xref: /titanic_44/usr/src/uts/intel/os/device_policy (revision 03831d35f7499c87d51205817c93e9a8d42c4bae)
1#
2# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
3# Use is subject to license terms.
4#
5# CDDL HEADER START
6#
7# The contents of this file are subject to the terms of the
8# Common Development and Distribution License, Version 1.0 only
9# (the "License").  You may not use this file except in compliance
10# with the License.
11#
12# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
13# or http://www.opensolaris.org/os/licensing.
14# See the License for the specific language governing permissions
15# and limitations under the License.
16#
17# When distributing Covered Code, include this CDDL HEADER in each
18# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
19# If applicable, add the following below this CDDL HEADER, with the
20# fields enclosed by brackets "[]" replaced with your own identifying
21# information: Portions Copyright [yyyy] [name of copyright owner]
22#
23# CDDL HEADER END
24#
25#ident	"%Z%%M%	%I%	%E% SMI"
26#
27# Device policy configuration file.   When devices are opened the
28# additional access controls in this file are enforced.
29#
30# The format of this file is subject to change without notice.
31#
32# Default open privileges, must be first entry in the file.
33#
34
35*		read_priv_set=none		write_priv_set=none
36
37#
38# Kernel memory devices.
39#
40mm:allkmem	read_priv_set=all		write_priv_set=all
41mm:kmem		read_priv_set=none		write_priv_set=all
42mm:mem		read_priv_set=none		write_priv_set=all
43
44sad:admin	read_priv_set=sys_config	write_priv_set=sys_config
45
46#
47# Socket interface access permissions.
48#
49icmp		read_priv_set=net_icmpaccess	write_priv_set=net_icmpaccess
50icmp6		read_priv_set=net_icmpaccess	write_priv_set=net_icmpaccess
51ip		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
52ip6		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
53keysock		read_priv_set=sys_net_config	write_priv_set=sys_net_config
54ipsecah		read_priv_set=sys_net_config	write_priv_set=sys_net_config
55ipsecesp	read_priv_set=sys_net_config	write_priv_set=sys_net_config
56spdsock		read_priv_set=sys_net_config	write_priv_set=sys_net_config
57#
58# Raw network interface access permissions
59#
60dnet		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
61elxl		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
62ibd		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
63iprb		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
64pcelx		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
65spwr		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
66dld		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
67#
68# Virtual network interface access permission
69#
70vni		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
71#
72# Disk devices.
73#
74md:admin					write_priv_set=sys_config
75fssnap:ctl	read_priv_set=sys_config	write_priv_set=sys_config
76scsi_vhci:devctl				write_priv_set=sys_devices
77#
78# Other devices that require a privilege to open.
79#
80random						write_priv_set=sys_devices
81openeepr					write_priv_set=all
82dld:ctl		read_priv_set=sys_net_config	write_priv_set=sys_net_config
83aggr:ctl	read_priv_set=sys_net_config	write_priv_set=sys_net_config
84#
85# IP Filter
86#
87ipf             read_priv_set=sys_net_config    write_priv_set=sys_net_config
88pfil            read_priv_set=net_rawaccess     write_priv_set=net_rawaccess
89
90