The SLES operating system is distributed as a collection of packages. A package can include programs,
configuration data, and documentation for the package. Analysis is performed at the file level, except where a
particular package can be treated collectively. A file is included in the TSF for one or more of the following
reasons:
•It contains code, such as the kernel, kernel module, and device drivers, that runs in a privileged
hardware state.
•It enforces the security policy of the system.
•It allows setuid or setgid to a privileged user (for example, root) or group.
•It started as a privileged daemon; an example is one started by /etc/init.d.
•It is software that must function correctly to support the system security mechanisms.
•It is required for system administration.
•It consists of TSF data or configuration files.
•It consists of libraries linked to TSF programs.
There is a distinction between non-TSF user-mode software that can be loaded and run on the system, and
software that must be excluded from the system. The following methods are used to ensure that excluded
software cannot be used to violate the security policies of the system:
•The installation software will not install any device drivers except those required for the installed
hardware. Consequently, excluded device drivers will not be installed even if they are on the
installation media.
•The installation software may change the configuration (for example, mode bits) so that a program
cannot violate the security policy.
10