The following types of software can be added to the Trusted Solaris operating environment:
Sun software products and third-party applications that neither understand nor enforce Trusted Solaris security policy
New programs, created using Trusted Solaris programming interfaces, that understand labels and MAC (mandatory access control) and that work within Trusted Solaris security policy
New actions (created or approved by the Security Administrator role)
Shell scripts (created or approved by the Security Administrator role)
Additions to or modifications to commands that run during boot in run control scripts
Two distinct roles handle software evaluation and installation, the System Administrator role and the Security Administrator role.
The System Administrator role installs software that meets the following criteria:
Does not need to run with privilege
Does not need to run with an effective UID or GID that differs from the real UID or GID of the invoking user
Does not need to run at multiple labels
Does not need to be added to a public directory
The System Administrator role also controls who can bring in software by granting or denying the device allocation authorization to individual users. An account with the device allocation authorization can import or export data at any single label within that user's clearance.
The Security Adminstrator evaluates software for its ability to be trusted. As configured in the default system, the Security Administrator role can do the following:
Import and export software at multiple labels
Install software programs and CDE actions at ADMIN_LOW
in the public directories (such as /etc and /etc/dt/appconfig ) that allow use of the programs or actions by multiple users at all labels.
Determine what privileges a program requires to succeed.
Assign privileges to program files.
Assign privileges that are in effect when a command or action is executed in a trusted process.
Because applications and shell scripts, whether they are externally or internally obtained, are added to a site's rights profiles as commands, the term command in this chapter refers to applications, site-developed executable programs, and shell scripts.
See "Assigning Privileges" and the following sections, which define what it means for a program file to have privileges and for a command or action to inherit privileges.
See the Trusted Solaris Developer's Guide for how programmers can manipulate privileges.