session-manager: move portal check back to pipewire

Enable the portal check in pipewire. Only do permission store queries in the session-manager for portal managed apps.
2025-12-23 08:56:47 -05:00 · 2020-07-17 14:14:26 +02:00 · 2020-07-17 14:14:26 +02:00 · 119ef5e376
commit 119ef5e376
parent 5731447357
2 changed files with 28 additions and 190 deletions
--- a/src/daemon/pipewire.conf.in
+++ b/src/daemon/pipewire.conf.in
@ -50,7 +50,8 @@ load-module libpipewire-module-spa-device-factory
 load-module libpipewire-module-spa-node-factory
 load-module libpipewire-module-client-node
 load-module libpipewire-module-client-device
-load-module libpipewire-module-access # access.force=flatpak access.allowed=@media_session_path@
+load-module libpipewire-module-portal
 load-module libpipewire-module-access # access.allowed=@media_session_path@ access.force=flatpak
 load-module libpipewire-module-adapter
 load-module libpipewire-module-link-factory
 load-module libpipewire-module-session-manager
--- a/src/examples/media-session/access-portal.c
+++ b/src/examples/media-session/access-portal.c
@ -56,8 +56,6 @@ struct impl {
 	struct spa_list client_list;
 	DBusConnection *bus;
 	DBusPendingCall *portal_pid_pending;
 	pid_t portal_pid;
 };
@ -153,35 +151,11 @@ static const struct sm_object_events object_events = {
 	.update = object_update
 };
 static int check_portal_managed(struct client *client)
 {
 	struct impl *impl = client->impl;
 	const char *str;
 	pid_t pid;
 	if (impl->portal_pid == 0)
 		return -EBUSY;
 	if (client->obj->obj.props == NULL)
 		return -ENOTSUP;
 	if ((str = pw_properties_get(client->obj->obj.props, PW_KEY_SEC_PID)) == NULL)
 		return -ENOENT;
 	pid = atoi(str);
 	if (pid == impl->portal_pid) {
 		client->portal_managed = true;
 		pw_log_info(NAME " %p: portal managed client %d added",
 			     impl, client->id);
 	}
 	return 0;
 }
 static int
 handle_client(struct impl *impl, struct sm_object *object)
 {
 	struct client *client;
 	const char *str;
 	pw_log_debug(NAME" %p: client", impl);
@ -194,8 +168,12 @@ handle_client(struct impl *impl, struct sm_object *object)
 	client->obj->obj.mask |= SM_CLIENT_CHANGE_MASK_INFO;
 	sm_object_add_listener(&client->obj->obj, &client->listener, &object_events, client);
-	check_portal_managed(client);
+	if ((str = pw_properties_get(client->obj->obj.props, PW_KEY_ACCESS)) != NULL &&
-
+	    strcmp(str, "portal") == 0) {
 		client->portal_managed = true;
 		pw_log_info(NAME " %p: portal managed client %d added",
 			     impl, client->id);
 	}
 	return 1;
 }
@ -210,30 +188,14 @@ set_global_permissions(void *data, struct sm_object *object)
 	bool set_permission;
 	bool allowed = false;
-	props = object->props;
+	if ((props = object->props) == NULL)
 		return 0;
 	pw_log_debug(NAME" %p: object %d type:%s", impl, object->id, object->type);
-	if (strcmp(object->type, PW_TYPE_INTERFACE_Core) == 0) {
+	if (strcmp(object->type, PW_TYPE_INTERFACE_Client) == 0) {
 		set_permission = true;
 		allowed = true;
 	} else if (strcmp(object->type, PW_TYPE_INTERFACE_Client) == 0) {
 		set_permission = allowed = object->id == client->id;
-	} else if (props) {
+	} else if (strcmp(object->type, PW_TYPE_INTERFACE_Node) == 0) {
 		if (strcmp(object->type, PW_TYPE_INTERFACE_Factory) == 0) {
 			const char *factory_name;
 			factory_name = pw_properties_get(props, "factory.name");
 			if (factory_name &&
 			    strcmp(factory_name, "client-node") == 0) {
 				set_permission = true;
 				allowed = true;
 			}
 			else {
 				set_permission = false;
 			}
 		}
 		else if (strcmp(object->type, PW_TYPE_INTERFACE_Node) == 0) {
 		enum media_role media_role;
 		media_role = media_role_from_properties(props);
@ -256,15 +218,11 @@ set_global_permissions(void *data, struct sm_object *object)
 	else {
 		set_permission = false;
 	}
 	}
 	else {
 		set_permission = false;
 	}
 	if (set_permission) {
 		permissions[n_permissions++] =
-			PW_PERMISSION_INIT(object->id, allowed ? PW_PERM_R | PW_PERM_X : 0);
+			PW_PERMISSION_INIT(object->id, allowed ? PW_PERM_RWX : 0);
-		pw_log_debug(NAME" %p: object %d allowed:%d", impl, object->id, allowed);
+		pw_log_info(NAME" %p: object %d allowed:%d", impl, object->id, allowed);
 		pw_client_update_permissions(client->obj->obj.proxy,
 				n_permissions, permissions);
 	}
@ -475,7 +433,7 @@ static void client_info_changed(struct client *client, const struct pw_client_in
 	is_portal = spa_dict_lookup(props, "pipewire.access.portal.is_portal");
 	if (is_portal != NULL &&
 	    (strcmp(is_portal, "yes") == 0 || pw_properties_parse_bool(is_portal))) {
-		pw_log_debug(NAME " %p: client %d is the portal itself",
+		pw_log_info(NAME " %p: client %d is the portal itself",
 			     impl, client->id);
 		client->is_portal = true;
 		return;
@ -505,111 +463,6 @@ static void client_info_changed(struct client *client, const struct pw_client_in
 	client->setup_complete = true;
 }
 static void on_portal_pid_received(DBusPendingCall *pending,
 				   void *user_data)
 {
 	struct impl *impl = user_data;
 	DBusMessage *m;
 	DBusError error;
 	uint32_t portal_pid = 0;
 	m = dbus_pending_call_steal_reply(pending);
 	dbus_pending_call_unref(pending);
 	impl->portal_pid_pending = NULL;
 	if (!m) {
 		pw_log_error("Failed to receive portal pid");
 		return;
 	}
 	dbus_error_init(&error);
 	dbus_message_get_args(m, &error, DBUS_TYPE_UINT32, &portal_pid,
 			      DBUS_TYPE_INVALID);
 	dbus_message_unref(m);
 	if (dbus_error_is_set(&error)) {
 		impl->portal_pid = 0;
 	} else {
 		struct client *client;
 		pw_log_info("got portal pid %d", portal_pid);
 		impl->portal_pid = portal_pid;
 		spa_list_for_each(client, &impl->client_list, link) {
 			if (client->portal_managed)
 				continue;
 			check_portal_managed(client);
 		}
 	}
 }
 static void update_portal_pid(struct impl *impl)
 {
 	DBusMessage *m;
 	const char *name;
 	DBusPendingCall *pending;
 	impl->portal_pid = 0;
 	m = dbus_message_new_method_call("org.freedesktop.DBus",
 					 "/",
 					 "org.freedesktop.DBus",
 					 "GetConnectionUnixProcessID");
 	name = "org.freedesktop.portal.Desktop";
 	dbus_message_append_args(m,
 				 DBUS_TYPE_STRING, &name,
 				 DBUS_TYPE_INVALID);
 	dbus_connection_send_with_reply(impl->bus, m, &pending, -1);
 	dbus_pending_call_set_notify(pending, on_portal_pid_received, impl, NULL);
 	if (impl->portal_pid_pending != NULL) {
 		dbus_pending_call_cancel(impl->portal_pid_pending);
 		dbus_pending_call_unref(impl->portal_pid_pending);
 	}
 	impl->portal_pid_pending = pending;
 }
 static DBusHandlerResult name_owner_changed_handler(DBusConnection *connection,
 						    DBusMessage *message,
 						    void *user_data)
 {
 	struct impl *impl = user_data;
 	const char *name;
 	const char *old_owner;
 	const char *new_owner;
 	if (!dbus_message_is_signal(message, "org.freedesktop.DBus",
 				   "NameOwnerChanged"))
 		return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
 	if (!dbus_message_get_args(message, NULL,
 				   DBUS_TYPE_STRING, &name,
 				   DBUS_TYPE_STRING, &old_owner,
 				   DBUS_TYPE_STRING, &new_owner,
 				   DBUS_TYPE_INVALID)) {
 		pw_log_error("Failed to get OwnerChanged args");
 		return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
 	}
 	if (strcmp(name, "org.freedesktop.portal.Desktop") != 0)
 		return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
 	if (strcmp(new_owner, "") == 0) {
 		impl->portal_pid = 0;
 		if (impl->portal_pid_pending != NULL) {
 			dbus_pending_call_cancel(impl->portal_pid_pending);
 			dbus_pending_call_unref(impl->portal_pid_pending);
 		}
 	}
 	else {
 		update_portal_pid(impl);
 	}
 	return DBUS_HANDLER_RESULT_HANDLED;
 }
 static DBusHandlerResult permission_store_changed_handler(DBusConnection *connection,
 							  DBusMessage *message,
 							  void *user_data)
@ -701,19 +554,6 @@ static int init_dbus_connection(struct impl *impl)
 	dbus_error_init(&error);
 	dbus_bus_add_match(impl->bus,
 			   "type='signal',\
 			   sender='org.freedesktop.DBus',\
 			   interface='org.freedesktop.DBus',\
 			   member='NameOwnerChanged'",
 			   &error);
 	if (dbus_error_is_set(&error)) {
 		pw_log_error("Failed to add name owner changed listener: %s",
 			     error.message);
 		dbus_error_free(&error);
 		return -1;
 	}
 	dbus_bus_add_match(impl->bus,
 			   "type='signal',\
 			   sender='org.freedesktop.impl.portal.PermissionStore',\
@ -727,11 +567,8 @@ static int init_dbus_connection(struct impl *impl)
 		return -1;
 	}
 	dbus_connection_add_filter(impl->bus, name_owner_changed_handler,
 				   impl, NULL);
 	dbus_connection_add_filter(impl->bus, permission_store_changed_handler,
 				   impl, NULL);
 	update_portal_pid(impl);
 	return 0;
 }