xref: /titanic_51/usr/src/uts/sparc/os/device_policy (revision 7ee93e3bbce920c0d0742deb6632b0939e30b783)
1#
2# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
3# Use is subject to license terms.
4#
5# CDDL HEADER START
6#
7# The contents of this file are subject to the terms of the
8# Common Development and Distribution License, Version 1.0 only
9# (the "License").  You may not use this file except in compliance
10# with the License.
11#
12# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
13# or http://www.opensolaris.org/os/licensing.
14# See the License for the specific language governing permissions
15# and limitations under the License.
16#
17# When distributing Covered Code, include this CDDL HEADER in each
18# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
19# If applicable, add the following below this CDDL HEADER, with the
20# fields enclosed by brackets "[]" replaced with your own identifying
21# information: Portions Copyright [yyyy] [name of copyright owner]
22#
23# CDDL HEADER END
24#
25#ident	"%Z%%M%	%I%	%E% SMI"
26#
27# Device policy configuration file.   When devices are opened the
28# additional access controls in this file are enforced.
29#
30# The format of this file is subject to change without notice.
31#
32# Default open privileges, must be first entry in the file.
33#
34
35*		read_priv_set=none		write_priv_set=none
36
37#
38# Kernel memory devices.
39#
40mm:allkmem	read_priv_set=all		write_priv_set=all
41mm:kmem		read_priv_set=none		write_priv_set=all
42mm:mem		read_priv_set=none		write_priv_set=all
43
44sad:admin	read_priv_set=sys_config	write_priv_set=sys_config
45
46rtvc:rtvc*					write_priv_set=none
47rtvc:rtvcctl*					write_priv_set=sys_config
48#
49# Socket interface access permissions.
50#
51icmp		read_priv_set=net_icmpaccess	write_priv_set=net_icmpaccess
52icmp6		read_priv_set=net_icmpaccess	write_priv_set=net_icmpaccess
53ip		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
54ip6		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
55keysock		read_priv_set=sys_net_config	write_priv_set=sys_net_config
56ipsecah		read_priv_set=sys_net_config	write_priv_set=sys_net_config
57ipsecesp	read_priv_set=sys_net_config	write_priv_set=sys_net_config
58spdsock		read_priv_set=sys_net_config	write_priv_set=sys_net_config
59#
60# Raw network interface access permissions
61#
62ce		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
63dmfe		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
64eri		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
65ge		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
66hme		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
67ibd		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
68le		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
69pcelx		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
70qfe		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
71dld		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
72#
73# Virtual network interface access permission
74#
75vni		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
76#
77# Disk devices.
78#
79md:admin					write_priv_set=sys_config
80fssnap:ctl	read_priv_set=sys_config	write_priv_set=sys_config
81scsi_vhci:devctl				write_priv_set=sys_devices
82#
83# Other devices that require a privilege to open.
84#
85envctrltwo	read_priv_set=sys_config	write_priv_set=sys_config
86random						write_priv_set=sys_devices
87openeepr					write_priv_set=all
88dld:ctl		read_priv_set=sys_net_config	write_priv_set=sys_net_config
89aggr:ctl	read_priv_set=sys_net_config	write_priv_set=sys_net_config
90#
91# IP Filter
92#
93ipf             read_priv_set=sys_net_config    write_priv_set=sys_net_config
94pfil            read_priv_set=net_rawaccess     write_priv_set=net_rawaccess
95
96