Mercurial Mercurial > upstream > illumos > illumos-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
usr/src/pkgdefs/common_files/i.devpolicy
author Sebastien Roy <Sebastien.Roy@Sun.COM>
Tue, 26 Aug 2008 19:16:34 -0400
changeset 7408 eff7960d93cd
parent 5181 b280720be441
child 8023 faf256d5c16c
permissions -rw-r--r--
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration 6695904 least privileges for datalink actions 6729477 pcwl accidentally requires privileges for WLAN_GET_PARAM ioctl 6679049 ucred_t leak in dlmgmtd 6738245 dld's _init() doesn't teardown if mod_install() fails 6738987 i.devpolicy pattern matching accidentally matches random lines
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
     1
 
#!/bin/sh
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
     2
 
#
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
     3
 
# CDDL HEADER START
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
     4
 
#
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
     5
 
# The contents of this file are subject to the terms of the
1804
102112240ff7 6312408 DDI_NT_MAC macro definition should be removed
ericheng
parents: 907
diff changeset 
     6
 
# Common Development and Distribution License (the "License").
102112240ff7 6312408 DDI_NT_MAC macro definition should be removed
ericheng
parents: 907
diff changeset 
     7
 
# You may not use this file except in compliance with the License.
0
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
     8
 
#
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
     9
 
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    10
 
# or http://www.opensolaris.org/os/licensing.
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    11
 
# See the License for the specific language governing permissions
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    12
 
# and limitations under the License.
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    13
 
#
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    14
 
# When distributing Covered Code, include this CDDL HEADER in each
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    15
 
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    16
 
# If applicable, add the following below this CDDL HEADER, with the
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    17
 
# fields enclosed by brackets "[]" replaced with your own identifying
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    18
 
# information: Portions Copyright [yyyy] [name of copyright owner]
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    19
 
#
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    20
 
# CDDL HEADER END
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    21
 
#
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    22
 
#
7408
eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
Sebastien Roy <Sebastien.Roy@Sun.COM>
parents: 5181
diff changeset 
    23
 
# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
0
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    24
 
# Use is subject to license terms.
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    25
 
#
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    26
 
#  NOTE:  When a change is made to the source file for
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    27
 
#  /etc/security/device_policy a corresponding change must be made to
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    28
 
#  this class-action script.
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    29
 
#
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    30
 
while read src dest
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    31
 
do
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    32
 
	if [ ! -f $dest ] ; then
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    33
 
		cp $src $dest
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    34
 
		continue
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    35
 
	fi
68f95e015346 OpenSolaris Launch
stevel@tonic-gate
parents:
diff changeset 
    36
 












68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    37


	# changes













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    38


	cp $dest $dest.$$













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    39


	sed < $dest.$$ > $dest \













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    40


	    -e '/md:admin/s/read_priv_set=sys_config/			/' \













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    41


	    -e '/^icmp[ 	]*read_priv_set=net_rawaccess[ 	]*write_priv_set=net_rawaccess$/d' \








3448






aaf16568054b
PSARC 2006/366 IP Instances



dh155122


parents: 
2419

diff
changeset




    42


	    -e '/^icmp6[ 	]*read_priv_set=net_rawaccess[ 	]*write_priv_set=net_rawaccess$/d' \













aaf16568054b
PSARC 2006/366 IP Instances



dh155122


parents: 
2419

diff
changeset




    43


	    -e '/^keysock[ 	]*read_priv_set=sys_net_config[ 	]*write_priv_set=sys_net_config$/d' \













aaf16568054b
PSARC 2006/366 IP Instances



dh155122


parents: 
2419

diff
changeset




    44


	    -e '/^ipsecah[ 	]*read_priv_set=sys_net_config[ 	]*write_priv_set=sys_net_config$/d' \













aaf16568054b
PSARC 2006/366 IP Instances



dh155122


parents: 
2419

diff
changeset




    45


	    -e '/^ipsecesp[ 	]*read_priv_set=sys_net_config[ 	]*write_priv_set=sys_net_config$/d' \













aaf16568054b
PSARC 2006/366 IP Instances



dh155122


parents: 
2419

diff
changeset




    46


	    -e '/^spdsock[ 	]*read_priv_set=sys_net_config[ 	]*write_priv_set=sys_net_config$/d' \








4962






44219572abba
6557414 autopush doesn't work in exclusive-IP zones



dh155122


parents: 
3448

diff
changeset




    47


	    -e '/^ipf[ 	]*read_priv_set=sys_net_config[ 	]*write_priv_set=sys_net_config$/d' \













44219572abba
6557414 autopush doesn't work in exclusive-IP zones



dh155122


parents: 
3448

diff
changeset




    48


	    -e '/^sad:admin[ 	]*read_priv_set=sys_config[ 	]*write_priv_set=sys_config$/d'








0






68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    49














68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    50


	rm -f $dest.$$













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    51














68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    52


	# potential additions








7408






eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration



Sebastien Roy <Sebastien.Roy@Sun.COM>


parents: 
5181

diff
changeset




    53


	additions="aggr bge dnet keysock ibd icmp icmp6 ipsecah ipsecesp openeepr random spdsock vni ipf pfil scsi_vhci"








0






68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    54














68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    55


	for dev in $additions













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    56


	do













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    57


		# if an entry for this driver exists in the source













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    58


		# file...








7408






eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration



Sebastien Roy <Sebastien.Roy@Sun.COM>


parents: 
5181

diff
changeset




    59


		grep "^$dev[ 	]" $src > /dev/null 2>&1








0






68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    60


		if [ $? = 0 ] ; then













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    61


			# ...and no entry exists in the destination













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    62


			# file...








7408






eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration



Sebastien Roy <Sebastien.Roy@Sun.COM>


parents: 
5181

diff
changeset




    63


			grep "^$dev[ 	]" $dest > /dev/null 2>&1








0






68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    64


			if [ $? != 0 ] ; then













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    65


				# ...then add the entry from













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    66


				# the source file to the













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    67


				# destination file.








7408






eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration



Sebastien Roy <Sebastien.Roy@Sun.COM>


parents: 
5181

diff
changeset




    68


				grep "^$dev[ 	]" $src >> $dest








0






68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    69


			fi













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    70


		fi













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    71


	done













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    72














68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    73


	# potential deletions








7408






eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration



Sebastien Roy <Sebastien.Roy@Sun.COM>


parents: 
5181

diff
changeset




    74


	deletions="elx dld dld:ctl aggr:ctl vnic:ctl le"








0






68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    75














68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    76


	for dev in $deletions













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    77


	do













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    78


		# if an entry for this driver exists in the destination













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    79


		# file...








7408






eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration



Sebastien Roy <Sebastien.Roy@Sun.COM>


parents: 
5181

diff
changeset




    80


		grep "^$dev[ 	]" $dest > /dev/null 2>&1








0






68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    81


		if [ $? = 0 ] ; then













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    82


			# ...and no entry exists in the source













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    83


			# file...








1804






102112240ff7
6312408 DDI_NT_MAC macro definition should be removed



ericheng


parents: 
907

diff
changeset




    84


			grep "$dev[ 	]" $src > /dev/null 2>&1








0






68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    85


			if [ $? != 0 ] ; then













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    86


				# ...then remove the entry from













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    87


				# the destination file.













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    88


				cp $dest $dest.$$








7408






eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration



Sebastien Roy <Sebastien.Roy@Sun.COM>


parents: 
5181

diff
changeset




    89


				grep -v "^$dev[ 	]" $dest.$$ > $dest








0






68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    90


				rm -f $dest.$$













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    91


			fi













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    92


		fi













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    93


	done













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    94


done













68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    95














68f95e015346
OpenSolaris Launch



stevel@tonic-gate


parents: 

diff
changeset




    96


exit 0















upstream/illumos/illumos-gate