Gitiles
Code Review Sign In
gerrit.onosproject.org / onos / 23dee8f298cf3e79c7e148aa66068b5bef340c09 / . / core / security / impl / src / main / java / org / onosproject / security / impl / PolicyBuilder.java
blob: bc219359e9ab781c7157641717274c3ea7846b68 [file] [log] [blame]
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame^]1package org.onosproject.security.impl;
2
3
4import com.google.common.collect.ImmutableSet;
5import com.google.common.collect.Sets;
6import org.apache.commons.collections.FastHashMap;
7import org.onosproject.core.Permission;
8import org.onosproject.security.util.AppPermission;
9import org.osgi.service.permissionadmin.PermissionInfo;
10
11import org.onosproject.app.ApplicationAdminService;
12import org.onosproject.app.ApplicationService;
13import org.onosproject.cfg.ComponentConfigService;
14import org.onosproject.cluster.ClusterAdminService;
15import org.onosproject.cluster.ClusterService;
16import org.onosproject.core.CoreService;
17import org.onosproject.cluster.LeadershipService;
18import org.onosproject.mastership.MastershipAdminService;
19import org.onosproject.mastership.MastershipService;
20import org.onosproject.net.device.DeviceAdminService;
21import org.onosproject.net.device.DeviceService;
22import org.onosproject.net.device.DeviceClockService;
23import org.onosproject.net.driver.DriverAdminService;
24import org.onosproject.net.driver.DriverService;
25import org.onosproject.net.flow.FlowRuleService;
26import org.onosproject.net.flowobjective.FlowObjectiveService;
27import org.onosproject.net.group.GroupService;
28import org.onosproject.net.host.HostAdminService;
29import org.onosproject.net.host.HostService;
30import org.onosproject.net.host.HostClockService;
31import org.onosproject.net.intent.IntentService;
32import org.onosproject.net.intent.IntentExtensionService;
33import org.onosproject.net.intent.IntentClockService;
34import org.onosproject.net.intent.PartitionService;
35import org.onosproject.net.link.LinkAdminService;
36import org.onosproject.net.link.LinkService;
37import org.onosproject.net.packet.PacketService;
38import org.onosproject.net.proxyarp.ProxyArpService;
39import org.onosproject.net.resource.LabelResourceAdminService;
40import org.onosproject.net.resource.LinkResourceService;
41import org.onosproject.net.resource.LabelResourceService;
42import org.onosproject.net.statistic.StatisticService;
43import org.onosproject.net.topology.PathService;
44import org.onosproject.net.topology.TopologyService;
45import org.onosproject.net.tunnel.TunnelAdminService;
46import org.onosproject.net.tunnel.TunnelService;
47import org.onosproject.store.service.StorageAdminService;
48import org.onosproject.store.service.StorageService;
49import org.osgi.framework.ServicePermission;
50import org.osgi.framework.PackagePermission;
51import org.osgi.framework.AdaptPermission;
52
53
54import java.util.Collections;
55import java.util.HashMap;
56import java.util.Set;
57import java.util.stream.Collectors;
58
59public final class PolicyBuilder {
60
61 private PolicyBuilder(){
62 }
63
64 public static PermissionInfo[] getApplicationPermissions(HashMap<Permission, Set<String>> serviceDirectory,
65 Set<Permission> permissions) {
66 Set<PermissionInfo> permSet = Sets.newHashSet();
67 Collections.addAll(permSet, getDefaultPerms());
68 for (Permission perm : permissions) {
69 permSet.add(new PermissionInfo(AppPermission.class.getName(), perm.name(), ""));
70 permSet.addAll(serviceDirectory.get(perm).stream().map(service -> new PermissionInfo(
71 ServicePermission.class.getName(), service, ServicePermission.GET)).collect(Collectors.toList()));
72 }
73 PermissionInfo[] permissionInfos = new PermissionInfo[permSet.size()];
74 return permSet.toArray(permissionInfos);
75 }
76
77 public static PermissionInfo[] getAdminApplicationPermissions(HashMap<Permission, Set<String>> serviceDirectory) {
78 Set<PermissionInfo> permSet = Sets.newHashSet();
79 Collections.addAll(permSet, getDefaultPerms());
80 Collections.addAll(permSet, getAdminDefaultPerms());
81 permSet.addAll(serviceDirectory.keySet().stream().map(perm ->
82 new PermissionInfo(AppPermission.class.getName(), perm.name(), "")).collect(Collectors.toList()));
83 PermissionInfo[] permissionInfos = new PermissionInfo[permSet.size()];
84 return permSet.toArray(permissionInfos);
85 }
86
87 public static PermissionInfo[] getDefaultPerms() {
88 return new PermissionInfo[]{
89 new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.EXPORTONLY),
90 new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.IMPORT),
91 new PermissionInfo(AdaptPermission.class.getName(), "*", AdaptPermission.ADAPT),
92 };
93 }
94 public static PermissionInfo[] getAdminDefaultPerms() {
95 return new PermissionInfo[]{
96 new PermissionInfo(ServicePermission.class.getName(),
97 ApplicationAdminService.class.getName(), ServicePermission.GET),
98 new PermissionInfo(ServicePermission.class.getName(),
99 ClusterAdminService.class.getName(), ServicePermission.GET),
100 new PermissionInfo(ServicePermission.class.getName(),
101 MastershipAdminService.class.getName(), ServicePermission.GET),
102 new PermissionInfo(ServicePermission.class.getName(),
103 DeviceAdminService.class.getName(), ServicePermission.GET),
104 new PermissionInfo(ServicePermission.class.getName(),
105 HostAdminService.class.getName(), ServicePermission.GET),
106 new PermissionInfo(ServicePermission.class.getName(),
107 LinkAdminService.class.getName(), ServicePermission.GET),
108 new PermissionInfo(ServicePermission.class.getName(),
109 DriverAdminService.class.getName(), ServicePermission.GET),
110 new PermissionInfo(ServicePermission.class.getName(),
111 StorageAdminService.class.getName(), ServicePermission.GET),
112 new PermissionInfo(ServicePermission.class.getName(),
113 LabelResourceAdminService.class.getName(), ServicePermission.GET),
114 new PermissionInfo(ServicePermission.class.getName(),
115 TunnelAdminService.class.getName(), ServicePermission.GET),
116 new PermissionInfo(ServicePermission.class.getName(),
117 ApplicationService.class.getName(), ServicePermission.GET),
118 new PermissionInfo(ServicePermission.class.getName(),
119 ComponentConfigService.class.getName(), ServicePermission.GET),
120 new PermissionInfo(ServicePermission.class.getName(),
121 CoreService.class.getName(), ServicePermission.GET),
122 new PermissionInfo(ServicePermission.class.getName(),
123 ClusterService.class.getName(), ServicePermission.GET),
124 new PermissionInfo(ServicePermission.class.getName(),
125 LeadershipService.class.getName(), ServicePermission.GET),
126 new PermissionInfo(ServicePermission.class.getName(),
127 MastershipService.class.getName(), ServicePermission.GET),
128 new PermissionInfo(ServicePermission.class.getName(),
129 DeviceService.class.getName(), ServicePermission.GET),
130 new PermissionInfo(ServicePermission.class.getName(),
131 DeviceClockService.class.getName(), ServicePermission.GET),
132 new PermissionInfo(ServicePermission.class.getName(),
133 DriverService.class.getName(), ServicePermission.GET),
134 new PermissionInfo(ServicePermission.class.getName(),
135 FlowRuleService.class.getName(), ServicePermission.GET),
136 new PermissionInfo(ServicePermission.class.getName(),
137 FlowObjectiveService.class.getName(), ServicePermission.GET),
138 new PermissionInfo(ServicePermission.class.getName(),
139 GroupService.class.getName(), ServicePermission.GET),
140 new PermissionInfo(ServicePermission.class.getName(),
141 HostService.class.getName(), ServicePermission.GET),
142 new PermissionInfo(ServicePermission.class.getName(),
143 HostClockService.class.getName(), ServicePermission.GET),
144 new PermissionInfo(ServicePermission.class.getName(),
145 IntentService.class.getName(), ServicePermission.GET),
146 new PermissionInfo(ServicePermission.class.getName(),
147 IntentClockService.class.getName(), ServicePermission.GET),
148 new PermissionInfo(ServicePermission.class.getName(),
149 IntentExtensionService.class.getName(), ServicePermission.GET),
150 new PermissionInfo(ServicePermission.class.getName(),
151 PartitionService.class.getName(), ServicePermission.GET),
152 new PermissionInfo(ServicePermission.class.getName(),
153 LinkService.class.getName(), ServicePermission.GET),
154 new PermissionInfo(ServicePermission.class.getName(),
155 LinkResourceService.class.getName(), ServicePermission.GET),
156 new PermissionInfo(ServicePermission.class.getName(),
157 LabelResourceService.class.getName(), ServicePermission.GET),
158 new PermissionInfo(ServicePermission.class.getName(),
159 PacketService.class.getName(), ServicePermission.GET),
160 new PermissionInfo(ServicePermission.class.getName(),
161 ProxyArpService.class.getName(), ServicePermission.GET),
162 new PermissionInfo(ServicePermission.class.getName(),
163 StatisticService.class.getName(), ServicePermission.GET),
164 new PermissionInfo(ServicePermission.class.getName(),
165 PathService.class.getName(), ServicePermission.GET),
166 new PermissionInfo(ServicePermission.class.getName(),
167 TopologyService.class.getName(), ServicePermission.GET),
168 new PermissionInfo(ServicePermission.class.getName(),
169 TunnelService.class.getName(), ServicePermission.GET),
170 new PermissionInfo(ServicePermission.class.getName(),
171 StorageService.class.getName(), ServicePermission.GET),
172 };
173 }
174
175
176 public static HashMap<Permission, Set<String>> getServiceDirectory() {
177
178 HashMap<Permission, Set<String>> serviceDirectory = new FastHashMap();
179
180 serviceDirectory.put(Permission.APP_READ, ImmutableSet.of(
181 ApplicationService.class.getName(), CoreService.class.getName()));
182 serviceDirectory.put(Permission.APP_EVENT, ImmutableSet.of(
183 ApplicationService.class.getName(), CoreService.class.getName()));
184 serviceDirectory.put(Permission.CONFIG_READ, ImmutableSet.of(
185 ComponentConfigService.class.getName()));
186 serviceDirectory.put(Permission.CONFIG_WRITE, ImmutableSet.of(
187 ComponentConfigService.class.getName()));
188 serviceDirectory.put(Permission.CLUSTER_READ, ImmutableSet.of(
189 ClusterService.class.getName(), LeadershipService.class.getName(),
190 MastershipService.class.getName()));
191 serviceDirectory.put(Permission.CLUSTER_WRITE, ImmutableSet.of(
192 LeadershipService.class.getName(), MastershipService.class.getName()));
193 serviceDirectory.put(Permission.CLUSTER_EVENT, ImmutableSet.of(
194 ClusterService.class.getName(), LeadershipService.class.getName(),
195 MastershipService.class.getName()));
196 serviceDirectory.put(Permission.DEVICE_READ, ImmutableSet.of(
197 DeviceService.class.getName(), DeviceClockService.class.getName()));
198 serviceDirectory.put(Permission.DEVICE_EVENT, ImmutableSet.of(
199 DeviceService.class.getName()));
200 serviceDirectory.put(Permission.DRIVER_READ, ImmutableSet.of(
201 DriverService.class.getName()));
202 serviceDirectory.put(Permission.DRIVER_WRITE, ImmutableSet.of(
203 DriverService.class.getName()));
204 serviceDirectory.put(Permission.FLOWRULE_READ, ImmutableSet.of(
205 FlowRuleService.class.getName()));
206 serviceDirectory.put(Permission.FLOWRULE_WRITE, ImmutableSet.of(
207 FlowRuleService.class.getName(), FlowObjectiveService.class.getName()));
208 serviceDirectory.put(Permission.FLOWRULE_EVENT, ImmutableSet.of(
209 FlowRuleService.class.getName()));
210 serviceDirectory.put(Permission.GROUP_READ, ImmutableSet.of(
211 GroupService.class.getName()));
212 serviceDirectory.put(Permission.GROUP_WRITE, ImmutableSet.of(
213 GroupService.class.getName()));
214 serviceDirectory.put(Permission.GROUP_EVENT, ImmutableSet.of(
215 GroupService.class.getName()));
216 serviceDirectory.put(Permission.HOST_READ, ImmutableSet.of(
217 HostService.class.getName(), HostClockService.class.getName()));
218 serviceDirectory.put(Permission.HOST_WRITE, ImmutableSet.of(
219 HostService.class.getName()));
220 serviceDirectory.put(Permission.HOST_EVENT, ImmutableSet.of(
221 HostService.class.getName()));
222 serviceDirectory.put(Permission.INTENT_READ, ImmutableSet.of(
223 IntentService.class.getName(), PartitionService.class.getName(),
224 IntentClockService.class.getName()));
225 serviceDirectory.put(Permission.INTENT_WRITE, ImmutableSet.of(
226 IntentService.class.getName()));
227 serviceDirectory.put(Permission.INTENT_EVENT, ImmutableSet.of(
228 IntentService.class.getName()));
229 serviceDirectory.put(Permission.LINK_READ, ImmutableSet.of(
230 LinkService.class.getName(), LinkResourceService.class.getName(),
231 LabelResourceService.class.getName()));
232 serviceDirectory.put(Permission.LINK_WRITE, ImmutableSet.of(
233 LinkResourceService.class.getName(), LabelResourceService.class.getName()));
234 serviceDirectory.put(Permission.LINK_EVENT, ImmutableSet.of(
235 LinkService.class.getName(), LinkResourceService.class.getName(),
236 LabelResourceService.class.getName()));
237 serviceDirectory.put(Permission.PACKET_READ, ImmutableSet.of(
238 PacketService.class.getName(), ProxyArpService.class.getName()));
239 serviceDirectory.put(Permission.PACKET_WRITE, ImmutableSet.of(
240 PacketService.class.getName(), ProxyArpService.class.getName()));
241 serviceDirectory.put(Permission.PACKET_EVENT, ImmutableSet.of(
242 PacketService.class.getName()));
243 serviceDirectory.put(Permission.STATISTIC_READ, ImmutableSet.of(
244 StatisticService.class.getName()));
245 serviceDirectory.put(Permission.TOPOLOGY_READ, ImmutableSet.of(
246 TopologyService.class.getName(), PathService.class.getName()));
247 serviceDirectory.put(Permission.TOPOLOGY_EVENT, ImmutableSet.of(
248 TopologyService.class.getName()));
249 serviceDirectory.put(Permission.TUNNEL_READ, ImmutableSet.of(
250 TunnelService.class.getName()));
251 serviceDirectory.put(Permission.TUNNEL_WRITE, ImmutableSet.of(
252 TunnelService.class.getName()));
253 serviceDirectory.put(Permission.TUNNEL_EVENT, ImmutableSet.of(
254 TunnelService.class.getName()));
255 serviceDirectory.put(Permission.STORAGE_WRITE, ImmutableSet.of(
256 StorageService.class.getName()));
257
258 return serviceDirectory;
259 }
260}
261
262
263// public static PermissionInfo[] getNonAdminPerms() {
264// return new PermissionInfo[]{
265// new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.EXPORTONLY),
266// new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.IMPORT),
267// new PermissionInfo(AdaptPermission.class.getName(), "*", AdaptPermission.ADAPT),
268// new PermissionInfo(ServicePermission.class.getName(),
269// ApplicationService.class.getName(), ServicePermission.GET),
270// new PermissionInfo(ServicePermission.class.getName(),
271// ComponentConfigService.class.getName(), ServicePermission.GET),
272// new PermissionInfo(ServicePermission.class.getName(),
273// CoreService.class.getName(), ServicePermission.GET),
274// new PermissionInfo(ServicePermission.class.getName(),
275// ClusterService.class.getName(), ServicePermission.GET),
276// new PermissionInfo(ServicePermission.class.getName(),
277// LeadershipService.class.getName(), ServicePermission.GET),
278// new PermissionInfo(ServicePermission.class.getName(),
279// MastershipService.class.getName(), ServicePermission.GET),
280// new PermissionInfo(ServicePermission.class.getName(),
281// DeviceService.class.getName(), ServicePermission.GET),
282// new PermissionInfo(ServicePermission.class.getName(),
283// DeviceClockService.class.getName(), ServicePermission.GET),
284// new PermissionInfo(ServicePermission.class.getName(),
285// DriverService.class.getName(), ServicePermission.GET),
286// new PermissionInfo(ServicePermission.class.getName(),
287// FlowRuleService.class.getName(), ServicePermission.GET),
288// new PermissionInfo(ServicePermission.class.getName(),
289// FlowObjectiveService.class.getName(), ServicePermission.GET),
290// new PermissionInfo(ServicePermission.class.getName(),
291// GroupService.class.getName(), ServicePermission.GET),
292// new PermissionInfo(ServicePermission.class.getName(),
293// HostService.class.getName(), ServicePermission.GET),
294// new PermissionInfo(ServicePermission.class.getName(),
295// HostClockService.class.getName(), ServicePermission.GET),
296// new PermissionInfo(ServicePermission.class.getName(),
297// IntentService.class.getName(), ServicePermission.GET),
298// new PermissionInfo(ServicePermission.class.getName(),
299// IntentClockService.class.getName(), ServicePermission.GET),
300// new PermissionInfo(ServicePermission.class.getName(),
301// IntentExtensionService.class.getName(), ServicePermission.GET),
302// new PermissionInfo(ServicePermission.class.getName(),
303// PartitionService.class.getName(), ServicePermission.GET),
304// new PermissionInfo(ServicePermission.class.getName(),
305// LinkService.class.getName(), ServicePermission.GET),
306// new PermissionInfo(ServicePermission.class.getName(),
307// LinkResourceService.class.getName(), ServicePermission.GET),
308// new PermissionInfo(ServicePermission.class.getName(),
309// LabelResourceService.class.getName(), ServicePermission.GET),
310// new PermissionInfo(ServicePermission.class.getName(),
311// PacketService.class.getName(), ServicePermission.GET),
312// new PermissionInfo(ServicePermission.class.getName(),
313// ProxyArpService.class.getName(), ServicePermission.GET),
314// new PermissionInfo(ServicePermission.class.getName(),
315// StatisticService.class.getName(), ServicePermission.GET),
316// new PermissionInfo(ServicePermission.class.getName(),
317// PathService.class.getName(), ServicePermission.GET),
318// new PermissionInfo(ServicePermission.class.getName(),
319// TopologyService.class.getName(), ServicePermission.GET),
320// new PermissionInfo(ServicePermission.class.getName(),
321// TunnelService.class.getName(), ServicePermission.GET),
322// new PermissionInfo(ServicePermission.class.getName(),
323// StorageService.class.getName(), ServicePermission.GET),
324// };
325// }