Heedo Kang
Committed by Gerrit Code Review

SM-ONOS performance improvement

Change-Id: Ieefb3cc3da34b2080e41b40e6f09ac5570a3079b
...@@ -18,23 +18,18 @@ package org.onosproject.security; ...@@ -18,23 +18,18 @@ package org.onosproject.security;
18 18
19 import java.security.AccessController; 19 import java.security.AccessController;
20 import java.security.AccessControlContext; 20 import java.security.AccessControlContext;
21 -import java.security.PrivilegedAction;
22 -import java.security.ProtectionDomain;
23 -
24 import com.google.common.annotations.Beta; 21 import com.google.common.annotations.Beta;
25 import com.google.common.cache.Cache; 22 import com.google.common.cache.Cache;
26 import com.google.common.cache.CacheBuilder; 23 import com.google.common.cache.CacheBuilder;
27 -
28 -import java.lang.reflect.Field;
29 import java.util.concurrent.ExecutionException; 24 import java.util.concurrent.ExecutionException;
30 import java.util.concurrent.TimeUnit; 25 import java.util.concurrent.TimeUnit;
31 -
32 /** 26 /**
33 * Aids SM-ONOS to perform API-level permission checking. 27 * Aids SM-ONOS to perform API-level permission checking.
34 */ 28 */
35 @Beta 29 @Beta
36 public final class AppGuard { 30 public final class AppGuard {
37 private AppGuard() { 31 private AppGuard() {
32 +
38 } 33 }
39 34
40 /** 35 /**
...@@ -43,46 +38,19 @@ public final class AppGuard { ...@@ -43,46 +38,19 @@ public final class AppGuard {
43 * @param permission permission to be checked 38 * @param permission permission to be checked
44 */ 39 */
45 public static void checkPermission(AppPermission.Type permission) { 40 public static void checkPermission(AppPermission.Type permission) {
46 -
47 SecurityManager sm = System.getSecurityManager(); 41 SecurityManager sm = System.getSecurityManager();
48 if (sm == null) { 42 if (sm == null) {
49 return; 43 return;
50 } 44 }
51 - 45 + AccessControlContext context = AccessController.getContext();
52 - Object result = AccessController.doPrivileged((PrivilegedAction<Object>) () -> { 46 + if (context == null) {
53 - int contextHash = 0; 47 + sm.checkPermission(new AppPermission((permission)));
54 - AccessControlContext context = AccessController.getContext();
55 - Field f = null;
56 - try {
57 - f = context.getClass().getDeclaredField("context");
58 -
59 - f.setAccessible(true);
60 - ProtectionDomain[] domain = (ProtectionDomain[]) f.get(context);
61 - for (ProtectionDomain pd : domain) {
62 - if (pd.getCodeSource() != null) {
63 - contextHash = contextHash ^ pd.getCodeSource().getLocation().hashCode();
64 - } else {
65 - return null;
66 - }
67 - }
68 - return contextHash;
69 - } catch (NoSuchFieldException e) {
70 - return null;
71 - } catch (IllegalAccessException e) {
72 - return null;
73 - }
74 - });
75 -
76 - if (result == null) {
77 - sm.checkPermission(new AppPermission(permission));
78 } else { 48 } else {
79 - AppPermission perm = new AppPermission(permission); 49 + int contextHash = context.hashCode() ^ permission.hashCode();
80 - int hash = ((int) result) ^ perm.hashCode(); 50 + PermissionCheckCache.getInstance().checkCache(contextHash, new AppPermission(permission));
81 - PermissionCheckCache.getInstance().checkCache(hash, perm);
82 } 51 }
83 } 52 }
84 53
85 -
86 private static final class PermissionCheckCache { 54 private static final class PermissionCheckCache {
87 55
88 private static final Cache<Integer, Boolean> CACHE = CacheBuilder.newBuilder() 56 private static final Cache<Integer, Boolean> CACHE = CacheBuilder.newBuilder()
...@@ -112,6 +80,4 @@ public final class AppGuard { ...@@ -112,6 +80,4 @@ public final class AppGuard {
112 } 80 }
113 } 81 }
114 } 82 }
115 -
116 } 83 }
117 -
......