#
# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident	"@(#)device_policy	1.11	06/06/19 SMI"
#
# Device policy configuration file.   When devices are opened the
# additional access controls in this file are enforced.
#
# The format of this file is subject to change without notice.
#
# Default open privileges, must be first entry in the file.
#

*		read_priv_set=none		write_priv_set=none

#
# Kernel memory devices.
#
mm:allkmem	read_priv_set=all		write_priv_set=all
mm:kmem		read_priv_set=none		write_priv_set=all
mm:mem		read_priv_set=none		write_priv_set=all

sad:admin	read_priv_set=sys_config	write_priv_set=sys_config

rtvc:rtvc*					write_priv_set=none
rtvc:rtvcctl*					write_priv_set=sys_config
#
# Socket interface access permissions.
#
icmp		read_priv_set=net_icmpaccess	write_priv_set=net_icmpaccess
icmp6		read_priv_set=net_icmpaccess	write_priv_set=net_icmpaccess
ip		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
ip6		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
keysock		read_priv_set=sys_net_config	write_priv_set=sys_net_config
ipsecah		read_priv_set=sys_net_config	write_priv_set=sys_net_config
ipsecesp	read_priv_set=sys_net_config	write_priv_set=sys_net_config
spdsock		read_priv_set=sys_net_config	write_priv_set=sys_net_config
#
# Raw network interface access permissions
#
bge		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
ce		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
dmfe		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
eri		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
ge		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
hme		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
ibd		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
le		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
pcelx		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
qfe		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
aggr		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
#
# Virtual network interface access permission
#
vni		read_priv_set=net_rawaccess	write_priv_set=net_rawaccess
#
# Disk devices.
#
md:admin					write_priv_set=sys_config
fssnap:ctl	read_priv_set=sys_config	write_priv_set=sys_config
#
# Other devices that require a privilege to open.
#
envctrltwo	read_priv_set=sys_config	write_priv_set=sys_config
random						write_priv_set=sys_devices
openeepr					write_priv_set=all
dld:ctl		read_priv_set=sys_net_config	write_priv_set=sys_net_config
aggr:ctl	read_priv_set=sys_net_config	write_priv_set=sys_net_config
#
# IP Filter
#
ipf             read_priv_set=sys_net_config    write_priv_set=sys_net_config
pfil            read_priv_set=net_rawaccess     write_priv_set=net_rawaccess

