[CUPS Printing] Only allow sending username and filename to secure printers

Bug: 660612
Change-Id: Iff14d75ee912e38c10334fed5b5337de9606610a
Reviewed-on: https://chromium-review.googlesource.com/c/1446216Reviewed-by: Sean Kau <skau@chromium.org>
Reviewed-by: Sergey Poromov <poromov@chromium.org>
Reviewed-by: Rebekah Potter <rbpotter@chromium.org>
Commit-Queue: Vladislav Kuzkokov <vkuzkokov@chromium.org>
Cr-Commit-Position: refs/heads/master@{#629117}

chrome/browser/chromeos/printing/cups_printers_manager.cc

@@ -128,6 +128,8 @@ class CupsPrintersManagerImpl : public CupsPrintersManager,
 
     native_printers_allowed_.Init(prefs::kUserNativePrintersAllowed,
                                   pref_service);
+    send_username_and_filename_.Init(
+        prefs::kPrintingSendUsernameAndFilenameEnabled, pref_service);
   }
 
   ~CupsPrintersManagerImpl() override = default;
@@ -141,6 +143,17 @@ class CupsPrintersManagerImpl : public CupsPrintersManager,
                       "UserNativePrintersAllowed is set to false";
       return {};
     }
+    if (send_username_and_filename_.GetValue()) {
+      std::vector<Printer> result(printers_[printer_class].size());
+      auto it_end = std::copy_if(
+          printers_[printer_class].begin(), printers_[printer_class].end(),
+          result.begin(), [](const Printer& printer) {
+            return !printer.HasNetworkProtocol() ||
+                   printer.GetProtocol() == Printer::kIpps;
+          });
+      result.resize(it_end - result.begin());
+      return result;
+    }
     return printers_.at(printer_class);
   }
 
@@ -556,6 +569,10 @@ class CupsPrintersManagerImpl : public CupsPrintersManager,
   // Holds the current value of the pref |UserNativePrintersAllowed|.
   BooleanPrefMember native_printers_allowed_;
 
+  // Holds the current value of the pref
+  // |PrintingSendUsernameAndFilenameEnabled|.
+  BooleanPrefMember send_username_and_filename_;
+
   base::WeakPtrFactory<CupsPrintersManagerImpl> weak_ptr_factory_;
 };
 
@@ -599,6 +616,8 @@ void CupsPrintersManager::RegisterProfilePrefs(
   registry->RegisterBooleanPref(
       prefs::kUserNativePrintersAllowed, true,
       user_prefs::PrefRegistrySyncable::SYNCABLE_PREF);
+  registry->RegisterBooleanPref(prefs::kPrintingSendUsernameAndFilenameEnabled,
+                                false);
 }
 
 }  // namespace chromeos

chrome/browser/ui/webui/print_preview/policy_settings.cc

@@ -20,8 +20,6 @@ void PolicySettings::RegisterProfilePrefs(
   registry->RegisterIntegerPref(prefs::kPrintingColorDefault, 0);
   registry->RegisterIntegerPref(prefs::kPrintingDuplexDefault, 0);
   registry->RegisterDictionaryPref(prefs::kPrintingSizeDefault);
-  registry->RegisterBooleanPref(prefs::kPrintingSendUsernameAndFilenameEnabled,
-                                false);
 #endif
 }
 

components/policy/resources/policy_templates.json

@@ -2071,7 +2071,9 @@
       'id': 506,
       'caption': '''Send username and filename to native printers''',
       'tags': [],
-      'desc': '''Send username and filename to native printers server with every print job. The default is not to send.''',
+      'desc': '''Send username and filename to native printers server with every print job. The default is not to send.
+
+      Setting this policy to true also disables printers that use protocols other than IPPS, USB, or IPP-over-USB since username and filename shouldn't be sent over the network openly.''',
     },
     {
       'name': 'ForceSafeSearch',