i.devpolicy revision e6bdcbd54e38270df660b0acefe68cbce303ba9d
0N/A#!/bin/sh
2823N/A#
0N/A# CDDL HEADER START
0N/A#
0N/A# The contents of this file are subject to the terms of the
0N/A# Common Development and Distribution License (the "License").
2362N/A# You may not use this file except in compliance with the License.
0N/A#
2362N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
0N/A# or http://www.opensolaris.org/os/licensing.
0N/A# See the License for the specific language governing permissions
0N/A# and limitations under the License.
0N/A#
0N/A# When distributing Covered Code, include this CDDL HEADER in each
0N/A# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
0N/A# If applicable, add the following below this CDDL HEADER, with the
0N/A# fields enclosed by brackets "[]" replaced with your own identifying
0N/A# information: Portions Copyright [yyyy] [name of copyright owner]
0N/A#
0N/A# CDDL HEADER END
2362N/A#
2362N/A#
2362N/A# ident "%Z%%M% %I% %E% SMI"
0N/A#
0N/A# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
0N/A# Use is subject to license terms.
0N/A#
0N/A# NOTE: When a change is made to the source file for
0N/A# /etc/security/device_policy a corresponding change must be made to
0N/A# this class-action script.
0N/A#
0N/Awhile read src dest
0N/Ado
0N/A if [ ! -f $dest ] ; then
0N/A cp $src $dest
0N/A continue
0N/A fi
0N/A
0N/A # changes
0N/A cp $dest $dest.$$
0N/A sed < $dest.$$ > $dest \
0N/A -e '/md:admin/s/read_priv_set=sys_config/ /' \
0N/A -e '/^icmp[ ]*read_priv_set=net_rawaccess[ ]*write_priv_set=net_rawaccess$/d' \
0N/A -e '/^icmp6[ ]*read_priv_set=net_rawaccess[ ]*write_priv_set=net_rawaccess$/d' \
0N/A -e '/^keysock[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \
0N/A -e '/^ipsecah[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \
0N/A -e '/^ipsecesp[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \
0N/A -e '/^spdsock[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \
0N/A -e '/^ipf[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \
0N/A -e '/^sad:admin[ ]*read_priv_set=sys_config[ ]*write_priv_set=sys_config$/d'
0N/A
0N/A rm -f $dest.$$
0N/A
0N/A # potential additions
0N/A additions="aggr aggr:ctl bge dld:ctl dnet keysock ibd icmp icmp6 ipsecah ipsecesp openeepr random spdsock vni ipf pfil scsi_vhci"
0N/A
0N/A for dev in $additions
0N/A do
0N/A # if an entry for this driver exists in the source
0N/A # file...
0N/A grep "$dev[ ]" $src > /dev/null 2>&1
0N/A if [ $? = 0 ] ; then
0N/A # ...and no entry exists in the destination
0N/A # file...
0N/A grep "$dev[ ]" $dest > /dev/null 2>&1
0N/A if [ $? != 0 ] ; then
0N/A # ...then add the entry from
0N/A # the source file to the
0N/A # destination file.
0N/A grep "$dev[ ]" $src >> $dest
0N/A fi
0N/A fi
0N/A done
0N/A
0N/A # potential deletions
0N/A deletions="elx dld"
0N/A
0N/A for dev in $deletions
0N/A do
0N/A # if an entry for this driver exists in the destination
0N/A # file...
0N/A grep "$dev[ ]" $dest > /dev/null 2>&1
0N/A if [ $? = 0 ] ; then
0N/A # ...and no entry exists in the source
0N/A # file...
0N/A grep "$dev[ ]" $src > /dev/null 2>&1
0N/A if [ $? != 0 ] ; then
0N/A # ...then remove the entry from
0N/A # the destination file.
0N/A cp $dest $dest.$$
0N/A grep -v "$dev[ ]" $dest.$$ > $dest
0N/A rm -f $dest.$$
0N/A fi
0N/A fi
0N/A done
0N/Adone
0N/A
0N/Aexit 0
0N/A