[sane-devel] Sandboxing scanner applications

Bastien Nocera hadess at hadess.net
Fri Sep 18 16:01:55 BST 2020

On Fri, 2020-09-18 at 16:02 +0200, Till Kamppeter wrote:
> [ Resending but with Abhik and Rishabh CCed ]
> On 18/09/2020 11:10, Bastien Nocera wrote:
> > On Fri, 2020-09-18 at 00:20 +0200, Till Kamppeter wrote:
> > > Bastien, so this is more your second approach of drivers being on
> > > the
> > > host side, but we use IPP Scan as IPP is an established standard
> > > protocol and it is used for both printing and scanning, so ideal
> > > for
> > > multi-function devices. We get also interoperability between
> > > different
> > > operating systems, scanning from mobile devices, ....
> > 
> > Where's the code for it?
> > 
> Developemnt has started right now, so there is
> This is the repository where the IPP Scan extension of sane-airscan
> will 
> go go:
> https://github.com/alexpevzner/sane-airscan-ipp/
> Alexander Pevzner is mentoring Rishabh Arya on this project.
> Rishabh, do you have any code repository to which you are uploading
> your 
> current work?
> Michael Sweet (author of CUPS and PAPPL) is mentoring Abhik
> Chakraborty 
> on Scanner Applications (IPP Scan as a server, sandboxable scanner
> drivers).
> Michael, Abhik, do you already have some code on this project?

So the application inside the sandbox would ship with sane-airscan
backend, and use this protocol, over the network, to communicate with
the fake "airscan" scanner running outside the sandbox, right?

Having every scanner application access the network is going to be a
problem, much like having to punch of network hole to get full CUPS
access is a problem right now. Is there going to be another transport?

Is there code somewhere for the "Scanner Applications", that IPP scan
server that would talk to the actual servers?

> > How is this going to handle authorisations for scanning?
> > (Authorisation
> > is a big problem for apps that want to do more with printers than
> > what
> > the printer portal allows, and for which we need to punch a big
> > CUPS-
> > shaped hole in the sandbox)
> > 
> IPP already has authentication methods which should not only work for
> printing but also for scanning.
> Michael, could you help Bastien here?

Note, I said authorisation, not authentication. "Authorisation" is when
the user chooses to allow or disallow access by the application. It's
the method, coupled with user intent, used by Flatpak portals to check
whether an application is allowed to use a particular resource outside
the sandbox.

This is how you'd get a file chooser, running outside the sandbox, and
that would pass back the file's data inside the sandbox if the user
clicks to say that they want to open this file, or how a screenshot
could be shared with the application:


More information about the sane-devel mailing list