#
# @(#)device_policy 7.13 03/09/30 SMI; TSOL 2.x
#
#	Trusted Solaris 2.x device policy configuration file.
#	See device_policy(4TSOL) for detailed description.
#
#	General format:
#
#		drvname:minor_name  {policy_type=policy_value}
#
#	Valid policy types are:
#		data_mac_policy,
#		attr_mac_policy,
#		open_priv,
#		str_type
#
#	Valid policy values for MAC policy are:
#		DR_MAC_ANY,
#		DR_MAC_NEVER,
#		DR_MAC_SDOM,
#		DR_MAC_EQ,
#		DR_MAC_ODOM,
#
#		DW_MAC_ANY,
#		DW_MAC_NEVER,
#		DW_MAC_SDOM,
#		DW_MAC_EQ,
#		DW_MAC_ODOM.
#
#	Valid policy modifier values for MAC policy are:
#		MOD_AUTO_ALLOC
#		MOD_FABRICATE
#		MOD_GETDEVLABEL
#
#	Valid custom attribute MAC policy values are:
#		fab_attr_policy
#
#	Valid values for open_priv are any recognized privilege name.
#		
#	Valid values for str_type are:
#		DSTR_LOOP,
#		DSTR_NET,
#		DSTR_DEV.
#
# When not specified, the default device policy will apply:
#	data_mac_policy=DR_MAC_EQ,DW_MAC_EQ		\
#	attr_mac_policy=DR_MAC_SDOM,DW_MAC_EQ		\
#	str_type=DSTR_DEV				\
#	open_priv=none
#

#########################################################
# Clone Device Drivers

# Networking Interfaces:  ethernet, FDDI, etc.
clone:be						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=sys_net_config			\
	str_type=DSTR_NET

clone:hme						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=sys_net_config			\
	str_type=DSTR_NET

clone:ie						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=sys_net_config			\
	str_type=DSTR_NET

clone:le						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=sys_net_config			\
	str_type=DSTR_NET

clone:nf						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=sys_net_config			\
	str_type=DSTR_NET

clone:pf						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=sys_net_config			\
	str_type=DSTR_NET

clone:qe						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=sys_net_config			\
	str_type=DSTR_NET

clone:qfe                                               \
        data_mac_policy=DR_MAC_ANY,DW_MAC_ANY           \
        open_priv=sys_net_config                        \
        str_type=DSTR_NET

rts:rts							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY           \
	str_type=DSTR_NET

ip:ip							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY           \
	str_type=DSTR_NET

tcp:tcp							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY           \
	str_type=DSTR_NET

udp:udp							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY           \
	str_type=DSTR_NET

rawip:rawip						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY           \
	str_type=DSTR_NET

icmp:icmp						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY           \
	str_type=DSTR_NET

ip6:ip6							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY           \
	str_type=DSTR_NET

tcp6:tcp6						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY           \
	str_type=DSTR_NET

udp6:udp6						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY           \
	str_type=DSTR_NET

rawip6:rawip6						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY           \
	str_type=DSTR_NET

icmp6:icmp6						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY           \
	str_type=DSTR_NET

arp:arp						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY           \
	str_type=DSTR_NET

# Pseudo-terminal master (STREAMS)
clone:ptmx						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY,MOD_AUTO_ALLOC

# Serial Port Interfaces
clone:se_hdlc						\
	data_mac_policy=DR_MAC_EQ,DW_MAC_EQ

clone:zsh						\
	data_mac_policy=DR_MAC_EQ,DW_MAC_EQ

# All other clone devices have MAC_ANY policy.
clone:*							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	attr_mac_policy=DR_MAC_ANY,DW_MAC_ANY


#########################################################
# Specific Device Drivers

cgeight:*						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=win_dga

cgfour:*						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=win_dga

cgfourteen:*						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=win_dga

cgsix:*							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=win_dga

cgthree:*						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=win_dga

cgtwo:*							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=win_dga

#
# cn:systty, cn:syscon, and cn:console
#
cn:*						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY,MOD_GETDEVLABEL	\
	attr_mac_policy=DR_MAC_ANY,DW_MAC_EQ

eeprom:*						\
	data_mac_policy=DR_MAC_SDOM,DW_MAC_EQ

ffb:*							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=win_dga

kstat:kstat						\
	data_mac_policy=DR_MAC_SDOM,DW_MAC_ODOM	

ksyms:ksyms						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY

iwscn:iwscn						\
	data_mac_policy=DR_MAC_SDOM,DW_MAC_ODOM,MOD_GETDEVLABEL

leo:*							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=win_dga

log:conslog						\
	data_mac_policy=DR_MAC_EQ,DW_MAC_ANY		\
	attr_mac_policy=fab_attr_policy,MOD_FABRICATE

sysmsg:*						\
	data_mac_policy=DR_MAC_EQ,DW_MAC_ANY		\
	attr_mac_policy=fab_attr_policy,MOD_FABRICATE

poll:*							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		

mm:kmem							\
	data_mac_policy=DR_MAC_EQ,DW_MAC_EQ

mm:mem							\
	data_mac_policy=DR_MAC_EQ,DW_MAC_EQ

mm:null							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	attr_mac_policy=DR_MAC_ANY,DW_MAC_EQ

mm:zero							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	attr_mac_policy=DR_MAC_ANY,DW_MAC_EQ

openeepr:*						\
	data_mac_policy=DR_MAC_SDOM,DW_MAC_EQ

ptc:*							\
	data_mac_policy=ptc_data_policy,MOD_AUTO_ALLOC	\
	attr_mac_policy=fab_attr_policy,MOD_FABRICATE

ptm:*							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY,MOD_AUTO_ALLOC

pts:*							\
	data_mac_policy=pts_data_policy,MOD_AUTO_ALLOC

ptsl:*							\
	data_mac_policy=ptsl_data_policy,MOD_AUTO_ALLOC	\
	attr_mac_policy=fab_attr_policy,MOD_FABRICATE

# Streams Administrative Device
sad:admin						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=sys_devices

# /dev/tty is a process private interface
sy:tty							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY

tcx:*							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=win_dga

# Streams Local Transport Provider
tl:*							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	str_type=DSTR_NET

winlock:*							\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY		\
	open_priv=win_dga

# /dev/random
random:*						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY

urandom:*						\
	data_mac_policy=DR_MAC_ANY,DW_MAC_ANY
