i.devpolicy revision 614f161203d313b00e559d24c1d439b11e022fd5
123N/A#!/bin/sh
123N/A#
1276N/A# CDDL HEADER START
123N/A#
1345N/A# The contents of this file are subject to the terms of the
123N/A# Common Development and Distribution License (the "License").
123N/A# You may not use this file except in compliance with the License.
919N/A#
919N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
919N/A# or http://www.opensolaris.org/os/licensing.
919N/A# See the License for the specific language governing permissions
919N/A# and limitations under the License.
919N/A#
919N/A# When distributing Covered Code, include this CDDL HEADER in each
919N/A# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
919N/A# If applicable, add the following below this CDDL HEADER, with the
919N/A# fields enclosed by brackets "[]" replaced with your own identifying
919N/A# information: Portions Copyright [yyyy] [name of copyright owner]
919N/A#
919N/A# CDDL HEADER END
919N/A#
919N/A#
919N/A# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
919N/A# Use is subject to license terms.
123N/A#
123N/A# NOTE: When a change is made to the source file for
123N/A# /etc/security/device_policy a corresponding change must be made to
123N/A# this class-action script.
493N/A#
123N/Awhile read src dest
123N/Ado
1370N/A if [ ! -f $dest ] ; then
123N/A cp $src $dest
911N/A continue
1370N/A fi
1370N/A
1370N/A # changes
911N/A cp $dest $dest.$$
123N/A sed < $dest.$$ > $dest \
1345N/A -e '/md:admin/s/read_priv_set=sys_config/ /' \
851N/A -e '/^icmp[ ]*read_priv_set=net_rawaccess[ ]*write_priv_set=net_rawaccess$/d' \
851N/A -e '/^icmp6[ ]*read_priv_set=net_rawaccess[ ]*write_priv_set=net_rawaccess$/d' \
851N/A -e '/^keysock[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \
123N/A -e '/^ipsecah[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \
123N/A -e '/^ipsecesp[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \
123N/A -e '/^spdsock[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \
123N/A -e '/^ipf[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \
123N/A -e '/^sad:admin[ ]*read_priv_set=sys_config[ ]*write_priv_set=sys_config$/d'
169N/A
493N/A rm -f $dest.$$
969N/A
123N/A # potential additions
1292N/A additions="keysock icmp icmp6 ipnet ipsecah ipsecesp openeepr random spdsock ipf pfil scsi_vhci"
1292N/A
1292N/A for dev in $additions
123N/A do
493N/A # if an entry for this driver exists in the source
123N/A # file...
1196N/A grep "^$dev[ ]" $src > /dev/null 2>&1
1196N/A if [ $? = 0 ] ; then
1196N/A # ...and no entry exists in the destination
1447N/A # file...
1196N/A grep "^$dev[ ]" $dest > /dev/null 2>&1
123N/A if [ $? != 0 ] ; then
123N/A # ...then add the entry from
123N/A # the source file to the
970N/A # destination file.
970N/A grep "^$dev[ ]" $src >> $dest
970N/A fi
123N/A fi
123N/A done
# potential deletions
deletions="aggr aggr:ctl bge ce dld dld:ctl dnet elx elxl eri ge hme ibd iprb le pcelx qfe softmac spwr vni vnic vnic:ctl"
for dev in $deletions
do
# if an entry for this driver exists in the destination
# file...
grep "^$dev[ ]" $dest > /dev/null 2>&1
if [ $? = 0 ] ; then
# ...and no entry exists in the source
# file...
grep "$dev[ ]" $src > /dev/null 2>&1
if [ $? != 0 ] ; then
# ...then remove the entry from
# the destination file.
cp $dest $dest.$$
grep -v "^$dev[ ]" $dest.$$ > $dest
rm -f $dest.$$
fi
fi
done
done
exit 0