--- data/rules/55-hpmud.rules.orig	2009-08-04 23:36:57.000000000 +0200
+++ data/rules/55-hpmud.rules	2009-08-07 11:44:27.000000000 +0200
@@ -12,136 +12,182 @@
 #   3. This rules file is an attempt at being compatable with all distros. Feel free to make your own changes and if you feel your
 #      changes are not distro specific please send your patch to us. 2/11/2009, D Suffield
 #
+# Novell/Suse changed:
+#
+# OWNER="lp" to OWNER="root"
+# because OWNER="lp" is insecure because print job are processed by the user lp
+# so that a malicious print job might be able to change owner and permissions
+# of the device nodes and also a user who is allowed to set up a print queue
+# can set up a special queue with his selfmade driver which changes the
+# owner and permissions for all device nodes where in contrast OWNER="root"
+# is more secure because then only root itself can change owner and permissions.
+# This change is not distro specific and therefore there is a upstream bug report
+# https://bugs.launchpad.net/hplip/+bug/410196
+#
+# MODE="0660" to MODE="0664"
+# because it is sufficiently secure to let any user read the device nodes
+# because HPLIP opens the device nodes exclusively so that sniffing
+# of print jobs or scanner image data should not be possible and
+# read permissions for any user is required in particular for USB devices
+# so that any user can see the USB devices when he runs the command "lsusb".
+#
+# SYSFS{idVendor} to ATTR{idVendor} and
+# SYSFS{idProduct to ATTR{idProduct}
+# because SYSFS is deprecated and ATTR works for openSUSE.
+#
+# Added ENV{sane_hpaio}="yes" to all entries for USB devices
+# to get the SANE driver "hpaio" automatically activated in any case
+# (only scanners in HP parallel port all-in-one devices are ignored)
+# because not only "AiO products (0x03f0xx11)" can have scanner units
+# but also Photosmart products, inkjet printers, and laser printers
+# (e.g. the LaserJet 1220 03f0:0417 has a scanner unit).
+# An activated SANE driver does not cause continuous system load because
+# it is only run when the user launches a scanning frontend (e.g. xsane)
+# and then all what the driver does is to scan the USB device information
+# to find devices which belong to the driver and if nothing found it exits.
+# Additionally see https://bugzilla.novell.com/show_bug.cgi?id=469721#c9
 
 ACTION!="add", GOTO="hpmud_rules_end"
-SUBSYSTEM=="ppdev", OWNER="lp", GROUP="lp", MODE="0660"
+SUBSYSTEM=="ppdev", OWNER="root", GROUP="lp", MODE="0664"
 SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", GOTO="hplip_pid_test"
 SUBSYSTEM!="usb_device", GOTO="hpmud_rules_end"
 
 LABEL="hplip_pid_test"
 
 # Check for AiO products (0x03f0xx11).
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="??11", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="??11", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 
 # Check for Photosmart products without wildcard since cameras and scanners also used (0x03f0xx02). 
 # The xx02 pid has been retired so this explicit list should not change.
 # photosmart_d2300_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="c302", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c302", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_100
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="3802", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3802", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_1115
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="3402", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3402", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_1215
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="3202", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3202", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_1218
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="3302", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3302", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_130
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="3902", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3902", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_1315
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="3602", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3602", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_140_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="1002", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1002", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_230
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="3502", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3502", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_240_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="1102", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1102", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_320_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="1202", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1202", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_330_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="1602", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1602", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_370_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="1302", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1302", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_380_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="1702", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1702", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_420_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="1502", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1502", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_470_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="1802", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1802", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_7150
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="3a02", OWNER="lp", GROUP="lp", MODE="660"
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="3b02", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3a02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3b02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_7200_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="b002", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="b002", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_7345
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="2002", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="2002", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_7350 
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="3c02", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3c02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_7400_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="b802", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="b802", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_7550
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="3e02", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3e02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_7600_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="b202", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="b202", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_7700_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="b402", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="b402", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_7800_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="c002", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c002", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_7900_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="b602", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="b602", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_8000_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="c102", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c102", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_8100_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="ba02", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="ba02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_8200_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="c202", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c202", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_8400_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="bb02", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="bb02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_8700_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="bc02", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="bc02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_a310_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="1d02", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1d02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_a320_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="1e02", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1e02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_a430_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="1902", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1902", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_a440_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="1f02", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1f02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_a510_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="1a02", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1a02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_a520_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="2602", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="2602", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_a530_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="2b02", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="2b02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_a610_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="1b02", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1b02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_a620_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="2702", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="2702", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_a630_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="2c02", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="2c02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_a710_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="1c02", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1c02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_a820_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="2902", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="2902", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_d5060_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="c802", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c802", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_d5100_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="c402", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c402", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_d6100_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="c502", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c502", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_d7100_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="c602", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c602", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_d7300_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="c702", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c702", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_pro_b8300_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="be02", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="be02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_b8800_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="d002", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="d002", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # photosmart_pro_b9100_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="bd02", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="bd02", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # Photosmart_B8500_series
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="d102", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="d102", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 
 # Check for Business Inkjet products (0x03f0xx12).
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="??12", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="??12", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # Check for Deskjet products (0x03f0xx04).
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="??04", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="??04", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 # Check for LaserJet products (0x03f0xx17).
-SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="??17", OWNER="lp", GROUP="lp", MODE="660"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="??17", OWNER="root", GROUP="lp", MODE="664", ENV{sane_hpaio}="yes"
 
 # Removed the following rule because FHS states that /etc should be reserved for static files only. This
 # functionality should be done in a deb/rpm post install script.  2/11/2009, D Suffield
 #
+# Novell/Suse re-enabled it
+# because it is just how it works with SANE regardless what
+# the gods of the FHS may think how it should work.
+# Files in /etc/ are config files which exist there
+# to be adapted as needed during runtime of the system.
+# Adapting /etc/sane.d/dll.conf only during package install time is insufficient
+# because a device may be not connected by the admin during package install time
+# but later during runtime by the system's end-user (e.g. on a company workstation).
+# In contrast e.g. files in /usr/ are not to be changed during
+# runtime of the system (because /usr/ could be mounted read-only).
+#
 # If sane-bankends is installed add hpaio backend support to dll.conf if needed.
-# ENV{sane_hpaio}=="yes", RUN+="/bin/sh -c 'grep -q ^#hpaio /etc/sane.d/dll.conf;if [ $$? -eq 0 ];then sed -i -e s/^#hpaio/hpaio/ /etc/sane.d/dll.conf;else grep -q ^hpaio /etc/sane.d/dll.conf;if [ $$? -ne 0 ];then echo hpaio >>/etc/sane.d/dll.conf;fi;fi'"
+ENV{sane_hpaio}=="yes", RUN+="/bin/sh -c 'grep -q ^#hpaio /etc/sane.d/dll.conf;if [ $$? -eq 0 ];then sed -i -e s/^#hpaio/hpaio/ /etc/sane.d/dll.conf;else grep -q ^hpaio /etc/sane.d/dll.conf;if [ $$? -ne 0 ];then echo hpaio >>/etc/sane.d/dll.conf;fi;fi'"
 
 LABEL="hpmud_rules_end"
+