i.devpolicy revision e6bdcbd54e38270df660b0acefe68cbce303ba9d
279N/A#!/bin/sh
279N/A#
279N/A# CDDL HEADER START
279N/A#
279N/A# The contents of this file are subject to the terms of the
279N/A# Common Development and Distribution License (the "License").
279N/A# You may not use this file except in compliance with the License.
279N/A#
279N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
279N/A# or http://www.opensolaris.org/os/licensing.
279N/A# See the License for the specific language governing permissions
279N/A# and limitations under the License.
279N/A#
279N/A# When distributing Covered Code, include this CDDL HEADER in each
279N/A# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
279N/A# If applicable, add the following below this CDDL HEADER, with the
279N/A# fields enclosed by brackets "[]" replaced with your own identifying
279N/A# information: Portions Copyright [yyyy] [name of copyright owner]
279N/A#
279N/A# CDDL HEADER END
279N/A#
5495N/A#
279N/A# ident "%Z%%M% %I% %E% SMI"
5680N/A#
279N/A# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
279N/A# Use is subject to license terms.
279N/A#
5495N/A# NOTE: When a change is made to the source file for
5495N/A# /etc/security/device_policy a corresponding change must be made to
5495N/A# this class-action script.
279N/A#
279N/Awhile read src dest
5495N/Ado
5495N/A if [ ! -f $dest ] ; then
5495N/A cp $src $dest
5495N/A continue
844N/A fi
5495N/A
279N/A # changes
279N/A cp $dest $dest.$$
279N/A sed < $dest.$$ > $dest \
5495N/A -e '/md:admin/s/read_priv_set=sys_config/ /' \
2899N/A -e '/^icmp[ ]*read_priv_set=net_rawaccess[ ]*write_priv_set=net_rawaccess$/d' \
5680N/A -e '/^icmp6[ ]*read_priv_set=net_rawaccess[ ]*write_priv_set=net_rawaccess$/d' \
5680N/A -e '/^keysock[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \
5680N/A -e '/^ipsecah[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \
5680N/A -e '/^ipsecesp[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \
5680N/A -e '/^spdsock[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \
279N/A -e '/^ipf[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \
5495N/A -e '/^sad:admin[ ]*read_priv_set=sys_config[ ]*write_priv_set=sys_config$/d'
5495N/A
5495N/A rm -f $dest.$$
5495N/A
2677N/A # potential additions
2677N/A additions="aggr aggr:ctl bge dld:ctl dnet keysock ibd icmp icmp6 ipsecah ipsecesp openeepr random spdsock vni ipf pfil scsi_vhci"
5680N/A
279N/A for dev in $additions
279N/A do
279N/A # if an entry for this driver exists in the source
279N/A # file...
5495N/A grep "$dev[ ]" $src > /dev/null 2>&1
3339N/A if [ $? = 0 ] ; then
3339N/A # ...and no entry exists in the destination
3339N/A # file...
447N/A grep "$dev[ ]" $dest > /dev/null 2>&1
447N/A if [ $? != 0 ] ; then
447N/A # ...then add the entry from
447N/A # the source file to the
2578N/A # destination file.
5680N/A grep "$dev[ ]" $src >> $dest
924N/A fi
279N/A fi
447N/A done
2677N/A
5495N/A # potential deletions
5495N/A deletions="elx dld"
5495N/A
4835N/A for dev in $deletions
3353N/A do
3353N/A # if an entry for this driver exists in the destination
3353N/A # file...
3353N/A grep "$dev[ ]" $dest > /dev/null 2>&1
3353N/A if [ $? = 0 ] ; then
3353N/A # ...and no entry exists in the source
3353N/A # file...
4835N/A grep "$dev[ ]" $src > /dev/null 2>&1
4835N/A if [ $? != 0 ] ; then
4835N/A # ...then remove the entry from
4835N/A # the destination file.
5495N/A cp $dest $dest.$$
4835N/A grep -v "$dev[ ]" $dest.$$ > $dest
279N/A rm -f $dest.$$
2677N/A fi
279N/A fi
4941N/A done
3817N/Adone
3817N/A
6021N/Aexit 0
4941N/A