Note that there isn’t such an API in snapd at present. The PulseAudio module I put together does this by checking the AppArmor label of the process. Xdg-desktop-portal does the same, but will be switching to check cgroups plus a call out to snap routine portal-info (it was done this way to avoid putting too much complicated logic on the x-d-p side).
Either of these strategies are possible under strict confinement with an appropriate interface, but they are not exactly simple.
I wonder if a better approach (and one more likely to be accepted upstream) would be to implement polkit support into CUPS? This has a number of benefits:
-
It will be useful on Linux systems not running snapd, so could gain support from other distros if Apple pushes back.
-
Polkitd can make access decisions based on the user’s host system user names or group memberships that a confined cupsd can’t see. This would make it possible to implement passwordless access for lpadmin members if desired.
-
If configured to require the user’s password (i.e.
auth_adminorauth_admin_keep), then perhaps we don’t need the snap check: the polkit dialog will allow the user to cancel administrative actions before they are completed.
This would obviously require some further improvements to snapd: namely allowing snapped daemons to talk to polkitd:
I think it is also worth keeping in mind that we have a solution available to allow applications to print without connecting the cups-control interface, in the form of xdg-desktop-portal’s print portal. Applications using GTK 3’s printing APIs can automatically use this interface. I think it would be better to steer applications towards that interface rather than following the audio-playback/audio-record model we used for Pulse Audio where the daemon makes the policy decision.