SunSHIELD Basic Security Module Guide

Device-Clean Scripts

The device-clean scripts address the security requirement that all usable data is purged from a physical device before reuse. By default, cartridge tape drives, diskette drives, CD-ROM devices, and audio devices require device-clean scripts, which are provided. This section describes what the device-clean scripts do.

Object Reuse

Device allocation satisfies part of the object-reuse requirement. The device-clean scripts make sure that data left on a device by one user is cleared before the device is allocatable by another user.

Device-Clean Script for Tapes

The three supported tape devices and the device-clean script for each are shown in Table 4-2.

Table 4-2 Device-Clean Script for the Three Supported Tape Devices

Tape Device Type 

Device-Clean Script 

SCSI 1/4-inch tape 

st_clean

Archive 1/4-inch tape 

st_clean

Open-reel 1/2-inch tape 

st_clean

The script uses the rewoffl option to mt to affect the device cleanup. See the mt(1) man page. If the script runs during system boot, it queries the device to see if the device is online and has media in it.

The 1/4-inch tape devices that have media remaining are placed in the allocate error state to force the administrator to clean up the device manually.

During the normal system operation, when allocate or deallocate is executed in the interactive mode, the user is prompted to remove the media from the device being deallocated. The script pauses until the media is removed from the device.

Device-Clean Scripts for Diskettes and CD-ROM

The device-clean scripts for the diskettes and CD-ROM devices are shown in Table 4-3.

Table 4-3 Device-Clean Scripts for the Diskette and CD-ROM Device

Disk Device Type 

Device-Clean Script 

diskette 

fd_clean

CD-ROM  

sr_clean

The scripts use the eject command to remove the media from the drive. See the eject(1) man page. If eject fails, the device is placed in the allocate error state.

Device-Clean Script for Audio

The audio device is cleaned up with an audio-clean script. The script performs an AUDIO_DRAIN ioctl system call to flush the device, then an AUDIO_SETINFO ioctl system call to reset the device configuration to default. In addition, the script retrieves the audio chip registers using the AUDIOGETREG ioctl system call. Any registers deviating from default are reset using the AUDIOSETREG ioctl system call.

Writing New Device-Clean Scripts

If you add more allocatable devices to the system, you might need to create your own device-clean scripts. The deallocate command passes a parameter to the device-clean scripts. The parameter, shown here, is a string that contains the device name (see the device_allocate(4) man page):


st_clean -[I|F|S] device-name

Device-clean scripts must return 0 for success and greater than 0 for failure. The options -I, -F, and -S help the script determine its running mode.

-I is needed during system boot only. All output must go to the system console. Failure or inability to forcibly eject the media must put the device in the allocate error state.

-F is for forced cleanup. This option is interactive and assumes that the user is there to respond to prompts. A script with this option must attempt to complete the cleanup if one part of the cleanup fails.

-S is for standard cleanup. This option is interactive and assumes that the user is there to respond to prompts.