1 #! /bin/sh 2 # 3 # CDDL HEADER START 4 # 5 # The contents of this file are subject to the terms of the 6 # Common Development and Distribution License (the "License"). 7 # You may not use this file except in compliance with the License. 8 # 9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 # or http://www.opensolaris.org/os/licensing. 11 # See the License for the specific language governing permissions 12 # and limitations under the License. 13 # 14 # When distributing Covered Code, include this CDDL HEADER in each 15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 # If applicable, add the following below this CDDL HEADER, with the 17 # fields enclosed by brackets "[]" replaced with your own identifying 18 # information: Portions Copyright [yyyy] [name of copyright owner] 19 # 20 # CDDL HEADER END 21 # 22 23 # 24 # Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25 # Use is subject to license terms. 26 # 27 28 # 29 # NOTE: When a change is made to the source file for 30 # /etc/minor_perm, a corresponding change must be made to 31 # this class-action script. 32 # 33 # - If an existing entry in minor_perm is having its 34 # attributes e.g. permissions, ownership changed, 35 # add it to the list produced by make_chattr_list below. 36 # 37 # - If an existing entry must be deleted, add it to 38 # the list produced by make_delete_list below. 39 # 40 # - If a new entry must be added to the file, add it to the 41 # list produced by make_add_list. 42 # 43 # - If a new entry is being added to minor_perm, but there 44 # may already be devices of that name on the system (e.g. 45 # we used the system default permissions in a previous release), 46 # and those old devices now need to have their attributes changed, 47 # add it to the make_chattr_list AND the make_add_list lists 48 # 49 50 # 51 # If an entry in /etc/minor_perm needs to have its attributes 52 # changed, identify the entry in the list copied to /etc/chattr.$$ 53 # by this function. The fields are: 54 # 55 # <device>:<minor> <old_attrs> <new_attrs> <optional list of logical 56 # devices whose attributes 57 # will need to be changed> 58 # 59 # where an <attribute list> := <perm> <user> <group> 60 # 61 62 make_chattr_list() { 63 cat > /tmp/chattr.$$ << EOF 64 audio:* 0666 root sys 0600 root sys /dev/sound/* 65 vol:volctl 0600 root sys 0666 root sys /dev/volctl 66 sad:user 0600 root sys 0666 root sys /dev/sad/user 67 se:* 0666 root sys 0600 uucp uucp /dev/cua/* 68 zs:* 0666 root sys 0600 uucp uucp /dev/cua/* 69 su:* 0666 root sys 0600 uucp uucp /dev/cua/* 70 ssd:* 0666 root sys 0640 root sys /dev/dsk/* /dev/rdsk/* 71 dad:* 0600 root sys 0640 root sys /dev/dsk/* /dev/rdsk/* 72 cpc:* 0600 root sys 0666 root sys /devices/pseudo/cpc* 73 log:conslog 0622 root sys 0666 root sys /dev/conslog 74 sy:tty 0666 root sys 0666 root tty /dev/tty 75 cvc:* 0666 root sys 0600 root sys 76 cvcredir:* 0666 root sys 0600 root sys 77 ssm:* 0600 root sys 0640 root sys /devices/ssm*:* 78 icmp:icmp 0600 root sys 0666 root sys /dev/rawip 79 icmp6:icmp6 0600 root sys 0666 root sys /dev/rawip6 80 ip:ip 0660 root sys 0666 root sys /dev/ip 81 ip6:ip6 0660 root sys 0666 root sys /dev/ip6 82 rts:rts 0660 root sys 0666 root sys /dev/rts 83 keysock:keysock 0600 root sys 0666 root sys /dev/keysock 84 ipsecah:ipsecah 0600 root sys 0666 root sys /dev/ipsecah 85 ipsecesp:ipsecesp 0600 root sys 0666 root sys /dev/ipsecesp 86 spdsock:spdsock 0600 root sys 0666 root sys /dev/spdsock 87 sad:admin 0600 root sys 0666 root sys /dev/sad/admin 88 fssnap:ctl 0600 root sys 0666 root sys /dev/fssnapctl 89 fssnap:* 0600 root sys 0640 root sys /dev/fssnap/* 90 clone:ce 0600 root sys 0666 root sys /dev/ce 91 clone:eri 0600 root sys 0666 root sys /dev/eri 92 clone:ge 0600 root sys 0666 root sys /dev/ge 93 clone:hme 0600 root sys 0666 root sys /dev/hme 94 clone:qfe 0600 root sys 0666 root sys /dev/qfe 95 clone:bge 0600 root sys 0666 root sys /dev/bge 96 clone:igb 0600 root sys 0666 root sys /dev/igb 97 clone:ixgbe 0600 root sys 0666 root sys /dev/ixgbe 98 clone:myri10ge 0600 root sys 0666 root sys /dev/myri10ge 99 clone:rge 0600 root sys 0666 root sys /dev/rge 100 clone:xge 0600 root sys 0666 root sys /dev/xge 101 clone:nge 0600 root sys 0666 root sys /dev/nge 102 clone:e1000g 0666 root root 0666 root sys /dev/e1000g 103 clone:chxge 0600 root sys 0666 root sys /dev/chxge 104 clone:vsw 0600 root sys 0666 root sys /dev/vsw 105 clone:vnet 0600 root sys 0666 root sys /dev/vnet 106 clone:pcwl 0600 root sys 0666 root sys /dev/pcwl 107 clone:pcan 0600 root sys 0666 root sys /dev/pcan 108 clone:afe 0600 root sys 0666 root sys /dev/afe 109 clone:mxfe 0600 root sys 0666 root sys /dev/mxfe 110 clone:rtls 0600 root sys 0666 root sys /dev/rtls 111 bge:* 0600 root sys 0666 root sys /dev/bge* 112 igb:* 0600 root sys 0666 root sys /dev/igb* 113 ixgbe:* 0600 root sys 0666 root sys /dev/ixgbe* 114 myri10ge:* 0600 root sys 0666 root sys /dev/myri10ge* 115 rge:* 0600 root sys 0666 root sys /dev/rge* 116 xge:* 0600 root sys 0666 root sys /dev/xge* 117 nge:* 0600 root sys 0666 root sys /dev/nge* 118 e1000g:* 0666 root root 0666 root sys /dev/e1000g* 119 chxge:* 0600 root sys 0666 root sys /dev/chxge* 120 vsw:* 0600 root sys 0666 root sys /dev/vsw* 121 vnet:* 0600 root sys 0666 root sys /dev/vnet* 122 pcwl:* 0600 root sys 0666 root sys /dev/pcwl* 123 pcan:* 0600 root sys 0666 root sys /dev/pcan* 124 clone:dmfe 0600 root sys 0666 root sys /dev/dmfe 125 dmfe:* 0600 root sys 0666 root sys /dev/dmfe* 126 clone:pcelx 0600 root sys 0666 root sys /dev/pcelx 127 pcelx:* 0600 root sys 0666 root sys /dev/pcelx* 128 afe:* 0600 root sys 0666 root sys /dev/afe* 129 mxfe:* 0600 root sys 0666 root sys /dev/mxfe* 130 rtls:* 0600 root sys 0666 root sys /dev/rtls* 131 ipf:* 0600 root sys 0666 root sys /dev/ipf 132 pfil:* 0600 root sys 0666 root sys /dev/pfil 133 scsi_vhci:devctl 0600 root sys 0666 root sys /devices/scsi_vhci:devctl 134 fbt:fbt 0600 root sys 0644 root sys /dev/dtrace/provider/fbt 135 lockstat:* 0600 root sys 0644 root sys /dev/dtrace/provider/lockstat 136 profile:profile 0600 root sys 0644 root sys /dev/dtrace/provider/profile 137 sdt:sdt 0600 root sys 0644 root sys /dev/dtrace/provider/sdt 138 systrace:systrace 0600 root sys 0644 root sys /dev/dtrace/provider/systrace 139 EOF 140 } 141 142 143 # 144 # If an entry in /etc/minor_perm needs to be deleted, identify 145 # the entry in the list copied to /etc/delete.$$ by this function. 146 # The fields are: 147 # 148 # <device>:<minor> <optional list of logical devices to be deleted> 149 # 150 151 make_delete_list() { 152 cat > /tmp/delete.$$ << EOF 153 mm:mbio /dev/mbio /devices/pseudo/mm:mbio 154 mm:mbmem /dev/mbmem /devices/pseudo/mm:mbmem 155 clone:amd,0,aux,audio 156 sw:drum 157 rip:rawip 158 zs:* 159 consfb:consfb 160 win:* 161 rtvc:* 162 gt:* 163 mic:* 164 cgeight-p4:* 165 cgfour:* 166 cgtwo:* 167 id:* 168 xd:* 169 xt:* 170 xy:* 171 ie:* 172 be:* 173 se:ucm 174 se:ucmctl 175 clone:arp 176 clone:icmp 177 clone:ip 178 clone:tcp 179 clone:udp 180 clone:rts 181 clone:ipsecah 182 clone:ipsecesp 183 clone:keysock 184 clone:le 185 su:* 186 profile:profile 187 clone:qe 188 cgfourteen:* 189 cgeight:* 190 SUNW,sx:* 191 sx_cmem:* 192 stc:* 193 dbri:* 194 SUNW,DBRId:* 195 SUNW,DBRIe:* 196 SUNW,DBRIf:* 197 vni:* 198 EOF 199 } 200 201 # 202 # If an entry needs to be added to /etc/minor_perm, add the first 203 # field of the entry to the list created by this function. The 204 # remainder of the entry will be extracted from the /etc/minor_perm 205 # in the package being installed, so it is not necessary to supply 206 # it here. 207 # 208 209 make_add_list() { 210 cat > /tmp/add.$$ << EOF 211 clone:llc1 212 stc:* 213 mcpzsa:* 214 mcpp:* 215 vol:volctl 216 tl:* 217 tnf:tnfctl 218 tnf:tnfmap 219 zs:[a-z] 220 zs:[a-z],cu 221 sad:user 222 se:* 223 su:[a-z] 224 su:[a-z],cu 225 su:ssp 226 su:sspctl 227 fdthree:* 228 ssd:* 229 dad:* 230 pm:* 231 tod:* 232 SUNW,pmc:* 233 SUNW,mic:* 234 SUNW,fas:devctl 235 cvc:* 236 cvcredir:* 237 devinfo:devinfo 238 envctrltwo:* 239 se:[a-h] 240 se:[a-h],cu 241 se:[0-7],hdlc 242 se:ssp 243 se:sspctl 244 clone:hme 245 clone:eri 246 wc:* 247 arp:arp 248 icmp:icmp 249 icmp6:icmp6 250 ip:ip 251 ip6:ip6 252 ipnet:lo0 253 tcp:tcp 254 tcp6:tcp6 255 udp:udp 256 udp6:udp6 257 rts:rts 258 poll:* 259 pool:pool 260 pool:poolctl 261 cpc:shared 262 sysmsg:msglog 263 sysmsg:sysmsg 264 ipsecah:ipsecah 265 ipsecesp:ipsecesp 266 keysock:keysock 267 spdsock:spdsock 268 devinfo:devinfo,ro 269 lofi:* 270 lofi:ctl 271 sgen:* 272 fssnap:* 273 fssnap:ctl 274 pcf8574:* 275 pcf8591:* 276 gpio_87317:* 277 rsm:* 278 random:* 279 mm:allkmem 280 ssm:* 281 bscv:* 282 clone:bge 283 clone:igb 284 clone:ixgbe 285 clone:myri10ge 286 clone:rge 287 clone:xge 288 clone:nge 289 clone:e1000g 290 clone:chxge 291 clone:vsw 292 clone:vnet 293 clone:pcwl 294 clone:pcan 295 clone:afe 296 clone:mxfe 297 clone:rtls 298 bge:* 299 igb:* 300 ixgbe:* 301 myri10ge:* 302 rge:* 303 xge:* 304 nge:* 305 e1000g:* 306 chxge:* 307 vsw:* 308 vnet:* 309 pcwl:* 310 pcan:* 311 afe:* 312 mxfe:* 313 rtls:* 314 clone:dmfe 315 dmfe:* 316 clone:pcelx 317 pcelx:* 318 clone:ibd 319 ibd:* 320 sysevent:* 321 ramdisk:* 322 ramdisk:ctl 323 cryptoadm:cryptoadm 324 crypto:crypto 325 dtrace:* 326 fasttrap:fasttrap 327 ipf:* 328 pfil:* 329 bl:* 330 sctp:* 331 sctp6:* 332 dlpistub:* 333 cpuid:self 334 ntwdt:* 335 dld:* 336 mdesc:* 337 zfs:* 338 zfs:zfs 339 scsi_vhci:* 340 kssl:* 341 fbt:fbt 342 profile:profile 343 sdt:sdt 344 softmac:* 345 systrace:systrace 346 physmem:* 347 smbsrv:* 348 vscan:* 349 nsmb:* 350 bmc:bmc 351 iptunq:* 352 fm:* 353 clone:bridge 354 EOF 355 } 356 357 PATH="/sbin:/usr/sbin:/usr/bin:/usr/sadm/install/bin" 358 export PATH 359 360 # Internal routine to create a sed script which can be used to 361 # escape all shell globbing metacharacters in a path. 362 363 create_esc_sedscript() 364 { 365 cat > /tmp/esc.sed.$$ << EOF 366 s/\*/\\\\*/g 367 s/\?/\\\\?/g 368 s/\[/\\\\[/g 369 s/\]/\\\\]/g 370 EOF 371 } 372 373 # Internal routine to convert an entry in a /tmp/chwhatever.$$ file to 374 # an appropriately escaped pattern which can be used to grep into minor_perm. 375 376 entry2pattern() 377 { 378 # the first argument is the 'key' field from the change file. 379 # entries can contain shell globbing characters to match 380 # several devices - hence all the palaver below. 381 382 printf '%s' `echo "$1" | sed \ 383 -e 's/\*/\\\\*/g' -e 's/\?/\\\\?/g' \ 384 -e 's/\./\\\\./g' -e 's/\[/\\\\[/g' \ 385 -e 's/\]/\\\\]/g'` 386 shift 387 388 # the remaining optional arguments are tokens separated by white-space 389 390 if [ $# = 0 ] ; then 391 printf '[ \t]' 392 else 393 while [ -n "$1" ] 394 do 395 printf '[ \t][ \t]*%s' $1 396 shift 397 done 398 printf '[ \t]*$' 399 fi 400 } 401 402 while read src dest 403 do 404 if [ ! -f $dest ] ; then 405 cp $src $dest 406 else 407 rm -f /tmp/*.$$ 408 create_esc_sedscript 409 make_chattr_list 410 make_delete_list 411 make_add_list 412 413 # 414 # Process the list of devices whose attributes are to be 415 # changed. Find those that actually need to be 416 # applied to the file. For each change that needs 417 # to be applied, add an entry for it to the sed 418 # script that will eventually be applied to the 419 # currently-installed /etc/minor_perm file. Also, 420 # add an entry to the /tmp/chdevs.$$ file, which 421 # contains the list of logical names of devices 422 # whose permissions need to be changed. 423 # 424 425 cat /tmp/chattr.$$ | \ 426 while read key oldp oldu oldg newp newu newg chdevs 427 do 428 do_chdevs=no 429 430 # 431 # First determine whether the device entry 432 # is already in the file, but with the old 433 # permissions. If so, the entry needs to be 434 # modified and the devices in the chdevs list 435 # need to have their permissions and ownerships 436 # changed. 437 # 438 grepstr=`entry2pattern "${key}" $oldp $oldu $oldg` 439 if grep "$grepstr" $dest > /dev/null 2>&1; then 440 echo "s/${grepstr}/$key $newp $newu $newg/" \ 441 >> /tmp/sedscript.$$ 442 do_chdevs=yes 443 fi 444 445 # 446 # Now determine whether the device entry is 447 # in the file at all. If not, it is a new 448 # entry, but there may already be devices 449 # on the system whose permissions need to 450 # be changed. 451 # 452 grepstr=`entry2pattern "${key}"` 453 grep "${grepstr}" $dest > /dev/null 2>&1 454 if [ $? != 0 ] ; then 455 do_chdevs=yes 456 fi 457 458 if [ $do_chdevs = yes -a "$chdevs" != "" ] ; then 459 xchdevs=`echo "$chdevs" | \ 460 sed -f /tmp/esc.sed.$$` 461 for m in $xchdevs ; do 462 echo "$m" $oldp $oldu $oldg \ 463 $newp $newu $newg >> /tmp/chdevs.$$ 464 done 465 fi 466 done 467 468 # 469 # Make sure /dev/volctl gets its permissions corrected. 470 # (systems upgraded from 2.2 to 2.3 may have a correct 471 # entry for /dev/volctl in the /etc/minor_perm file 472 # but the actual /dev/volctl node may have the wrong 473 # permissions.) 474 # 475 476 echo /dev/volctl 0600 root sys 0666 root sys >> /tmp/chdevs.$$ 477 478 if [ -s /tmp/chdevs.$$ ] ; then 479 sort -u /tmp/chdevs.$$ > /tmp/tmp.$$ 480 mv /tmp/tmp.$$ /tmp/chdevs.$$ 481 fi 482 483 # 484 # Process the list of devices to be deleted. 485 # Find those that actually need to be deleted 486 # from the file. For each entry to be deleted, 487 # add an entry for it to the sed script that will 488 # eventually be applied to the currently-installed 489 # /etc/minor_perm file. Also, add an entry to the 490 # /tmp/deldevs.$$ file, which contains the list of 491 # logical names of devices to be deleted. 492 # 493 494 cat /tmp/delete.$$ | while read key deldevs 495 do 496 grepstr=`entry2pattern "${key}"` 497 if grep "$grepstr" $dest > /dev/null 2>&1; then 498 echo "/${grepstr}/d" >> /tmp/sedscript.$$ 499 if [ "$deldevs" != "" ] ; then 500 xdeldevs=`echo "$deldevs" | \ 501 sed -f /tmp/esc.sed.$$` 502 for m in $xdeldevs ; do 503 echo "$m" >> /tmp/deldevs.$$ 504 done 505 fi 506 fi 507 done 508 if [ -s /tmp/deldevs.$$ ] ; then 509 sort -u /tmp/deldevs.$$ > /tmp/tmp.$$ 510 mv /tmp/tmp.$$ /tmp/deldevs.$$ 511 fi 512 513 # 514 # Apply the sed script built above to the 515 # currently-installed /etc/minor_perm file. 516 # 517 518 if [ -s /tmp/sedscript.$$ ] ; then 519 sed -f /tmp/sedscript.$$ $dest > /tmp/tmp.$$ 520 cp /tmp/tmp.$$ $dest 521 fi 522 523 # 524 # Special case code to handle bug in 2.1, 2.2, and 525 # early 2.3 releases: the link from /dev/sound/* 526 # has one extra set of "../"'s in the link. This 527 # doesn't cause problems in normal operation 528 # because ".."'s that would take the search path 529 # higher than the real root are ignored. However, 530 # during upgrade, when the system being upgraded is 531 # mounted at /a, the extra ".." in the link causes 532 # the link to be unresolvable. The link must be 533 # corrected so that the chmod of /dev/sound/* 534 # works. 535 # 536 537 if [ "$PKG_INSTALL_ROOT" != "" -a "$PKG_INSTALL_ROOT" != "/" ] 538 then 539 for i in $PKG_INSTALL_ROOT/dev/sound/* ; do 540 if [ "$i" = "$PKG_INSTALL_ROOT/dev/sound/*" ] 541 then 542 break; 543 fi 544 545 # if it's not a symlink, continue 546 if [ ! -h $i ] ; then 547 continue 548 fi 549 550 ls -L $i >/dev/null 2>&1 551 if [ $? = 0 ] ; then 552 # link is already OK 553 continue 554 fi 555 556 # otherwise, link can't be followed 557 558 # build the correct link 559 link=`ls -l $i | sed 's,.* ,,'` 560 link=`expr $link : '\.\.\/\(.*\)'` 561 if [ "$link" = "" ] ; then 562 continue; 563 fi 564 565 # build a test link 566 rm -f $PKG_INSTALL_ROOT/dev/sound/test.$$ 567 ln -s $link $PKG_INSTALL_ROOT/dev/sound/test.$$ 568 569 # test the link 570 ls -L $PKG_INSTALL_ROOT/dev/sound/test.$$ \ 571 >/dev/null 2>&1 572 573 # it worked, so replace old link with new 574 if [ $? = 0 ] ; then 575 rm -f $i 576 ln -s $link $i 577 fi 578 rm -f $PKG_INSTALL_ROOT/dev/sound/test.$$ 579 done 580 fi 581 582 # For all entries in minor_perm whose attributes had 583 # to be corrected, correct the relevant attributes of the 584 # already-existing devices that correspond to those 585 # entries. 586 # 587 if [ -s /tmp/chdevs.$$ -a "$PKG_INSTALL_ROOT" != "" -a \ 588 "$PKG_INSTALL_ROOT" != "/" ] ; then 589 cat /tmp/chdevs.$$ |\ 590 while read device oldp oldu oldg newp newu newg 591 do 592 # 593 # Note that we take pains -only- to change 594 # the permission/ownership of devices that 595 # have kept their original permissions. 596 # 597 for dev in $PKG_INSTALL_ROOT/$device; do 598 find $dev -follow -perm $oldp -exec \ 599 chmod $newp $dev \; >/dev/null 2>&1 600 find $dev -follow -user $oldu -exec \ 601 chown $newu $dev \; >/dev/null 2>&1 602 find $dev -follow -group $oldg -exec \ 603 chgrp $newg $dev \; >/dev/null 2>&1 604 done 605 done 606 fi 607 608 # 609 # For all entries in minor_perm that were deleted, 610 # remove the /dev entries that point to device nodes 611 # that correspond to those entries. 612 # 613 if [ -s /tmp/deldevs.$$ -a "$PKG_INSTALL_ROOT" != "" -a \ 614 "$PKG_INSTALL_ROOT" != "/" ] ; then 615 cat /tmp/deldevs.$$ | while read device 616 do 617 rm -f $PKG_INSTALL_ROOT/$device 618 done 619 fi 620 621 622 cat /tmp/add.$$ | while read key 623 do 624 grepstr=`entry2pattern "${key}"` 625 grep "$grepstr" $dest > /dev/null 2>&1 626 if [ $? != 0 ] ; then 627 grep "$grepstr" $src >> $dest 628 fi 629 done 630 631 rm -f /tmp/*.$$ 632 fi 633 done 634 635 exit 0 636 637