To Set or Modify Device Policy for a Device

1. Assume the Security Administrator role and go to an ADMIN_LOW workspace.

2. Determine the driver_name and minor_name and the device special file names for the device.

3. For an existing device, find the device name and minor name by doing a long listing of the device.

   # ls -l /dev/dsk/c0t6d0s2 lrwxrwxrwx 1 root root 51 Feb 29 1998 /dev/dsk/c0t6d0s2 -> ../../devices/sbus@1f,0/SUNW,fas@e,8800000/sd@6,0:c

   In the final element of the pathname, the string before the @ character is the driver name (sd in the example above) and the string after the colon is the minor name, (c in the example above).

4. For a new device, do the following.

   1. Consult the hardware documentation for the device to obtain the device name and minor name and a list of all the physical device names.

      See also, Writing Device Drivers.

   2. Create a new entry for the device in the /etc/security/device_maps file.

      The name used for the device is arbitrary. In the third field, list all the physical device names for the device.The example shows all the physical and logical device names for the cdrom_0 device.

      cdrom_0:\ sr:\ /dev/sr0 /dev/rsr0 /dev/dsk/c0t6d0s0 /dev/dsk/c0t6d0s1 /dev/dsk/c0t6d0s2 /dev/dsk/c0t6d0s3 /dev/dsk/c0t6d0s4 /dev/dsk/c0t6d0s5 /dev/dsk/c0t6d0s6 /dev/dsk/c0t6d0s7 /dev/rdsk/c0t6d0s0 /dev/rdsk/c0t6d0s1 /dev/rdsk/c0t6d0s2 /dev/rdsk/c0t6d0s3 /dev/rdsk/c0t6d0s4 /dev/rdsk/c0t6d0s5 /dev/rdsk/c0t6d0s6 /dev/rdsk/c0t6d0s7:\

5. Use the Admin Editor action to open the /etc/security/tsol/device_policy file for editing.

6. When the default policy for devices is not consistent with your site's security policy, create a specific entry or a wildcard entry for a new device or modify an existing entry for an already-specified device.

   The default device policy is as shown in Table 12-1. For how to specify alternate policy settings, see the device_policy(4) man page.

7. Write the file and exit the editor.