xref: /illumos-gate/usr/src/uts/sparc/os/device_policy (revision 7c478bd95313f5f23a4c958a745db2134aa03244) 
1*7c478bd9Sstevel@tonic-gate#
2*7c478bd9Sstevel@tonic-gate# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
3*7c478bd9Sstevel@tonic-gate# Use is subject to license terms.
4*7c478bd9Sstevel@tonic-gate#
5*7c478bd9Sstevel@tonic-gate# CDDL HEADER START
6*7c478bd9Sstevel@tonic-gate#
7*7c478bd9Sstevel@tonic-gate# The contents of this file are subject to the terms of the
8*7c478bd9Sstevel@tonic-gate# Common Development and Distribution License, Version 1.0 only
9*7c478bd9Sstevel@tonic-gate# (the "License").  You may not use this file except in compliance
10*7c478bd9Sstevel@tonic-gate# with the License.
11*7c478bd9Sstevel@tonic-gate#
12*7c478bd9Sstevel@tonic-gate# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
13*7c478bd9Sstevel@tonic-gate# or http://www.opensolaris.org/os/licensing.
14*7c478bd9Sstevel@tonic-gate# See the License for the specific language governing permissions
15*7c478bd9Sstevel@tonic-gate# and limitations under the License.
16*7c478bd9Sstevel@tonic-gate#
17*7c478bd9Sstevel@tonic-gate# When distributing Covered Code, include this CDDL HEADER in each
18*7c478bd9Sstevel@tonic-gate# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
19*7c478bd9Sstevel@tonic-gate# If applicable, add the following below this CDDL HEADER, with the
20*7c478bd9Sstevel@tonic-gate# fields enclosed by brackets "[]" replaced with your own identifying
21*7c478bd9Sstevel@tonic-gate# information: Portions Copyright [yyyy] [name of copyright owner]
22*7c478bd9Sstevel@tonic-gate#
23*7c478bd9Sstevel@tonic-gate# CDDL HEADER END
24*7c478bd9Sstevel@tonic-gate#
25*7c478bd9Sstevel@tonic-gate#ident	"%Z%%M%	%I%	%E% SMI"
26*7c478bd9Sstevel@tonic-gate#
27*7c478bd9Sstevel@tonic-gate# Device policy configuration file.   When devices are opened the
28*7c478bd9Sstevel@tonic-gate# additional access controls in this file are enforced.
29*7c478bd9Sstevel@tonic-gate#
30*7c478bd9Sstevel@tonic-gate# The format of this file is subject to change without notice.
31*7c478bd9Sstevel@tonic-gate#
32*7c478bd9Sstevel@tonic-gate# Default open privileges, must be first entry in the file.
33*7c478bd9Sstevel@tonic-gate#
34*7c478bd9Sstevel@tonic-gate
35*7c478bd9Sstevel@tonic-gate*		read_priv_set=none		write_priv_set=none
36*7c478bd9Sstevel@tonic-gate
37*7c478bd9Sstevel@tonic-gate#
38*7c478bd9Sstevel@tonic-gate# Kernel memory devices.
39*7c478bd9Sstevel@tonic-gate#
40*7c478bd9Sstevel@tonic-gatemm:allkmem	read_priv_set=all		write_priv_set=all
41*7c478bd9Sstevel@tonic-gatemm:kmem		read_priv_set=none		write_priv_set=all
42*7c478bd9Sstevel@tonic-gatemm:mem		read_priv_set=none		write_priv_set=all
43*7c478bd9Sstevel@tonic-gate
44*7c478bd9Sstevel@tonic-gatesad:admin	read_priv_set=sys_config	write_priv_set=sys_config
45*7c478bd9Sstevel@tonic-gate
46*7c478bd9Sstevel@tonic-gatertvc:rtvc*					write_priv_set=none
47*7c478bd9Sstevel@tonic-gatertvc:rtvcctl*					write_priv_set=sys_config
48*7c478bd9Sstevel@tonic-gate#
49*7c478bd9Sstevel@tonic-gate# Socket interface access permissions.
50*7c478bd9Sstevel@tonic-gate#
51*7c478bd9Sstevel@tonic-gateicmp		read_priv_set=net_icmpaccess	write_priv_set=net_icmpaccess
52*7c478bd9Sstevel@tonic-gateicmp6		read_priv_set=net_icmpaccess	write_priv_set=net_icmpaccess
53*7c478bd9Sstevel@tonic-gateip		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
54*7c478bd9Sstevel@tonic-gateip6		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
55*7c478bd9Sstevel@tonic-gatekeysock		read_priv_set=sys_net_config	write_priv_set=sys_net_config
56*7c478bd9Sstevel@tonic-gateipsecah		read_priv_set=sys_net_config	write_priv_set=sys_net_config
57*7c478bd9Sstevel@tonic-gateipsecesp	read_priv_set=sys_net_config	write_priv_set=sys_net_config
58*7c478bd9Sstevel@tonic-gatespdsock		read_priv_set=sys_net_config	write_priv_set=sys_net_config
59*7c478bd9Sstevel@tonic-gate#
60*7c478bd9Sstevel@tonic-gate# Raw network interface access permissions
61*7c478bd9Sstevel@tonic-gate#
62*7c478bd9Sstevel@tonic-gatece		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
63*7c478bd9Sstevel@tonic-gatedmfe		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
64*7c478bd9Sstevel@tonic-gateeri		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
65*7c478bd9Sstevel@tonic-gatege		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
66*7c478bd9Sstevel@tonic-gatehme		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
67*7c478bd9Sstevel@tonic-gateibd		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
68*7c478bd9Sstevel@tonic-gatele		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
69*7c478bd9Sstevel@tonic-gatepcelx		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
70*7c478bd9Sstevel@tonic-gateqfe		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
71*7c478bd9Sstevel@tonic-gatedld		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
72*7c478bd9Sstevel@tonic-gate#
73*7c478bd9Sstevel@tonic-gate# Virtual network interface access permission
74*7c478bd9Sstevel@tonic-gate#
75*7c478bd9Sstevel@tonic-gatevni		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
76*7c478bd9Sstevel@tonic-gate#
77*7c478bd9Sstevel@tonic-gate# Disk devices.
78*7c478bd9Sstevel@tonic-gate#
79*7c478bd9Sstevel@tonic-gatemd:admin					write_priv_set=sys_config
80*7c478bd9Sstevel@tonic-gatefssnap:ctl	read_priv_set=sys_config	write_priv_set=sys_config
81*7c478bd9Sstevel@tonic-gate#
82*7c478bd9Sstevel@tonic-gate# Other devices that require a privilege to open.
83*7c478bd9Sstevel@tonic-gate#
84*7c478bd9Sstevel@tonic-gateenvctrltwo	read_priv_set=sys_config	write_priv_set=sys_config
85*7c478bd9Sstevel@tonic-gaterandom						write_priv_set=sys_devices
86*7c478bd9Sstevel@tonic-gateopeneepr					write_priv_set=all
87*7c478bd9Sstevel@tonic-gatedld:ctl		read_priv_set=sys_net_config	write_priv_set=sys_net_config
88*7c478bd9Sstevel@tonic-gateaggr:ctl	read_priv_set=sys_net_config	write_priv_set=sys_net_config
89*7c478bd9Sstevel@tonic-gate#
90*7c478bd9Sstevel@tonic-gate# IP Filter
91*7c478bd9Sstevel@tonic-gate#
92*7c478bd9Sstevel@tonic-gateipf             read_priv_set=sys_net_config    write_priv_set=sys_net_config
93*7c478bd9Sstevel@tonic-gatepfil            read_priv_set=net_rawaccess     write_priv_set=net_rawaccess
94*7c478bd9Sstevel@tonic-gate
95