RFR: 8181571: printing to CUPS fails on mac sandbox app [v7]

Alexander Scherbatiy alexsch at openjdk.java.net
Mon Mar 28 16:05:34 UTC 2022


> The issue is reproduced on macOS Big Sur 11.0.1 with jdk 16.0.1+9.
> 
> Create a native macOS app from the Hello.java file, sign and run it in sandbox:
> 
> import javax.print.*;
> import javax.swing.*;
> 
> public class Hello {
> 
>     public static void main(String[] args) throws Exception {
>         SwingUtilities.invokeAndWait(() -> {
>             boolean isSandboxed = System.getenv("APP_SANDBOX_CONTAINER_ID") != null;
>             PrintService defaultPrinter = PrintServiceLookup.lookupDefaultPrintService();
>             PrintService[] services = PrintServiceLookup.lookupPrintServices(null, null);
> 
>             StringBuilder builder = new StringBuilder();
>             builder.append("is sandboxed: ").append(isSandboxed).append("\n");
>             builder.append("default printer: ").append(defaultPrinter).append("\n");
>             int size = services.length;
>             for (int i = 0; i < size; i++) {
>                 builder.append("printer[").append(i).append("]=").append(services[i]).append("\n");
>             }
>             JOptionPane.showMessageDialog(null, builder.toString());
>         });
>     }
> }
> 
> The signed app in sandbox shows null default printer and PrintServiceLookup.lookupPrintServices(null, null) returns "Unix Printer: lp".
> ![PrintSandboxedApp](https://bugs.openjdk.java.net/secure/attachment/95629/PrintSandboxedApp.png)
> 
> The problem has been discussed on  2d-dev mail list:
>   https://mail.openjdk.java.net/pipermail/2d-dev/2017-June/008375.html
>   https://mail.openjdk.java.net/pipermail/2d-dev/2017-July/008418.html
> 
> According to the discussion:
> 
>> I've submitted a DTS incident to Apple and a friend there has followed-up.
>> Their unofficial position is that java should be connecting to the cups interface returned
>> by the cupsServer() function and not changing the interface string to "localhost".
>> Security changes in 10.12.4 reject the TCP connection which they say confuses
>> network-client access with print access.  They don't seem interested in loosening that change.
> 
> 
> The proposed solution is to use the domain socket pathname in httpConnect(...) cups function and cupsGetDests(...) to get list of printers from cups  when the app is signed and is run in sandbox on MacOs.

Alexander Scherbatiy has updated the pull request incrementally with one additional commit since the last revision:

  Remove JNU_ThrowOutOfMemoryError from getCupsDefaultPrinters()

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/4861/files
  - new: https://git.openjdk.java.net/jdk/pull/4861/files/1b14401e..c35a8445

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=4861&range=06
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=4861&range=05-06

  Stats: 2 lines in 1 file changed: 0 ins; 2 del; 0 mod
  Patch: https://git.openjdk.java.net/jdk/pull/4861.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/4861/head:pull/4861

PR: https://git.openjdk.java.net/jdk/pull/4861



More information about the client-libs-dev mailing list