Gitiles
Code Review Sign In
gerrit.onosproject.org / onos / bf916ea1a4120772c92eb41f39e242b258a04d2c / . / core / security / impl / src / main / java / org / onosproject / security / impl / PolicyBuilder.java
blob: 31174c67e23d1c5ac35110db4177eb928501e0b4 [file] [log] [blame]
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]1package org.onosproject.security.impl;
2
3
4import com.google.common.collect.ImmutableSet;
5import com.google.common.collect.Sets;
6import org.apache.commons.collections.FastHashMap;
7import org.onosproject.core.Permission;
8import org.onosproject.security.util.AppPermission;
9import org.osgi.service.permissionadmin.PermissionInfo;
10
11import org.onosproject.app.ApplicationAdminService;
12import org.onosproject.app.ApplicationService;
13import org.onosproject.cfg.ComponentConfigService;
14import org.onosproject.cluster.ClusterAdminService;
15import org.onosproject.cluster.ClusterService;
16import org.onosproject.core.CoreService;
17import org.onosproject.cluster.LeadershipService;
18import org.onosproject.mastership.MastershipAdminService;
19import org.onosproject.mastership.MastershipService;
20import org.onosproject.net.device.DeviceAdminService;
21import org.onosproject.net.device.DeviceService;
22import org.onosproject.net.device.DeviceClockService;
23import org.onosproject.net.driver.DriverAdminService;
24import org.onosproject.net.driver.DriverService;
25import org.onosproject.net.flow.FlowRuleService;
26import org.onosproject.net.flowobjective.FlowObjectiveService;
27import org.onosproject.net.group.GroupService;
28import org.onosproject.net.host.HostAdminService;
29import org.onosproject.net.host.HostService;
30import org.onosproject.net.host.HostClockService;
31import org.onosproject.net.intent.IntentService;
32import org.onosproject.net.intent.IntentExtensionService;
33import org.onosproject.net.intent.IntentClockService;
34import org.onosproject.net.intent.PartitionService;
35import org.onosproject.net.link.LinkAdminService;
36import org.onosproject.net.link.LinkService;
37import org.onosproject.net.packet.PacketService;
38import org.onosproject.net.proxyarp.ProxyArpService;
39import org.onosproject.net.resource.LabelResourceAdminService;
40import org.onosproject.net.resource.LinkResourceService;
41import org.onosproject.net.resource.LabelResourceService;
42import org.onosproject.net.statistic.StatisticService;
43import org.onosproject.net.topology.PathService;
44import org.onosproject.net.topology.TopologyService;
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]45import org.onosproject.store.service.StorageAdminService;
46import org.onosproject.store.service.StorageService;
47import org.osgi.framework.ServicePermission;
48import org.osgi.framework.PackagePermission;
49import org.osgi.framework.AdaptPermission;
50
51
52import java.util.Collections;
53import java.util.HashMap;
54import java.util.Set;
55import java.util.stream.Collectors;
56
57public final class PolicyBuilder {
58
59 private PolicyBuilder(){
60 }
61
62 public static PermissionInfo[] getApplicationPermissions(HashMap<Permission, Set<String>> serviceDirectory,
63 Set<Permission> permissions) {
64 Set<PermissionInfo> permSet = Sets.newHashSet();
65 Collections.addAll(permSet, getDefaultPerms());
66 for (Permission perm : permissions) {
67 permSet.add(new PermissionInfo(AppPermission.class.getName(), perm.name(), ""));
68 permSet.addAll(serviceDirectory.get(perm).stream().map(service -> new PermissionInfo(
69 ServicePermission.class.getName(), service, ServicePermission.GET)).collect(Collectors.toList()));
70 }
71 PermissionInfo[] permissionInfos = new PermissionInfo[permSet.size()];
72 return permSet.toArray(permissionInfos);
73 }
74
75 public static PermissionInfo[] getAdminApplicationPermissions(HashMap<Permission, Set<String>> serviceDirectory) {
76 Set<PermissionInfo> permSet = Sets.newHashSet();
77 Collections.addAll(permSet, getDefaultPerms());
78 Collections.addAll(permSet, getAdminDefaultPerms());
79 permSet.addAll(serviceDirectory.keySet().stream().map(perm ->
80 new PermissionInfo(AppPermission.class.getName(), perm.name(), "")).collect(Collectors.toList()));
81 PermissionInfo[] permissionInfos = new PermissionInfo[permSet.size()];
82 return permSet.toArray(permissionInfos);
83 }
84
85 public static PermissionInfo[] getDefaultPerms() {
86 return new PermissionInfo[]{
87 new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.EXPORTONLY),
88 new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.IMPORT),
89 new PermissionInfo(AdaptPermission.class.getName(), "*", AdaptPermission.ADAPT),
90 };
91 }
92 public static PermissionInfo[] getAdminDefaultPerms() {
93 return new PermissionInfo[]{
94 new PermissionInfo(ServicePermission.class.getName(),
95 ApplicationAdminService.class.getName(), ServicePermission.GET),
96 new PermissionInfo(ServicePermission.class.getName(),
97 ClusterAdminService.class.getName(), ServicePermission.GET),
98 new PermissionInfo(ServicePermission.class.getName(),
99 MastershipAdminService.class.getName(), ServicePermission.GET),
100 new PermissionInfo(ServicePermission.class.getName(),
101 DeviceAdminService.class.getName(), ServicePermission.GET),
102 new PermissionInfo(ServicePermission.class.getName(),
103 HostAdminService.class.getName(), ServicePermission.GET),
104 new PermissionInfo(ServicePermission.class.getName(),
105 LinkAdminService.class.getName(), ServicePermission.GET),
106 new PermissionInfo(ServicePermission.class.getName(),
107 DriverAdminService.class.getName(), ServicePermission.GET),
108 new PermissionInfo(ServicePermission.class.getName(),
109 StorageAdminService.class.getName(), ServicePermission.GET),
110 new PermissionInfo(ServicePermission.class.getName(),
111 LabelResourceAdminService.class.getName(), ServicePermission.GET),
Thomas Vachuskabf916ea2015-05-20 18:24:34 -0700[diff] [blame^]112// new PermissionInfo(ServicePermission.class.getName(),
113// TunnelAdminService.class.getName(), ServicePermission.GET),
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]114 new PermissionInfo(ServicePermission.class.getName(),
115 ApplicationService.class.getName(), ServicePermission.GET),
116 new PermissionInfo(ServicePermission.class.getName(),
117 ComponentConfigService.class.getName(), ServicePermission.GET),
118 new PermissionInfo(ServicePermission.class.getName(),
119 CoreService.class.getName(), ServicePermission.GET),
120 new PermissionInfo(ServicePermission.class.getName(),
121 ClusterService.class.getName(), ServicePermission.GET),
122 new PermissionInfo(ServicePermission.class.getName(),
123 LeadershipService.class.getName(), ServicePermission.GET),
124 new PermissionInfo(ServicePermission.class.getName(),
125 MastershipService.class.getName(), ServicePermission.GET),
126 new PermissionInfo(ServicePermission.class.getName(),
127 DeviceService.class.getName(), ServicePermission.GET),
128 new PermissionInfo(ServicePermission.class.getName(),
129 DeviceClockService.class.getName(), ServicePermission.GET),
130 new PermissionInfo(ServicePermission.class.getName(),
131 DriverService.class.getName(), ServicePermission.GET),
132 new PermissionInfo(ServicePermission.class.getName(),
133 FlowRuleService.class.getName(), ServicePermission.GET),
134 new PermissionInfo(ServicePermission.class.getName(),
135 FlowObjectiveService.class.getName(), ServicePermission.GET),
136 new PermissionInfo(ServicePermission.class.getName(),
137 GroupService.class.getName(), ServicePermission.GET),
138 new PermissionInfo(ServicePermission.class.getName(),
139 HostService.class.getName(), ServicePermission.GET),
140 new PermissionInfo(ServicePermission.class.getName(),
141 HostClockService.class.getName(), ServicePermission.GET),
142 new PermissionInfo(ServicePermission.class.getName(),
143 IntentService.class.getName(), ServicePermission.GET),
144 new PermissionInfo(ServicePermission.class.getName(),
145 IntentClockService.class.getName(), ServicePermission.GET),
146 new PermissionInfo(ServicePermission.class.getName(),
147 IntentExtensionService.class.getName(), ServicePermission.GET),
148 new PermissionInfo(ServicePermission.class.getName(),
149 PartitionService.class.getName(), ServicePermission.GET),
150 new PermissionInfo(ServicePermission.class.getName(),
151 LinkService.class.getName(), ServicePermission.GET),
152 new PermissionInfo(ServicePermission.class.getName(),
153 LinkResourceService.class.getName(), ServicePermission.GET),
154 new PermissionInfo(ServicePermission.class.getName(),
155 LabelResourceService.class.getName(), ServicePermission.GET),
156 new PermissionInfo(ServicePermission.class.getName(),
157 PacketService.class.getName(), ServicePermission.GET),
158 new PermissionInfo(ServicePermission.class.getName(),
159 ProxyArpService.class.getName(), ServicePermission.GET),
160 new PermissionInfo(ServicePermission.class.getName(),
161 StatisticService.class.getName(), ServicePermission.GET),
162 new PermissionInfo(ServicePermission.class.getName(),
163 PathService.class.getName(), ServicePermission.GET),
164 new PermissionInfo(ServicePermission.class.getName(),
165 TopologyService.class.getName(), ServicePermission.GET),
Thomas Vachuskabf916ea2015-05-20 18:24:34 -0700[diff] [blame^]166// new PermissionInfo(ServicePermission.class.getName(),
167// TunnelService.class.getName(), ServicePermission.GET),
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]168 new PermissionInfo(ServicePermission.class.getName(),
169 StorageService.class.getName(), ServicePermission.GET),
170 };
171 }
172
173
174 public static HashMap<Permission, Set<String>> getServiceDirectory() {
175
176 HashMap<Permission, Set<String>> serviceDirectory = new FastHashMap();
177
178 serviceDirectory.put(Permission.APP_READ, ImmutableSet.of(
179 ApplicationService.class.getName(), CoreService.class.getName()));
180 serviceDirectory.put(Permission.APP_EVENT, ImmutableSet.of(
181 ApplicationService.class.getName(), CoreService.class.getName()));
182 serviceDirectory.put(Permission.CONFIG_READ, ImmutableSet.of(
183 ComponentConfigService.class.getName()));
184 serviceDirectory.put(Permission.CONFIG_WRITE, ImmutableSet.of(
185 ComponentConfigService.class.getName()));
186 serviceDirectory.put(Permission.CLUSTER_READ, ImmutableSet.of(
187 ClusterService.class.getName(), LeadershipService.class.getName(),
188 MastershipService.class.getName()));
189 serviceDirectory.put(Permission.CLUSTER_WRITE, ImmutableSet.of(
190 LeadershipService.class.getName(), MastershipService.class.getName()));
191 serviceDirectory.put(Permission.CLUSTER_EVENT, ImmutableSet.of(
192 ClusterService.class.getName(), LeadershipService.class.getName(),
193 MastershipService.class.getName()));
194 serviceDirectory.put(Permission.DEVICE_READ, ImmutableSet.of(
195 DeviceService.class.getName(), DeviceClockService.class.getName()));
196 serviceDirectory.put(Permission.DEVICE_EVENT, ImmutableSet.of(
197 DeviceService.class.getName()));
198 serviceDirectory.put(Permission.DRIVER_READ, ImmutableSet.of(
199 DriverService.class.getName()));
200 serviceDirectory.put(Permission.DRIVER_WRITE, ImmutableSet.of(
201 DriverService.class.getName()));
202 serviceDirectory.put(Permission.FLOWRULE_READ, ImmutableSet.of(
203 FlowRuleService.class.getName()));
204 serviceDirectory.put(Permission.FLOWRULE_WRITE, ImmutableSet.of(
205 FlowRuleService.class.getName(), FlowObjectiveService.class.getName()));
206 serviceDirectory.put(Permission.FLOWRULE_EVENT, ImmutableSet.of(
207 FlowRuleService.class.getName()));
208 serviceDirectory.put(Permission.GROUP_READ, ImmutableSet.of(
209 GroupService.class.getName()));
210 serviceDirectory.put(Permission.GROUP_WRITE, ImmutableSet.of(
211 GroupService.class.getName()));
212 serviceDirectory.put(Permission.GROUP_EVENT, ImmutableSet.of(
213 GroupService.class.getName()));
214 serviceDirectory.put(Permission.HOST_READ, ImmutableSet.of(
215 HostService.class.getName(), HostClockService.class.getName()));
216 serviceDirectory.put(Permission.HOST_WRITE, ImmutableSet.of(
217 HostService.class.getName()));
218 serviceDirectory.put(Permission.HOST_EVENT, ImmutableSet.of(
219 HostService.class.getName()));
220 serviceDirectory.put(Permission.INTENT_READ, ImmutableSet.of(
221 IntentService.class.getName(), PartitionService.class.getName(),
222 IntentClockService.class.getName()));
223 serviceDirectory.put(Permission.INTENT_WRITE, ImmutableSet.of(
224 IntentService.class.getName()));
225 serviceDirectory.put(Permission.INTENT_EVENT, ImmutableSet.of(
226 IntentService.class.getName()));
227 serviceDirectory.put(Permission.LINK_READ, ImmutableSet.of(
228 LinkService.class.getName(), LinkResourceService.class.getName(),
229 LabelResourceService.class.getName()));
230 serviceDirectory.put(Permission.LINK_WRITE, ImmutableSet.of(
231 LinkResourceService.class.getName(), LabelResourceService.class.getName()));
232 serviceDirectory.put(Permission.LINK_EVENT, ImmutableSet.of(
233 LinkService.class.getName(), LinkResourceService.class.getName(),
234 LabelResourceService.class.getName()));
235 serviceDirectory.put(Permission.PACKET_READ, ImmutableSet.of(
236 PacketService.class.getName(), ProxyArpService.class.getName()));
237 serviceDirectory.put(Permission.PACKET_WRITE, ImmutableSet.of(
238 PacketService.class.getName(), ProxyArpService.class.getName()));
239 serviceDirectory.put(Permission.PACKET_EVENT, ImmutableSet.of(
240 PacketService.class.getName()));
241 serviceDirectory.put(Permission.STATISTIC_READ, ImmutableSet.of(
242 StatisticService.class.getName()));
243 serviceDirectory.put(Permission.TOPOLOGY_READ, ImmutableSet.of(
244 TopologyService.class.getName(), PathService.class.getName()));
245 serviceDirectory.put(Permission.TOPOLOGY_EVENT, ImmutableSet.of(
246 TopologyService.class.getName()));
Thomas Vachuskabf916ea2015-05-20 18:24:34 -0700[diff] [blame^]247// serviceDirectory.put(Permission.TUNNEL_READ, ImmutableSet.of(
248// TunnelService.class.getName()));
249// serviceDirectory.put(Permission.TUNNEL_WRITE, ImmutableSet.of(
250// TunnelService.class.getName()));
251// serviceDirectory.put(Permission.TUNNEL_EVENT, ImmutableSet.of(
252// TunnelService.class.getName()));
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]253 serviceDirectory.put(Permission.STORAGE_WRITE, ImmutableSet.of(
254 StorageService.class.getName()));
255
256 return serviceDirectory;
257 }
258}
259
260
261// public static PermissionInfo[] getNonAdminPerms() {
262// return new PermissionInfo[]{
263// new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.EXPORTONLY),
264// new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.IMPORT),
265// new PermissionInfo(AdaptPermission.class.getName(), "*", AdaptPermission.ADAPT),
266// new PermissionInfo(ServicePermission.class.getName(),
267// ApplicationService.class.getName(), ServicePermission.GET),
268// new PermissionInfo(ServicePermission.class.getName(),
269// ComponentConfigService.class.getName(), ServicePermission.GET),
270// new PermissionInfo(ServicePermission.class.getName(),
271// CoreService.class.getName(), ServicePermission.GET),
272// new PermissionInfo(ServicePermission.class.getName(),
273// ClusterService.class.getName(), ServicePermission.GET),
274// new PermissionInfo(ServicePermission.class.getName(),
275// LeadershipService.class.getName(), ServicePermission.GET),
276// new PermissionInfo(ServicePermission.class.getName(),
277// MastershipService.class.getName(), ServicePermission.GET),
278// new PermissionInfo(ServicePermission.class.getName(),
279// DeviceService.class.getName(), ServicePermission.GET),
280// new PermissionInfo(ServicePermission.class.getName(),
281// DeviceClockService.class.getName(), ServicePermission.GET),
282// new PermissionInfo(ServicePermission.class.getName(),
283// DriverService.class.getName(), ServicePermission.GET),
284// new PermissionInfo(ServicePermission.class.getName(),
285// FlowRuleService.class.getName(), ServicePermission.GET),
286// new PermissionInfo(ServicePermission.class.getName(),
287// FlowObjectiveService.class.getName(), ServicePermission.GET),
288// new PermissionInfo(ServicePermission.class.getName(),
289// GroupService.class.getName(), ServicePermission.GET),
290// new PermissionInfo(ServicePermission.class.getName(),
291// HostService.class.getName(), ServicePermission.GET),
292// new PermissionInfo(ServicePermission.class.getName(),
293// HostClockService.class.getName(), ServicePermission.GET),
294// new PermissionInfo(ServicePermission.class.getName(),
295// IntentService.class.getName(), ServicePermission.GET),
296// new PermissionInfo(ServicePermission.class.getName(),
297// IntentClockService.class.getName(), ServicePermission.GET),
298// new PermissionInfo(ServicePermission.class.getName(),
299// IntentExtensionService.class.getName(), ServicePermission.GET),
300// new PermissionInfo(ServicePermission.class.getName(),
301// PartitionService.class.getName(), ServicePermission.GET),
302// new PermissionInfo(ServicePermission.class.getName(),
303// LinkService.class.getName(), ServicePermission.GET),
304// new PermissionInfo(ServicePermission.class.getName(),
305// LinkResourceService.class.getName(), ServicePermission.GET),
306// new PermissionInfo(ServicePermission.class.getName(),
307// LabelResourceService.class.getName(), ServicePermission.GET),
308// new PermissionInfo(ServicePermission.class.getName(),
309// PacketService.class.getName(), ServicePermission.GET),
310// new PermissionInfo(ServicePermission.class.getName(),
311// ProxyArpService.class.getName(), ServicePermission.GET),
312// new PermissionInfo(ServicePermission.class.getName(),
313// StatisticService.class.getName(), ServicePermission.GET),
314// new PermissionInfo(ServicePermission.class.getName(),
315// PathService.class.getName(), ServicePermission.GET),
316// new PermissionInfo(ServicePermission.class.getName(),
317// TopologyService.class.getName(), ServicePermission.GET),
318// new PermissionInfo(ServicePermission.class.getName(),
319// TunnelService.class.getName(), ServicePermission.GET),
320// new PermissionInfo(ServicePermission.class.getName(),
321// StorageService.class.getName(), ServicePermission.GET),
322// };
323// }