| author | dh155122 |
| Fri, 19 Jan 2007 16:59:38 -0800 | |
| changeset 3448 | aaf16568054b |
| parent 2419 | 8f63c8665c13 |
| child 4962 | 44219572abba |
| permissions | -rw-r--r-- |
| 0 | 1 |
#!/bin/sh |
2 |
# |
|
3 |
# CDDL HEADER START |
|
4 |
# |
|
5 |
# The contents of this file are subject to the terms of the |
|
|
1804
102112240ff7
6312408 DDI_NT_MAC macro definition should be removed
ericheng
parents:
907
diff
changeset
|
6 |
# Common Development and Distribution License (the "License"). |
|
102112240ff7
6312408 DDI_NT_MAC macro definition should be removed
ericheng
parents:
907
diff
changeset
|
7 |
# You may not use this file except in compliance with the License. |
| 0 | 8 |
# |
9 |
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
10 |
# or http://www.opensolaris.org/os/licensing. |
|
11 |
# See the License for the specific language governing permissions |
|
12 |
# and limitations under the License. |
|
13 |
# |
|
14 |
# When distributing Covered Code, include this CDDL HEADER in each |
|
15 |
# file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
16 |
# If applicable, add the following below this CDDL HEADER, with the |
|
17 |
# fields enclosed by brackets "[]" replaced with your own identifying |
|
18 |
# information: Portions Copyright [yyyy] [name of copyright owner] |
|
19 |
# |
|
20 |
# CDDL HEADER END |
|
21 |
# |
|
22 |
# |
|
23 |
# ident "%Z%%M% %I% %E% SMI" |
|
24 |
# |
|
| 3448 | 25 |
# Copyright 2007 Sun Microsystems, Inc. All rights reserved. |
| 0 | 26 |
# Use is subject to license terms. |
27 |
# |
|
28 |
# NOTE: When a change is made to the source file for |
|
29 |
# /etc/security/device_policy a corresponding change must be made to |
|
30 |
# this class-action script. |
|
31 |
# |
|
32 |
while read src dest |
|
33 |
do |
|
34 |
if [ ! -f $dest ] ; then |
|
35 |
cp $src $dest |
|
36 |
continue |
|
37 |
fi |
|
38 |
||
39 |
# changes |
|
40 |
cp $dest $dest.$$ |
|
41 |
sed < $dest.$$ > $dest \ |
|
42 |
-e '/md:admin/s/read_priv_set=sys_config/ /' \ |
|
43 |
-e '/^icmp[ ]*read_priv_set=net_rawaccess[ ]*write_priv_set=net_rawaccess$/d' \ |
|
| 3448 | 44 |
-e '/^icmp6[ ]*read_priv_set=net_rawaccess[ ]*write_priv_set=net_rawaccess$/d' \ |
45 |
-e '/^keysock[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \ |
|
46 |
-e '/^ipsecah[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \ |
|
47 |
-e '/^ipsecesp[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \ |
|
48 |
-e '/^spdsock[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \ |
|
49 |
-e '/^ipf[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' |
|
| 0 | 50 |
|
51 |
rm -f $dest.$$ |
|
52 |
||
53 |
# potential additions |
|
| 3448 | 54 |
additions="aggr aggr:ctl bge dld:ctl dnet keysock ibd icmp icmp6 ipsecah ipsecesp openeepr random spdsock vni ipf pfil scsi_vhci" |
| 0 | 55 |
|
56 |
for dev in $additions |
|
57 |
do |
|
58 |
# if an entry for this driver exists in the source |
|
59 |
# file... |
|
|
1804
102112240ff7
6312408 DDI_NT_MAC macro definition should be removed
ericheng
parents:
907
diff
changeset
|
60 |
grep "$dev[ ]" $src > /dev/null 2>&1 |
| 0 | 61 |
if [ $? = 0 ] ; then |
62 |
# ...and no entry exists in the destination |
|
63 |
# file... |
|
|
1804
102112240ff7
6312408 DDI_NT_MAC macro definition should be removed
ericheng
parents:
907
diff
changeset
|
64 |
grep "$dev[ ]" $dest > /dev/null 2>&1 |
| 0 | 65 |
if [ $? != 0 ] ; then |
66 |
# ...then add the entry from |
|
67 |
# the source file to the |
|
68 |
# destination file. |
|
|
1804
102112240ff7
6312408 DDI_NT_MAC macro definition should be removed
ericheng
parents:
907
diff
changeset
|
69 |
grep "$dev[ ]" $src >> $dest |
| 0 | 70 |
fi |
71 |
fi |
|
72 |
done |
|
73 |
||
74 |
# potential deletions |
|
|
1804
102112240ff7
6312408 DDI_NT_MAC macro definition should be removed
ericheng
parents:
907
diff
changeset
|
75 |
deletions="elx dld" |
| 0 | 76 |
|
77 |
for dev in $deletions |
|
78 |
do |
|
79 |
# if an entry for this driver exists in the destination |
|
80 |
# file... |
|
|
1804
102112240ff7
6312408 DDI_NT_MAC macro definition should be removed
ericheng
parents:
907
diff
changeset
|
81 |
grep "$dev[ ]" $dest > /dev/null 2>&1 |
| 0 | 82 |
if [ $? = 0 ] ; then |
83 |
# ...and no entry exists in the source |
|
84 |
# file... |
|
|
1804
102112240ff7
6312408 DDI_NT_MAC macro definition should be removed
ericheng
parents:
907
diff
changeset
|
85 |
grep "$dev[ ]" $src > /dev/null 2>&1 |
| 0 | 86 |
if [ $? != 0 ] ; then |
87 |
# ...then remove the entry from |
|
88 |
# the destination file. |
|
89 |
cp $dest $dest.$$ |
|
|
1804
102112240ff7
6312408 DDI_NT_MAC macro definition should be removed
ericheng
parents:
907
diff
changeset
|
90 |
grep -v "$dev[ ]" $dest.$$ > $dest |
| 0 | 91 |
rm -f $dest.$$ |
92 |
fi |
|
93 |
fi |
|
94 |
done |
|
95 |
done |
|
96 |
||
97 |
exit 0 |