+        } else if (RuntimePermission.class.getName().equals(classname)) {
+            return new RuntimePermission(name, actions);
+        } else if (SocketPermission.class.getName().equals(classname)) {
+            return new SocketPermission(name, actions);
+        } else if (SQLPermission.class.getName().equals(classname)) {
+            return new SQLPermission(name, actions);
+        } else if (PropertyPermission.class.getName().equals(classname)) {
+            return new PropertyPermission(name, actions);
+        } else if (LoggingPermission.class.getName().equals(classname)) {
+            return new LoggingPermission(name, actions);
+        } else if (SSLPermission.class.getName().equals(classname)) {
+            return new SSLPermission(name, actions);
+        } else if (AuthPermission.class.getName().equals(classname)) {
+            return new AuthPermission(name, actions);
+        } else if (PrivateCredentialPermission.class.getName().equals(classname)) {
+            return new PrivateCredentialPermission(name, actions);
+        } else if (DelegationPermission.class.getName().equals(classname)) {
+            return new DelegationPermission(name, actions);
+        } else if (javax.security.auth.kerberos.ServicePermission.class.getName().equals(classname)) {
+            return new javax.security.auth.kerberos.ServicePermission(name, actions);
+        } else if (AudioPermission.class.getName().equals(classname)) {
+            return new AudioPermission(name, actions);
+        } else if (AdaptPermission.class.getName().equals(classname)) {
+            return new AdaptPermission(name, actions);
+        } else if (BundlePermission.class.getName().equals(classname)) {
+            return new BundlePermission(name, actions);
+        } else if (CapabilityPermission.class.getName().equals(classname)) {
+            return new CapabilityPermission(name, actions);
+        } else if (PackagePermission.class.getName().equals(classname)) {
+            return new PackagePermission(name, actions);
+        } else if (ServicePermission.class.getName().equals(classname)) {
+            return new ServicePermission(name, actions);
+        }
+
+        //AllPermission, SecurityPermission, UnresolvedPermission
+        //AWTPermission, AdminPermission(osgi), ReflectPermission not allowed
+        return null;
+
+    }
+    private static List<Permission> optimizePermissions(List<Permission> perms) {
+        Permissions permissions = listToPermissions(perms);
+        return permissionsToList(permissions);
+    }
+
+    private static List<Permission> permissionsToList(Permissions perms) {
+        List<Permission> permissions = new ArrayList<>();
+        Enumeration<Permission> e = perms.elements();
+        while (e.hasMoreElements()) {
+            permissions.add(e.nextElement());
+        }
+        return permissions;
+    }
+
+    private static Permissions listToPermissions(List<Permission> perms) {
+        Permissions permissions = new Permissions();
+        for (Permission perm : perms) {
+            permissions.add(perm);
+        }
+        return permissions;
+    }
+}
+

core/security/src/main/java/org/onosproject/security/impl/SecurityModeManager.java

diff --git a/core/security/src/main/java/org/onosproject/security/impl/SecurityModeManager.java b/core/security/src/main/java/org/onosproject/security/impl/SecurityModeManager.java
new file mode 100644
index 0000000..30b0f8b
--- /dev/null
+++ b/core/security/src/main/java/org/onosproject/security/impl/SecurityModeManager.java
@@ -0,0 +1,289 @@
+package org.onosproject.security.impl;
+
+import com.google.common.collect.Lists;
+
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.Activate;
+import org.apache.felix.scr.annotations.Deactivate;
+import org.apache.felix.scr.annotations.Service;
+
+import org.onosproject.app.ApplicationAdminService;
+import org.onosproject.app.ApplicationState;
+import org.onosproject.core.Application;
+import org.onosproject.core.ApplicationId;
+
+import org.onosproject.event.EventDeliveryService;
+import org.onosproject.event.ListenerRegistry;
+import org.onosproject.security.AppPermission;
+import org.onosproject.security.SecurityAdminService;
+import org.onosproject.security.store.SecurityModeEvent;
+import org.onosproject.security.store.SecurityModeListener;
+import org.onosproject.security.store.SecurityModeStore;
+import org.onosproject.security.store.SecurityModeStoreDelegate;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.FrameworkUtil;
+import org.osgi.framework.ServicePermission;
+import org.osgi.service.log.LogEntry;
+import org.osgi.service.log.LogListener;
+import org.osgi.service.log.LogReaderService;
+import org.osgi.service.permissionadmin.PermissionInfo;
+
+import java.security.AccessControlException;
+import java.security.Permission;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.osgi.service.permissionadmin.PermissionAdmin;
+import org.slf4j.Logger;
+
+import static org.slf4j.LoggerFactory.getLogger;
+
+
+
+/**
+ * Security-Mode ONOS management implementation.
+ */
+
+@Component(immediate = true)
+@Service
+public class SecurityModeManager implements SecurityAdminService {
+
+    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+    protected SecurityModeStore store;
+
+    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+    protected ApplicationAdminService appAdminService;
+
+    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+    protected LogReaderService logReaderService;
+
+    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+    protected EventDeliveryService eventDispatcher;
+
+    private final Logger log = getLogger(getClass());
+
+    protected final ListenerRegistry<SecurityModeEvent, SecurityModeListener>
+            listenerRegistry = new ListenerRegistry<>();
+
+    private final SecurityModeStoreDelegate delegate = new InternalStoreDelegate();
+
+    private SecurityLogListener securityLogListener = new SecurityLogListener();
+
+    private PermissionAdmin permissionAdmin = getPermissionAdmin();
+
+
+    @Activate
+    public void activate() {
+
+        eventDispatcher.addSink(SecurityModeEvent.class, listenerRegistry);
+        // add Listeners
+        logReaderService.addLogListener(securityLogListener);
+
+        store.setDelegate(delegate);
+
+        if (System.getSecurityManager() == null) {
+            log.warn("J2EE security manager is disabled.");
+            deactivate();
+            return;
+        }
+        if (permissionAdmin == null) {
+            log.warn("Permission Admin not found.");
+            deactivate();
+            return;
+        }
+
+        log.info("Security-Mode Started");
+    }
+
+    @Deactivate
+    public void deactivate() {
+        eventDispatcher.removeSink(SecurityModeEvent.class);
+        logReaderService.removeLogListener(securityLogListener);
+        store.unsetDelegate(delegate);
+        log.info("Stopped");
+
+    }
+
+    @Override
+    public boolean isSecured(ApplicationId appId) {
+        if (store.getState(appId) == null) {
+            store.registerApplication(appId);
+        }
+        return store.isSecured(appId);
+    }
+
+
+    @Override
+    public void review(ApplicationId appId) {
+        if (store.getState(appId) == null) {
+            store.registerApplication(appId);
+        }
+        store.reviewPolicy(appId);
+    }
+
+    @Override
+    public void acceptPolicy(ApplicationId appId) {
+        if (store.getState(appId) == null) {
+            store.registerApplication(appId);
+        }
+        store.acceptPolicy(appId, DefaultPolicyBuilder.convertToOnosPermissions(getMaximumPermissions(appId)));
+    }
+
+    @Override
+    public void register(ApplicationId appId) {
+        store.registerApplication(appId);
+    }
+
+    @Override
+    public Map<Integer, List<Permission>> getPrintableSpecifiedPermissions(ApplicationId appId) {
+        return getPrintablePermissionMap(getMaximumPermissions(appId));
+    }
+
+    @Override
+    public Map<Integer, List<Permission>> getPrintableGrantedPermissions(ApplicationId appId) {
+        return getPrintablePermissionMap(
+                DefaultPolicyBuilder.convertToJavaPermissions(store.getGrantedPermissions(appId)));
+    }
+
+    @Override
+    public Map<Integer, List<Permission>> getPrintableRequestedPermissions(ApplicationId appId) {
+        return getPrintablePermissionMap(
+                DefaultPolicyBuilder.convertToJavaPermissions(store.getRequestedPermissions(appId)));
+    }
+
+    private class SecurityLogListener implements LogListener {
+        @Override
+        public void logged(LogEntry entry) {
+            if (entry.getException() != null &&
+                    entry.getException() instanceof AccessControlException) {
+                String location = entry.getBundle().getLocation();
+                Permission javaPerm =
+                        ((AccessControlException) entry.getException()).getPermission();
+                org.onosproject.security.Permission permission = DefaultPolicyBuilder.getOnosPermission(javaPerm);
+                if (permission == null) {
+                    log.warn("Unsupported permission requested.");
+                    return;
+                }
+                store.getApplicationIds(location).stream().filter(
+                        appId -> store.isSecured(appId) &&
+                                appAdminService.getState(appId) == ApplicationState.ACTIVE).forEach(appId -> {
+                    store.requestPermission(appId, permission);
+                    print("[POLICY VIOLATION] APP: %s / Bundle: %s / Permission: %s ",
+                            appId.name(), location, permission.toString());
+                });
+            }
+        }
+    }
+
+    private class InternalStoreDelegate implements SecurityModeStoreDelegate {
+        @Override
+        public void notify(SecurityModeEvent event) {
+            if (event.type() == SecurityModeEvent.Type.POLICY_ACCEPTED) {
+                setLocalPermissions(event.subject());
+                log.info("{} POLICY ACCEPTED and ENFORCED", event.subject().name());
+            } else if (event.type() == SecurityModeEvent.Type.POLICY_VIOLATED) {
+                log.info("{} POLICY VIOLATED", event.subject().name());
+            } else if (event.type() == SecurityModeEvent.Type.POLICY_REVIEWED) {
+                log.info("{} POLICY REVIEWED", event.subject().name());
+            }
+            eventDispatcher.post(event);
+        }
+    }
+
+    /**
+     * TYPES.
+     * 0 - APP_PERM
+     * 1 - ADMIN SERVICE
+     * 2 - NB_SERVICE
+     * 3 - ETC_SERVICE
+     * 4 - ETC
+     * @param perms
+     */
+    private Map<Integer, List<Permission>> getPrintablePermissionMap(List<Permission> perms) {
+        ConcurrentHashMap<Integer, List<Permission>> sortedMap = new ConcurrentHashMap<>();
+        sortedMap.put(0, new ArrayList());
+        sortedMap.put(1, new ArrayList());
+        sortedMap.put(2, new ArrayList());
+        sortedMap.put(3, new ArrayList());
+        sortedMap.put(4, new ArrayList());
+        for (Permission perm : perms) {
+            if (perm instanceof ServicePermission) {
+                if (DefaultPolicyBuilder.getNBServiceList().contains(perm.getName())) {
+                    if (perm.getName().contains("Admin")) {
+                        sortedMap.get(1).add(perm);
+                    } else {
+                        sortedMap.get(2).add(perm);
+                    }
+                } else {
+                    sortedMap.get(3).add(perm);
+                }
+            } else if (perm instanceof AppPermission) {
+                sortedMap.get(0).add(perm);
+            } else {
+                sortedMap.get(4).add(perm);
+            }
+        }
+        return sortedMap;
+    }
+
+    private void setLocalPermissions(ApplicationId applicationId) {
+        for (String location : store.getBundleLocations(applicationId)) {
+            permissionAdmin.setPermissions(location, permissionsToInfo(store.getGrantedPermissions(applicationId)));
+        }
+    }
+
+    private PermissionInfo[] permissionsToInfo(Set<org.onosproject.security.Permission> permissions) {
+        List<PermissionInfo> result = Lists.newArrayList();
+        for (org.onosproject.security.Permission perm : permissions) {
+            result.add(new PermissionInfo(perm.getClassName(), perm.getName(), perm.getActions()));
+        }
+        PermissionInfo[] permissionInfos = new PermissionInfo[result.size()];
+        return result.toArray(permissionInfos);
+    }
+
+
+
+    private List<Permission> getMaximumPermissions(ApplicationId appId) {
+        Application app = appAdminService.getApplication(appId);
+        if (app == null) {
+            print("Unknown application.");
+            return null;
+        }
+        List<Permission> appPerms;
+        switch (app.role()) {
+            case ADMIN:
+                appPerms = DefaultPolicyBuilder.getAdminApplicationPermissions(app.permissions());
+                break;
+            case USER:
+                appPerms = DefaultPolicyBuilder.getUserApplicationPermissions(app.permissions());
+                break;
+            case UNSPECIFIED:
+            default:
+                appPerms = DefaultPolicyBuilder.getDefaultPerms();
+                break;
+        }
+
+        return appPerms;
+    }
+
+
+    private void print(String format, Object... args) {
+        System.out.println(String.format("SM-ONOS: " + format, args));
+        log.warn(String.format(format, args));
+    }
+
+    private PermissionAdmin getPermissionAdmin() {
+        BundleContext context = getBundleContext();
+        return (PermissionAdmin) context.getService(context.getServiceReference(PermissionAdmin.class.getName()));
+    }
+
+    private BundleContext getBundleContext() {
+        return FrameworkUtil.getBundle(this.getClass()).getBundleContext();
+
+    }
+}
\ No newline at end of file

core/security/src/main/java/org/onosproject/security/impl/package-info.java

diff --git a/core/security/impl/src/main/java/org/onosproject/security/impl/package-info.java b/core/security/src/main/java/org/onosproject/security/impl/package-info.java
similarity index 100%
rename from core/security/impl/src/main/java/org/onosproject/security/impl/package-info.java
rename to core/security/src/main/java/org/onosproject/security/impl/package-info.java

core/security/src/main/java/org/onosproject/security/store/DistributedSecurityModeStore.java

diff --git a/core/security/src/main/java/org/onosproject/security/store/DistributedSecurityModeStore.java b/core/security/src/main/java/org/onosproject/security/store/DistributedSecurityModeStore.java
new file mode 100644
index 0000000..ac16966
--- /dev/null
+++ b/core/security/src/main/java/org/onosproject/security/store/DistributedSecurityModeStore.java
@@ -0,0 +1,315 @@
+/*
+ * Copyright 2015 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security.store;
+
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Sets;
+
+import org.apache.felix.scr.annotations.Activate;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Deactivate;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.karaf.features.BundleInfo;
+import org.apache.karaf.features.Feature;
+import org.apache.karaf.features.FeaturesService;
+
+import org.onlab.util.KryoNamespace;
+import org.onosproject.app.ApplicationAdminService;
+import org.onosproject.core.Application;
+import org.onosproject.core.ApplicationId;
+import org.onosproject.security.Permission;
+import org.onosproject.store.AbstractStore;
+import org.onosproject.store.serializers.KryoNamespaces;
+import org.onosproject.store.service.ConsistentMap;
+import org.onosproject.store.service.EventuallyConsistentMap;
+import org.onosproject.store.service.LogicalClockService;
+import org.onosproject.store.service.MapEvent;
+import org.onosproject.store.service.MapEventListener;
+import org.onosproject.store.service.Serializer;
+import org.onosproject.store.service.StorageService;
+import org.slf4j.Logger;
+
+import java.util.HashSet;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.stream.Collectors;
+
+import static org.onosproject.security.store.SecurityModeState.*;
+import static org.slf4j.LoggerFactory.getLogger;
+
+/**
+ * Manages application permissions granted/requested to applications.
+ * Uses both gossip-based and RAFT-based distributed data store.
+ */
+@Component(immediate = true)
+@Service
+public class DistributedSecurityModeStore
+        extends AbstractStore<SecurityModeEvent, SecurityModeStoreDelegate>
+        implements SecurityModeStore {
+
+    private final Logger log = getLogger(getClass());
+
+    private ConsistentMap<ApplicationId, SecurityInfo> states;
+    private EventuallyConsistentMap<ApplicationId, Set<Permission>> violations;
+
+    private ConcurrentHashMap<String, Set<ApplicationId>> localBundleAppDirectory;
+    private ConcurrentHashMap<ApplicationId, Set<String>> localAppBundleDirectory;
+
+    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+    protected StorageService storageService;
+
+    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+    protected LogicalClockService clockService;
+
+    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+    protected ApplicationAdminService applicationAdminService;
+
+    @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+    protected FeaturesService featuresService;
+
+    private static final Serializer STATE_SERIALIZER = Serializer.using(new KryoNamespace.Builder()
+            .register(KryoNamespaces.API)
+            .register(SecurityModeState.class)
+            .register(SecurityInfo.class)
+            .register(Permission.class)
+            .build());
+
+    private static final KryoNamespace.Builder VIOLATION_SERIALIZER = KryoNamespace.newBuilder()
+            .register(KryoNamespaces.API)
+            .register(Permission.class);
+
+    @Activate
+    public void activate() {
+        states = storageService.<ApplicationId, SecurityInfo>consistentMapBuilder()
+                .withName("smonos-sdata")
+                .withSerializer(STATE_SERIALIZER)
+                .build();
+
+        states.addListener(new SecurityStateListener());
+
+        violations = storageService.<ApplicationId, Set<Permission>>eventuallyConsistentMapBuilder()
+                .withName("smonos-rperms")
+                .withSerializer(VIOLATION_SERIALIZER)
+                .withTimestampProvider((k, v) -> clockService.getTimestamp())
+                .build();
+
+        localBundleAppDirectory = new ConcurrentHashMap<>();
+        localAppBundleDirectory = new ConcurrentHashMap<>();
+
+        log.info("Started");
+
+    }
+
+    @Deactivate
+    public void deactivate() {
+        violations.destroy();
+        log.info("Stopped");
+    }
+
+
+    @Override
+    public Set<String> getBundleLocations(ApplicationId appId) {
+        Set<String> locations = localAppBundleDirectory.get(appId);
+        return locations != null ? locations : Sets.newHashSet();
+    }
+
+    @Override
+    public Set<ApplicationId> getApplicationIds(String location) {
+        Set<ApplicationId> appIds = localBundleAppDirectory.get(location);
+        return appIds != null ? appIds : Sets.newHashSet();
+    }
+
+    @Override
+    public Set<Permission> getRequestedPermissions(ApplicationId appId) {
+        Set<Permission> permissions = violations.get(appId);
+        return permissions != null ? permissions : ImmutableSet.of();
+    }
+
+    @Override
+    public Set<Permission> getGrantedPermissions(ApplicationId appId) {
+        return states.asJavaMap().getOrDefault(appId, new SecurityInfo(ImmutableSet.of(), null)).getPermissions();
+    }
+
+    @Override
+    public void requestPermission(ApplicationId appId, Permission permission) {
+
+        states.computeIf(appId, securityInfo -> (securityInfo == null || securityInfo.getState() != POLICY_VIOLATED),
+                (id, securityInfo) -> new SecurityInfo(securityInfo.getPermissions(), POLICY_VIOLATED));
+        violations.compute(appId, (k, v) -> v == null ? Sets.newHashSet(permission) : addAndGet(v, permission));
+    }
+
+    private Set<Permission> addAndGet(Set<Permission> oldSet, Permission newPerm) {
+        oldSet.add(newPerm);
+        return oldSet;
+    }
+
+    @Override
+    public boolean isSecured(ApplicationId appId) {
+        SecurityInfo info = states.get(appId).value();
+        return info == null ? false : info.getState().equals(SECURED);
+    }
+
+    @Override
+    public void reviewPolicy(ApplicationId appId) {
+        Application app = applicationAdminService.getApplication(appId);
+        if (app == null) {
+            log.warn("Unknown Application");
+            return;
+        }
+        states.computeIfPresent(appId, (applicationId, securityInfo) -> {
+            if (securityInfo.getState().equals(INSTALLED)) {
+                return new SecurityInfo(ImmutableSet.of(), REVIEWED);
+            }
+            return securityInfo;
+        });
+    }
+
+    @Override
+    public void acceptPolicy(ApplicationId appId, Set<Permission> permissionSet) {
+
+        Application app = applicationAdminService.getApplication(appId);
+        if (app == null) {
+            log.warn("Unknown Application");
+            return;
+        }
+
+        states.computeIf(appId,
+                securityInfo -> (securityInfo != null),
+                (id, securityInfo) -> {
+                    switch (securityInfo.getState()) {
+                        case POLICY_VIOLATED:
+                            System.out.println(
+                                    "This application has violated the security policy. Please uninstall.");
+                            return securityInfo;
+                        case SECURED:
+                            System.out.println(
+                                    "The policy has been accepted already. To review policy, review [app.name]");
+                            return securityInfo;
+                        case INSTALLED:
+                            System.out.println("Please review the security policy prior to accept them");
+                            log.warn("Application has not been reviewed");
+                            return securityInfo;
+                        case REVIEWED:
+                            return new SecurityInfo(permissionSet, SECURED);
+                        default:
+                            return securityInfo;
+                    }
+                });
+    }
+
+    private final class SecurityStateListener
+            implements MapEventListener<ApplicationId, SecurityInfo> {
+
+        @Override
+        public void event(MapEvent<ApplicationId, SecurityInfo> event) {
+
+            if (delegate == null) {
+                return;
+            }
+            ApplicationId appId = event.key();
+            SecurityInfo info = event.value().value();
+
+            if (event.type() == MapEvent.Type.INSERT || event.type() == MapEvent.Type.UPDATE) {
+                switch (info.getState()) {
+                    case POLICY_VIOLATED:
+                        notifyDelegate(new SecurityModeEvent(SecurityModeEvent.Type.POLICY_VIOLATED, appId));
+                        break;
+                    case SECURED:
+                        notifyDelegate(new SecurityModeEvent(SecurityModeEvent.Type.POLICY_ACCEPTED, appId));
+                    default:
+                        break;
+                }
+            } else if (event.type() == MapEvent.Type.REMOVE) {
+                removeAppFromDirectories(appId);
+            }
+        }
+    }
+
+    private void removeAppFromDirectories(ApplicationId appId) {
+        for (String location : localAppBundleDirectory.get(appId)) {
+            localBundleAppDirectory.get(location).remove(appId);
+        }
+        violations.remove(appId);
+        states.remove(appId);
+        localAppBundleDirectory.remove(appId);
+    }
+
+    @Override
+    public boolean registerApplication(ApplicationId appId) {
+        Application app = applicationAdminService.getApplication(appId);
+        if (app == null) {
+            log.warn("Unknown application.");
+            return false;
+        }
+        localAppBundleDirectory.put(appId, getBundleLocations(app));
+        for (String location : localAppBundleDirectory.get(appId)) {
+            if (!localBundleAppDirectory.containsKey(location)) {
+                localBundleAppDirectory.put(location, new HashSet<>());
+            }
+            if (!localBundleAppDirectory.get(location).contains(appId)) {
+                localBundleAppDirectory.get(location).add(appId);
+            }
+        }
+        states.put(appId, new SecurityInfo(Sets.newHashSet(), INSTALLED));
+        return true;
+    }
+
+    @Override
+    public void unregisterApplication(ApplicationId appId) {
+        if (localAppBundleDirectory.containsKey(appId)) {
+            for (String location : localAppBundleDirectory.get(appId)) {
+                if (localBundleAppDirectory.get(location).size() == 1) {
+                    localBundleAppDirectory.remove(location);
+                } else {
+                    localBundleAppDirectory.get(location).remove(appId);
+                }
+            }
+            localAppBundleDirectory.remove(appId);
+        }
+    }
+
+    @Override
+    public SecurityModeState getState(ApplicationId appId) {
+        return states.asJavaMap().getOrDefault(appId, new SecurityInfo(null, null)).getState();
+    }
+
+    private Set<String> getBundleLocations(Application app) {
+        Set<String> locations = new HashSet<>();
+        for (String name : app.features()) {
+            try {
+                Feature feature = featuresService.getFeature(name);
+                locations.addAll(
+                        feature.getBundles().stream().map(BundleInfo::getLocation).collect(Collectors.toList()));
+            } catch (Exception e) {
+                return locations;
+            }
+        }
+        return locations;
+    }
+
+    @Override
+    public void setDelegate(SecurityModeStoreDelegate delegate) {
+        super.setDelegate(delegate);
+    }
+
+    @Override
+    public void unsetDelegate(SecurityModeStoreDelegate delegate) {
+        super.setDelegate(delegate);
+    }
+}
\ No newline at end of file

core/security/src/main/java/org/onosproject/security/store/SecurityInfo.java

diff --git a/core/security/src/main/java/org/onosproject/security/store/SecurityInfo.java b/core/security/src/main/java/org/onosproject/security/store/SecurityInfo.java
new file mode 100644
index 0000000..4dcb7da
--- /dev/null
+++ b/core/security/src/main/java/org/onosproject/security/store/SecurityInfo.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2015 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security.store;
+
+import org.onosproject.security.Permission;
+
+import java.util.Set;
+
+/**
+ * Security-Mode ONOS security policy and state representation for distributed store.
+ */
+public class SecurityInfo {
+
+    protected Set<Permission> grantedPermissions;
+    protected SecurityModeState state;
+
+    public SecurityInfo(Set<Permission> perms, SecurityModeState state) {
+        this.grantedPermissions = perms;
+        this.state = state;
+    }
+    public Set<Permission> getPermissions() {
+        return grantedPermissions;
+    }
+    public SecurityModeState getState() {
+        return state;
+    }
+}

core/security/src/main/java/org/onosproject/security/store/SecurityModeEvent.java

diff --git a/core/security/src/main/java/org/onosproject/security/store/SecurityModeEvent.java b/core/security/src/main/java/org/onosproject/security/store/SecurityModeEvent.java
new file mode 100644
index 0000000..59da67b
--- /dev/null
+++ b/core/security/src/main/java/org/onosproject/security/store/SecurityModeEvent.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2015 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security.store;
+
+import org.onosproject.core.ApplicationId;
+import org.onosproject.event.AbstractEvent;
+
+/**
+ * Security-Mode ONOS notifications.
+ */
+public class SecurityModeEvent extends AbstractEvent<SecurityModeEvent.Type, ApplicationId> {
+
+    protected SecurityModeEvent(Type type, ApplicationId subject) {
+        super(type, subject);
+    }
+
+    public enum Type {
+
+        /**
+         * Signifies that security policy has been accepted.
+         */
+        POLICY_ACCEPTED,
+
+        /**
+         * Signifies that security policy has been reviewed.
+         */
+        POLICY_REVIEWED,
+
+        /**
+         * Signifies that application has violated security policy.
+         */
+        POLICY_VIOLATED,
+    }
+}

core/security/src/main/java/org/onosproject/security/store/SecurityModeListener.java

diff --git a/core/security/src/main/java/org/onosproject/security/store/SecurityModeListener.java b/core/security/src/main/java/org/onosproject/security/store/SecurityModeListener.java
new file mode 100644
index 0000000..2745e0c
--- /dev/null
+++ b/core/security/src/main/java/org/onosproject/security/store/SecurityModeListener.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2015 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security.store;
+
+import org.onosproject.event.EventListener;
+
+/**
+ * Security-Mode ONOS event listener.
+ */
+public interface SecurityModeListener extends EventListener<SecurityModeEvent> {
+}

core/security/src/main/java/org/onosproject/security/store/SecurityModeState.java

diff --git a/core/security/src/main/java/org/onosproject/security/store/SecurityModeState.java b/core/security/src/main/java/org/onosproject/security/store/SecurityModeState.java
new file mode 100644
index 0000000..999c5f9
--- /dev/null
+++ b/core/security/src/main/java/org/onosproject/security/store/SecurityModeState.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2015 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security.store;
+
+/**
+ * Representation of Security-Mode ONOS application review state.
+ */
+public enum SecurityModeState {
+
+    /**
+     * Indicates that operator has accepted application security policy.
+     */
+    SECURED,
+
+    /**
+     * Indicates that application security policy has been reviewed.
+     */
+    REVIEWED,
+
+    /**
+     * Indicates that application has been installed.
+     */
+    INSTALLED,
+
+    /**
+     * Indicates that application has violated security policy.
+     */
+    POLICY_VIOLATED,
+}

core/security/src/main/java/org/onosproject/security/store/SecurityModeStore.java

diff --git a/core/security/src/main/java/org/onosproject/security/store/SecurityModeStore.java b/core/security/src/main/java/org/onosproject/security/store/SecurityModeStore.java
new file mode 100644
index 0000000..7e6b653
--- /dev/null
+++ b/core/security/src/main/java/org/onosproject/security/store/SecurityModeStore.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2015 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security.store;
+
+import org.onosproject.core.ApplicationId;
+import org.onosproject.security.Permission;
+import org.onosproject.store.Store;
+
+import java.util.Set;
+
+/**
+ * Security-Mode ONOS distributed store service.
+ */
+public interface SecurityModeStore extends Store<SecurityModeEvent, SecurityModeStoreDelegate> {
+
+    /**
+     * Updates the local bundle-application directories.
+     * @param appId application identifier
+     * @return true if successfully registered.
+     */
+    boolean registerApplication(ApplicationId appId);
+
+    /**
+     * Removes application info from the local bundle-application directories.
+     * @param appId application identifier
+     */
+    void unregisterApplication(ApplicationId appId);
+
+    /**
+     * Returns state of the specified application.
+     * @param appId application identifier
+     * @return Security-Mode State of application
+     */
+    SecurityModeState getState(ApplicationId appId);
+
+    /**
+     * Returns bundle locations of specified application.
+     * @param appId application identifier
+     * @return set of bundle location strings
+     */
+    Set<String> getBundleLocations(ApplicationId appId);
+
+    /**
+     * Returns application identifiers that are associated with given bundle location.
+     * @param location OSGi bundle location
+     * @return set of application identifiers
+     */
+    Set<ApplicationId> getApplicationIds(String location);
+
+    /**
+     * Returns a list of permissions that have been requested by given application.
+     * @param appId application identifier
+     * @return list of permissions
+     */
+    Set<Permission> getRequestedPermissions(ApplicationId appId);
+
+    /**
+     * Returns an array of permissions that have been granted to given application.
+     * @param appId application identifier
+     * @return array of permissionInfo
+     */
+    Set<Permission> getGrantedPermissions(ApplicationId appId);
+
+    /**
+     * Request permission that is required to run given application.
+     * @param appId application identifier
+     * @param permission permission
+     */
+    void requestPermission(ApplicationId appId, Permission permission);
+
+    /**
+     * Returns true if given application has been secured.
+     * @param appId application identifier
+     * @return true indicates secured
+     */
+    boolean isSecured(ApplicationId appId);
+
+    /**
+     * Notifies SM-ONOS that operator has reviewed the policy.
+     * @param appId application identifier
+     */
+    void reviewPolicy(ApplicationId appId);
+
+    /**
+     * Accept the current security policy of given application.
+     * @param appId application identifier
+     * @param permissionSet array of PermissionInfo
+     */
+    void acceptPolicy(ApplicationId appId, Set<Permission> permissionSet);
+}
\ No newline at end of file

core/security/src/main/java/org/onosproject/security/store/SecurityModeStoreDelegate.java

diff --git a/core/security/src/main/java/org/onosproject/security/store/SecurityModeStoreDelegate.java b/core/security/src/main/java/org/onosproject/security/store/SecurityModeStoreDelegate.java
new file mode 100644
index 0000000..d933a14
--- /dev/null
+++ b/core/security/src/main/java/org/onosproject/security/store/SecurityModeStoreDelegate.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2015 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security.store;
+
+import org.onosproject.store.StoreDelegate;
+
+/**
+ * Security-Mode distributed store delegate abstraction.
+ */
+public interface SecurityModeStoreDelegate extends StoreDelegate<SecurityModeEvent> {
+}