device_policy revision 0219346b07c8d846112a335f1543309c21e3d8da
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# Use is subject to license terms.
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User# CDDL HEADER START
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# The contents of this file are subject to the terms of the
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# Common Development and Distribution License (the "License").
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# You may not use this file except in compliance with the License.
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt# See the License for the specific language governing permissions
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# and limitations under the License.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt# When distributing Covered Code, include this CDDL HEADER in each
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# If applicable, add the following below this CDDL HEADER, with the
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# fields enclosed by brackets "[]" replaced with your own identifying
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# information: Portions Copyright [yyyy] [name of copyright owner]
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# CDDL HEADER END
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt# Device policy configuration file. When devices are opened the
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# additional access controls in this file are enforced.
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# The format of this file is subject to change without notice.
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# Default open privileges, must be first entry in the file.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User* read_priv_set=none write_priv_set=none
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# Kernel memory devices.
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Usermm:allkmem read_priv_set=all write_priv_set=all
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox Usermm:kmem read_priv_set=none write_priv_set=all
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Usermm:mem read_priv_set=none write_priv_set=all
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox Userrtvc:rtvc* write_priv_set=none
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox Userrtvc:rtvcctl* write_priv_set=sys_config
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# Socket interface access permissions.
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Usericmp read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Usericmp6 read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Userip read_priv_set=net_rawaccess write_priv_set=net_rawaccess
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Userip6 read_priv_set=net_rawaccess write_priv_set=net_rawaccess
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Userkeysock read_priv_set=sys_ip_config write_priv_set=sys_ip_config
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox Useripsecah read_priv_set=sys_ip_config write_priv_set=sys_ip_config
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Useripsecesp read_priv_set=sys_ip_config write_priv_set=sys_ip_config
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Userspdsock read_priv_set=sys_ip_config write_priv_set=sys_ip_config
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# Raw network interface access permissions
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Userce read_priv_set=net_rawaccess write_priv_set=net_rawaccess
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Usereri read_priv_set=net_rawaccess write_priv_set=net_rawaccess
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox Userge read_priv_set=net_rawaccess write_priv_set=net_rawaccess
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Useribd read_priv_set=net_rawaccess write_priv_set=net_rawaccess
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Userpcelx read_priv_set=net_rawaccess write_priv_set=net_rawaccess
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Huntaggr read_priv_set=net_rawaccess write_priv_set=net_rawaccess
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Uservnic read_priv_set=net_rawaccess write_priv_set=net_rawaccess
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Usersoftmac read_priv_set=net_rawaccess write_priv_set=net_rawaccess
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# Virtual network interface access permission
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Huntvni read_priv_set=net_rawaccess write_priv_set=net_rawaccess
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# IP observability device access permission
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Useripnet read_priv_set=net_observability write_priv_set=net_observability
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# Disk devices.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox Usermd:admin write_priv_set=sys_config
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox Userfssnap:ctl read_priv_set=sys_config write_priv_set=sys_config
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Userscsi_vhci:devctl write_priv_set=sys_devices
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox User# Other devices that require a privilege to open.
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Userenvctrltwo read_priv_set=sys_config write_priv_set=sys_config
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox Userrandom write_priv_set=sys_devices
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Useropeneepr write_priv_set=all
9a5087bf58f651bfff841192aba5afd06760d6ceTinderbox Useripf read_priv_set=sys_ip_config write_priv_set=sys_ip_config