Gitiles
Code Review Sign In
gerrit.onosproject.org / onos / 541ef71e6c20aa008ce4facb5a70a4d2bce83284 / . / core / security / impl / src / main / java / org / onosproject / security / impl / PolicyBuilder.java
blob: ddf720b0d2bd9289e37c18e040e88a2095128d2c [file] [log] [blame]
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]1package org.onosproject.security.impl;
2
3
4import com.google.common.collect.ImmutableSet;
5import com.google.common.collect.Sets;
6import org.apache.commons.collections.FastHashMap;
7import org.onosproject.core.Permission;
Changhoon Yoon541ef712015-05-23 17:18:34 +0900[diff] [blame^]8import org.onosproject.security.AppPermission;
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]9import org.osgi.service.permissionadmin.PermissionInfo;
10
11import org.onosproject.app.ApplicationAdminService;
12import org.onosproject.app.ApplicationService;
13import org.onosproject.cfg.ComponentConfigService;
14import org.onosproject.cluster.ClusterAdminService;
15import org.onosproject.cluster.ClusterService;
16import org.onosproject.core.CoreService;
17import org.onosproject.cluster.LeadershipService;
18import org.onosproject.mastership.MastershipAdminService;
19import org.onosproject.mastership.MastershipService;
20import org.onosproject.net.device.DeviceAdminService;
21import org.onosproject.net.device.DeviceService;
22import org.onosproject.net.device.DeviceClockService;
23import org.onosproject.net.driver.DriverAdminService;
24import org.onosproject.net.driver.DriverService;
25import org.onosproject.net.flow.FlowRuleService;
26import org.onosproject.net.flowobjective.FlowObjectiveService;
27import org.onosproject.net.group.GroupService;
28import org.onosproject.net.host.HostAdminService;
29import org.onosproject.net.host.HostService;
30import org.onosproject.net.host.HostClockService;
31import org.onosproject.net.intent.IntentService;
32import org.onosproject.net.intent.IntentExtensionService;
33import org.onosproject.net.intent.IntentClockService;
34import org.onosproject.net.intent.PartitionService;
35import org.onosproject.net.link.LinkAdminService;
36import org.onosproject.net.link.LinkService;
37import org.onosproject.net.packet.PacketService;
38import org.onosproject.net.proxyarp.ProxyArpService;
Brian O'Connor6de2e202015-05-21 14:30:41 -0700[diff] [blame]39import org.onosproject.net.resource.link.LinkResourceService;
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]40import org.onosproject.net.statistic.StatisticService;
41import org.onosproject.net.topology.PathService;
42import org.onosproject.net.topology.TopologyService;
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]43import org.onosproject.store.service.StorageAdminService;
44import org.onosproject.store.service.StorageService;
45import org.osgi.framework.ServicePermission;
46import org.osgi.framework.PackagePermission;
47import org.osgi.framework.AdaptPermission;
48
49
50import java.util.Collections;
51import java.util.HashMap;
52import java.util.Set;
53import java.util.stream.Collectors;
54
55public final class PolicyBuilder {
56
57 private PolicyBuilder(){
58 }
59
60 public static PermissionInfo[] getApplicationPermissions(HashMap<Permission, Set<String>> serviceDirectory,
61 Set<Permission> permissions) {
62 Set<PermissionInfo> permSet = Sets.newHashSet();
63 Collections.addAll(permSet, getDefaultPerms());
64 for (Permission perm : permissions) {
65 permSet.add(new PermissionInfo(AppPermission.class.getName(), perm.name(), ""));
66 permSet.addAll(serviceDirectory.get(perm).stream().map(service -> new PermissionInfo(
67 ServicePermission.class.getName(), service, ServicePermission.GET)).collect(Collectors.toList()));
68 }
69 PermissionInfo[] permissionInfos = new PermissionInfo[permSet.size()];
70 return permSet.toArray(permissionInfos);
71 }
72
73 public static PermissionInfo[] getAdminApplicationPermissions(HashMap<Permission, Set<String>> serviceDirectory) {
74 Set<PermissionInfo> permSet = Sets.newHashSet();
75 Collections.addAll(permSet, getDefaultPerms());
76 Collections.addAll(permSet, getAdminDefaultPerms());
77 permSet.addAll(serviceDirectory.keySet().stream().map(perm ->
78 new PermissionInfo(AppPermission.class.getName(), perm.name(), "")).collect(Collectors.toList()));
79 PermissionInfo[] permissionInfos = new PermissionInfo[permSet.size()];
80 return permSet.toArray(permissionInfos);
81 }
82
83 public static PermissionInfo[] getDefaultPerms() {
84 return new PermissionInfo[]{
85 new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.EXPORTONLY),
86 new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.IMPORT),
87 new PermissionInfo(AdaptPermission.class.getName(), "*", AdaptPermission.ADAPT),
88 };
89 }
90 public static PermissionInfo[] getAdminDefaultPerms() {
91 return new PermissionInfo[]{
92 new PermissionInfo(ServicePermission.class.getName(),
93 ApplicationAdminService.class.getName(), ServicePermission.GET),
94 new PermissionInfo(ServicePermission.class.getName(),
95 ClusterAdminService.class.getName(), ServicePermission.GET),
96 new PermissionInfo(ServicePermission.class.getName(),
97 MastershipAdminService.class.getName(), ServicePermission.GET),
98 new PermissionInfo(ServicePermission.class.getName(),
99 DeviceAdminService.class.getName(), ServicePermission.GET),
100 new PermissionInfo(ServicePermission.class.getName(),
101 HostAdminService.class.getName(), ServicePermission.GET),
102 new PermissionInfo(ServicePermission.class.getName(),
103 LinkAdminService.class.getName(), ServicePermission.GET),
104 new PermissionInfo(ServicePermission.class.getName(),
105 DriverAdminService.class.getName(), ServicePermission.GET),
106 new PermissionInfo(ServicePermission.class.getName(),
107 StorageAdminService.class.getName(), ServicePermission.GET),
Brian O'Connor6de2e202015-05-21 14:30:41 -0700[diff] [blame]108// new PermissionInfo(ServicePermission.class.getName(),
109// LabelResourceAdminService.class.getName(), ServicePermission.GET),
Thomas Vachuskabf916ea2015-05-20 18:24:34 -0700[diff] [blame]110// new PermissionInfo(ServicePermission.class.getName(),
111// TunnelAdminService.class.getName(), ServicePermission.GET),
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]112 new PermissionInfo(ServicePermission.class.getName(),
113 ApplicationService.class.getName(), ServicePermission.GET),
114 new PermissionInfo(ServicePermission.class.getName(),
115 ComponentConfigService.class.getName(), ServicePermission.GET),
116 new PermissionInfo(ServicePermission.class.getName(),
117 CoreService.class.getName(), ServicePermission.GET),
118 new PermissionInfo(ServicePermission.class.getName(),
119 ClusterService.class.getName(), ServicePermission.GET),
120 new PermissionInfo(ServicePermission.class.getName(),
121 LeadershipService.class.getName(), ServicePermission.GET),
122 new PermissionInfo(ServicePermission.class.getName(),
123 MastershipService.class.getName(), ServicePermission.GET),
124 new PermissionInfo(ServicePermission.class.getName(),
125 DeviceService.class.getName(), ServicePermission.GET),
126 new PermissionInfo(ServicePermission.class.getName(),
127 DeviceClockService.class.getName(), ServicePermission.GET),
128 new PermissionInfo(ServicePermission.class.getName(),
129 DriverService.class.getName(), ServicePermission.GET),
130 new PermissionInfo(ServicePermission.class.getName(),
131 FlowRuleService.class.getName(), ServicePermission.GET),
132 new PermissionInfo(ServicePermission.class.getName(),
133 FlowObjectiveService.class.getName(), ServicePermission.GET),
134 new PermissionInfo(ServicePermission.class.getName(),
135 GroupService.class.getName(), ServicePermission.GET),
136 new PermissionInfo(ServicePermission.class.getName(),
137 HostService.class.getName(), ServicePermission.GET),
138 new PermissionInfo(ServicePermission.class.getName(),
139 HostClockService.class.getName(), ServicePermission.GET),
140 new PermissionInfo(ServicePermission.class.getName(),
141 IntentService.class.getName(), ServicePermission.GET),
142 new PermissionInfo(ServicePermission.class.getName(),
143 IntentClockService.class.getName(), ServicePermission.GET),
144 new PermissionInfo(ServicePermission.class.getName(),
145 IntentExtensionService.class.getName(), ServicePermission.GET),
146 new PermissionInfo(ServicePermission.class.getName(),
147 PartitionService.class.getName(), ServicePermission.GET),
148 new PermissionInfo(ServicePermission.class.getName(),
149 LinkService.class.getName(), ServicePermission.GET),
150 new PermissionInfo(ServicePermission.class.getName(),
151 LinkResourceService.class.getName(), ServicePermission.GET),
Brian O'Connor6de2e202015-05-21 14:30:41 -0700[diff] [blame]152// new PermissionInfo(ServicePermission.class.getName(),
153// LabelResourceService.class.getName(), ServicePermission.GET),
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]154 new PermissionInfo(ServicePermission.class.getName(),
155 PacketService.class.getName(), ServicePermission.GET),
156 new PermissionInfo(ServicePermission.class.getName(),
157 ProxyArpService.class.getName(), ServicePermission.GET),
158 new PermissionInfo(ServicePermission.class.getName(),
159 StatisticService.class.getName(), ServicePermission.GET),
160 new PermissionInfo(ServicePermission.class.getName(),
161 PathService.class.getName(), ServicePermission.GET),
162 new PermissionInfo(ServicePermission.class.getName(),
163 TopologyService.class.getName(), ServicePermission.GET),
Thomas Vachuskabf916ea2015-05-20 18:24:34 -0700[diff] [blame]164// new PermissionInfo(ServicePermission.class.getName(),
165// TunnelService.class.getName(), ServicePermission.GET),
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]166 new PermissionInfo(ServicePermission.class.getName(),
167 StorageService.class.getName(), ServicePermission.GET),
168 };
169 }
170
171
172 public static HashMap<Permission, Set<String>> getServiceDirectory() {
173
174 HashMap<Permission, Set<String>> serviceDirectory = new FastHashMap();
175
176 serviceDirectory.put(Permission.APP_READ, ImmutableSet.of(
177 ApplicationService.class.getName(), CoreService.class.getName()));
178 serviceDirectory.put(Permission.APP_EVENT, ImmutableSet.of(
179 ApplicationService.class.getName(), CoreService.class.getName()));
180 serviceDirectory.put(Permission.CONFIG_READ, ImmutableSet.of(
181 ComponentConfigService.class.getName()));
182 serviceDirectory.put(Permission.CONFIG_WRITE, ImmutableSet.of(
183 ComponentConfigService.class.getName()));
184 serviceDirectory.put(Permission.CLUSTER_READ, ImmutableSet.of(
185 ClusterService.class.getName(), LeadershipService.class.getName(),
186 MastershipService.class.getName()));
187 serviceDirectory.put(Permission.CLUSTER_WRITE, ImmutableSet.of(
188 LeadershipService.class.getName(), MastershipService.class.getName()));
189 serviceDirectory.put(Permission.CLUSTER_EVENT, ImmutableSet.of(
190 ClusterService.class.getName(), LeadershipService.class.getName(),
191 MastershipService.class.getName()));
192 serviceDirectory.put(Permission.DEVICE_READ, ImmutableSet.of(
193 DeviceService.class.getName(), DeviceClockService.class.getName()));
194 serviceDirectory.put(Permission.DEVICE_EVENT, ImmutableSet.of(
195 DeviceService.class.getName()));
196 serviceDirectory.put(Permission.DRIVER_READ, ImmutableSet.of(
197 DriverService.class.getName()));
198 serviceDirectory.put(Permission.DRIVER_WRITE, ImmutableSet.of(
199 DriverService.class.getName()));
200 serviceDirectory.put(Permission.FLOWRULE_READ, ImmutableSet.of(
201 FlowRuleService.class.getName()));
202 serviceDirectory.put(Permission.FLOWRULE_WRITE, ImmutableSet.of(
203 FlowRuleService.class.getName(), FlowObjectiveService.class.getName()));
204 serviceDirectory.put(Permission.FLOWRULE_EVENT, ImmutableSet.of(
205 FlowRuleService.class.getName()));
206 serviceDirectory.put(Permission.GROUP_READ, ImmutableSet.of(
207 GroupService.class.getName()));
208 serviceDirectory.put(Permission.GROUP_WRITE, ImmutableSet.of(
209 GroupService.class.getName()));
210 serviceDirectory.put(Permission.GROUP_EVENT, ImmutableSet.of(
211 GroupService.class.getName()));
212 serviceDirectory.put(Permission.HOST_READ, ImmutableSet.of(
213 HostService.class.getName(), HostClockService.class.getName()));
214 serviceDirectory.put(Permission.HOST_WRITE, ImmutableSet.of(
215 HostService.class.getName()));
216 serviceDirectory.put(Permission.HOST_EVENT, ImmutableSet.of(
217 HostService.class.getName()));
218 serviceDirectory.put(Permission.INTENT_READ, ImmutableSet.of(
219 IntentService.class.getName(), PartitionService.class.getName(),
220 IntentClockService.class.getName()));
221 serviceDirectory.put(Permission.INTENT_WRITE, ImmutableSet.of(
222 IntentService.class.getName()));
223 serviceDirectory.put(Permission.INTENT_EVENT, ImmutableSet.of(
224 IntentService.class.getName()));
Brian O'Connor6de2e202015-05-21 14:30:41 -0700[diff] [blame]225// serviceDirectory.put(Permission.LINK_READ, ImmutableSet.of(
226// LinkService.class.getName(), LinkResourceService.class.getName(),
227// LabelResourceService.class.getName()));
228// serviceDirectory.put(Permission.LINK_WRITE, ImmutableSet.of(
229// LinkResourceService.class.getName(), LabelResourceService.class.getName()));
230// serviceDirectory.put(Permission.LINK_EVENT, ImmutableSet.of(
231// LinkService.class.getName(), LinkResourceService.class.getName(),
232// LabelResourceService.class.getName()));
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]233 serviceDirectory.put(Permission.PACKET_READ, ImmutableSet.of(
234 PacketService.class.getName(), ProxyArpService.class.getName()));
235 serviceDirectory.put(Permission.PACKET_WRITE, ImmutableSet.of(
236 PacketService.class.getName(), ProxyArpService.class.getName()));
237 serviceDirectory.put(Permission.PACKET_EVENT, ImmutableSet.of(
238 PacketService.class.getName()));
239 serviceDirectory.put(Permission.STATISTIC_READ, ImmutableSet.of(
240 StatisticService.class.getName()));
241 serviceDirectory.put(Permission.TOPOLOGY_READ, ImmutableSet.of(
242 TopologyService.class.getName(), PathService.class.getName()));
243 serviceDirectory.put(Permission.TOPOLOGY_EVENT, ImmutableSet.of(
244 TopologyService.class.getName()));
Thomas Vachuskabf916ea2015-05-20 18:24:34 -0700[diff] [blame]245// serviceDirectory.put(Permission.TUNNEL_READ, ImmutableSet.of(
246// TunnelService.class.getName()));
247// serviceDirectory.put(Permission.TUNNEL_WRITE, ImmutableSet.of(
248// TunnelService.class.getName()));
249// serviceDirectory.put(Permission.TUNNEL_EVENT, ImmutableSet.of(
250// TunnelService.class.getName()));
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]251 serviceDirectory.put(Permission.STORAGE_WRITE, ImmutableSet.of(
252 StorageService.class.getName()));
253
254 return serviceDirectory;
255 }
256}
257
258
259// public static PermissionInfo[] getNonAdminPerms() {
260// return new PermissionInfo[]{
261// new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.EXPORTONLY),
262// new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.IMPORT),
263// new PermissionInfo(AdaptPermission.class.getName(), "*", AdaptPermission.ADAPT),
264// new PermissionInfo(ServicePermission.class.getName(),
265// ApplicationService.class.getName(), ServicePermission.GET),
266// new PermissionInfo(ServicePermission.class.getName(),
267// ComponentConfigService.class.getName(), ServicePermission.GET),
268// new PermissionInfo(ServicePermission.class.getName(),
269// CoreService.class.getName(), ServicePermission.GET),
270// new PermissionInfo(ServicePermission.class.getName(),
271// ClusterService.class.getName(), ServicePermission.GET),
272// new PermissionInfo(ServicePermission.class.getName(),
273// LeadershipService.class.getName(), ServicePermission.GET),
274// new PermissionInfo(ServicePermission.class.getName(),
275// MastershipService.class.getName(), ServicePermission.GET),
276// new PermissionInfo(ServicePermission.class.getName(),
277// DeviceService.class.getName(), ServicePermission.GET),
278// new PermissionInfo(ServicePermission.class.getName(),
279// DeviceClockService.class.getName(), ServicePermission.GET),
280// new PermissionInfo(ServicePermission.class.getName(),
281// DriverService.class.getName(), ServicePermission.GET),
282// new PermissionInfo(ServicePermission.class.getName(),
283// FlowRuleService.class.getName(), ServicePermission.GET),
284// new PermissionInfo(ServicePermission.class.getName(),
285// FlowObjectiveService.class.getName(), ServicePermission.GET),
286// new PermissionInfo(ServicePermission.class.getName(),
287// GroupService.class.getName(), ServicePermission.GET),
288// new PermissionInfo(ServicePermission.class.getName(),
289// HostService.class.getName(), ServicePermission.GET),
290// new PermissionInfo(ServicePermission.class.getName(),
291// HostClockService.class.getName(), ServicePermission.GET),
292// new PermissionInfo(ServicePermission.class.getName(),
293// IntentService.class.getName(), ServicePermission.GET),
294// new PermissionInfo(ServicePermission.class.getName(),
295// IntentClockService.class.getName(), ServicePermission.GET),
296// new PermissionInfo(ServicePermission.class.getName(),
297// IntentExtensionService.class.getName(), ServicePermission.GET),
298// new PermissionInfo(ServicePermission.class.getName(),
299// PartitionService.class.getName(), ServicePermission.GET),
300// new PermissionInfo(ServicePermission.class.getName(),
301// LinkService.class.getName(), ServicePermission.GET),
302// new PermissionInfo(ServicePermission.class.getName(),
303// LinkResourceService.class.getName(), ServicePermission.GET),
304// new PermissionInfo(ServicePermission.class.getName(),
305// LabelResourceService.class.getName(), ServicePermission.GET),
306// new PermissionInfo(ServicePermission.class.getName(),
307// PacketService.class.getName(), ServicePermission.GET),
308// new PermissionInfo(ServicePermission.class.getName(),
309// ProxyArpService.class.getName(), ServicePermission.GET),
310// new PermissionInfo(ServicePermission.class.getName(),
311// StatisticService.class.getName(), ServicePermission.GET),
312// new PermissionInfo(ServicePermission.class.getName(),
313// PathService.class.getName(), ServicePermission.GET),
314// new PermissionInfo(ServicePermission.class.getName(),
315// TopologyService.class.getName(), ServicePermission.GET),
316// new PermissionInfo(ServicePermission.class.getName(),
317// TunnelService.class.getName(), ServicePermission.GET),
318// new PermissionInfo(ServicePermission.class.getName(),
319// StorageService.class.getName(), ServicePermission.GET),
320// };
321// }