[WIP] Upgrade ONOS to karaf version 4.2.1
Change-Id: I7cd40c995bdf1c80f94b1895fb3344e32404c7fa
diff --git a/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java b/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java
index b79240a..e32db95 100644
--- a/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java
+++ b/core/security/src/main/java/org/onosproject/security/impl/DefaultPolicyBuilder.java
@@ -183,7 +183,7 @@
permSet.add(new PackagePermission("*", PackagePermission.EXPORTONLY));
permSet.add(new PackagePermission("*", PackagePermission.IMPORT));
permSet.add(new AdaptPermission("*", AdaptPermission.ADAPT));
- permSet.add(new ConfigurationPermission("*", ConfigurationPermission.CONFIGURE));
+ //permSet.add(new ConfigurationPermission("*", ConfigurationPermission.CONFIGURE));
permSet.add(new AdminPermission("*", AdminPermission.METADATA));
return permSet;
}
@@ -444,9 +444,9 @@
} else if (permission instanceof AdminPermission) {
return new org.onosproject.security.Permission(
AdminPermission.class.getName(), permission.getName(), permission.getActions());
- } else if (permission instanceof ConfigurationPermission) {
- return new org.onosproject.security.Permission(
- ConfigurationPermission.class.getName(), permission.getName(), permission.getActions());
+ //} else if (permission instanceof ConfigurationPermission) {
+ // return new org.onosproject.security.Permission(
+ // ConfigurationPermission.class.getName(), permission.getName(), permission.getActions());
}
return null;
}
@@ -506,8 +506,8 @@
return new ServicePermission(name, actions);
} else if (AdminPermission.class.getName().equals(classname)) {
return new AdminPermission(name, actions);
- } else if (ConfigurationPermission.class.getName().equals(classname)) {
- return new ConfigurationPermission(name, actions);
+ //} else if (ConfigurationPermission.class.getName().equals(classname)) {
+ // return new ConfigurationPermission(name, actions);
} else if (ReflectPermission.class.getName().equals(classname)) {
return new ReflectPermission(name, actions);
}
diff --git a/core/security/src/main/java/org/onosproject/security/impl/SecurityModeManager.java b/core/security/src/main/java/org/onosproject/security/impl/SecurityModeManager.java
index c3278e7..5951a63 100644
--- a/core/security/src/main/java/org/onosproject/security/impl/SecurityModeManager.java
+++ b/core/security/src/main/java/org/onosproject/security/impl/SecurityModeManager.java
@@ -15,48 +15,13 @@
*/
package org.onosproject.security.impl;
-import com.google.common.collect.Lists;
-
-import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.Reference;
-import org.apache.felix.scr.annotations.ReferenceCardinality;
-import org.apache.felix.scr.annotations.Activate;
-import org.apache.felix.scr.annotations.Deactivate;
-import org.apache.felix.scr.annotations.Service;
-
-import org.onosproject.app.ApplicationAdminService;
-import org.onosproject.app.ApplicationState;
-import org.onosproject.core.Application;
import org.onosproject.core.ApplicationId;
-
-import org.onosproject.event.EventDeliveryService;
-import org.onosproject.event.ListenerRegistry;
-import org.onosproject.security.AppPermission;
import org.onosproject.security.SecurityAdminService;
-import org.onosproject.security.store.SecurityModeEvent;
-import org.onosproject.security.store.SecurityModeListener;
-import org.onosproject.security.store.SecurityModeStore;
-import org.onosproject.security.store.SecurityModeStoreDelegate;
-import org.osgi.framework.BundleContext;
-import org.osgi.framework.FrameworkUtil;
-import org.osgi.framework.ServicePermission;
-import org.osgi.service.log.LogEntry;
-import org.osgi.service.log.LogListener;
-import org.osgi.service.log.LogReaderService;
-import org.osgi.service.permissionadmin.PermissionInfo;
+import org.osgi.service.component.annotations.Component;
-import java.security.AccessControlException;
import java.security.Permission;
-import java.util.ArrayList;
import java.util.List;
import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
-
-import org.osgi.service.permissionadmin.PermissionAdmin;
-import org.slf4j.Logger;
-
-import static org.slf4j.LoggerFactory.getLogger;
/**
* Security-Mode ONOS management implementation.
@@ -65,234 +30,41 @@
* See the wiki for instructions on how to activate it.
*/
-@Component(immediate = true)
-@Service
+@Component(immediate = true, service = SecurityAdminService.class)
public class SecurityModeManager implements SecurityAdminService {
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected SecurityModeStore store;
-
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected ApplicationAdminService appAdminService;
-
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected LogReaderService logReaderService;
-
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected EventDeliveryService eventDispatcher;
-
- private final Logger log = getLogger(getClass());
-
- protected final ListenerRegistry<SecurityModeEvent, SecurityModeListener>
- listenerRegistry = new ListenerRegistry<>();
-
- private final SecurityModeStoreDelegate delegate = new InternalStoreDelegate();
-
- private SecurityLogListener securityLogListener = new SecurityLogListener();
-
- private PermissionAdmin permissionAdmin = getPermissionAdmin();
-
- @Activate
- public void activate() {
-
- eventDispatcher.addSink(SecurityModeEvent.class, listenerRegistry);
- logReaderService.addLogListener(securityLogListener);
-
- if (System.getSecurityManager() == null) {
- log.warn("J2EE security manager is disabled.");
- deactivate();
- return;
- }
- if (permissionAdmin == null) {
- log.warn("Permission Admin not found.");
- deactivate();
- return;
- }
- store.setDelegate(delegate);
-
- log.info("Security-Mode Started");
- }
-
- @Deactivate
- public void deactivate() {
- eventDispatcher.removeSink(SecurityModeEvent.class);
- logReaderService.removeLogListener(securityLogListener);
- store.unsetDelegate(delegate);
- log.info("Stopped");
-
- }
-
@Override
public boolean isSecured(ApplicationId appId) {
- if (store.getState(appId) == null) {
- store.registerApplication(appId);
- }
- return store.isSecured(appId);
+ return false;
}
-
@Override
public void review(ApplicationId appId) {
- if (store.getState(appId) == null) {
- store.registerApplication(appId);
- }
- store.reviewPolicy(appId);
+
}
@Override
public void acceptPolicy(ApplicationId appId) {
- if (store.getState(appId) == null) {
- store.registerApplication(appId);
- }
- store.acceptPolicy(appId, DefaultPolicyBuilder.convertToOnosPermissions(getMaximumPermissions(appId)));
+
}
@Override
public void register(ApplicationId appId) {
- store.registerApplication(appId);
+
}
@Override
public Map<Integer, List<Permission>> getPrintableSpecifiedPermissions(ApplicationId appId) {
- return getPrintablePermissionMap(getMaximumPermissions(appId));
+ return null;
}
@Override
public Map<Integer, List<Permission>> getPrintableGrantedPermissions(ApplicationId appId) {
- return getPrintablePermissionMap(
- DefaultPolicyBuilder.convertToJavaPermissions(store.getGrantedPermissions(appId)));
+ return null;
}
@Override
public Map<Integer, List<Permission>> getPrintableRequestedPermissions(ApplicationId appId) {
- return getPrintablePermissionMap(
- DefaultPolicyBuilder.convertToJavaPermissions(store.getRequestedPermissions(appId)));
+ return null;
}
-
- private class SecurityLogListener implements LogListener {
- @Override
- public void logged(LogEntry entry) {
- if (entry.getException() != null &&
- entry.getException() instanceof AccessControlException) {
- String location = entry.getBundle().getLocation();
- Permission javaPerm =
- ((AccessControlException) entry.getException()).getPermission();
- org.onosproject.security.Permission permission = DefaultPolicyBuilder.getOnosPermission(javaPerm);
- if (permission == null) {
- log.warn("Unsupported permission requested.");
- return;
- }
- store.getApplicationIds(location).stream().filter(
- appId -> store.isSecured(appId) &&
- appAdminService.getState(appId) == ApplicationState.ACTIVE).forEach(appId -> {
- store.requestPermission(appId, permission);
- log.debug("[POLICY VIOLATION] APP: %s / Bundle: %s / Permission: %s ",
- appId.name(), location, permission.toString());
- });
- }
- }
- }
-
- private class InternalStoreDelegate implements SecurityModeStoreDelegate {
- @Override
- public void notify(SecurityModeEvent event) {
- if (event.type() == SecurityModeEvent.Type.POLICY_ACCEPTED) {
- setLocalPermissions(event.subject());
- log.info("{} POLICY ACCEPTED and ENFORCED", event.subject().name());
- } else if (event.type() == SecurityModeEvent.Type.POLICY_VIOLATED) {
- log.info("{} POLICY VIOLATED", event.subject().name());
- } else if (event.type() == SecurityModeEvent.Type.POLICY_REVIEWED) {
- log.info("{} POLICY REVIEWED", event.subject().name());
- }
- eventDispatcher.post(event);
- }
- }
-
- /**
- * TYPES.
- * 0 - APP_PERM
- * 1 - ADMIN SERVICE
- * 2 - NB_SERVICE
- * 3 - ETC_SERVICE
- * 4 - ETC
- * @param perms
- */
- private Map<Integer, List<Permission>> getPrintablePermissionMap(List<Permission> perms) {
- ConcurrentHashMap<Integer, List<Permission>> sortedMap = new ConcurrentHashMap<>();
- sortedMap.put(0, new ArrayList());
- sortedMap.put(1, new ArrayList());
- sortedMap.put(2, new ArrayList());
- sortedMap.put(3, new ArrayList());
- sortedMap.put(4, new ArrayList());
- for (Permission perm : perms) {
- if (perm instanceof ServicePermission) {
- if (DefaultPolicyBuilder.getNBServiceList().contains(perm.getName())) {
- if (perm.getName().contains("Admin")) {
- sortedMap.get(1).add(perm);
- } else {
- sortedMap.get(2).add(perm);
- }
- } else {
- sortedMap.get(3).add(perm);
- }
- } else if (perm instanceof AppPermission) {
- sortedMap.get(0).add(perm);
- } else {
- sortedMap.get(4).add(perm);
- }
- }
- return sortedMap;
- }
-
- private void setLocalPermissions(ApplicationId applicationId) {
- for (String location : store.getBundleLocations(applicationId)) {
- permissionAdmin.setPermissions(location, permissionsToInfo(store.getGrantedPermissions(applicationId)));
- }
- }
-
- private PermissionInfo[] permissionsToInfo(Set<org.onosproject.security.Permission> permissions) {
- List<PermissionInfo> result = Lists.newArrayList();
- for (org.onosproject.security.Permission perm : permissions) {
- result.add(new PermissionInfo(perm.getClassName(), perm.getName(), perm.getActions()));
- }
- PermissionInfo[] permissionInfos = new PermissionInfo[result.size()];
- return result.toArray(permissionInfos);
- }
-
-
-
- private List<Permission> getMaximumPermissions(ApplicationId appId) {
- Application app = appAdminService.getApplication(appId);
- if (app == null) {
- log.debug("Unknown application.");
- return null;
- }
- List<Permission> appPerms;
- switch (app.role()) {
- case ADMIN:
- appPerms = DefaultPolicyBuilder.getAdminApplicationPermissions(app.permissions());
- break;
- case USER:
- appPerms = DefaultPolicyBuilder.getUserApplicationPermissions(app.permissions());
- break;
- case UNSPECIFIED:
- default:
- appPerms = DefaultPolicyBuilder.getDefaultPerms();
- break;
- }
-
- return appPerms;
- }
-
- private PermissionAdmin getPermissionAdmin() {
- BundleContext context = getBundleContext();
- return (PermissionAdmin) context.getService(context.getServiceReference(PermissionAdmin.class.getName()));
- }
-
- private BundleContext getBundleContext() {
- return FrameworkUtil.getBundle(this.getClass()).getBundleContext();
-
- }
-
-
}
\ No newline at end of file
diff --git a/core/security/src/main/java/org/onosproject/security/store/DistributedSecurityModeStore.java b/core/security/src/main/java/org/onosproject/security/store/DistributedSecurityModeStore.java
index e642369..d2d510d 100644
--- a/core/security/src/main/java/org/onosproject/security/store/DistributedSecurityModeStore.java
+++ b/core/security/src/main/java/org/onosproject/security/store/DistributedSecurityModeStore.java
@@ -18,13 +18,6 @@
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
-
-import org.apache.felix.scr.annotations.Activate;
-import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.Deactivate;
-import org.apache.felix.scr.annotations.Reference;
-import org.apache.felix.scr.annotations.ReferenceCardinality;
-import org.apache.felix.scr.annotations.Service;
import org.apache.karaf.features.BundleInfo;
import org.apache.karaf.features.Feature;
import org.apache.karaf.features.FeaturesService;
@@ -43,6 +36,11 @@
import org.onosproject.store.service.Serializer;
import org.onosproject.store.service.StorageService;
import org.onosproject.store.service.Versioned;
+import org.osgi.service.component.annotations.Activate;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.Deactivate;
+import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.annotations.ReferenceCardinality;
import org.slf4j.Logger;
import java.util.HashSet;
@@ -54,15 +52,17 @@
import static java.util.concurrent.Executors.newSingleThreadExecutor;
import static org.onlab.util.Tools.groupedThreads;
-import static org.onosproject.security.store.SecurityModeState.*;
+import static org.onosproject.security.store.SecurityModeState.INSTALLED;
+import static org.onosproject.security.store.SecurityModeState.POLICY_VIOLATED;
+import static org.onosproject.security.store.SecurityModeState.REVIEWED;
+import static org.onosproject.security.store.SecurityModeState.SECURED;
import static org.slf4j.LoggerFactory.getLogger;
/**
* Manages application permissions granted/requested to applications.
* Uses both gossip-based and RAFT-based distributed data store.
*/
-@Component(immediate = true)
-@Service
+@Component(immediate = true, service = SecurityModeStore.class)
public class DistributedSecurityModeStore
extends AbstractStore<SecurityModeEvent, SecurityModeStoreDelegate>
implements SecurityModeStore {
@@ -75,16 +75,16 @@
private ConcurrentHashMap<String, Set<ApplicationId>> localBundleAppDirectory;
private ConcurrentHashMap<ApplicationId, Set<String>> localAppBundleDirectory;
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
protected StorageService storageService;
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
protected LogicalClockService clockService;
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
protected ApplicationAdminService applicationAdminService;
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
protected FeaturesService featuresService;
private ExecutorService eventHandler;