xref: /titanic_41/usr/src/uts/intel/os/device_policy (revision 159d09a20817016f09b3ea28d1bdada4a336bb91) 
1#
2# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3# Use is subject to license terms.
4#
5# CDDL HEADER START
6#
7# The contents of this file are subject to the terms of the
8# Common Development and Distribution License (the "License").
9# You may not use this file except in compliance with the License.
10#
11# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
12# or http://www.opensolaris.org/os/licensing.
13# See the License for the specific language governing permissions
14# and limitations under the License.
15#
16# When distributing Covered Code, include this CDDL HEADER in each
17# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
18# If applicable, add the following below this CDDL HEADER, with the
19# fields enclosed by brackets "[]" replaced with your own identifying
20# information: Portions Copyright [yyyy] [name of copyright owner]
21#
22# CDDL HEADER END
23#
24# Device policy configuration file.   When devices are opened the
25# additional access controls in this file are enforced.
26#
27# The format of this file is subject to change without notice.
28#
29# Default open privileges, must be first entry in the file.
30#
31
32*		read_priv_set=none		write_priv_set=none
33
34#
35# Kernel memory devices.
36#
37mm:allkmem	read_priv_set=all		write_priv_set=all
38mm:kmem		read_priv_set=none		write_priv_set=all
39mm:mem		read_priv_set=none		write_priv_set=all
40
41#
42# Socket interface access permissions.
43#
44icmp		read_priv_set=net_icmpaccess	write_priv_set=net_icmpaccess
45icmp6		read_priv_set=net_icmpaccess	write_priv_set=net_icmpaccess
46ip		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
47ip6		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
48keysock		read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
49ipsecah		read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
50ipsecesp	read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
51spdsock		read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
52#
53# Raw network interface access permissions
54#
55dnet		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
56elxl		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
57ibd		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
58iprb		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
59pcelx		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
60spwr		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
61aggr		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
62vnic		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
63softmac		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
64#
65# Virtual network interface access permission
66#
67vni		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
68#
69# Disk devices.
70#
71md:admin					write_priv_set=sys_config
72fssnap:ctl	read_priv_set=sys_config	write_priv_set=sys_config
73scsi_vhci:devctl				write_priv_set=sys_devices
74#
75# Other devices that require a privilege to open.
76#
77random						write_priv_set=sys_devices
78openeepr					write_priv_set=all
79#
80# IP Filter
81#
82ipf             read_priv_set=sys_ip_config     write_priv_set=sys_ip_config
83
84