device_policy revision c0192a574ab103def0adf824d9e22709b0d0fba9
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# Use is subject to license terms.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# CDDL HEADER START
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# The contents of this file are subject to the terms of the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# Common Development and Distribution License (the "License").
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# You may not use this file except in compliance with the License.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# See the License for the specific language governing permissions
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# and limitations under the License.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# When distributing Covered Code, include this CDDL HEADER in each
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# If applicable, add the following below this CDDL HEADER, with the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# fields enclosed by brackets "[]" replaced with your own identifying
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# information: Portions Copyright [yyyy] [name of copyright owner]
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# CDDL HEADER END
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin#ident "%Z%%M% %I% %E% SMI"
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# Device policy configuration file. When devices are opened the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# additional access controls in this file are enforced.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# The format of this file is subject to change without notice.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# Default open privileges, must be first entry in the file.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin* read_priv_set=none write_priv_set=none
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# Kernel memory devices.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinmm:allkmem read_priv_set=all write_priv_set=all
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinmm:kmem read_priv_set=none write_priv_set=all
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinmm:mem read_priv_set=none write_priv_set=all
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinsad:admin read_priv_set=sys_config write_priv_set=sys_config
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# Socket interface access permissions.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinicmp read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinicmp6 read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinip read_priv_set=net_rawaccess write_priv_set=net_rawaccess
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinip6 read_priv_set=net_rawaccess write_priv_set=net_rawaccess
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinkeysock read_priv_set=sys_net_config write_priv_set=sys_net_config
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinipsecah read_priv_set=sys_net_config write_priv_set=sys_net_config
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinipsecesp read_priv_set=sys_net_config write_priv_set=sys_net_config
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinspdsock read_priv_set=sys_net_config write_priv_set=sys_net_config
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# Raw network interface access permissions
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chindnet read_priv_set=net_rawaccess write_priv_set=net_rawaccess
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinelxl read_priv_set=net_rawaccess write_priv_set=net_rawaccess
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinibd read_priv_set=net_rawaccess write_priv_set=net_rawaccess
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chiniprb read_priv_set=net_rawaccess write_priv_set=net_rawaccess
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinpcelx read_priv_set=net_rawaccess write_priv_set=net_rawaccess
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinspwr read_priv_set=net_rawaccess write_priv_set=net_rawaccess
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinaggr read_priv_set=net_rawaccess write_priv_set=net_rawaccess
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# Virtual network interface access permission
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinvni read_priv_set=net_rawaccess write_priv_set=net_rawaccess
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# Disk devices.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinmd:admin write_priv_set=sys_config
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinfssnap:ctl read_priv_set=sys_config write_priv_set=sys_config
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinscsi_vhci:devctl write_priv_set=sys_devices
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# Other devices that require a privilege to open.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinrandom write_priv_set=sys_devices
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinopeneepr write_priv_set=all
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chindld:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinaggr:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin# IP Filter
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinipf read_priv_set=sys_net_config write_priv_set=sys_net_config
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinpfil read_priv_set=net_rawaccess write_priv_set=net_rawaccess