device_policy revision b127ac411761a3d8d642d9342d9cac2785e1faaa
fa9e4066f08beec538e775443c5be79dd423fcabahrens# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
fa9e4066f08beec538e775443c5be79dd423fcabahrens# Use is subject to license terms.
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrock# CDDL HEADER START
fa9e4066f08beec538e775443c5be79dd423fcabahrens# The contents of this file are subject to the terms of the
fa9e4066f08beec538e775443c5be79dd423fcabahrens# Common Development and Distribution License (the "License").
fa9e4066f08beec538e775443c5be79dd423fcabahrens# You may not use this file except in compliance with the License.
fa9e4066f08beec538e775443c5be79dd423fcabahrens# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
fa9e4066f08beec538e775443c5be79dd423fcabahrens# See the License for the specific language governing permissions
fa9e4066f08beec538e775443c5be79dd423fcabahrens# and limitations under the License.
fa9e4066f08beec538e775443c5be79dd423fcabahrens# When distributing Covered Code, include this CDDL HEADER in each
fa9e4066f08beec538e775443c5be79dd423fcabahrens# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
fa9e4066f08beec538e775443c5be79dd423fcabahrens# If applicable, add the following below this CDDL HEADER, with the
fa9e4066f08beec538e775443c5be79dd423fcabahrens# fields enclosed by brackets "[]" replaced with your own identifying
fa9e4066f08beec538e775443c5be79dd423fcabahrens# information: Portions Copyright [yyyy] [name of copyright owner]
06e0070d70ba2ee95f5aa2645423eb2cf1546788Mark Shellenbaum# CDDL HEADER END
aad02571bc59671aa3103bb070ae365f531b0b62Saso Kiselkov# Device policy configuration file. When devices are opened the
a2afb611b30628fb74ad9eade4ae465f9031e262Jerry Jelinek# additional access controls in this file are enforced.
03b1c2971d24a9cd2c073d634f7e074fbd14e984Alexander Eremin# The format of this file is subject to change without notice.
c3d26abc9ee97b4f60233556aadeb57e0bd30bb9Matthew Ahrens# Default open privileges, must be first entry in the file.
55da60b91d96984f12de050ce428373ea25c7f35Mark J Musante* read_priv_set=none write_priv_set=none
fa9e4066f08beec538e775443c5be79dd423fcabahrens# Kernel memory devices.
fa9e4066f08beec538e775443c5be79dd423fcabahrensmm:allkmem read_priv_set=all write_priv_set=all
fa9e4066f08beec538e775443c5be79dd423fcabahrensmm:kmem read_priv_set=none write_priv_set=all
fa9e4066f08beec538e775443c5be79dd423fcabahrensmm:mem read_priv_set=none write_priv_set=all
1d452cf5123cb6ac0a013a4dbd4dcceeb0da314dahrensrtvc:rtvc* write_priv_set=none
ecd6cf800b63704be73fb264c3f5b6e0dafc068dmarksrtvc:rtvcctl* write_priv_set=sys_config
fa9e4066f08beec538e775443c5be79dd423fcabahrens# Socket interface access permissions.
fa9e4066f08beec538e775443c5be79dd423fcabahrensicmp read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess
fa9e4066f08beec538e775443c5be79dd423fcabahrensicmp6 read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess
fa9e4066f08beec538e775443c5be79dd423fcabahrensip read_priv_set=net_rawaccess write_priv_set=net_rawaccess
fa9e4066f08beec538e775443c5be79dd423fcabahrensip6 read_priv_set=net_rawaccess write_priv_set=net_rawaccess
ecd6cf800b63704be73fb264c3f5b6e0dafc068dmarkskeysock read_priv_set=sys_ip_config write_priv_set=sys_ip_config
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaumipsecah read_priv_set=sys_ip_config write_priv_set=sys_ip_config
99d5e173470cf967aa87653364ed614299e7b511Tim Haleyipsecesp read_priv_set=sys_ip_config write_priv_set=sys_ip_config
3b2aab18808792cbd248a12f1edf139b89833c13Matthew Ahrensspdsock read_priv_set=sys_ip_config write_priv_set=sys_ip_config
fa9e4066f08beec538e775443c5be79dd423fcabahrens# Raw network interface access permissions
744947dc83c634d985ed3ad79ac9c5e28d1865fdTom Ericksonce read_priv_set=net_rawaccess write_priv_set=net_rawaccess
744947dc83c634d985ed3ad79ac9c5e28d1865fdTom Ericksoneri read_priv_set=net_rawaccess write_priv_set=net_rawaccess
744947dc83c634d985ed3ad79ac9c5e28d1865fdTom Ericksonge read_priv_set=net_rawaccess write_priv_set=net_rawaccess
744947dc83c634d985ed3ad79ac9c5e28d1865fdTom Ericksonhme read_priv_set=net_rawaccess write_priv_set=net_rawaccess
744947dc83c634d985ed3ad79ac9c5e28d1865fdTom Ericksonibd read_priv_set=net_rawaccess write_priv_set=net_rawaccess
12380e1e701fda28c9e9f32d01cafb54af279eb5Arne Jansenpcelx read_priv_set=net_rawaccess write_priv_set=net_rawaccess
12380e1e701fda28c9e9f32d01cafb54af279eb5Arne Jansenqfe read_priv_set=net_rawaccess write_priv_set=net_rawaccess
12380e1e701fda28c9e9f32d01cafb54af279eb5Arne Jansenaggr read_priv_set=net_rawaccess write_priv_set=net_rawaccess
12380e1e701fda28c9e9f32d01cafb54af279eb5Arne Jansenvnic read_priv_set=net_rawaccess write_priv_set=net_rawaccess
12380e1e701fda28c9e9f32d01cafb54af279eb5Arne Jansensoftmac read_priv_set=net_rawaccess write_priv_set=net_rawaccess
12380e1e701fda28c9e9f32d01cafb54af279eb5Arne Jansen# Virtual network interface access permission
12380e1e701fda28c9e9f32d01cafb54af279eb5Arne Jansenvni read_priv_set=net_rawaccess write_priv_set=net_rawaccess
744947dc83c634d985ed3ad79ac9c5e28d1865fdTom Erickson# IP observability device access permission
744947dc83c634d985ed3ad79ac9c5e28d1865fdTom Ericksonipnet read_priv_set=net_observability write_priv_set=net_observability
744947dc83c634d985ed3ad79ac9c5e28d1865fdTom Erickson# Disk devices.
744947dc83c634d985ed3ad79ac9c5e28d1865fdTom Ericksonmd:admin write_priv_set=sys_config
744947dc83c634d985ed3ad79ac9c5e28d1865fdTom Ericksonfssnap:ctl read_priv_set=sys_config write_priv_set=sys_config
744947dc83c634d985ed3ad79ac9c5e28d1865fdTom Ericksonscsi_vhci:devctl write_priv_set=sys_devices
fa9e4066f08beec538e775443c5be79dd423fcabahrens# Other devices that require a privilege to open.
fa9e4066f08beec538e775443c5be79dd423fcabahrensenvctrltwo read_priv_set=sys_config write_priv_set=sys_config
503ad85c168c7992ccc310af845a581cff3c72b5Matthew Ahrensrandom write_priv_set=sys_devices
fa9e4066f08beec538e775443c5be79dd423fcabahrensopeneepr write_priv_set=all
fa9e4066f08beec538e775443c5be79dd423fcabahrensipf read_priv_set=sys_ip_config write_priv_set=sys_ip_config