From: pebenito@ieee.org (Chris PeBenito)
Date: Sun, 12 Feb 2017 13:35:12 -0500
Subject: [refpolicy] [PATCH 2/2 v2] cups/lpd: read permission for
 cupsd_var_run_t socket files
In-Reply-To: <1486844020.9069.1.camel@trentalancia.net>
References: <1486657515.28070.9.camel@trentalancia.net>
	<1486657583.28070.10.camel@trentalancia.net>
	<339abd26-09c2-fdea-ae9b-53e01ab5cbef@ieee.org>
	<1486844020.9069.1.camel@trentalancia.net>
Message-ID: <3e688c0f-a02c-b9fb-fd40-e70b533e9ef4@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/11/17 15:13, Guido Trentalancia via refpolicy wrote:
> Introduce a new interface in the cups module to read cups socket
> files and call such interface from the lpd module.
>
> Thanks to Christpher PeBenito for revising this patch.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
>  policy/modules/contrib/cups.if |   19 +++++++++++++++++++
>  policy/modules/contrib/lpd.te  |    1 +
>  2 files changed, 20 insertions(+)
>
> diff -pru a/policy/modules/contrib/cups.if b/policy/modules/contrib/cups.if
> --- a/policy/modules/contrib/cups.if	2017-01-24 18:56:19.569106107 +0100
> +++ b/policy/modules/contrib/cups.if	2017-02-11 21:04:00.346144792 +0100
> @@ -128,6 +128,25 @@ interface(`cups_read_pid_files',`
>
>  ########################################
>  ## <summary>
> +##	Read cups socket files.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`cups_read_sock_files',`
> +	gen_require(`
> +		type cupsd_var_run_t;
> +	')
> +
> +	files_search_pids($1)
> +	allow $1 cupsd_var_run_t:sock_file read_sock_file_perms;
> +')
> +
> +########################################
> +## <summary>
>  ##	Execute cups_config in the
>  ##	cups config domain.
>  ## </summary>
> diff -pru a/policy/modules/contrib/lpd.te b/policy/modules/contrib/lpd.te
> --- a/policy/modules/contrib/lpd.te	2016-12-22 23:12:59.385081782 +0100
> +++ b/policy/modules/contrib/lpd.te	2017-02-11 21:04:28.457255575 +0100
> @@ -295,6 +295,7 @@ optional_policy(`
>  	cups_read_config(lpr_t)
>  	cups_stream_connect(lpr_t)
>  	cups_read_pid_files(lpr_t)
> +	cups_read_sock_files(lpr_t)
>  ')
>
>  optional_policy(`

Merged.

-- 
Chris PeBenito