blob: 4d2b3d1f59d8f451389ec336bfaed17b2fd994bc [file] [log] [blame]
// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "printing/sandbox/print_backend_sandbox_hook_linux.h"
#include "base/base_paths.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/path_service.h"
#include "build/build_config.h"
#include "printing/buildflags/buildflags.h"
#include "sandbox/linux/syscall_broker/broker_command.h"
#include "sandbox/linux/syscall_broker/broker_file_permission.h"
#include "sandbox/policy/export.h"
#include "sandbox/policy/linux/sandbox_linux.h"
#if BUILDFLAG(IS_CHROMEOS) && BUILDFLAG(USE_CUPS)
#include "printing/backend/cups_connection_pool.h"
#endif
using sandbox::syscall_broker::BrokerFilePermission;
using sandbox::syscall_broker::MakeBrokerCommandSet;
namespace printing {
namespace {
sandbox::syscall_broker::BrokerCommandSet GetPrintBackendBrokerCommandSet() {
// Need read access to look at system PPD files.
// Need ability to create/write/delete for temporary files in order to
// support PPD handling in `printing::ParsePpdCapabilities()`.
sandbox::syscall_broker::BrokerCommandSet broker_command_set =
MakeBrokerCommandSet({
sandbox::syscall_broker::COMMAND_ACCESS,
sandbox::syscall_broker::COMMAND_OPEN,
sandbox::syscall_broker::COMMAND_READLINK,
sandbox::syscall_broker::COMMAND_STAT,
sandbox::syscall_broker::COMMAND_UNLINK,
});
return broker_command_set;
}
std::vector<BrokerFilePermission> GetPrintBackendFilePermissions() {
#if BUILDFLAG(IS_CHROMEOS) && BUILDFLAG(USE_CUPS)
// No extra permissions required, as the needed socket connections to the CUPS
// server are established before entering the sandbox.
return std::vector<BrokerFilePermission>();
#else
base::FilePath temp_dir_path;
CHECK(base::GetTempDir(&temp_dir_path));
base::FilePath home_dir_path;
CHECK(base::PathService::Get(base::DIR_HOME, &home_dir_path));
base::FilePath cups_options_path = home_dir_path.Append(".cups/lpoptions");
std::vector<BrokerFilePermission> permissions{
// To support reading system PPDs. This list is per the CUPS docs with
// macOS-specific paths omitted.
// https://www.cups.org/doc/man-cupsd-helper.html
BrokerFilePermission::ReadOnlyRecursive("/opt/share/ppd/"),
BrokerFilePermission::ReadOnlyRecursive("/usr/local/share/ppd/"),
BrokerFilePermission::ReadOnlyRecursive("/usr/share/cups/drv/"),
BrokerFilePermission::ReadOnlyRecursive("/usr/share/cups/model/"),
BrokerFilePermission::ReadOnlyRecursive("/usr/share/ppd/"),
// To support reading user's default printer.
// https://www.cups.org/doc/cupspm.html#cupsEnumDests
// https://www.cups.org/doc/options.html
BrokerFilePermission::ReadOnly(cups_options_path.value()),
// To support PPD handling in `printing::ParsePpdCapabilities()`.
BrokerFilePermission::ReadWriteCreateTemporary(temp_dir_path.value()),
};
return permissions;
#endif // BUILDFLAG(IS_CHROMEOS) && BUILDFLAG(USE_CUPS)
}
} // namespace
bool PrintBackendPreSandboxHook(
sandbox::policy::SandboxLinux::Options options) {
#if BUILDFLAG(IS_CHROMEOS) && BUILDFLAG(USE_CUPS)
// Create the socket connections to the CUPS server before engaging the
// sandbox, since new connections cannot be made after that.
CupsConnectionPool::Create();
#endif
auto* instance = sandbox::policy::SandboxLinux::GetInstance();
instance->StartBrokerProcess(
GetPrintBackendBrokerCommandSet(), GetPrintBackendFilePermissions(),
sandbox::policy::SandboxLinux::PreSandboxHook(), options);
instance->EngageNamespaceSandboxIfPossible();
return true;
}
} // namespace printing