From: guido@trentalancia.net (Guido Trentalancia)
Date: Thu, 20 Apr 2017 03:01:48 +0200
Subject: [refpolicy] [PATCH 16/33] lpd: curb on userdom permissions
Message-ID: <1492650108.14733.86.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This patch curbs on userdomain file read and/or write permissions
for the lpr application (lpd daemon module).

It aims to ensure user data confidentiality.

A boolean has been introduced to revert the previous read/write
behavior.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/lpd.te |   18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

--- refpolicy-2.20170204-orig/policy/modules/contrib/lpd.te	2017-02-04 19:30:31.000000000 +0100
+++ refpolicy-2.20170204/policy/modules/contrib/lpd.te	2017-04-20 00:39:43.690443158 +0200
@@ -7,6 +7,15 @@ policy_module(lpd, 1.15.0)
 
 ## <desc>
 ##	<p>
+##	Determine whether lpr can read
+##	the user home directories and
+##	files.
+##	</p>
+## </desc>
+gen_tunable(lpr_enable_home_dirs, false)
+
+## <desc>
+##	<p>
 ##	Determine whether to support lpd server.
 ##	</p>
 ## </desc>
@@ -254,10 +263,15 @@ logging_send_syslog_msg(lpr_t)
 miscfiles_read_fonts(lpr_t)
 miscfiles_read_localization(lpr_t)
 
+userdom_read_user_tmp_files(lpr_t)
 userdom_read_user_tmp_symlinks(lpr_t)
 userdom_use_user_terminals(lpr_t)
-userdom_read_user_home_content_files(lpr_t)
-userdom_read_user_tmp_files(lpr_t)
+
+tunable_policy(`lpr_enable_home_dirs',`
+	userdom_read_user_home_content_files(lpr_t)
+',`
+	userdom_dontaudit_read_user_home_content_files(lpr_t)
+')
 
 tunable_policy(`use_lpd_server',`
 	allow lpr_t lpd_t:process signal;