Cross Reference: /illumos-gate/usr/src/uts/sparc/os/device_policy

	device_policy revision eae72b5b807baa9116e64502cbb278edf15f3146
486N/A#
486N/A# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
486N/A# Use is subject to license terms.
486N/A#
943N/A# CDDL HEADER START
486N/A#
486N/A# The contents of this file are subject to the terms of the
919N/A# Common Development and Distribution License (the "License").
919N/A# You may not use this file except in compliance with the License.
919N/A#
919N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
919N/A# or http://www.opensolaris.org/os/licensing.
919N/A# See the License for the specific language governing permissions
919N/A# and limitations under the License.
919N/A#
919N/A# When distributing Covered Code, include this CDDL HEADER in each
919N/A# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
919N/A# If applicable, add the following below this CDDL HEADER, with the
919N/A# fields enclosed by brackets "[]" replaced with your own identifying
919N/A# information: Portions Copyright [yyyy] [name of copyright owner]
919N/A#
919N/A# CDDL HEADER END
919N/A#
919N/A# Device policy configuration file.   When devices are opened the
486N/A# additional access controls in this file are enforced.
486N/A#
486N/A# The format of this file is subject to change without notice.
486N/A#
493N/A# Default open privileges, must be first entry in the file.
486N/A#
970N/A
970N/A*       read_priv_set=none      write_priv_set=none
970N/A
970N/A#
486N/A# Kernel memory devices.
851N/A#
486N/Amm:allkmem  read_priv_set=all       write_priv_set=all
911N/Amm:kmem     read_priv_set=none      write_priv_set=all
911N/Amm:mem      read_priv_set=none      write_priv_set=all
911N/A
911N/Artvc:rtvc*                  write_priv_set=none
486N/Artvc:rtvcctl*                   write_priv_set=sys_config
486N/A#
486N/A# Socket interface access permissions.
486N/A#
486N/Aicmp        read_priv_set=net_icmpaccess    write_priv_set=net_icmpaccess
493N/Aicmp6       read_priv_set=net_icmpaccess    write_priv_set=net_icmpaccess
486N/Aip      read_priv_set=net_rawaccess write_priv_set=net_rawaccess
970N/Aip6     read_priv_set=net_rawaccess write_priv_set=net_rawaccess
970N/Akeysock     read_priv_set=sys_ip_config write_priv_set=sys_ip_config
970N/Aipsecah     read_priv_set=sys_ip_config write_priv_set=sys_ip_config
486N/Aipsecesp    read_priv_set=sys_ip_config write_priv_set=sys_ip_config
spdsock     read_priv_set=sys_ip_config write_priv_set=sys_ip_config
#
# Raw network interface access permissions
#
ce      read_priv_set=net_rawaccess write_priv_set=net_rawaccess
eri     read_priv_set=net_rawaccess write_priv_set=net_rawaccess
ge      read_priv_set=net_rawaccess write_priv_set=net_rawaccess
hme     read_priv_set=net_rawaccess write_priv_set=net_rawaccess
ibd     read_priv_set=net_rawaccess write_priv_set=net_rawaccess
pcelx       read_priv_set=net_rawaccess write_priv_set=net_rawaccess
qfe     read_priv_set=net_rawaccess write_priv_set=net_rawaccess
aggr        read_priv_set=net_rawaccess write_priv_set=net_rawaccess
vnic        read_priv_set=net_rawaccess write_priv_set=net_rawaccess
softmac     read_priv_set=net_rawaccess write_priv_set=net_rawaccess
#
# Virtual network interface access permission
#
vni     read_priv_set=net_rawaccess write_priv_set=net_rawaccess
#
# Disk devices.
#
md:admin                    write_priv_set=sys_config
fssnap:ctl  read_priv_set=sys_config    write_priv_set=sys_config
scsi_vhci:devctl                write_priv_set=sys_devices
#
# Other devices that require a privilege to open.
#
envctrltwo  read_priv_set=sys_config    write_priv_set=sys_config
random                      write_priv_set=sys_devices
openeepr                    write_priv_set=all
#
# IP Filter
#
ipf             read_priv_set=sys_ip_config     write_priv_set=sys_ip_config