Changhoon Yoon
Committed by Gerrit Code Review

ONOS-4507,ONOS-4774, ONOS-4775, ONOS-4776 + some minor fixes

Change-Id: I9eaf17b03899074d4b63e01e920fada6797158a0
Showing 20 changed files with 259 additions and 114 deletions
...@@ -45,6 +45,12 @@ public class ReviewCommand extends AbstractShellCommand { ...@@ -45,6 +45,12 @@ public class ReviewCommand extends AbstractShellCommand {
45 required = false, multiValued = false) 45 required = false, multiValued = false)
46 String accept = null; 46 String accept = null;
47 47
48 +
49 + public static final String ANSI_RESET = "\u001B[0m";
50 + public static final String ANSI_RED = "\u001B[31m";
51 + public static final String ANSI_GREEN = "\u001B[32m";
52 + public static final String ANSI_YELLOW = "\u001B[33m";
53 +
48 @Override 54 @Override
49 protected void execute() { 55 protected void execute() {
50 ApplicationAdminService applicationAdminService = get(ApplicationAdminService.class); 56 ApplicationAdminService applicationAdminService = get(ApplicationAdminService.class);
...@@ -86,38 +92,64 @@ public class ReviewCommand extends AbstractShellCommand { ...@@ -86,38 +92,64 @@ public class ReviewCommand extends AbstractShellCommand {
86 print(""); 92 print("");
87 93
88 } 94 }
95 +
96 + /**
97 + * TYPES.
98 + * 0 - APP_PERM
99 + * 1 - ADMIN SERVICE
100 + * 2 - NB_SERVICE
101 + * 3 - SB_SERVICE
102 + * 4 - CLI_SERVICE
103 + * 5 - ETC_SERVICE
104 + * 6 - CRITICAL PERMISSIONS
105 + * 7 - ETC
106 + **/
89 private void printMap(Map<Integer, List<Permission>> assortedMap) { 107 private void printMap(Map<Integer, List<Permission>> assortedMap) {
90 - for (Integer type : assortedMap.keySet()) { 108 +
91 - switch (type) { 109 + for (Permission perm: assortedMap.get(0)) { // APP PERM
92 - case 0: 110 + if (perm.getName().contains("WRITE")) {
93 - for (Permission perm: assortedMap.get(0)) { 111 + printYellow("\t[APP PERMISSION] " + perm.getName());
94 - print("\t[APP PERMISSION] " + perm.getName()); 112 + } else {
95 - } 113 + printGreen("\t[APP PERMISSION] " + perm.getName());
96 - break;
97 - case 1:
98 - for (Permission perm: assortedMap.get(1)) {
99 - print("\t[NB-ADMIN SERVICE] " + perm.getName() + "(" + perm.getActions() + ")");
100 - }
101 - break;
102 - case 2:
103 - for (Permission perm: assortedMap.get(2)) {
104 - print("\t[NB SERVICE] " + perm.getName() + "(" + perm.getActions() + ")");
105 - }
106 - break;
107 - case 3:
108 - for (Permission perm: assortedMap.get(3)) {
109 - print("\t[Other SERVICE] " + perm.getName() + "(" + perm.getActions() + ")");
110 - }
111 - break;
112 - case 4:
113 - for (Permission perm: assortedMap.get(4)) {
114 - print("\t[Other] " + perm.getClass().getSimpleName() +
115 - " " + perm.getName() + " (" + perm.getActions() + ")");
116 - }
117 - break;
118 - default:
119 - break;
120 } 114 }
121 } 115 }
116 +
117 + for (Permission perm: assortedMap.get(4)) {
118 + printGreen("\t[CLI SERVICE] " + perm.getName() + "(" + perm.getActions() + ")");
119 + }
120 +
121 + for (Permission perm: assortedMap.get(5)) {
122 + printYellow("\t[Other SERVICE] " + perm.getName() + "(" + perm.getActions() + ")");
123 + }
124 +
125 + for (Permission perm: assortedMap.get(7)) {
126 + printYellow("\t[Other] " + perm.getClass().getSimpleName() +
127 + " " + perm.getName() + " (" + perm.getActions() + ")");
128 + }
129 +
130 + for (Permission perm: assortedMap.get(1)) { // ADMIN SERVICES
131 + printRed("\t[NB-ADMIN SERVICE] " + perm.getName() + "(" + perm.getActions() + ")");
132 + }
133 +
134 + for (Permission perm: assortedMap.get(3)) { // ADMIN SERVICES
135 + printRed("\t[SB SERVICE] " + perm.getName() + "(" + perm.getActions() + ")");
136 + }
137 +
138 + for (Permission perm: assortedMap.get(6)) { // CRITICAL SERVICES
139 + printRed("\t[CRITICAL PERMISSION] " + perm.getClass().getSimpleName() +
140 + " " + perm.getName() + " (" + perm.getActions() + ")");
141 + }
142 + }
143 +
144 + private void printRed(String format, Object... args) {
145 + print(ANSI_RED + String.format(format, args) + ANSI_RESET);
146 + }
147 +
148 + private void printYellow(String format, Object... args) {
149 + print(ANSI_YELLOW + String.format(format, args) + ANSI_RESET);
150 + }
151 +
152 + private void printGreen(String format, Object... args) {
153 + print(ANSI_GREEN + String.format(format, args) + ANSI_RESET);
122 } 154 }
123 } 155 }
......
...@@ -82,7 +82,8 @@ public class AppPermission extends BasicPermission { ...@@ -82,7 +82,8 @@ public class AppPermission extends BasicPermission {
82 TUNNEL_WRITE, 82 TUNNEL_WRITE,
83 TUNNEL_EVENT, 83 TUNNEL_EVENT,
84 UI_READ, 84 UI_READ,
85 - UI_WRITE 85 + UI_WRITE,
86 + ADMIN
86 } 87 }
87 88
88 protected Type type; 89 protected Type type;
......
...@@ -55,6 +55,7 @@ import static org.onosproject.app.ApplicationEvent.Type.APP_DEACTIVATED; ...@@ -55,6 +55,7 @@ import static org.onosproject.app.ApplicationEvent.Type.APP_DEACTIVATED;
55 import static org.onosproject.app.ApplicationEvent.Type.APP_INSTALLED; 55 import static org.onosproject.app.ApplicationEvent.Type.APP_INSTALLED;
56 import static org.onosproject.app.ApplicationEvent.Type.APP_UNINSTALLED; 56 import static org.onosproject.app.ApplicationEvent.Type.APP_UNINSTALLED;
57 import static org.onosproject.security.AppGuard.checkPermission; 57 import static org.onosproject.security.AppGuard.checkPermission;
58 +import static org.onosproject.security.AppPermission.Type.ADMIN;
58 import static org.onosproject.security.AppPermission.Type.APP_READ; 59 import static org.onosproject.security.AppPermission.Type.APP_READ;
59 import static org.slf4j.LoggerFactory.getLogger; 60 import static org.slf4j.LoggerFactory.getLogger;
60 61
...@@ -151,6 +152,7 @@ public class ApplicationManager ...@@ -151,6 +152,7 @@ public class ApplicationManager
151 152
152 @Override 153 @Override
153 public Application install(InputStream appDescStream) { 154 public Application install(InputStream appDescStream) {
155 + checkPermission(ADMIN);
154 checkNotNull(appDescStream, "Application archive stream cannot be null"); 156 checkNotNull(appDescStream, "Application archive stream cannot be null");
155 Application app = store.create(appDescStream); 157 Application app = store.create(appDescStream);
156 SecurityUtil.register(app.id()); 158 SecurityUtil.register(app.id());
...@@ -159,12 +161,14 @@ public class ApplicationManager ...@@ -159,12 +161,14 @@ public class ApplicationManager
159 161
160 @Override 162 @Override
161 public void uninstall(ApplicationId appId) { 163 public void uninstall(ApplicationId appId) {
164 + checkPermission(ADMIN);
162 checkNotNull(appId, APP_ID_NULL); 165 checkNotNull(appId, APP_ID_NULL);
163 updateStoreAndWaitForNotificationHandling(appId, store::remove); 166 updateStoreAndWaitForNotificationHandling(appId, store::remove);
164 } 167 }
165 168
166 @Override 169 @Override
167 public void activate(ApplicationId appId) { 170 public void activate(ApplicationId appId) {
171 + checkPermission(ADMIN);
168 checkNotNull(appId, APP_ID_NULL); 172 checkNotNull(appId, APP_ID_NULL);
169 if (!SecurityUtil.isAppSecured(appId)) { 173 if (!SecurityUtil.isAppSecured(appId)) {
170 return; 174 return;
...@@ -174,12 +178,14 @@ public class ApplicationManager ...@@ -174,12 +178,14 @@ public class ApplicationManager
174 178
175 @Override 179 @Override
176 public void deactivate(ApplicationId appId) { 180 public void deactivate(ApplicationId appId) {
181 + checkPermission(ADMIN);
177 checkNotNull(appId, APP_ID_NULL); 182 checkNotNull(appId, APP_ID_NULL);
178 updateStoreAndWaitForNotificationHandling(appId, store::deactivate); 183 updateStoreAndWaitForNotificationHandling(appId, store::deactivate);
179 } 184 }
180 185
181 @Override 186 @Override
182 public void setPermissions(ApplicationId appId, Set<Permission> permissions) { 187 public void setPermissions(ApplicationId appId, Set<Permission> permissions) {
188 + checkPermission(ADMIN);
183 checkNotNull(appId, APP_ID_NULL); 189 checkNotNull(appId, APP_ID_NULL);
184 checkNotNull(permissions, "Permissions cannot be null"); 190 checkNotNull(permissions, "Permissions cannot be null");
185 store.setPermissions(appId, permissions); 191 store.setPermissions(appId, permissions);
......
...@@ -58,6 +58,7 @@ import java.util.concurrent.atomic.AtomicReference; ...@@ -58,6 +58,7 @@ import java.util.concurrent.atomic.AtomicReference;
58 import static com.google.common.base.Preconditions.checkArgument; 58 import static com.google.common.base.Preconditions.checkArgument;
59 import static com.google.common.base.Preconditions.checkNotNull; 59 import static com.google.common.base.Preconditions.checkNotNull;
60 import static org.onosproject.security.AppGuard.checkPermission; 60 import static org.onosproject.security.AppGuard.checkPermission;
61 +import static org.onosproject.security.AppPermission.Type.ADMIN;
61 import static org.onosproject.security.AppPermission.Type.CLUSTER_READ; 62 import static org.onosproject.security.AppPermission.Type.CLUSTER_READ;
62 import static org.slf4j.LoggerFactory.getLogger; 63 import static org.slf4j.LoggerFactory.getLogger;
63 64
...@@ -135,6 +136,7 @@ public class ClusterManager ...@@ -135,6 +136,7 @@ public class ClusterManager
135 136
136 @Override 137 @Override
137 public void markFullyStarted(boolean started) { 138 public void markFullyStarted(boolean started) {
139 + checkPermission(ADMIN);
138 store.markFullyStarted(started); 140 store.markFullyStarted(started);
139 } 141 }
140 142
...@@ -146,6 +148,7 @@ public class ClusterManager ...@@ -146,6 +148,7 @@ public class ClusterManager
146 148
147 @Override 149 @Override
148 public void formCluster(Set<ControllerNode> nodes) { 150 public void formCluster(Set<ControllerNode> nodes) {
151 + checkPermission(ADMIN);
149 checkNotNull(nodes, "Nodes cannot be null"); 152 checkNotNull(nodes, "Nodes cannot be null");
150 checkArgument(!nodes.isEmpty(), "Nodes cannot be empty"); 153 checkArgument(!nodes.isEmpty(), "Nodes cannot be empty");
151 154
...@@ -163,6 +166,7 @@ public class ClusterManager ...@@ -163,6 +166,7 @@ public class ClusterManager
163 166
164 @Override 167 @Override
165 public ControllerNode addNode(NodeId nodeId, IpAddress ip, int tcpPort) { 168 public ControllerNode addNode(NodeId nodeId, IpAddress ip, int tcpPort) {
169 + checkPermission(ADMIN);
166 checkNotNull(nodeId, INSTANCE_ID_NULL); 170 checkNotNull(nodeId, INSTANCE_ID_NULL);
167 checkNotNull(ip, "IP address cannot be null"); 171 checkNotNull(ip, "IP address cannot be null");
168 checkArgument(tcpPort > 5000, "TCP port must be > 5000"); 172 checkArgument(tcpPort > 5000, "TCP port must be > 5000");
...@@ -171,6 +175,7 @@ public class ClusterManager ...@@ -171,6 +175,7 @@ public class ClusterManager
171 175
172 @Override 176 @Override
173 public void removeNode(NodeId nodeId) { 177 public void removeNode(NodeId nodeId) {
178 + checkPermission(ADMIN);
174 checkNotNull(nodeId, INSTANCE_ID_NULL); 179 checkNotNull(nodeId, INSTANCE_ID_NULL);
175 store.removeNode(nodeId); 180 store.removeNode(nodeId);
176 } 181 }
......
...@@ -46,6 +46,7 @@ import java.util.Enumeration; ...@@ -46,6 +46,7 @@ import java.util.Enumeration;
46 46
47 import static com.google.common.base.Preconditions.checkNotNull; 47 import static com.google.common.base.Preconditions.checkNotNull;
48 import static org.onosproject.security.AppGuard.checkPermission; 48 import static org.onosproject.security.AppGuard.checkPermission;
49 +import static org.onosproject.security.AppPermission.Type.ADMIN;
49 import static org.onosproject.security.AppPermission.Type.CLUSTER_READ; 50 import static org.onosproject.security.AppPermission.Type.CLUSTER_READ;
50 import static org.slf4j.LoggerFactory.getLogger; 51 import static org.slf4j.LoggerFactory.getLogger;
51 52
...@@ -103,6 +104,7 @@ public class ClusterMetadataManager ...@@ -103,6 +104,7 @@ public class ClusterMetadataManager
103 104
104 @Override 105 @Override
105 public void setClusterMetadata(ClusterMetadata metadata) { 106 public void setClusterMetadata(ClusterMetadata metadata) {
107 + checkPermission(ADMIN);
106 checkNotNull(metadata, "Cluster metadata cannot be null"); 108 checkNotNull(metadata, "Cluster metadata cannot be null");
107 ClusterMetadataProvider primaryProvider = getPrimaryProvider(); 109 ClusterMetadataProvider primaryProvider = getPrimaryProvider();
108 if (primaryProvider == null) { 110 if (primaryProvider == null) {
......
...@@ -15,6 +15,8 @@ ...@@ -15,6 +15,8 @@
15 */ 15 */
16 package org.onosproject.cluster.impl; 16 package org.onosproject.cluster.impl;
17 17
18 +import static org.onosproject.security.AppGuard.checkPermission;
19 +import static org.onosproject.security.AppPermission.Type.ADMIN;
18 import static org.slf4j.LoggerFactory.getLogger; 20 import static org.slf4j.LoggerFactory.getLogger;
19 21
20 import java.util.Map; 22 import java.util.Map;
...@@ -100,16 +102,19 @@ public class LeadershipManager ...@@ -100,16 +102,19 @@ public class LeadershipManager
100 102
101 @Override 103 @Override
102 public boolean transferLeadership(String topic, NodeId to) { 104 public boolean transferLeadership(String topic, NodeId to) {
105 + checkPermission(ADMIN);
103 return store.moveLeadership(topic, to); 106 return store.moveLeadership(topic, to);
104 } 107 }
105 108
106 @Override 109 @Override
107 public void unregister(NodeId nodeId) { 110 public void unregister(NodeId nodeId) {
111 + checkPermission(ADMIN);
108 store.removeRegistration(nodeId); 112 store.removeRegistration(nodeId);
109 } 113 }
110 114
111 @Override 115 @Override
112 public boolean promoteToTopOfCandidateList(String topic, NodeId nodeId) { 116 public boolean promoteToTopOfCandidateList(String topic, NodeId nodeId) {
117 + checkPermission(ADMIN);
113 return store.makeTopCandidate(topic, nodeId); 118 return store.makeTopCandidate(topic, nodeId);
114 } 119 }
115 } 120 }
......
...@@ -64,6 +64,7 @@ import static org.onlab.metrics.MetricsUtil.startTimer; ...@@ -64,6 +64,7 @@ import static org.onlab.metrics.MetricsUtil.startTimer;
64 import static org.onlab.metrics.MetricsUtil.stopTimer; 64 import static org.onlab.metrics.MetricsUtil.stopTimer;
65 import static org.onosproject.net.MastershipRole.MASTER; 65 import static org.onosproject.net.MastershipRole.MASTER;
66 import static org.onosproject.security.AppGuard.checkPermission; 66 import static org.onosproject.security.AppGuard.checkPermission;
67 +import static org.onosproject.security.AppPermission.Type.ADMIN;
67 import static org.onosproject.security.AppPermission.Type.CLUSTER_READ; 68 import static org.onosproject.security.AppPermission.Type.CLUSTER_READ;
68 import static org.onosproject.security.AppPermission.Type.CLUSTER_WRITE; 69 import static org.onosproject.security.AppPermission.Type.CLUSTER_WRITE;
69 import static org.slf4j.LoggerFactory.getLogger; 70 import static org.slf4j.LoggerFactory.getLogger;
...@@ -119,6 +120,7 @@ public class MastershipManager ...@@ -119,6 +120,7 @@ public class MastershipManager
119 120
120 @Override 121 @Override
121 public CompletableFuture<Void> setRole(NodeId nodeId, DeviceId deviceId, MastershipRole role) { 122 public CompletableFuture<Void> setRole(NodeId nodeId, DeviceId deviceId, MastershipRole role) {
123 + checkPermission(ADMIN);
122 checkNotNull(nodeId, NODE_ID_NULL); 124 checkNotNull(nodeId, NODE_ID_NULL);
123 checkNotNull(deviceId, DEVICE_ID_NULL); 125 checkNotNull(deviceId, DEVICE_ID_NULL);
124 checkNotNull(role, ROLE_NULL); 126 checkNotNull(role, ROLE_NULL);
...@@ -207,6 +209,7 @@ public class MastershipManager ...@@ -207,6 +209,7 @@ public class MastershipManager
207 209
208 @Override 210 @Override
209 public void balanceRoles() { 211 public void balanceRoles() {
212 + checkPermission(ADMIN);
210 List<ControllerNode> nodes = newArrayList(clusterService.getNodes()); 213 List<ControllerNode> nodes = newArrayList(clusterService.getNodes());
211 Map<ControllerNode, Set<DeviceId>> controllerDevices = new HashMap<>(); 214 Map<ControllerNode, Set<DeviceId>> controllerDevices = new HashMap<>();
212 int deviceCount = 0; 215 int deviceCount = 0;
......
...@@ -25,6 +25,7 @@ import static org.onosproject.net.MastershipRole.STANDBY; ...@@ -25,6 +25,7 @@ import static org.onosproject.net.MastershipRole.STANDBY;
25 import static org.onosproject.net.optical.device.OchPortHelper.ochPortDescription; 25 import static org.onosproject.net.optical.device.OchPortHelper.ochPortDescription;
26 import static org.onosproject.net.optical.device.OduCltPortHelper.oduCltPortDescription; 26 import static org.onosproject.net.optical.device.OduCltPortHelper.oduCltPortDescription;
27 import static org.onosproject.security.AppGuard.checkPermission; 27 import static org.onosproject.security.AppGuard.checkPermission;
28 +import static org.onosproject.security.AppPermission.Type.ADMIN;
28 import static org.onosproject.security.AppPermission.Type.DEVICE_READ; 29 import static org.onosproject.security.AppPermission.Type.DEVICE_READ;
29 import static org.slf4j.LoggerFactory.getLogger; 30 import static org.slf4j.LoggerFactory.getLogger;
30 31
...@@ -247,6 +248,7 @@ public class DeviceManager ...@@ -247,6 +248,7 @@ public class DeviceManager
247 248
248 @Override 249 @Override
249 public void removeDevice(DeviceId deviceId) { 250 public void removeDevice(DeviceId deviceId) {
251 + checkPermission(ADMIN);
250 checkNotNull(deviceId, DEVICE_ID_NULL); 252 checkNotNull(deviceId, DEVICE_ID_NULL);
251 DeviceEvent event = store.removeDevice(deviceId); 253 DeviceEvent event = store.removeDevice(deviceId);
252 if (event != null) { 254 if (event != null) {
...@@ -258,6 +260,7 @@ public class DeviceManager ...@@ -258,6 +260,7 @@ public class DeviceManager
258 @Override 260 @Override
259 public void changePortState(DeviceId deviceId, PortNumber portNumber, 261 public void changePortState(DeviceId deviceId, PortNumber portNumber,
260 boolean enable) { 262 boolean enable) {
263 + checkPermission(ADMIN);
261 checkNotNull(deviceId, DEVICE_ID_NULL); 264 checkNotNull(deviceId, DEVICE_ID_NULL);
262 checkNotNull(deviceId, PORT_NUMBER_NULL); 265 checkNotNull(deviceId, PORT_NUMBER_NULL);
263 DeviceProvider provider = getProvider(deviceId); 266 DeviceProvider provider = getProvider(deviceId);
......
...@@ -85,11 +85,13 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS ...@@ -85,11 +85,13 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS
85 85
86 @Override 86 @Override
87 public Set<DriverProvider> getProviders() { 87 public Set<DriverProvider> getProviders() {
88 + checkPermission(ADMIN);
88 return ImmutableSet.copyOf(providers); 89 return ImmutableSet.copyOf(providers);
89 } 90 }
90 91
91 @Override 92 @Override
92 public void registerProvider(DriverProvider provider) { 93 public void registerProvider(DriverProvider provider) {
94 + checkPermission(ADMIN);
93 provider.getDrivers().forEach(driver -> { 95 provider.getDrivers().forEach(driver -> {
94 Driver d = addDriver(driver); 96 Driver d = addDriver(driver);
95 driverByKey.put(key(driver.manufacturer(), 97 driverByKey.put(key(driver.manufacturer(),
...@@ -101,6 +103,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS ...@@ -101,6 +103,7 @@ public class DriverManager extends DefaultDriverProvider implements DriverAdminS
101 103
102 @Override 104 @Override
103 public void unregisterProvider(DriverProvider provider) { 105 public void unregisterProvider(DriverProvider provider) {
106 + checkPermission(ADMIN);
104 provider.getDrivers().forEach(driver -> { 107 provider.getDrivers().forEach(driver -> {
105 removeDriver(driver); 108 removeDriver(driver);
106 driverByKey.remove(key(driver.manufacturer(), 109 driverByKey.remove(key(driver.manufacturer(),
......
...@@ -191,6 +191,7 @@ public class HostManager ...@@ -191,6 +191,7 @@ public class HostManager
191 191
192 @Override 192 @Override
193 public void removeHost(HostId hostId) { 193 public void removeHost(HostId hostId) {
194 + checkPermission(ADMIN);
194 checkNotNull(hostId, HOST_ID_NULL); 195 checkNotNull(hostId, HOST_ID_NULL);
195 store.removeHost(hostId); 196 store.removeHost(hostId);
196 } 197 }
......
...@@ -37,6 +37,7 @@ import java.util.Collection; ...@@ -37,6 +37,7 @@ import java.util.Collection;
37 37
38 import static com.google.common.base.Preconditions.checkNotNull; 38 import static com.google.common.base.Preconditions.checkNotNull;
39 import static org.onosproject.security.AppGuard.checkPermission; 39 import static org.onosproject.security.AppGuard.checkPermission;
40 +import static org.onosproject.security.AppPermission.Type.ADMIN;
40 import static org.onosproject.security.AppPermission.Type.DEVICE_KEY_READ; 41 import static org.onosproject.security.AppPermission.Type.DEVICE_KEY_READ;
41 import static org.slf4j.LoggerFactory.getLogger; 42 import static org.slf4j.LoggerFactory.getLogger;
42 43
...@@ -71,12 +72,14 @@ public class DeviceKeyManager extends AbstractListenerManager<DeviceKeyEvent, De ...@@ -71,12 +72,14 @@ public class DeviceKeyManager extends AbstractListenerManager<DeviceKeyEvent, De
71 72
72 @Override 73 @Override
73 public void addKey(DeviceKey deviceKey) { 74 public void addKey(DeviceKey deviceKey) {
75 + checkPermission(ADMIN);
74 checkNotNull(deviceKey, "Device key cannot be null"); 76 checkNotNull(deviceKey, "Device key cannot be null");
75 store.createOrUpdateDeviceKey(deviceKey); 77 store.createOrUpdateDeviceKey(deviceKey);
76 } 78 }
77 79
78 @Override 80 @Override
79 public void removeKey(DeviceKeyId deviceKeyId) { 81 public void removeKey(DeviceKeyId deviceKeyId) {
82 + checkPermission(ADMIN);
80 checkNotNull(deviceKeyId, "Device key identifier cannot be null"); 83 checkNotNull(deviceKeyId, "Device key identifier cannot be null");
81 store.deleteDeviceKey(deviceKeyId); 84 store.deleteDeviceKey(deviceKeyId);
82 } 85 }
......
...@@ -182,6 +182,7 @@ public class LinkManager ...@@ -182,6 +182,7 @@ public class LinkManager
182 182
183 @Override 183 @Override
184 public void removeLinks(ConnectPoint connectPoint) { 184 public void removeLinks(ConnectPoint connectPoint) {
185 + checkPermission(ADMIN);
185 if (deviceService.getRole(connectPoint.deviceId()) != MastershipRole.MASTER) { 186 if (deviceService.getRole(connectPoint.deviceId()) != MastershipRole.MASTER) {
186 return; 187 return;
187 } 188 }
...@@ -190,6 +191,7 @@ public class LinkManager ...@@ -190,6 +191,7 @@ public class LinkManager
190 191
191 @Override 192 @Override
192 public void removeLinks(DeviceId deviceId) { 193 public void removeLinks(DeviceId deviceId) {
194 + checkPermission(ADMIN);
193 if (deviceService.getRole(deviceId) != MastershipRole.MASTER) { 195 if (deviceService.getRole(deviceId) != MastershipRole.MASTER) {
194 return; 196 return;
195 } 197 }
...@@ -198,6 +200,7 @@ public class LinkManager ...@@ -198,6 +200,7 @@ public class LinkManager
198 200
199 @Override 201 @Override
200 public void removeLink(ConnectPoint src, ConnectPoint dst) { 202 public void removeLink(ConnectPoint src, ConnectPoint dst) {
203 + checkPermission(ADMIN);
201 post(store.removeLink(src, dst)); 204 post(store.removeLink(src, dst));
202 } 205 }
203 206
......
...@@ -42,6 +42,7 @@ import java.util.Set; ...@@ -42,6 +42,7 @@ import java.util.Set;
42 import static com.google.common.base.Preconditions.checkNotNull; 42 import static com.google.common.base.Preconditions.checkNotNull;
43 import static com.google.common.base.Preconditions.checkState; 43 import static com.google.common.base.Preconditions.checkState;
44 import static com.google.common.collect.ImmutableList.of; 44 import static com.google.common.collect.ImmutableList.of;
45 +import static org.onosproject.security.AppPermission.Type.ADMIN;
45 import static org.slf4j.LoggerFactory.getLogger; 46 import static org.slf4j.LoggerFactory.getLogger;
46 import static org.onosproject.security.AppGuard.checkPermission; 47 import static org.onosproject.security.AppGuard.checkPermission;
47 import static org.onosproject.security.AppPermission.Type.REGION_READ; 48 import static org.onosproject.security.AppPermission.Type.REGION_READ;
...@@ -85,6 +86,7 @@ public class RegionManager extends AbstractListenerManager<RegionEvent, RegionLi ...@@ -85,6 +86,7 @@ public class RegionManager extends AbstractListenerManager<RegionEvent, RegionLi
85 @Override 86 @Override
86 public Region createRegion(RegionId regionId, String name, Region.Type type, 87 public Region createRegion(RegionId regionId, String name, Region.Type type,
87 List<Set<NodeId>> masterNodeIds) { 88 List<Set<NodeId>> masterNodeIds) {
89 + checkPermission(ADMIN);
88 checkNotNull(regionId, REGION_ID_NULL); 90 checkNotNull(regionId, REGION_ID_NULL);
89 checkNotNull(name, NAME_NULL); 91 checkNotNull(name, NAME_NULL);
90 checkNotNull(name, REGION_TYPE_NULL); 92 checkNotNull(name, REGION_TYPE_NULL);
...@@ -94,6 +96,7 @@ public class RegionManager extends AbstractListenerManager<RegionEvent, RegionLi ...@@ -94,6 +96,7 @@ public class RegionManager extends AbstractListenerManager<RegionEvent, RegionLi
94 @Override 96 @Override
95 public Region updateRegion(RegionId regionId, String name, Region.Type type, 97 public Region updateRegion(RegionId regionId, String name, Region.Type type,
96 List<Set<NodeId>> masterNodeIds) { 98 List<Set<NodeId>> masterNodeIds) {
99 + checkPermission(ADMIN);
97 checkNotNull(regionId, REGION_ID_NULL); 100 checkNotNull(regionId, REGION_ID_NULL);
98 checkNotNull(name, NAME_NULL); 101 checkNotNull(name, NAME_NULL);
99 checkNotNull(name, REGION_TYPE_NULL); 102 checkNotNull(name, REGION_TYPE_NULL);
...@@ -102,12 +105,14 @@ public class RegionManager extends AbstractListenerManager<RegionEvent, RegionLi ...@@ -102,12 +105,14 @@ public class RegionManager extends AbstractListenerManager<RegionEvent, RegionLi
102 105
103 @Override 106 @Override
104 public void removeRegion(RegionId regionId) { 107 public void removeRegion(RegionId regionId) {
108 + checkPermission(ADMIN);
105 checkNotNull(regionId, REGION_ID_NULL); 109 checkNotNull(regionId, REGION_ID_NULL);
106 store.removeRegion(regionId); 110 store.removeRegion(regionId);
107 } 111 }
108 112
109 @Override 113 @Override
110 public void addDevices(RegionId regionId, Collection<DeviceId> deviceIds) { 114 public void addDevices(RegionId regionId, Collection<DeviceId> deviceIds) {
115 + checkPermission(ADMIN);
111 checkNotNull(regionId, REGION_ID_NULL); 116 checkNotNull(regionId, REGION_ID_NULL);
112 checkNotNull(deviceIds, DEVICE_IDS_NULL); 117 checkNotNull(deviceIds, DEVICE_IDS_NULL);
113 checkState(!deviceIds.isEmpty(), DEVICE_IDS_EMPTY); 118 checkState(!deviceIds.isEmpty(), DEVICE_IDS_EMPTY);
...@@ -116,6 +121,7 @@ public class RegionManager extends AbstractListenerManager<RegionEvent, RegionLi ...@@ -116,6 +121,7 @@ public class RegionManager extends AbstractListenerManager<RegionEvent, RegionLi
116 121
117 @Override 122 @Override
118 public void removeDevices(RegionId regionId, Collection<DeviceId> deviceIds) { 123 public void removeDevices(RegionId regionId, Collection<DeviceId> deviceIds) {
124 + checkPermission(ADMIN);
119 checkNotNull(regionId, REGION_ID_NULL); 125 checkNotNull(regionId, REGION_ID_NULL);
120 checkNotNull(deviceIds, DEVICE_IDS_NULL); 126 checkNotNull(deviceIds, DEVICE_IDS_NULL);
121 checkState(!deviceIds.isEmpty(), DEVICE_IDS_EMPTY); 127 checkState(!deviceIds.isEmpty(), DEVICE_IDS_EMPTY);
......
...@@ -46,6 +46,7 @@ import java.util.stream.Collectors; ...@@ -46,6 +46,7 @@ import java.util.stream.Collectors;
46 46
47 import static com.google.common.base.Preconditions.checkNotNull; 47 import static com.google.common.base.Preconditions.checkNotNull;
48 import static org.onosproject.security.AppGuard.checkPermission; 48 import static org.onosproject.security.AppGuard.checkPermission;
49 +import static org.onosproject.security.AppPermission.Type.ADMIN;
49 import static org.onosproject.security.AppPermission.Type.RESOURCE_WRITE; 50 import static org.onosproject.security.AppPermission.Type.RESOURCE_WRITE;
50 import static org.onosproject.security.AppPermission.Type.RESOURCE_READ; 51 import static org.onosproject.security.AppPermission.Type.RESOURCE_READ;
51 import static org.slf4j.LoggerFactory.getLogger; 52 import static org.slf4j.LoggerFactory.getLogger;
...@@ -109,6 +110,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent ...@@ -109,6 +110,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
109 110
110 @Override 111 @Override
111 public boolean release(ResourceConsumer consumer) { 112 public boolean release(ResourceConsumer consumer) {
113 + checkPermission(RESOURCE_WRITE);
112 checkNotNull(consumer); 114 checkNotNull(consumer);
113 115
114 Collection<ResourceAllocation> allocations = getResourceAllocations(consumer); 116 Collection<ResourceAllocation> allocations = getResourceAllocations(consumer);
...@@ -201,6 +203,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent ...@@ -201,6 +203,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
201 203
202 @Override 204 @Override
203 public boolean register(List<Resource> resources) { 205 public boolean register(List<Resource> resources) {
206 + checkPermission(ADMIN);
204 checkNotNull(resources); 207 checkNotNull(resources);
205 208
206 return store.register(resources); 209 return store.register(resources);
...@@ -208,6 +211,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent ...@@ -208,6 +211,7 @@ public final class ResourceManager extends AbstractListenerManager<ResourceEvent
208 211
209 @Override 212 @Override
210 public boolean unregister(List<ResourceId> ids) { 213 public boolean unregister(List<ResourceId> ids) {
214 + checkPermission(ADMIN);
211 checkNotNull(ids); 215 checkNotNull(ids);
212 216
213 return store.unregister(ids); 217 return store.unregister(ids);
......
...@@ -17,7 +17,6 @@ package org.onosproject.security.impl; ...@@ -17,7 +17,6 @@ package org.onosproject.security.impl;
17 17
18 18
19 import com.google.common.collect.ImmutableSet; 19 import com.google.common.collect.ImmutableSet;
20 -import com.google.common.collect.Lists;
21 import com.google.common.collect.Sets; 20 import com.google.common.collect.Sets;
22 import org.onosproject.cluster.ClusterAdminService; 21 import org.onosproject.cluster.ClusterAdminService;
23 import org.onosproject.cluster.ClusterMetadataService; 22 import org.onosproject.cluster.ClusterMetadataService;
...@@ -33,10 +32,9 @@ import org.onosproject.net.config.NetworkConfigService; ...@@ -33,10 +32,9 @@ import org.onosproject.net.config.NetworkConfigService;
33 import org.onosproject.net.edge.EdgePortService; 32 import org.onosproject.net.edge.EdgePortService;
34 import org.onosproject.net.key.DeviceKeyAdminService; 33 import org.onosproject.net.key.DeviceKeyAdminService;
35 import org.onosproject.net.key.DeviceKeyService; 34 import org.onosproject.net.key.DeviceKeyService;
36 -import org.onosproject.net.resource.ResourceAdminService;
37 -import org.onosproject.net.resource.ResourceService;
38 import org.onosproject.net.region.RegionAdminService; 35 import org.onosproject.net.region.RegionAdminService;
39 import org.onosproject.net.region.RegionService; 36 import org.onosproject.net.region.RegionService;
37 +import org.onosproject.net.resource.ResourceService;
40 import org.onosproject.net.statistic.FlowStatisticService; 38 import org.onosproject.net.statistic.FlowStatisticService;
41 import org.onosproject.persistence.PersistenceService; 39 import org.onosproject.persistence.PersistenceService;
42 import org.onosproject.security.AppPermission; 40 import org.onosproject.security.AppPermission;
...@@ -83,6 +81,8 @@ import org.osgi.framework.CapabilityPermission; ...@@ -83,6 +81,8 @@ import org.osgi.framework.CapabilityPermission;
83 import org.osgi.framework.BundlePermission; 81 import org.osgi.framework.BundlePermission;
84 import org.osgi.framework.PackagePermission; 82 import org.osgi.framework.PackagePermission;
85 import org.osgi.service.cm.ConfigurationPermission; 83 import org.osgi.service.cm.ConfigurationPermission;
84 +import org.osgi.service.condpermadmin.ConditionalPermissionAdmin;
85 +import org.osgi.service.permissionadmin.PermissionAdmin;
86 86
87 import javax.net.ssl.SSLPermission; 87 import javax.net.ssl.SSLPermission;
88 import javax.security.auth.AuthPermission; 88 import javax.security.auth.AuthPermission;
...@@ -96,10 +96,7 @@ import java.net.NetPermission; ...@@ -96,10 +96,7 @@ import java.net.NetPermission;
96 import java.net.SocketPermission; 96 import java.net.SocketPermission;
97 import java.security.Permissions; 97 import java.security.Permissions;
98 import java.sql.SQLPermission; 98 import java.sql.SQLPermission;
99 -import java.util.ArrayList;
100 import java.util.Enumeration; 99 import java.util.Enumeration;
101 -import java.util.HashSet;
102 -import java.util.List;
103 import java.util.PropertyPermission; 100 import java.util.PropertyPermission;
104 import java.util.Set; 101 import java.util.Set;
105 import java.util.concurrent.ConcurrentHashMap; 102 import java.util.concurrent.ConcurrentHashMap;
...@@ -113,24 +110,39 @@ public final class DefaultPolicyBuilder { ...@@ -113,24 +110,39 @@ public final class DefaultPolicyBuilder {
113 protected static ConcurrentHashMap<AppPermission.Type, 110 protected static ConcurrentHashMap<AppPermission.Type,
114 Set<String>> serviceDirectory = getServiceDirectory(); 111 Set<String>> serviceDirectory = getServiceDirectory();
115 112
116 - protected static List<Permission> defaultPermissions = getDefaultPerms(); 113 + protected static Set<Permission> defaultPermissions = getDefaultPerms();
117 - protected static List<Permission> adminServicePermissions = getAdminDefaultPerms(); 114 + protected static Set<Permission> adminServicePermissions = getAdminDefaultPerms();
118 115
119 private DefaultPolicyBuilder(){ 116 private DefaultPolicyBuilder(){
120 } 117 }
121 118
122 - public static List<Permission> getUserApplicationPermissions(Set<org.onosproject.security.Permission> permissions) { 119 + public static Set<Permission> getUserApplicationPermissions(Set<org.onosproject.security.Permission> permissions) {
123 - List<Permission> perms = Lists.newArrayList(); 120 +
121 + Set<Permission> perms = Sets.newHashSet();
124 perms.addAll(defaultPermissions); 122 perms.addAll(defaultPermissions);
125 perms.addAll(convertToJavaPermissions(permissions)); 123 perms.addAll(convertToJavaPermissions(permissions));
124 + for (Permission perm : perms) {
125 + if (perm instanceof AppPermission && ((AppPermission) perm).getType() == ADMIN) {
126 + perms.remove(perm);
127 + } else if (perm instanceof ServicePermission) {
128 + if (perm.getName().contains(SecurityAdminService.class.getName())) {
129 + perms.remove(perm);
130 + } else if (perm.getName().contains(PermissionAdmin.class.getName())) {
131 + perms.remove(perm);
132 + } else if (perm.getName().contains(ConditionalPermissionAdmin.class.getName())) {
133 + perms.remove(perm);
134 + }
135 + }
136 + }
126 return optimizePermissions(perms); 137 return optimizePermissions(perms);
127 } 138 }
128 139
129 - public static List<Permission> getAdminApplicationPermissions( 140 + public static Set<Permission> getAdminApplicationPermissions(
130 Set<org.onosproject.security.Permission> permissions) { 141 Set<org.onosproject.security.Permission> permissions) {
131 - List<Permission> perms = Lists.newArrayList(); 142 + Set<Permission> perms = Sets.newHashSet();
132 perms.addAll(defaultPermissions); 143 perms.addAll(defaultPermissions);
133 perms.addAll(adminServicePermissions); 144 perms.addAll(adminServicePermissions);
145 + perms.add(new AppPermission(ADMIN));
134 for (AppPermission.Type perm : serviceDirectory.keySet()) { 146 for (AppPermission.Type perm : serviceDirectory.keySet()) {
135 perms.add(new AppPermission(perm)); 147 perms.add(new AppPermission(perm));
136 } 148 }
...@@ -138,8 +150,8 @@ public final class DefaultPolicyBuilder { ...@@ -138,8 +150,8 @@ public final class DefaultPolicyBuilder {
138 return optimizePermissions(perms); 150 return optimizePermissions(perms);
139 } 151 }
140 152
141 - public static List<Permission> convertToJavaPermissions(Set<org.onosproject.security.Permission> permissions) { 153 + public static Set<Permission> convertToJavaPermissions(Set<org.onosproject.security.Permission> permissions) {
142 - List<Permission> result = Lists.newArrayList(); 154 + Set<Permission> result = Sets.newHashSet();
143 for (org.onosproject.security.Permission perm : permissions) { 155 for (org.onosproject.security.Permission perm : permissions) {
144 Permission javaPerm = getPermission(perm); 156 Permission javaPerm = getPermission(perm);
145 if (javaPerm != null) { 157 if (javaPerm != null) {
...@@ -152,6 +164,9 @@ public final class DefaultPolicyBuilder { ...@@ -152,6 +164,9 @@ public final class DefaultPolicyBuilder {
152 result.add(new ServicePermission(service, ServicePermission.GET)); 164 result.add(new ServicePermission(service, ServicePermission.GET));
153 } 165 }
154 } 166 }
167 + if (ap.getType() == CONFIG_WRITE) {
168 + result.addAll(getConfigServicePerms());
169 + }
155 } 170 }
156 } else if (javaPerm instanceof ServicePermission) { 171 } else if (javaPerm instanceof ServicePermission) {
157 if (!javaPerm.getName().contains(SecurityAdminService.class.getName())) { 172 if (!javaPerm.getName().contains(SecurityAdminService.class.getName())) {
...@@ -166,7 +181,7 @@ public final class DefaultPolicyBuilder { ...@@ -166,7 +181,7 @@ public final class DefaultPolicyBuilder {
166 return result; 181 return result;
167 } 182 }
168 183
169 - public static Set<org.onosproject.security.Permission> convertToOnosPermissions(List<Permission> permissions) { 184 + public static Set<org.onosproject.security.Permission> convertToOnosPermissions(Set<Permission> permissions) {
170 Set<org.onosproject.security.Permission> result = Sets.newHashSet(); 185 Set<org.onosproject.security.Permission> result = Sets.newHashSet();
171 for (Permission perm : permissions) { 186 for (Permission perm : permissions) {
172 org.onosproject.security.Permission onosPerm = getOnosPermission(perm); 187 org.onosproject.security.Permission onosPerm = getOnosPermission(perm);
...@@ -177,18 +192,27 @@ public final class DefaultPolicyBuilder { ...@@ -177,18 +192,27 @@ public final class DefaultPolicyBuilder {
177 return result; 192 return result;
178 } 193 }
179 194
180 - public static List<Permission> getDefaultPerms() { 195 + public static Set<Permission> getDefaultPerms() {
181 - List<Permission> permSet = Lists.newArrayList(); 196 + Set<Permission> permSet = Sets.newHashSet();
197 + // slf4j-logging requirement
198 + permSet.add(
199 + new AdaptPermission("(adaptClass=org.osgi.framework.wiring.BundleRevision)", AdaptPermission.ADAPT));
200 + // package-permissions
182 permSet.add(new PackagePermission("*", PackagePermission.EXPORTONLY)); 201 permSet.add(new PackagePermission("*", PackagePermission.EXPORTONLY));
183 permSet.add(new PackagePermission("*", PackagePermission.IMPORT)); 202 permSet.add(new PackagePermission("*", PackagePermission.IMPORT));
184 - permSet.add(new AdaptPermission("*", AdaptPermission.ADAPT)); 203 + return permSet;
204 + }
205 +
206 +
207 + private static Set<Permission> getConfigServicePerms() {
208 + Set<Permission> permSet = Sets.newHashSet();
209 + permSet.add(new AdminPermission("(name=org.onosproject.onos-core-net)", AdminPermission.METADATA));
185 permSet.add(new ConfigurationPermission("*", ConfigurationPermission.CONFIGURE)); 210 permSet.add(new ConfigurationPermission("*", ConfigurationPermission.CONFIGURE));
186 - permSet.add(new AdminPermission("*", AdminPermission.METADATA));
187 return permSet; 211 return permSet;
188 } 212 }
189 213
190 - private static List<Permission> getAdminDefaultPerms() { 214 + private static Set<Permission> getAdminDefaultPerms() {
191 - List<Permission> permSet = Lists.newArrayList(); 215 + Set<Permission> permSet = Sets.newHashSet();
192 permSet.add(new ServicePermission(ApplicationAdminService.class.getName(), ServicePermission.GET)); 216 permSet.add(new ServicePermission(ApplicationAdminService.class.getName(), ServicePermission.GET));
193 permSet.add(new ServicePermission(ClusterAdminService.class.getName(), ServicePermission.GET)); 217 permSet.add(new ServicePermission(ClusterAdminService.class.getName(), ServicePermission.GET));
194 permSet.add(new ServicePermission(LeadershipAdminService.class.getName(), ServicePermission.GET)); 218 permSet.add(new ServicePermission(LeadershipAdminService.class.getName(), ServicePermission.GET));
...@@ -199,11 +223,9 @@ public final class DefaultPolicyBuilder { ...@@ -199,11 +223,9 @@ public final class DefaultPolicyBuilder {
199 permSet.add(new ServicePermission(HostAdminService.class.getName(), ServicePermission.GET)); 223 permSet.add(new ServicePermission(HostAdminService.class.getName(), ServicePermission.GET));
200 permSet.add(new ServicePermission(DeviceKeyAdminService.class.getName(), ServicePermission.GET)); 224 permSet.add(new ServicePermission(DeviceKeyAdminService.class.getName(), ServicePermission.GET));
201 permSet.add(new ServicePermission(LinkAdminService.class.getName(), ServicePermission.GET)); 225 permSet.add(new ServicePermission(LinkAdminService.class.getName(), ServicePermission.GET));
202 - permSet.add(new ServicePermission(ResourceAdminService.class.getName(), ServicePermission.GET));
203 permSet.add(new ServicePermission(RegionAdminService.class.getName(), ServicePermission.GET)); 226 permSet.add(new ServicePermission(RegionAdminService.class.getName(), ServicePermission.GET));
204 permSet.add(new ServicePermission(PartitionAdminService.class.getName(), ServicePermission.GET)); 227 permSet.add(new ServicePermission(PartitionAdminService.class.getName(), ServicePermission.GET));
205 permSet.add(new ServicePermission(StorageAdminService.class.getName(), ServicePermission.GET)); 228 permSet.add(new ServicePermission(StorageAdminService.class.getName(), ServicePermission.GET));
206 -
207 permSet.add(new ServicePermission(ApplicationService.class.getName(), ServicePermission.GET)); 229 permSet.add(new ServicePermission(ApplicationService.class.getName(), ServicePermission.GET));
208 permSet.add(new ServicePermission(ComponentConfigService.class.getName(), ServicePermission.GET)); 230 permSet.add(new ServicePermission(ComponentConfigService.class.getName(), ServicePermission.GET));
209 permSet.add(new ServicePermission(ClusterMetadataService.class.getName(), ServicePermission.GET)); 231 permSet.add(new ServicePermission(ClusterMetadataService.class.getName(), ServicePermission.GET));
...@@ -247,6 +269,7 @@ public final class DefaultPolicyBuilder { ...@@ -247,6 +269,7 @@ public final class DefaultPolicyBuilder {
247 permSet.add(new ServicePermission(MessagingService.class.getName(), ServicePermission.GET)); 269 permSet.add(new ServicePermission(MessagingService.class.getName(), ServicePermission.GET));
248 permSet.add(new ServicePermission(PartitionService.class.getName(), ServicePermission.GET)); 270 permSet.add(new ServicePermission(PartitionService.class.getName(), ServicePermission.GET));
249 permSet.add(new ServicePermission(LogicalClockService.class.getName(), ServicePermission.GET)); 271 permSet.add(new ServicePermission(LogicalClockService.class.getName(), ServicePermission.GET));
272 +// permSet.add(new ServicePermission(MutexExecutionService.class.getName(), ServicePermission.GET));
250 permSet.add(new ServicePermission(StorageService.class.getName(), ServicePermission.GET)); 273 permSet.add(new ServicePermission(StorageService.class.getName(), ServicePermission.GET));
251 permSet.add(new ServicePermission(UiExtensionService.class.getName(), ServicePermission.GET)); 274 permSet.add(new ServicePermission(UiExtensionService.class.getName(), ServicePermission.GET));
252 275
...@@ -254,13 +277,22 @@ public final class DefaultPolicyBuilder { ...@@ -254,13 +277,22 @@ public final class DefaultPolicyBuilder {
254 } 277 }
255 278
256 public static Set<String> getNBServiceList() { 279 public static Set<String> getNBServiceList() {
257 - Set<String> permString = new HashSet<>(); 280 + Set<String> permString = Sets.newHashSet();
258 for (Permission perm : getAdminDefaultPerms()) { 281 for (Permission perm : getAdminDefaultPerms()) {
259 permString.add(perm.getName()); 282 permString.add(perm.getName());
260 } 283 }
261 return permString; 284 return permString;
262 } 285 }
263 286
287 + public static Set<String> getCliServiceList() {
288 + Set<String> permString = Sets.newHashSet();
289 + permString.add("org.apache.felix.service.command.Function");
290 + permString.add("org.apache.karaf.shell.console.CompletableFunction");
291 + permString.add("org.apache.karaf.shell.commands.CommandWithAction");
292 + permString.add("org.osgi.service.blueprint.container.BlueprintContainer");
293 + return permString;
294 + }
295 +
264 private static ConcurrentHashMap<AppPermission.Type, Set<String>> getServiceDirectory() { 296 private static ConcurrentHashMap<AppPermission.Type, Set<String>> getServiceDirectory() {
265 297
266 ConcurrentHashMap<AppPermission.Type, Set<String>> serviceDirectory = new ConcurrentHashMap<>(); 298 ConcurrentHashMap<AppPermission.Type, Set<String>> serviceDirectory = new ConcurrentHashMap<>();
...@@ -320,14 +352,10 @@ public final class DefaultPolicyBuilder { ...@@ -320,14 +352,10 @@ public final class DefaultPolicyBuilder {
320 IntentService.class.getName(), IntentExtensionService.class.getName())); 352 IntentService.class.getName(), IntentExtensionService.class.getName()));
321 serviceDirectory.put(INTENT_EVENT, ImmutableSet.of( 353 serviceDirectory.put(INTENT_EVENT, ImmutableSet.of(
322 IntentService.class.getName(), IntentPartitionService.class.getName())); 354 IntentService.class.getName(), IntentPartitionService.class.getName()));
323 -// serviceDirectory.put(LINK_READ, ImmutableSet.of( 355 + serviceDirectory.put(LINK_READ, ImmutableSet.of(
324 -// LinkService.class.getName(), LinkResourceService.class.getName(), 356 + LinkService.class.getName()));
325 -// LabelResourceService.class.getName())); 357 + serviceDirectory.put(LINK_WRITE, ImmutableSet.of());
326 -// serviceDirectory.put(LINK_WRITE, ImmutableSet.of( 358 + serviceDirectory.put(LINK_EVENT, ImmutableSet.of(LinkService.class.getName()));
327 -// LinkResourceService.class.getName(), LabelResourceService.class.getName()));
328 -// serviceDirectory.put(LINK_EVENT, ImmutableSet.of(
329 -// LinkService.class.getName(), LinkResourceService.class.getName(),
330 -// LabelResourceService.class.getName()));
331 serviceDirectory.put(PACKET_READ, ImmutableSet.of( 359 serviceDirectory.put(PACKET_READ, ImmutableSet.of(
332 PacketService.class.getName(), ProxyArpService.class.getName())); 360 PacketService.class.getName(), ProxyArpService.class.getName()));
333 serviceDirectory.put(PACKET_WRITE, ImmutableSet.of( 361 serviceDirectory.put(PACKET_WRITE, ImmutableSet.of(
...@@ -374,6 +402,8 @@ public final class DefaultPolicyBuilder { ...@@ -374,6 +402,8 @@ public final class DefaultPolicyBuilder {
374 PartitionService.class.getName())); 402 PartitionService.class.getName()));
375 serviceDirectory.put(CLOCK_WRITE, ImmutableSet.of( 403 serviceDirectory.put(CLOCK_WRITE, ImmutableSet.of(
376 LogicalClockService.class.getName())); 404 LogicalClockService.class.getName()));
405 +// serviceDirectory.put(MUTEX_WRITE, ImmutableSet.of(
406 +// MutexExecutionService.class.getName()));
377 407
378 return serviceDirectory; 408 return serviceDirectory;
379 } 409 }
...@@ -511,18 +541,16 @@ public final class DefaultPolicyBuilder { ...@@ -511,18 +541,16 @@ public final class DefaultPolicyBuilder {
511 return new ReflectPermission(name, actions); 541 return new ReflectPermission(name, actions);
512 } 542 }
513 543
514 - //AllPermission, SecurityPermission, UnresolvedPermission
515 - //AWTPermission, ReflectPermission not allowed
516 return null; 544 return null;
517 545
518 } 546 }
519 - private static List<Permission> optimizePermissions(List<Permission> perms) { 547 + private static Set<Permission> optimizePermissions(Set<Permission> perms) {
520 Permissions permissions = listToPermissions(perms); 548 Permissions permissions = listToPermissions(perms);
521 return permissionsToList(permissions); 549 return permissionsToList(permissions);
522 } 550 }
523 551
524 - private static List<Permission> permissionsToList(Permissions perms) { 552 + private static Set<Permission> permissionsToList(Permissions perms) {
525 - List<Permission> permissions = new ArrayList<>(); 553 + Set<Permission> permissions = Sets.newHashSet();
526 Enumeration<Permission> e = perms.elements(); 554 Enumeration<Permission> e = perms.elements();
527 while (e.hasMoreElements()) { 555 while (e.hasMoreElements()) {
528 permissions.add(e.nextElement()); 556 permissions.add(e.nextElement());
...@@ -530,11 +558,11 @@ public final class DefaultPolicyBuilder { ...@@ -530,11 +558,11 @@ public final class DefaultPolicyBuilder {
530 return permissions; 558 return permissions;
531 } 559 }
532 560
533 - private static Permissions listToPermissions(List<Permission> perms) { 561 + private static Permissions listToPermissions(Set<Permission> perms) {
534 Permissions permissions = new Permissions(); 562 Permissions permissions = new Permissions();
535 for (Permission perm : perms) { 563 for (Permission perm : perms) {
536 permissions.add(perm); 564 permissions.add(perm);
537 } 565 }
538 return permissions; 566 return permissions;
539 } 567 }
540 -} 568 +}
...\ No newline at end of file ...\ No newline at end of file
......
...@@ -38,15 +38,18 @@ import org.onosproject.security.store.SecurityModeListener; ...@@ -38,15 +38,18 @@ import org.onosproject.security.store.SecurityModeListener;
38 import org.onosproject.security.store.SecurityModeStore; 38 import org.onosproject.security.store.SecurityModeStore;
39 import org.onosproject.security.store.SecurityModeStoreDelegate; 39 import org.onosproject.security.store.SecurityModeStoreDelegate;
40 import org.osgi.framework.BundleContext; 40 import org.osgi.framework.BundleContext;
41 +import org.osgi.framework.FrameworkEvent;
41 import org.osgi.framework.FrameworkUtil; 42 import org.osgi.framework.FrameworkUtil;
42 import org.osgi.framework.ServicePermission; 43 import org.osgi.framework.ServicePermission;
43 -import org.osgi.service.log.LogEntry; 44 +import org.osgi.framework.FrameworkListener;
44 -import org.osgi.service.log.LogListener;
45 -import org.osgi.service.log.LogReaderService;
46 import org.osgi.service.permissionadmin.PermissionInfo; 45 import org.osgi.service.permissionadmin.PermissionInfo;
47 46
47 +import java.io.FilePermission;
48 +import java.lang.reflect.ReflectPermission;
49 +import java.net.SocketPermission;
48 import java.security.AccessControlException; 50 import java.security.AccessControlException;
49 import java.security.Permission; 51 import java.security.Permission;
52 +import java.security.SecurityPermission;
50 import java.util.ArrayList; 53 import java.util.ArrayList;
51 import java.util.List; 54 import java.util.List;
52 import java.util.Map; 55 import java.util.Map;
...@@ -76,9 +79,6 @@ public class SecurityModeManager implements SecurityAdminService { ...@@ -76,9 +79,6 @@ public class SecurityModeManager implements SecurityAdminService {
76 protected ApplicationAdminService appAdminService; 79 protected ApplicationAdminService appAdminService;
77 80
78 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY) 81 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
79 - protected LogReaderService logReaderService;
80 -
81 - @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
82 protected EventDeliveryService eventDispatcher; 82 protected EventDeliveryService eventDispatcher;
83 83
84 private final Logger log = getLogger(getClass()); 84 private final Logger log = getLogger(getClass());
...@@ -88,7 +88,7 @@ public class SecurityModeManager implements SecurityAdminService { ...@@ -88,7 +88,7 @@ public class SecurityModeManager implements SecurityAdminService {
88 88
89 private final SecurityModeStoreDelegate delegate = new InternalStoreDelegate(); 89 private final SecurityModeStoreDelegate delegate = new InternalStoreDelegate();
90 90
91 - private SecurityLogListener securityLogListener = new SecurityLogListener(); 91 + private SecurityEventListener securityEventListener = new SecurityEventListener();
92 92
93 private PermissionAdmin permissionAdmin = getPermissionAdmin(); 93 private PermissionAdmin permissionAdmin = getPermissionAdmin();
94 94
...@@ -96,7 +96,7 @@ public class SecurityModeManager implements SecurityAdminService { ...@@ -96,7 +96,7 @@ public class SecurityModeManager implements SecurityAdminService {
96 public void activate() { 96 public void activate() {
97 97
98 eventDispatcher.addSink(SecurityModeEvent.class, listenerRegistry); 98 eventDispatcher.addSink(SecurityModeEvent.class, listenerRegistry);
99 - logReaderService.addLogListener(securityLogListener); 99 + getBundleContext().addFrameworkListener(new SecurityEventListener());
100 100
101 if (System.getSecurityManager() == null) { 101 if (System.getSecurityManager() == null) {
102 log.warn("J2EE security manager is disabled."); 102 log.warn("J2EE security manager is disabled.");
...@@ -116,7 +116,7 @@ public class SecurityModeManager implements SecurityAdminService { ...@@ -116,7 +116,7 @@ public class SecurityModeManager implements SecurityAdminService {
116 @Deactivate 116 @Deactivate
117 public void deactivate() { 117 public void deactivate() {
118 eventDispatcher.removeSink(SecurityModeEvent.class); 118 eventDispatcher.removeSink(SecurityModeEvent.class);
119 - logReaderService.removeLogListener(securityLogListener); 119 + getBundleContext().removeFrameworkListener(securityEventListener);
120 store.unsetDelegate(delegate); 120 store.unsetDelegate(delegate);
121 log.info("Stopped"); 121 log.info("Stopped");
122 122
...@@ -169,27 +169,32 @@ public class SecurityModeManager implements SecurityAdminService { ...@@ -169,27 +169,32 @@ public class SecurityModeManager implements SecurityAdminService {
169 DefaultPolicyBuilder.convertToJavaPermissions(store.getRequestedPermissions(appId))); 169 DefaultPolicyBuilder.convertToJavaPermissions(store.getRequestedPermissions(appId)));
170 } 170 }
171 171
172 - private class SecurityLogListener implements LogListener { 172 + private class SecurityEventListener implements FrameworkListener {
173 @Override 173 @Override
174 - public void logged(LogEntry entry) { 174 + public void frameworkEvent(FrameworkEvent event) {
175 - if (entry.getException() != null && 175 + if (event.getType() != FrameworkEvent.ERROR) {
176 - entry.getException() instanceof AccessControlException) { 176 + return;
177 - String location = entry.getBundle().getLocation(); 177 + }
178 - Permission javaPerm = 178 + Throwable throwable = event.getThrowable();
179 - ((AccessControlException) entry.getException()).getPermission(); 179 + if (throwable == null || !(throwable instanceof AccessControlException)) {
180 - org.onosproject.security.Permission permission = DefaultPolicyBuilder.getOnosPermission(javaPerm); 180 + return;
181 - if (permission == null) {
182 - log.warn("Unsupported permission requested.");
183 - return;
184 - }
185 - store.getApplicationIds(location).stream().filter(
186 - appId -> store.isSecured(appId) &&
187 - appAdminService.getState(appId) == ApplicationState.ACTIVE).forEach(appId -> {
188 - store.requestPermission(appId, permission);
189 - print("[POLICY VIOLATION] APP: %s / Bundle: %s / Permission: %s ",
190 - appId.name(), location, permission.toString());
191 - });
192 } 181 }
182 + String bundleLocation = event.getBundle().getLocation();
183 + Permission nativePerm = ((AccessControlException) throwable).getPermission();
184 + org.onosproject.security.Permission onosPerm = DefaultPolicyBuilder.getOnosPermission(nativePerm);
185 +
186 + if (onosPerm == null) {
187 + log.warn("Unsupported permission requested: " + nativePerm.toString());
188 + return;
189 + }
190 +
191 + store.getApplicationIds(bundleLocation).stream().filter(
192 + appId -> store.isSecured(appId) &&
193 + appAdminService.getState(appId) == ApplicationState.ACTIVE).forEach(appId -> {
194 + store.requestPermission(appId, onosPerm);
195 + print("[POLICY VIOLATION] APP: %s / Bundle: %s / Permission: %s ",
196 + appId.name(), bundleLocation, onosPerm.toString());
197 + });
193 } 198 }
194 } 199 }
195 200
...@@ -213,32 +218,59 @@ public class SecurityModeManager implements SecurityAdminService { ...@@ -213,32 +218,59 @@ public class SecurityModeManager implements SecurityAdminService {
213 * 0 - APP_PERM 218 * 0 - APP_PERM
214 * 1 - ADMIN SERVICE 219 * 1 - ADMIN SERVICE
215 * 2 - NB_SERVICE 220 * 2 - NB_SERVICE
216 - * 3 - ETC_SERVICE 221 + * 3 - SB_SERVICE
217 - * 4 - ETC 222 + * 4 - CLI_SERVICE
223 + * 5 - ETC_SERVICE
224 + * 6 - CRITICAL PERMISSIONS
225 + * 7 - ETC
218 * @param perms 226 * @param perms
219 */ 227 */
220 - private Map<Integer, List<Permission>> getPrintablePermissionMap(List<Permission> perms) { 228 + private Map<Integer, List<Permission>> getPrintablePermissionMap(Set<Permission> perms) {
221 ConcurrentHashMap<Integer, List<Permission>> sortedMap = new ConcurrentHashMap<>(); 229 ConcurrentHashMap<Integer, List<Permission>> sortedMap = new ConcurrentHashMap<>();
222 sortedMap.put(0, new ArrayList()); 230 sortedMap.put(0, new ArrayList());
223 sortedMap.put(1, new ArrayList()); 231 sortedMap.put(1, new ArrayList());
224 sortedMap.put(2, new ArrayList()); 232 sortedMap.put(2, new ArrayList());
225 sortedMap.put(3, new ArrayList()); 233 sortedMap.put(3, new ArrayList());
226 sortedMap.put(4, new ArrayList()); 234 sortedMap.put(4, new ArrayList());
235 + sortedMap.put(5, new ArrayList());
236 + sortedMap.put(6, new ArrayList());
237 + sortedMap.put(7, new ArrayList());
238 +
227 for (Permission perm : perms) { 239 for (Permission perm : perms) {
228 - if (perm instanceof ServicePermission) { 240 + if (perm instanceof AppPermission) {
229 - if (DefaultPolicyBuilder.getNBServiceList().contains(perm.getName())) { 241 + sortedMap.get(0).add(perm);
230 - if (perm.getName().contains("Admin")) { 242 + } else if (perm instanceof ServicePermission) {
243 + String permName = perm.getName().trim();
244 + if (DefaultPolicyBuilder.getNBServiceList().contains(permName)) { // ONOS NB SERVICES
245 + if (permName.contains("Admin")) {
231 sortedMap.get(1).add(perm); 246 sortedMap.get(1).add(perm);
232 } else { 247 } else {
233 sortedMap.get(2).add(perm); 248 sortedMap.get(2).add(perm);
234 } 249 }
235 - } else { 250 + } else if (permName.contains("org.onosproject") && permName.contains("Provider")) { //ONOS SB SERVICES
236 sortedMap.get(3).add(perm); 251 sortedMap.get(3).add(perm);
252 + } else if (DefaultPolicyBuilder.getCliServiceList().contains(permName)) { //CLI SERVICES
253 + sortedMap.get(4).add(perm);
254 + } else if (permName.contains("Security")) { //CRITICAL SERVICES
255 + sortedMap.get(6).add(perm);
256 + } else {
257 + sortedMap.get(5).add(perm);
237 } 258 }
238 - } else if (perm instanceof AppPermission) { 259 + } else if (perm instanceof RuntimePermission || perm instanceof SocketPermission ||
239 - sortedMap.get(0).add(perm); 260 + perm instanceof FilePermission || perm instanceof SecurityPermission ||
261 + perm instanceof ReflectPermission) { // CRITICAL PERMISSIONS
262 + sortedMap.get(6).add(perm);
240 } else { 263 } else {
241 - sortedMap.get(4).add(perm); 264 + boolean isDefault = false;
265 + for (Permission dPerm : DefaultPolicyBuilder.getDefaultPerms()) {
266 + if (perm.implies(dPerm)) {
267 + isDefault = true;
268 + break;
269 + }
270 + }
271 + if (!isDefault) {
272 + sortedMap.get(7).add(perm);
273 + }
242 } 274 }
243 } 275 }
244 return sortedMap; 276 return sortedMap;
...@@ -261,13 +293,13 @@ public class SecurityModeManager implements SecurityAdminService { ...@@ -261,13 +293,13 @@ public class SecurityModeManager implements SecurityAdminService {
261 293
262 294
263 295
264 - private List<Permission> getMaximumPermissions(ApplicationId appId) { 296 + private Set<Permission> getMaximumPermissions(ApplicationId appId) {
265 Application app = appAdminService.getApplication(appId); 297 Application app = appAdminService.getApplication(appId);
266 if (app == null) { 298 if (app == null) {
267 print("Unknown application."); 299 print("Unknown application.");
268 return null; 300 return null;
269 } 301 }
270 - List<Permission> appPerms; 302 + Set<Permission> appPerms;
271 switch (app.role()) { 303 switch (app.role()) {
272 case ADMIN: 304 case ADMIN:
273 appPerms = DefaultPolicyBuilder.getAdminApplicationPermissions(app.permissions()); 305 appPerms = DefaultPolicyBuilder.getAdminApplicationPermissions(app.permissions());
...@@ -300,5 +332,4 @@ public class SecurityModeManager implements SecurityAdminService { ...@@ -300,5 +332,4 @@ public class SecurityModeManager implements SecurityAdminService {
300 332
301 } 333 }
302 334
303 -
304 } 335 }
...\ No newline at end of file ...\ No newline at end of file
......
...@@ -93,12 +93,10 @@ public class DistributedSecurityModeStore ...@@ -93,12 +93,10 @@ public class DistributedSecurityModeStore
93 .register(KryoNamespaces.API) 93 .register(KryoNamespaces.API)
94 .register(SecurityModeState.class) 94 .register(SecurityModeState.class)
95 .register(SecurityInfo.class) 95 .register(SecurityInfo.class)
96 - .register(Permission.class)
97 .build()); 96 .build());
98 97
99 private static final KryoNamespace.Builder VIOLATION_SERIALIZER = KryoNamespace.newBuilder() 98 private static final KryoNamespace.Builder VIOLATION_SERIALIZER = KryoNamespace.newBuilder()
100 - .register(KryoNamespaces.API) 99 + .register(KryoNamespaces.API);
101 - .register(Permission.class);
102 100
103 @Activate 101 @Activate
104 public void activate() { 102 public void activate() {
......
...@@ -74,6 +74,8 @@ import static com.google.common.base.Preconditions.checkArgument; ...@@ -74,6 +74,8 @@ import static com.google.common.base.Preconditions.checkArgument;
74 import static org.onlab.util.Tools.get; 74 import static org.onlab.util.Tools.get;
75 import static org.onlab.util.Tools.isNullOrEmpty; 75 import static org.onlab.util.Tools.isNullOrEmpty;
76 import static org.onosproject.net.topology.TopologyEvent.Type.TOPOLOGY_CHANGED; 76 import static org.onosproject.net.topology.TopologyEvent.Type.TOPOLOGY_CHANGED;
77 +import static org.onosproject.security.AppGuard.checkPermission;
78 +import static org.onosproject.security.AppPermission.Type.ADMIN;
77 import static org.slf4j.LoggerFactory.getLogger; 79 import static org.slf4j.LoggerFactory.getLogger;
78 80
79 /** 81 /**
...@@ -316,11 +318,13 @@ public class DistributedTopologyStore ...@@ -316,11 +318,13 @@ public class DistributedTopologyStore
316 318
317 @Override 319 @Override
318 public void setDefaultLinkWeight(LinkWeight linkWeight) { 320 public void setDefaultLinkWeight(LinkWeight linkWeight) {
321 + checkPermission(ADMIN);
319 DefaultTopology.setDefaultLinkWeight(linkWeight); 322 DefaultTopology.setDefaultLinkWeight(linkWeight);
320 } 323 }
321 324
322 @Override 325 @Override
323 public void setDefaultGraphPathSearch(GraphPathSearch<TopologyVertex, TopologyEdge> graphPathSearch) { 326 public void setDefaultGraphPathSearch(GraphPathSearch<TopologyVertex, TopologyEdge> graphPathSearch) {
327 + checkPermission(ADMIN);
324 DefaultTopology.setDefaultGraphPathSearch(graphPathSearch); 328 DefaultTopology.setDefaultGraphPathSearch(graphPathSearch);
325 } 329 }
326 330
......
...@@ -16,6 +16,7 @@ ...@@ -16,6 +16,7 @@
16 16
17 package org.onosproject.store.primitives.impl; 17 package org.onosproject.store.primitives.impl;
18 18
19 +import static org.onosproject.security.AppPermission.Type.ADMIN;
19 import static org.slf4j.LoggerFactory.getLogger; 20 import static org.slf4j.LoggerFactory.getLogger;
20 21
21 import java.io.File; 22 import java.io.File;
...@@ -152,6 +153,7 @@ public class PartitionManager extends AbstractListenerManager<PartitionEvent, Pa ...@@ -152,6 +153,7 @@ public class PartitionManager extends AbstractListenerManager<PartitionEvent, Pa
152 153
153 @Override 154 @Override
154 public List<PartitionInfo> partitionInfo() { 155 public List<PartitionInfo> partitionInfo() {
156 + checkPermission(ADMIN);
155 return partitions.values() 157 return partitions.values()
156 .stream() 158 .stream()
157 .flatMap(x -> Tools.stream(x.info())) 159 .flatMap(x -> Tools.stream(x.info()))
...@@ -177,6 +179,7 @@ public class PartitionManager extends AbstractListenerManager<PartitionEvent, Pa ...@@ -177,6 +179,7 @@ public class PartitionManager extends AbstractListenerManager<PartitionEvent, Pa
177 179
178 @Override 180 @Override
179 public List<PartitionClientInfo> partitionClientInfo() { 181 public List<PartitionClientInfo> partitionClientInfo() {
182 + checkPermission(ADMIN);
180 return partitions.values() 183 return partitions.values()
181 .stream() 184 .stream()
182 .map(StoragePartition::client) 185 .map(StoragePartition::client)
......
...@@ -172,11 +172,13 @@ public class StorageManager implements StorageService, StorageAdminService { ...@@ -172,11 +172,13 @@ public class StorageManager implements StorageService, StorageAdminService {
172 172
173 @Override 173 @Override
174 public List<MapInfo> getMapInfo() { 174 public List<MapInfo> getMapInfo() {
175 + checkPermission(ADMIN);
175 return listMapInfo(federatedPrimitiveCreator); 176 return listMapInfo(federatedPrimitiveCreator);
176 } 177 }
177 178
178 @Override 179 @Override
179 public Map<String, Long> getCounters() { 180 public Map<String, Long> getCounters() {
181 + checkPermission(ADMIN);
180 Map<String, Long> counters = Maps.newConcurrentMap(); 182 Map<String, Long> counters = Maps.newConcurrentMap();
181 federatedPrimitiveCreator.getAsyncAtomicCounterNames() 183 federatedPrimitiveCreator.getAsyncAtomicCounterNames()
182 .forEach(name -> counters.put(name, 184 .forEach(name -> counters.put(name,
...@@ -186,11 +188,13 @@ public class StorageManager implements StorageService, StorageAdminService { ...@@ -186,11 +188,13 @@ public class StorageManager implements StorageService, StorageAdminService {
186 188
187 @Override 189 @Override
188 public List<PartitionInfo> getPartitionInfo() { 190 public List<PartitionInfo> getPartitionInfo() {
191 + checkPermission(ADMIN);
189 return partitionAdminService.partitionInfo(); 192 return partitionAdminService.partitionInfo();
190 } 193 }
191 194
192 @Override 195 @Override
193 public Collection<TransactionId> getPendingTransactions() { 196 public Collection<TransactionId> getPendingTransactions() {
197 + checkPermission(ADMIN);
194 return Futures.getUnchecked(transactions.keySet()); 198 return Futures.getUnchecked(transactions.keySet());
195 } 199 }
196 200
......