device_policy revision f4b3ec61df05330d25f55a36b975b4d7519fdeb1
8468244da4da42d99833fd59dc1d00b09275158cChristian Maeder# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
8468244da4da42d99833fd59dc1d00b09275158cChristian Maeder# Use is subject to license terms.
b87efd3db0d2dc41615ea28669faf80fc1b48d56Corneliu-Claudiu Prodescu# CDDL HEADER START
8468244da4da42d99833fd59dc1d00b09275158cChristian Maeder# The contents of this file are subject to the terms of the
8468244da4da42d99833fd59dc1d00b09275158cChristian Maeder# Common Development and Distribution License (the "License").
8468244da4da42d99833fd59dc1d00b09275158cChristian Maeder# You may not use this file except in compliance with the License.
8468244da4da42d99833fd59dc1d00b09275158cChristian Maeder# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
8468244da4da42d99833fd59dc1d00b09275158cChristian Maeder# or http://www.opensolaris.org/os/licensing.
8468244da4da42d99833fd59dc1d00b09275158cChristian Maeder# See the License for the specific language governing permissions
8468244da4da42d99833fd59dc1d00b09275158cChristian Maeder# and limitations under the License.
e176e60e3d82527d508ac4df2f980751849ee45aChristian Maeder# When distributing Covered Code, include this CDDL HEADER in each
e176e60e3d82527d508ac4df2f980751849ee45aChristian Maeder# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
d11226f9a86c35c7082cd29cd171ec59d829ffa0Christian Maeder# If applicable, add the following below this CDDL HEADER, with the
6a1e513ba9fc1eb782165bcbbebea030524c896eChristian Maeder# fields enclosed by brackets "[]" replaced with your own identifying
8468244da4da42d99833fd59dc1d00b09275158cChristian Maeder# information: Portions Copyright [yyyy] [name of copyright owner]
d11226f9a86c35c7082cd29cd171ec59d829ffa0Christian Maeder# CDDL HEADER END
8468244da4da42d99833fd59dc1d00b09275158cChristian Maeder#ident "%Z%%M% %I% %E% SMI"
19bee32dcfc7ea5591c71894b86aedababffcbd5Christian Maeder# Device policy configuration file. When devices are opened the
19bee32dcfc7ea5591c71894b86aedababffcbd5Christian Maeder# additional access controls in this file are enforced.
19bee32dcfc7ea5591c71894b86aedababffcbd5Christian Maeder# The format of this file is subject to change without notice.
19bee32dcfc7ea5591c71894b86aedababffcbd5Christian Maeder# Default open privileges, must be first entry in the file.
cb26aa08ea668c555cc2916d682e072c4de73d9dChristian Maeder* read_priv_set=none write_priv_set=none
cb26aa08ea668c555cc2916d682e072c4de73d9dChristian Maeder# Kernel memory devices.
cb26aa08ea668c555cc2916d682e072c4de73d9dChristian Maedermm:allkmem read_priv_set=all write_priv_set=all
cb26aa08ea668c555cc2916d682e072c4de73d9dChristian Maedermm:kmem read_priv_set=none write_priv_set=all
cb26aa08ea668c555cc2916d682e072c4de73d9dChristian Maedermm:mem read_priv_set=none write_priv_set=all
cb26aa08ea668c555cc2916d682e072c4de73d9dChristian Maedersad:admin read_priv_set=sys_config write_priv_set=sys_config
d11226f9a86c35c7082cd29cd171ec59d829ffa0Christian Maederrtvc:rtvc* write_priv_set=none
cb26aa08ea668c555cc2916d682e072c4de73d9dChristian Maederrtvc:rtvcctl* write_priv_set=sys_config
8468244da4da42d99833fd59dc1d00b09275158cChristian Maeder# Socket interface access permissions.
19bee32dcfc7ea5591c71894b86aedababffcbd5Christian Maedericmp read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess
cb26aa08ea668c555cc2916d682e072c4de73d9dChristian Maedericmp6 read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess
cb26aa08ea668c555cc2916d682e072c4de73d9dChristian Maederip read_priv_set=net_rawaccess write_priv_set=net_rawaccess
19bee32dcfc7ea5591c71894b86aedababffcbd5Christian Maederip6 read_priv_set=net_rawaccess write_priv_set=net_rawaccess
0474b351d3032a8e52305e1499ec0e724c5d489dChristian Maederkeysock read_priv_set=sys_ip_config write_priv_set=sys_ip_config
0474b351d3032a8e52305e1499ec0e724c5d489dChristian Maederipsecah read_priv_set=sys_ip_config write_priv_set=sys_ip_config
0474b351d3032a8e52305e1499ec0e724c5d489dChristian Maederipsecesp read_priv_set=sys_ip_config write_priv_set=sys_ip_config
0474b351d3032a8e52305e1499ec0e724c5d489dChristian Maederspdsock read_priv_set=sys_ip_config write_priv_set=sys_ip_config
0474b351d3032a8e52305e1499ec0e724c5d489dChristian Maeder# Raw network interface access permissions
8468244da4da42d99833fd59dc1d00b09275158cChristian Maederce read_priv_set=net_rawaccess write_priv_set=net_rawaccess
8468244da4da42d99833fd59dc1d00b09275158cChristian Maederdmfe read_priv_set=net_rawaccess write_priv_set=net_rawaccess
8468244da4da42d99833fd59dc1d00b09275158cChristian Maedereri read_priv_set=net_rawaccess write_priv_set=net_rawaccess
8468244da4da42d99833fd59dc1d00b09275158cChristian Maederge read_priv_set=net_rawaccess write_priv_set=net_rawaccess
8468244da4da42d99833fd59dc1d00b09275158cChristian Maederhme read_priv_set=net_rawaccess write_priv_set=net_rawaccess
6a1e513ba9fc1eb782165bcbbebea030524c896eChristian Maederibd read_priv_set=net_rawaccess write_priv_set=net_rawaccess
6a1e513ba9fc1eb782165bcbbebea030524c896eChristian Maederle read_priv_set=net_rawaccess write_priv_set=net_rawaccess
6a1e513ba9fc1eb782165bcbbebea030524c896eChristian Maederpcelx read_priv_set=net_rawaccess write_priv_set=net_rawaccess
6a1e513ba9fc1eb782165bcbbebea030524c896eChristian Maederqfe read_priv_set=net_rawaccess write_priv_set=net_rawaccess
6a1e513ba9fc1eb782165bcbbebea030524c896eChristian Maederaggr read_priv_set=net_rawaccess write_priv_set=net_rawaccess
6a1e513ba9fc1eb782165bcbbebea030524c896eChristian Maeder# Virtual network interface access permission
8468244da4da42d99833fd59dc1d00b09275158cChristian Maedervni read_priv_set=net_rawaccess write_priv_set=net_rawaccess
8468244da4da42d99833fd59dc1d00b09275158cChristian Maeder# Disk devices.
d11226f9a86c35c7082cd29cd171ec59d829ffa0Christian Maedermd:admin write_priv_set=sys_config
8468244da4da42d99833fd59dc1d00b09275158cChristian Maederfssnap:ctl read_priv_set=sys_config write_priv_set=sys_config
6a1e513ba9fc1eb782165bcbbebea030524c896eChristian Maederscsi_vhci:devctl write_priv_set=sys_devices
6a1e513ba9fc1eb782165bcbbebea030524c896eChristian Maeder# Other devices that require a privilege to open.
6a1e513ba9fc1eb782165bcbbebea030524c896eChristian Maederenvctrltwo read_priv_set=sys_config write_priv_set=sys_config
6a1e513ba9fc1eb782165bcbbebea030524c896eChristian Maederrandom write_priv_set=sys_devices
6a1e513ba9fc1eb782165bcbbebea030524c896eChristian Maederopeneepr write_priv_set=all
6a1e513ba9fc1eb782165bcbbebea030524c896eChristian Maederdld:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config
6a1e513ba9fc1eb782165bcbbebea030524c896eChristian Maederaggr:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config
6a1e513ba9fc1eb782165bcbbebea030524c896eChristian Maederipf read_priv_set=sys_ip_config write_priv_set=sys_ip_config