Home | History | Annotate | Download | only in common_files
      1 #!/bin/sh
      2 #
      3 # CDDL HEADER START
      4 #
      5 # The contents of this file are subject to the terms of the
      6 # Common Development and Distribution License (the "License").
      7 # You may not use this file except in compliance with the License.
      8 #
      9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
     10 # or http://www.opensolaris.org/os/licensing.
     11 # See the License for the specific language governing permissions
     12 # and limitations under the License.
     13 #
     14 # When distributing Covered Code, include this CDDL HEADER in each
     15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     16 # If applicable, add the following below this CDDL HEADER, with the
     17 # fields enclosed by brackets "[]" replaced with your own identifying
     18 # information: Portions Copyright [yyyy] [name of copyright owner]
     19 #
     20 # CDDL HEADER END
     21 #
     22 #
     23 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
     24 # Use is subject to license terms.
     25 #
     26 #  NOTE:  When a change is made to the source file for
     27 #  /etc/security/device_policy a corresponding change must be made to
     28 #  this class-action script.
     29 #
     30 while read src dest
     31 do
     32 	if [ ! -f $dest ] ; then
     33 		cp $src $dest
     34 		continue
     35 	fi
     36 
     37 	# changes
     38 	cp $dest $dest.$$
     39 	sed < $dest.$$ > $dest \
     40 	    -e '/md:admin/s/read_priv_set=sys_config/			/' \
     41 	    -e '/^icmp[ 	]*read_priv_set=net_rawaccess[ 	]*write_priv_set=net_rawaccess$/d' \
     42 	    -e '/^icmp6[ 	]*read_priv_set=net_rawaccess[ 	]*write_priv_set=net_rawaccess$/d' \
     43 	    -e '/^keysock[ 	]*read_priv_set=sys_net_config[ 	]*write_priv_set=sys_net_config$/d' \
     44 	    -e '/^ipsecah[ 	]*read_priv_set=sys_net_config[ 	]*write_priv_set=sys_net_config$/d' \
     45 	    -e '/^ipsecesp[ 	]*read_priv_set=sys_net_config[ 	]*write_priv_set=sys_net_config$/d' \
     46 	    -e '/^spdsock[ 	]*read_priv_set=sys_net_config[ 	]*write_priv_set=sys_net_config$/d' \
     47 	    -e '/^ipf[ 	]*read_priv_set=sys_net_config[ 	]*write_priv_set=sys_net_config$/d' \
     48 	    -e '/^sad:admin[ 	]*read_priv_set=sys_config[ 	]*write_priv_set=sys_config$/d'
     49 
     50 	rm -f $dest.$$
     51 
     52 	# potential additions
     53 	additions="aggr bge dnet keysock ibd icmp icmp6 ipsecah ipsecesp openeepr random spdsock vni ipf pfil scsi_vhci"
     54 
     55 	for dev in $additions
     56 	do
     57 		# if an entry for this driver exists in the source
     58 		# file...
     59 		grep "^$dev[ 	]" $src > /dev/null 2>&1
     60 		if [ $? = 0 ] ; then
     61 			# ...and no entry exists in the destination
     62 			# file...
     63 			grep "^$dev[ 	]" $dest > /dev/null 2>&1
     64 			if [ $? != 0 ] ; then
     65 				# ...then add the entry from
     66 				# the source file to the
     67 				# destination file.
     68 				grep "^$dev[ 	]" $src >> $dest
     69 			fi
     70 		fi
     71 	done
     72 
     73 	# potential deletions
     74 	deletions="elx dld dld:ctl aggr:ctl vnic:ctl le"
     75 
     76 	for dev in $deletions
     77 	do
     78 		# if an entry for this driver exists in the destination
     79 		# file...
     80 		grep "^$dev[ 	]" $dest > /dev/null 2>&1
     81 		if [ $? = 0 ] ; then
     82 			# ...and no entry exists in the source
     83 			# file...
     84 			grep "$dev[ 	]" $src > /dev/null 2>&1
     85 			if [ $? != 0 ] ; then
     86 				# ...then remove the entry from
     87 				# the destination file.
     88 				cp $dest $dest.$$
     89 				grep -v "^$dev[ 	]" $dest.$$ > $dest
     90 				rm -f $dest.$$
     91 			fi
     92 		fi
     93 	done
     94 done
     95 
     96 exit 0
     97