mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2025-12-20 08:56:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

access: always put access in property

Browse source 
Improve debug
This commit is contained in:
Wim Taymans 2020-07-17 16:47:14 +02:00
parent cd7763c814
commit 07cc07597c
3 changed files with 27 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

40
src/modules/module-access.c
View file

@ -134,7 +134,7 @@ context_check_access(void *data, struct pw_impl_client *client)
pid = -EINVAL; pid = -EINVAL;
if ((props = pw_impl_client_get_properties(client)) != NULL) { if ((props = pw_impl_client_get_properties(client)) != NULL) {
if ((str = pw_properties_get(props, PW_KEY_ACCESS)) != NULL) { if ((str = pw_properties_get(props, PW_KEY_ACCESS)) != NULL) {
pw_log_info("client %p: already has access checked", client); pw_log_info("client %p: has already access: '%s'", client, str);
return; return;
} }
if ((str = pw_properties_get(props, PW_KEY_SEC_PID)) != NULL) if ((str = pw_properties_get(props, PW_KEY_SEC_PID)) != NULL)
@ -143,6 +143,7 @@ context_check_access(void *data, struct pw_impl_client *client)
if (pid < 0) { if (pid < 0) {
pw_log_info("client %p: no trusted pid found, assuming not sandboxed", client); pw_log_info("client %p: no trusted pid found, assuming not sandboxed", client);
access = "no-pid";
goto granted; goto granted;
} else { } else {
pw_log_info("client %p has trusted pid %d", client, pid); pw_log_info("client %p has trusted pid %d", client, pid);
@ -153,8 +154,10 @@ context_check_access(void *data, struct pw_impl_client *client)
if (res < 0) { if (res < 0) {
pw_log_warn(NAME" %p: client %p allowed check failed: %s", pw_log_warn(NAME" %p: client %p allowed check failed: %s",
impl, client, spa_strerror(res)); impl, client, spa_strerror(res));
} else if (res > 0) } else if (res > 0) {
access = "allowed";
goto granted; goto granted;
}
} }
if (impl->properties && (str = pw_properties_get(impl->properties, "access.rejected")) != NULL) { if (impl->properties && (str = pw_properties_get(impl->properties, "access.rejected")) != NULL) {
@ -164,7 +167,7 @@ context_check_access(void *data, struct pw_impl_client *client)
impl, client, spa_strerror(res)); impl, client, spa_strerror(res));
} else if (res > 0) { } else if (res > 0) {
res = -EACCES; res = -EACCES;
items[0] = SPA_DICT_ITEM_INIT(PW_KEY_ACCESS, "rejected"); access = "rejected";
goto rejected; goto rejected;
} }
} }
@ -177,45 +180,50 @@ context_check_access(void *data, struct pw_impl_client *client)
} }
else if (res > 0) { else if (res > 0) {
pw_log_debug(NAME" %p: restricted client %p added", impl, client); pw_log_debug(NAME" %p: restricted client %p added", impl, client);
items[0] = SPA_DICT_ITEM_INIT(PW_KEY_ACCESS, "restricted"); access = "restricted";
goto wait_permissions; goto wait_permissions;
} }
} }
if (impl->properties && if (impl->properties &&
(access = pw_properties_get(impl->properties, "access.force")) != NULL) { (access = pw_properties_get(impl->properties, "access.force")) != NULL)
res = 1; goto wait_permissions;
} else {
access = "flatpak"; res = check_flatpak(client, pid);
res = check_flatpak(client, pid);
}
if (res != 0) { if (res != 0) {
if (res < 0) { if (res < 0) {
pw_log_warn(NAME" %p: client %p sandbox check failed: %s", pw_log_warn(NAME" %p: client %p sandbox check failed: %s",
impl, client, spa_strerror(res)); impl, client, spa_strerror(res));
if (res == -EACCES) if (res == -EACCES) {
access = "unrestricted";
goto granted; goto granted;
}
} }
else if (res > 0) { else if (res > 0) {
pw_log_debug(NAME" %p: sandboxed client %p added", impl, client); pw_log_debug(NAME" %p: sandboxed client %p added", impl, client);
} }
items[0] = SPA_DICT_ITEM_INIT(PW_KEY_ACCESS, access); access = "flatpak";
goto wait_permissions; goto wait_permissions;
} }
access = "unrestricted";
granted: granted:
pw_log_info(NAME" %p: client %p full access granted", impl, client); pw_log_info(NAME" %p: client %p '%s' access granted", impl, client, access);
items[0] = SPA_DICT_ITEM_INIT(PW_KEY_ACCESS, access);
pw_impl_client_update_properties(client, &SPA_DICT_INIT(items, 1));
permissions[0] = PW_PERMISSION_INIT(PW_ID_ANY, PW_PERM_RWX); permissions[0] = PW_PERMISSION_INIT(PW_ID_ANY, PW_PERM_RWX);
pw_impl_client_update_permissions(client, 1, permissions); pw_impl_client_update_permissions(client, 1, permissions);
return; return;
wait_permissions: wait_permissions:
pw_log_debug(NAME " %p: client %p wait for '%s' permissions", pw_log_debug(NAME " %p: client %p wait for '%s' permissions",
impl, client, items[0].value); impl, client, access);
items[0] = SPA_DICT_ITEM_INIT(PW_KEY_ACCESS, access);
pw_impl_client_update_properties(client, &SPA_DICT_INIT(items, 1)); pw_impl_client_update_properties(client, &SPA_DICT_INIT(items, 1));
pw_impl_client_set_busy(client, true);
return; return;
rejected: rejected:
pw_resource_error(pw_impl_client_get_core_resource(client), res, "rejected"); pw_resource_error(pw_impl_client_get_core_resource(client), res, access);
items[0] = SPA_DICT_ITEM_INIT(PW_KEY_ACCESS, access);
pw_impl_client_update_properties(client, &SPA_DICT_INIT(items, 1)); pw_impl_client_update_properties(client, &SPA_DICT_INIT(items, 1));
return; return;
} }

2
src/modules/module-protocol-native.c
View file

@ -928,6 +928,8 @@ static void destroy_server(struct pw_protocol_server *server)
struct server *s = SPA_CONTAINER_OF(server, struct server, this); struct server *s = SPA_CONTAINER_OF(server, struct server, this);
struct client_data *data, *tmp; struct client_data *data, *tmp;
pw_log_debug(NAME" %p: server %p", s->this.protocol, s);
spa_list_remove(&server->link); spa_list_remove(&server->link);
spa_hook_remove(&s->hook); spa_hook_remove(&s->hook);

1
src/modules/module-protocol-native/local-socket.c
View file

@ -87,6 +87,7 @@ int pw_protocol_native_connect_local_socket(struct pw_protocol_client *client,
size = offsetof(struct sockaddr_un, sun_path) + name_size; size = offsetof(struct sockaddr_un, sun_path) + name_size;
if (connect(fd, (struct sockaddr *) &addr, size) < 0) { if (connect(fd, (struct sockaddr *) &addr, size) < 0) {
pw_log_debug("connect to '%s' failed: %m", name);
if (errno == ENOENT) if (errno == ENOENT)
errno = EHOSTDOWN; errno = EHOSTDOWN;
res = -errno; res = -errno;