xref: /titanic_50/usr/src/uts/intel/os/device_policy (revision 753a6d457b330b1b29b2d3eefcd0831116ce950d)
1#
2# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3# Use is subject to license terms.
4#
5# CDDL HEADER START
6#
7# The contents of this file are subject to the terms of the
8# Common Development and Distribution License (the "License").
9# You may not use this file except in compliance with the License.
10#
11# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
12# or http://www.opensolaris.org/os/licensing.
13# See the License for the specific language governing permissions
14# and limitations under the License.
15#
16# When distributing Covered Code, include this CDDL HEADER in each
17# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
18# If applicable, add the following below this CDDL HEADER, with the
19# fields enclosed by brackets "[]" replaced with your own identifying
20# information: Portions Copyright [yyyy] [name of copyright owner]
21#
22# CDDL HEADER END
23#
24# Device policy configuration file.   When devices are opened the
25# additional access controls in this file are enforced.
26#
27# The format of this file is subject to change without notice.
28#
29# Default open privileges, must be first entry in the file.
30#
31
32*		read_priv_set=none		write_priv_set=none
33
34#
35# Kernel memory devices.
36#
37mm:allkmem	read_priv_set=all		write_priv_set=all
38mm:kmem		read_priv_set=none		write_priv_set=all
39mm:mem		read_priv_set=none		write_priv_set=all
40
41#
42# Socket interface access permissions.
43#
44icmp		read_priv_set=net_icmpaccess	write_priv_set=net_icmpaccess
45icmp6		read_priv_set=net_icmpaccess	write_priv_set=net_icmpaccess
46ip		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
47ip6		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
48keysock		read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
49ipsecah		read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
50ipsecesp	read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
51spdsock		read_priv_set=sys_ip_config	write_priv_set=sys_ip_config
52#
53# Raw network interface access permissions
54#
55dnet		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
56elxl		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
57ibd		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
58iprb		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
59pcelx		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
60spwr		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
61aggr		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
62vnic		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
63softmac		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
64#
65# Virtual network interface access permission
66#
67vni		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
68
69#
70# IP observability device access permission
71#
72ipnet		read_priv_set=net_observability write_priv_set=net_observability
73
74#
75# Disk devices.
76#
77md:admin					write_priv_set=sys_config
78fssnap:ctl	read_priv_set=sys_config	write_priv_set=sys_config
79scsi_vhci:devctl				write_priv_set=sys_devices
80#
81# Other devices that require a privilege to open.
82#
83random						write_priv_set=sys_devices
84openeepr					write_priv_set=all
85#
86# IP Filter
87#
88ipf             read_priv_set=sys_ip_config     write_priv_set=sys_ip_config
89
90