device_policy revision 8c4f8890c870d3bd16cbcaeed2dc4679d5e076b5
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitra# Copyright 2005 Sun Microsystems, Inc. All rights reserved.
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitra# Use is subject to license terms.
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitra# CDDL HEADER START
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitra# The contents of this file are subject to the terms of the
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitra# Common Development and Distribution License, Version 1.0 only
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitra# (the "License"). You may not use this file except in compliance
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitra# with the License.
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitra# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitra# See the License for the specific language governing permissions
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitra# and limitations under the License.
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitra# When distributing Covered Code, include this CDDL HEADER in each
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitra# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitra# If applicable, add the following below this CDDL HEADER, with the
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitra# fields enclosed by brackets "[]" replaced with your own identifying
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitra# information: Portions Copyright [yyyy] [name of copyright owner]
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitra# CDDL HEADER END
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitra#ident "%Z%%M% %I% %E% SMI"
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitra# Device policy configuration file. When devices are opened the
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitra# additional access controls in this file are enforced.
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitra# The format of this file is subject to change without notice.
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitra# Default open privileges, must be first entry in the file.
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitra* read_priv_set=none write_priv_set=none
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitra# Kernel memory devices.
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitramm:allkmem read_priv_set=all write_priv_set=all
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitramm:kmem read_priv_set=none write_priv_set=all
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitramm:mem read_priv_set=none write_priv_set=all
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitrasad:admin read_priv_set=sys_config write_priv_set=sys_config
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitrartvc:rtvc* write_priv_set=none
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitrartvc:rtvcctl* write_priv_set=sys_config
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitra# Socket interface access permissions.
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitraicmp read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitraicmp6 read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitraip read_priv_set=net_rawaccess write_priv_set=net_rawaccess
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitraip6 read_priv_set=net_rawaccess write_priv_set=net_rawaccess
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitrakeysock read_priv_set=sys_net_config write_priv_set=sys_net_config
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitraipsecah read_priv_set=sys_net_config write_priv_set=sys_net_config
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitraipsecesp read_priv_set=sys_net_config write_priv_set=sys_net_config
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitraspdsock read_priv_set=sys_net_config write_priv_set=sys_net_config
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitra# Raw network interface access permissions
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitrace read_priv_set=net_rawaccess write_priv_set=net_rawaccess
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitradmfe read_priv_set=net_rawaccess write_priv_set=net_rawaccess
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitraeri read_priv_set=net_rawaccess write_priv_set=net_rawaccess
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitrage read_priv_set=net_rawaccess write_priv_set=net_rawaccess
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitrahme read_priv_set=net_rawaccess write_priv_set=net_rawaccess
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitraibd read_priv_set=net_rawaccess write_priv_set=net_rawaccess
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitrale read_priv_set=net_rawaccess write_priv_set=net_rawaccess
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitrapcelx read_priv_set=net_rawaccess write_priv_set=net_rawaccess
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitraqfe read_priv_set=net_rawaccess write_priv_set=net_rawaccess
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitradld read_priv_set=net_rawaccess write_priv_set=net_rawaccess
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitra# Virtual network interface access permission
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitravni read_priv_set=net_rawaccess write_priv_set=net_rawaccess
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitra# Disk devices.
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitramd:admin write_priv_set=sys_config
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitrafssnap:ctl read_priv_set=sys_config write_priv_set=sys_config
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitrascsi_vhci:devctl write_priv_set=sys_devices
1b94590fd02ca19669dfb4b5deb563a290459d81Tilo Mitra# Other devices that require a privilege to open.
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitraenvctrltwo read_priv_set=sys_config write_priv_set=sys_config
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitrarandom write_priv_set=sys_devices
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitraopeneepr write_priv_set=all
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitradld:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitraaggr:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitraipf read_priv_set=sys_net_config write_priv_set=sys_net_config
a31d4503481b752a9ea058cce3d9b025d040a87cTilo Mitrapfil read_priv_set=net_rawaccess write_priv_set=net_rawaccess