Gitiles
Code Review Sign In
gerrit.onosproject.org / onos / f28207bddfbdfbce2cd775a6361b18c3612ba565 / . / core / security / impl / src / main / java / org / onosproject / security / impl / PolicyBuilder.java
blob: 3c15e087c249ed3e21036fdcc4af9e5746978a3c [file] [log] [blame]
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]1package org.onosproject.security.impl;
2
3
4import com.google.common.collect.ImmutableSet;
5import com.google.common.collect.Sets;
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]6import org.onosproject.core.Permission;
Changhoon Yoon541ef712015-05-23 17:18:34 +0900[diff] [blame]7import org.onosproject.security.AppPermission;
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]8import org.osgi.service.permissionadmin.PermissionInfo;
9
10import org.onosproject.app.ApplicationAdminService;
11import org.onosproject.app.ApplicationService;
12import org.onosproject.cfg.ComponentConfigService;
13import org.onosproject.cluster.ClusterAdminService;
14import org.onosproject.cluster.ClusterService;
15import org.onosproject.core.CoreService;
16import org.onosproject.cluster.LeadershipService;
17import org.onosproject.mastership.MastershipAdminService;
18import org.onosproject.mastership.MastershipService;
19import org.onosproject.net.device.DeviceAdminService;
20import org.onosproject.net.device.DeviceService;
21import org.onosproject.net.device.DeviceClockService;
22import org.onosproject.net.driver.DriverAdminService;
23import org.onosproject.net.driver.DriverService;
24import org.onosproject.net.flow.FlowRuleService;
25import org.onosproject.net.flowobjective.FlowObjectiveService;
26import org.onosproject.net.group.GroupService;
27import org.onosproject.net.host.HostAdminService;
28import org.onosproject.net.host.HostService;
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]29import org.onosproject.net.intent.IntentService;
30import org.onosproject.net.intent.IntentExtensionService;
31import org.onosproject.net.intent.IntentClockService;
32import org.onosproject.net.intent.PartitionService;
33import org.onosproject.net.link.LinkAdminService;
34import org.onosproject.net.link.LinkService;
35import org.onosproject.net.packet.PacketService;
36import org.onosproject.net.proxyarp.ProxyArpService;
Brian O'Connor6de2e202015-05-21 14:30:41 -0700[diff] [blame]37import org.onosproject.net.resource.link.LinkResourceService;
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]38import org.onosproject.net.statistic.StatisticService;
39import org.onosproject.net.topology.PathService;
40import org.onosproject.net.topology.TopologyService;
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]41import org.onosproject.store.service.StorageAdminService;
42import org.onosproject.store.service.StorageService;
43import org.osgi.framework.ServicePermission;
44import org.osgi.framework.PackagePermission;
45import org.osgi.framework.AdaptPermission;
46
47
48import java.util.Collections;
Sho SHIMIZU6cd33302015-06-30 19:09:07 -0700[diff] [blame]49import java.util.Map;
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]50import java.util.Set;
Sho SHIMIZU6cd33302015-06-30 19:09:07 -0700[diff] [blame]51import java.util.concurrent.ConcurrentHashMap;
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]52import java.util.stream.Collectors;
53
54public final class PolicyBuilder {
55
56 private PolicyBuilder(){
57 }
58
Sho SHIMIZU6cd33302015-06-30 19:09:07 -0700[diff] [blame]59 public static PermissionInfo[] getApplicationPermissions(Map<Permission, Set<String>> serviceDirectory,
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]60 Set<Permission> permissions) {
61 Set<PermissionInfo> permSet = Sets.newHashSet();
62 Collections.addAll(permSet, getDefaultPerms());
63 for (Permission perm : permissions) {
64 permSet.add(new PermissionInfo(AppPermission.class.getName(), perm.name(), ""));
65 permSet.addAll(serviceDirectory.get(perm).stream().map(service -> new PermissionInfo(
66 ServicePermission.class.getName(), service, ServicePermission.GET)).collect(Collectors.toList()));
67 }
68 PermissionInfo[] permissionInfos = new PermissionInfo[permSet.size()];
69 return permSet.toArray(permissionInfos);
70 }
71
Sho SHIMIZU6cd33302015-06-30 19:09:07 -0700[diff] [blame]72 public static PermissionInfo[] getAdminApplicationPermissions(Map<Permission, Set<String>> serviceDirectory) {
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]73 Set<PermissionInfo> permSet = Sets.newHashSet();
74 Collections.addAll(permSet, getDefaultPerms());
75 Collections.addAll(permSet, getAdminDefaultPerms());
76 permSet.addAll(serviceDirectory.keySet().stream().map(perm ->
77 new PermissionInfo(AppPermission.class.getName(), perm.name(), "")).collect(Collectors.toList()));
78 PermissionInfo[] permissionInfos = new PermissionInfo[permSet.size()];
79 return permSet.toArray(permissionInfos);
80 }
81
82 public static PermissionInfo[] getDefaultPerms() {
83 return new PermissionInfo[]{
84 new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.EXPORTONLY),
85 new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.IMPORT),
86 new PermissionInfo(AdaptPermission.class.getName(), "*", AdaptPermission.ADAPT),
87 };
88 }
89 public static PermissionInfo[] getAdminDefaultPerms() {
90 return new PermissionInfo[]{
91 new PermissionInfo(ServicePermission.class.getName(),
92 ApplicationAdminService.class.getName(), ServicePermission.GET),
93 new PermissionInfo(ServicePermission.class.getName(),
94 ClusterAdminService.class.getName(), ServicePermission.GET),
95 new PermissionInfo(ServicePermission.class.getName(),
96 MastershipAdminService.class.getName(), ServicePermission.GET),
97 new PermissionInfo(ServicePermission.class.getName(),
98 DeviceAdminService.class.getName(), ServicePermission.GET),
99 new PermissionInfo(ServicePermission.class.getName(),
100 HostAdminService.class.getName(), ServicePermission.GET),
101 new PermissionInfo(ServicePermission.class.getName(),
102 LinkAdminService.class.getName(), ServicePermission.GET),
103 new PermissionInfo(ServicePermission.class.getName(),
104 DriverAdminService.class.getName(), ServicePermission.GET),
105 new PermissionInfo(ServicePermission.class.getName(),
106 StorageAdminService.class.getName(), ServicePermission.GET),
Brian O'Connor6de2e202015-05-21 14:30:41 -0700[diff] [blame]107// new PermissionInfo(ServicePermission.class.getName(),
108// LabelResourceAdminService.class.getName(), ServicePermission.GET),
Thomas Vachuskabf916ea2015-05-20 18:24:34 -0700[diff] [blame]109// new PermissionInfo(ServicePermission.class.getName(),
110// TunnelAdminService.class.getName(), ServicePermission.GET),
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]111 new PermissionInfo(ServicePermission.class.getName(),
112 ApplicationService.class.getName(), ServicePermission.GET),
113 new PermissionInfo(ServicePermission.class.getName(),
114 ComponentConfigService.class.getName(), ServicePermission.GET),
115 new PermissionInfo(ServicePermission.class.getName(),
116 CoreService.class.getName(), ServicePermission.GET),
117 new PermissionInfo(ServicePermission.class.getName(),
118 ClusterService.class.getName(), ServicePermission.GET),
119 new PermissionInfo(ServicePermission.class.getName(),
120 LeadershipService.class.getName(), ServicePermission.GET),
121 new PermissionInfo(ServicePermission.class.getName(),
122 MastershipService.class.getName(), ServicePermission.GET),
123 new PermissionInfo(ServicePermission.class.getName(),
124 DeviceService.class.getName(), ServicePermission.GET),
125 new PermissionInfo(ServicePermission.class.getName(),
126 DeviceClockService.class.getName(), ServicePermission.GET),
127 new PermissionInfo(ServicePermission.class.getName(),
128 DriverService.class.getName(), ServicePermission.GET),
129 new PermissionInfo(ServicePermission.class.getName(),
130 FlowRuleService.class.getName(), ServicePermission.GET),
131 new PermissionInfo(ServicePermission.class.getName(),
132 FlowObjectiveService.class.getName(), ServicePermission.GET),
133 new PermissionInfo(ServicePermission.class.getName(),
134 GroupService.class.getName(), ServicePermission.GET),
135 new PermissionInfo(ServicePermission.class.getName(),
136 HostService.class.getName(), ServicePermission.GET),
137 new PermissionInfo(ServicePermission.class.getName(),
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]138 IntentService.class.getName(), ServicePermission.GET),
139 new PermissionInfo(ServicePermission.class.getName(),
140 IntentClockService.class.getName(), ServicePermission.GET),
141 new PermissionInfo(ServicePermission.class.getName(),
142 IntentExtensionService.class.getName(), ServicePermission.GET),
143 new PermissionInfo(ServicePermission.class.getName(),
144 PartitionService.class.getName(), ServicePermission.GET),
145 new PermissionInfo(ServicePermission.class.getName(),
146 LinkService.class.getName(), ServicePermission.GET),
147 new PermissionInfo(ServicePermission.class.getName(),
148 LinkResourceService.class.getName(), ServicePermission.GET),
Brian O'Connor6de2e202015-05-21 14:30:41 -0700[diff] [blame]149// new PermissionInfo(ServicePermission.class.getName(),
150// LabelResourceService.class.getName(), ServicePermission.GET),
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]151 new PermissionInfo(ServicePermission.class.getName(),
152 PacketService.class.getName(), ServicePermission.GET),
153 new PermissionInfo(ServicePermission.class.getName(),
154 ProxyArpService.class.getName(), ServicePermission.GET),
155 new PermissionInfo(ServicePermission.class.getName(),
156 StatisticService.class.getName(), ServicePermission.GET),
157 new PermissionInfo(ServicePermission.class.getName(),
158 PathService.class.getName(), ServicePermission.GET),
159 new PermissionInfo(ServicePermission.class.getName(),
160 TopologyService.class.getName(), ServicePermission.GET),
Thomas Vachuskabf916ea2015-05-20 18:24:34 -0700[diff] [blame]161// new PermissionInfo(ServicePermission.class.getName(),
162// TunnelService.class.getName(), ServicePermission.GET),
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]163 new PermissionInfo(ServicePermission.class.getName(),
164 StorageService.class.getName(), ServicePermission.GET),
165 };
166 }
167
168
Sho SHIMIZU6cd33302015-06-30 19:09:07 -0700[diff] [blame]169 public static Map<Permission, Set<String>> getServiceDirectory() {
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]170
Sho SHIMIZU6cd33302015-06-30 19:09:07 -0700[diff] [blame]171 Map<Permission, Set<String>> serviceDirectory = new ConcurrentHashMap<>();
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]172
173 serviceDirectory.put(Permission.APP_READ, ImmutableSet.of(
174 ApplicationService.class.getName(), CoreService.class.getName()));
175 serviceDirectory.put(Permission.APP_EVENT, ImmutableSet.of(
176 ApplicationService.class.getName(), CoreService.class.getName()));
177 serviceDirectory.put(Permission.CONFIG_READ, ImmutableSet.of(
178 ComponentConfigService.class.getName()));
179 serviceDirectory.put(Permission.CONFIG_WRITE, ImmutableSet.of(
180 ComponentConfigService.class.getName()));
181 serviceDirectory.put(Permission.CLUSTER_READ, ImmutableSet.of(
182 ClusterService.class.getName(), LeadershipService.class.getName(),
183 MastershipService.class.getName()));
184 serviceDirectory.put(Permission.CLUSTER_WRITE, ImmutableSet.of(
185 LeadershipService.class.getName(), MastershipService.class.getName()));
186 serviceDirectory.put(Permission.CLUSTER_EVENT, ImmutableSet.of(
187 ClusterService.class.getName(), LeadershipService.class.getName(),
188 MastershipService.class.getName()));
189 serviceDirectory.put(Permission.DEVICE_READ, ImmutableSet.of(
190 DeviceService.class.getName(), DeviceClockService.class.getName()));
191 serviceDirectory.put(Permission.DEVICE_EVENT, ImmutableSet.of(
192 DeviceService.class.getName()));
193 serviceDirectory.put(Permission.DRIVER_READ, ImmutableSet.of(
194 DriverService.class.getName()));
195 serviceDirectory.put(Permission.DRIVER_WRITE, ImmutableSet.of(
196 DriverService.class.getName()));
197 serviceDirectory.put(Permission.FLOWRULE_READ, ImmutableSet.of(
198 FlowRuleService.class.getName()));
199 serviceDirectory.put(Permission.FLOWRULE_WRITE, ImmutableSet.of(
200 FlowRuleService.class.getName(), FlowObjectiveService.class.getName()));
201 serviceDirectory.put(Permission.FLOWRULE_EVENT, ImmutableSet.of(
202 FlowRuleService.class.getName()));
203 serviceDirectory.put(Permission.GROUP_READ, ImmutableSet.of(
204 GroupService.class.getName()));
205 serviceDirectory.put(Permission.GROUP_WRITE, ImmutableSet.of(
206 GroupService.class.getName()));
207 serviceDirectory.put(Permission.GROUP_EVENT, ImmutableSet.of(
208 GroupService.class.getName()));
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]209 serviceDirectory.put(Permission.HOST_WRITE, ImmutableSet.of(
210 HostService.class.getName()));
211 serviceDirectory.put(Permission.HOST_EVENT, ImmutableSet.of(
212 HostService.class.getName()));
213 serviceDirectory.put(Permission.INTENT_READ, ImmutableSet.of(
214 IntentService.class.getName(), PartitionService.class.getName(),
215 IntentClockService.class.getName()));
216 serviceDirectory.put(Permission.INTENT_WRITE, ImmutableSet.of(
217 IntentService.class.getName()));
218 serviceDirectory.put(Permission.INTENT_EVENT, ImmutableSet.of(
219 IntentService.class.getName()));
Brian O'Connor6de2e202015-05-21 14:30:41 -0700[diff] [blame]220// serviceDirectory.put(Permission.LINK_READ, ImmutableSet.of(
221// LinkService.class.getName(), LinkResourceService.class.getName(),
222// LabelResourceService.class.getName()));
223// serviceDirectory.put(Permission.LINK_WRITE, ImmutableSet.of(
224// LinkResourceService.class.getName(), LabelResourceService.class.getName()));
225// serviceDirectory.put(Permission.LINK_EVENT, ImmutableSet.of(
226// LinkService.class.getName(), LinkResourceService.class.getName(),
227// LabelResourceService.class.getName()));
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]228 serviceDirectory.put(Permission.PACKET_READ, ImmutableSet.of(
229 PacketService.class.getName(), ProxyArpService.class.getName()));
230 serviceDirectory.put(Permission.PACKET_WRITE, ImmutableSet.of(
231 PacketService.class.getName(), ProxyArpService.class.getName()));
232 serviceDirectory.put(Permission.PACKET_EVENT, ImmutableSet.of(
233 PacketService.class.getName()));
234 serviceDirectory.put(Permission.STATISTIC_READ, ImmutableSet.of(
235 StatisticService.class.getName()));
236 serviceDirectory.put(Permission.TOPOLOGY_READ, ImmutableSet.of(
237 TopologyService.class.getName(), PathService.class.getName()));
238 serviceDirectory.put(Permission.TOPOLOGY_EVENT, ImmutableSet.of(
239 TopologyService.class.getName()));
Thomas Vachuskabf916ea2015-05-20 18:24:34 -0700[diff] [blame]240// serviceDirectory.put(Permission.TUNNEL_READ, ImmutableSet.of(
241// TunnelService.class.getName()));
242// serviceDirectory.put(Permission.TUNNEL_WRITE, ImmutableSet.of(
243// TunnelService.class.getName()));
244// serviceDirectory.put(Permission.TUNNEL_EVENT, ImmutableSet.of(
245// TunnelService.class.getName()));
Changhoon Yoon23dee8f2015-05-18 22:19:49 +0900[diff] [blame]246 serviceDirectory.put(Permission.STORAGE_WRITE, ImmutableSet.of(
247 StorageService.class.getName()));
248
249 return serviceDirectory;
250 }
251}
252
253
254// public static PermissionInfo[] getNonAdminPerms() {
255// return new PermissionInfo[]{
256// new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.EXPORTONLY),
257// new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.IMPORT),
258// new PermissionInfo(AdaptPermission.class.getName(), "*", AdaptPermission.ADAPT),
259// new PermissionInfo(ServicePermission.class.getName(),
260// ApplicationService.class.getName(), ServicePermission.GET),
261// new PermissionInfo(ServicePermission.class.getName(),
262// ComponentConfigService.class.getName(), ServicePermission.GET),
263// new PermissionInfo(ServicePermission.class.getName(),
264// CoreService.class.getName(), ServicePermission.GET),
265// new PermissionInfo(ServicePermission.class.getName(),
266// ClusterService.class.getName(), ServicePermission.GET),
267// new PermissionInfo(ServicePermission.class.getName(),
268// LeadershipService.class.getName(), ServicePermission.GET),
269// new PermissionInfo(ServicePermission.class.getName(),
270// MastershipService.class.getName(), ServicePermission.GET),
271// new PermissionInfo(ServicePermission.class.getName(),
272// DeviceService.class.getName(), ServicePermission.GET),
273// new PermissionInfo(ServicePermission.class.getName(),
274// DeviceClockService.class.getName(), ServicePermission.GET),
275// new PermissionInfo(ServicePermission.class.getName(),
276// DriverService.class.getName(), ServicePermission.GET),
277// new PermissionInfo(ServicePermission.class.getName(),
278// FlowRuleService.class.getName(), ServicePermission.GET),
279// new PermissionInfo(ServicePermission.class.getName(),
280// FlowObjectiveService.class.getName(), ServicePermission.GET),
281// new PermissionInfo(ServicePermission.class.getName(),
282// GroupService.class.getName(), ServicePermission.GET),
283// new PermissionInfo(ServicePermission.class.getName(),
284// HostService.class.getName(), ServicePermission.GET),
285// new PermissionInfo(ServicePermission.class.getName(),
286// HostClockService.class.getName(), ServicePermission.GET),
287// new PermissionInfo(ServicePermission.class.getName(),
288// IntentService.class.getName(), ServicePermission.GET),
289// new PermissionInfo(ServicePermission.class.getName(),
290// IntentClockService.class.getName(), ServicePermission.GET),
291// new PermissionInfo(ServicePermission.class.getName(),
292// IntentExtensionService.class.getName(), ServicePermission.GET),
293// new PermissionInfo(ServicePermission.class.getName(),
294// PartitionService.class.getName(), ServicePermission.GET),
295// new PermissionInfo(ServicePermission.class.getName(),
296// LinkService.class.getName(), ServicePermission.GET),
297// new PermissionInfo(ServicePermission.class.getName(),
298// LinkResourceService.class.getName(), ServicePermission.GET),
299// new PermissionInfo(ServicePermission.class.getName(),
300// LabelResourceService.class.getName(), ServicePermission.GET),
301// new PermissionInfo(ServicePermission.class.getName(),
302// PacketService.class.getName(), ServicePermission.GET),
303// new PermissionInfo(ServicePermission.class.getName(),
304// ProxyArpService.class.getName(), ServicePermission.GET),
305// new PermissionInfo(ServicePermission.class.getName(),
306// StatisticService.class.getName(), ServicePermission.GET),
307// new PermissionInfo(ServicePermission.class.getName(),
308// PathService.class.getName(), ServicePermission.GET),
309// new PermissionInfo(ServicePermission.class.getName(),
310// TopologyService.class.getName(), ServicePermission.GET),
311// new PermissionInfo(ServicePermission.class.getName(),
312// TunnelService.class.getName(), ServicePermission.GET),
313// new PermissionInfo(ServicePermission.class.getName(),
314// StorageService.class.getName(), ServicePermission.GET),
315// };
Sho SHIMIZU6cd33302015-06-30 19:09:07 -0700[diff] [blame]316// }