perm: add permission mask to global

Add a mask of possible permissions for a global.
Make sure the permissions of an object are limited to the global
mask.

src/modules/module-metadata/metadata.c

@@ -265,6 +265,7 @@ pw_metadata_new(struct pw_context *context, struct pw_resource *resource,
 	impl->global = pw_global_new(context,
 			PW_TYPE_INTERFACE_Metadata,
 			PW_VERSION_METADATA,
+			PW_METADATA_PERM_MASK,
 			properties,
 			global_bind, impl);
 	if (impl->global == NULL) {

src/modules/module-profiler.c

@@ -458,6 +458,7 @@ int pipewire__module_init(struct pw_impl_module *module, const char *args)
 	impl->global = pw_global_new(context,
 			PW_TYPE_INTERFACE_Profiler,
 			PW_VERSION_PROFILER,
+			PW_PROFILER_PERM_MASK,
 			pw_properties_copy(props),
 			global_bind, impl);
 	if (impl->global == NULL) {

src/modules/module-session-manager/client-endpoint/endpoint-stream.c

@@ -292,6 +292,7 @@ int endpoint_stream_init(struct endpoint_stream *this,
 	this->global = pw_global_new (context,
 			PW_TYPE_INTERFACE_EndpointStream,
 			PW_VERSION_ENDPOINT_STREAM,
+			PW_ENDPOINT_STREAM_PERM_MASK,
 			properties, endpoint_stream_bind, this);
 	if (!this->global)
 		goto no_mem;

src/modules/module-session-manager/client-endpoint/endpoint.c

@@ -322,6 +322,7 @@ int endpoint_init(struct endpoint *this,
 	this->global = pw_global_new (context,
 			PW_TYPE_INTERFACE_Endpoint,
 			PW_VERSION_ENDPOINT,
+			PW_ENDPOINT_PERM_MASK,
 			NULL, endpoint_bind, this);
 	if (!this->global)
 		goto no_mem;

src/modules/module-session-manager/client-session/endpoint-link.c

@@ -310,6 +310,7 @@ int endpoint_link_init(struct endpoint_link *this,
 	this->global = pw_global_new(context,
 			PW_TYPE_INTERFACE_EndpointLink,
 			PW_VERSION_ENDPOINT_LINK,
+			PW_ENDPOINT_LINK_PERM_MASK,
 			properties, endpoint_link_bind, this);
 	if (!this->global)
 		goto no_mem;

src/modules/module-session-manager/client-session/session.c

@@ -283,6 +283,7 @@ int session_init(struct session *this,
 	this->global = pw_global_new (context,
 			PW_TYPE_INTERFACE_Session,
 			PW_VERSION_SESSION,
+			PW_SESSION_PERM_MASK,
 			NULL, session_bind, this);
 	if (!this->global)
 		goto no_mem;

src/modules/module-session-manager/endpoint-link.c

@@ -390,6 +390,7 @@ static void *link_new(struct pw_context *context,
 	impl->global = pw_global_new(context,
 			PW_TYPE_INTERFACE_EndpointLink,
 			PW_VERSION_ENDPOINT_LINK,
+			PW_ENDPOINT_LINK_PERM_MASK,
 			properties,
 			global_bind, impl);
 	if (impl->global == NULL) {

src/modules/module-session-manager/endpoint-stream.c

@@ -381,6 +381,7 @@ static void *stream_new(struct pw_context *context,
 	impl->global = pw_global_new(context,
 			PW_TYPE_INTERFACE_EndpointStream,
 			PW_VERSION_ENDPOINT_STREAM,
+			PW_ENDPOINT_STREAM_PERM_MASK,
 			properties,
 			global_bind, impl);
 	if (impl->global == NULL) {

src/modules/module-session-manager/endpoint.c

@@ -390,6 +390,7 @@ static void *endpoint_new(struct pw_context *context,
 	impl->global = pw_global_new(context,
 			PW_TYPE_INTERFACE_Endpoint,
 			PW_VERSION_ENDPOINT,
+			PW_ENDPOINT_PERM_MASK,
 			properties,
 			global_bind, impl);
 	if (impl->global == NULL) {

src/modules/module-session-manager/session.c

@@ -379,6 +379,7 @@ static void *session_new(struct pw_context *context,
 	impl->global = pw_global_new(context,
 			PW_TYPE_INTERFACE_Session,
 			PW_VERSION_SESSION,
+			PW_SESSION_PERM_MASK,
 			properties,
 			global_bind, impl);
 	if (impl->global == NULL) {

src/pipewire/client.h

@@ -25,6 +25,8 @@ extern "C" {
  */
 #define PW_TYPE_INTERFACE_Client	PW_TYPE_INFO_INTERFACE_BASE "Client"
 
+#define PW_CLIENT_PERM_MASK		PW_PERM_RWX
+
 #define PW_VERSION_CLIENT		3
 struct pw_client;
 

src/pipewire/core.h

@@ -34,6 +34,8 @@ extern "C" {
 #define PW_TYPE_INTERFACE_Core		PW_TYPE_INFO_INTERFACE_BASE "Core"
 #define PW_TYPE_INTERFACE_Registry	PW_TYPE_INFO_INTERFACE_BASE "Registry"
 
+#define PW_CORE_PERM_MASK		PW_PERM_R|PW_PERM_X|PW_PERM_M
+
 #define PW_VERSION_CORE		4
 struct pw_core;
 #define PW_VERSION_REGISTRY	3

src/pipewire/device.h

@@ -25,6 +25,8 @@ extern "C" {
 
 #define PW_TYPE_INTERFACE_Device	PW_TYPE_INFO_INTERFACE_BASE "Device"
 
+#define PW_DEVICE_PERM_MASK		PW_PERM_RWX
+
 #define PW_VERSION_DEVICE		3
 struct pw_device;
 

src/pipewire/extensions/metadata.h

@@ -21,6 +21,8 @@ extern "C" {
  */
 #define PW_TYPE_INTERFACE_Metadata		PW_TYPE_INFO_INTERFACE_BASE "Metadata"
 
+#define PW_METADATA_PERM_MASK			PW_PERM_RWX
+
 #define PW_VERSION_METADATA			3
 struct pw_metadata;
 

src/pipewire/extensions/profiler.h

@@ -26,6 +26,8 @@ struct pw_profiler;
 
 #define PW_EXTENSION_MODULE_PROFILER		PIPEWIRE_MODULE_PREFIX "module-profiler"
 
+#define PW_PROFILER_PERM_MASK	PW_PERM_R
+
 #define PW_PROFILER_EVENT_PROFILE		0
 #define PW_PROFILER_EVENT_NUM			1
 

src/pipewire/extensions/session-manager/interfaces.h

@@ -21,18 +21,22 @@ extern "C" {
  */
 
 #define PW_TYPE_INTERFACE_Session		PW_TYPE_INFO_INTERFACE_BASE "Session"
+#define PW_SESSION_PERM_MASK			PW_PERM_RWX
 #define PW_VERSION_SESSION			0
 struct pw_session;
 
 #define PW_TYPE_INTERFACE_Endpoint		PW_TYPE_INFO_INTERFACE_BASE "Endpoint"
+#define PW_ENDPOINT_PERM_MASK			PW_PERM_RWX
 #define PW_VERSION_ENDPOINT			0
 struct pw_endpoint;
 
 #define PW_TYPE_INTERFACE_EndpointStream	PW_TYPE_INFO_INTERFACE_BASE "EndpointStream"
+#define PW_ENDPOINT_STREAM_PERM_MASK		PW_PERM_RWX
 #define PW_VERSION_ENDPOINT_STREAM		0
 struct pw_endpoint_stream;
 
 #define PW_TYPE_INTERFACE_EndpointLink		PW_TYPE_INFO_INTERFACE_BASE "EndpointLink"
+#define PW_ENDPOINT_LINK_PERM_MASK		PW_PERM_RWX
 #define PW_VERSION_ENDPOINT_LINK		0
 struct pw_endpoint_link;
 

src/pipewire/factory.h

@@ -27,6 +27,8 @@ extern "C" {
  */
 #define PW_TYPE_INTERFACE_Factory	PW_TYPE_INFO_INTERFACE_BASE "Factory"
 
+#define PW_FACTORY_PERM_MASK		PW_PERM_R
+
 #define PW_VERSION_FACTORY		3
 struct pw_factory;
 

src/pipewire/global.c

@@ -25,10 +25,10 @@ struct impl {
 SPA_EXPORT
 uint32_t pw_global_get_permissions(struct pw_global *global, struct pw_impl_client *client)
 {
-	if (client->permission_func == NULL)
+	uint32_t permissions = global->permission_mask;
-		return PW_PERM_ALL;
+	if (client->permission_func != NULL)
-
+		permissions &= client->permission_func(global, client, client->permission_data);
-	return client->permission_func(global, client, client->permission_data);
+	return permissions;
 }
 
 /** Create a new global
@@ -47,6 +47,7 @@ struct pw_global *
 pw_global_new(struct pw_context *context,
 	      const char *type,
 	      uint32_t version,
+	      uint32_t permission_mask,
 	      struct pw_properties *properties,
 	      pw_global_bind_func_t func,
 	      void *object)
@@ -71,6 +72,7 @@ pw_global_new(struct pw_context *context,
 	this->context = context;
 	this->type = type;
 	this->version = version;
+	this->permission_mask = permission_mask;
 	this->func = func;
 	this->object = object;
 	this->properties = properties;

src/pipewire/global.h

@@ -65,6 +65,7 @@ struct pw_global *
 pw_global_new(struct pw_context *context,	/**< the context */
 	      const char *type,			/**< the interface type of the global */
 	      uint32_t version,			/**< the interface version of the global */
+	      uint32_t permission_mask,		/**< mask of valid permissions */
 	      struct pw_properties *properties,	/**< extra properties */
 	      pw_global_bind_func_t func,	/**< function to bind */
 	      void *object			/**< global object */);

src/pipewire/impl-client.c

@@ -514,6 +514,7 @@ int pw_impl_client_register(struct pw_impl_client *client,
 	client->global = pw_global_new(context,
 				       PW_TYPE_INTERFACE_Client,
 				       PW_VERSION_CLIENT,
+				       PW_CLIENT_PERM_MASK,
 				       properties,
 				       global_bind,
 				       client);

src/pipewire/impl-core.c

@@ -588,6 +588,7 @@ int pw_impl_core_register(struct pw_impl_core *core,
         core->global = pw_global_new(context,
 					PW_TYPE_INTERFACE_Core,
 					PW_VERSION_CORE,
+					PW_CORE_PERM_MASK,
 					properties,
 					global_bind,
 					core);

src/pipewire/impl-device.c

@@ -560,6 +560,7 @@ int pw_impl_device_register(struct pw_impl_device *device,
         device->global = pw_global_new(context,
 				       PW_TYPE_INTERFACE_Device,
 				       PW_VERSION_DEVICE,
+				       PW_DEVICE_PERM_MASK,
 				       properties,
 				       global_bind,
 				       device);

src/pipewire/impl-factory.c

@@ -174,6 +174,7 @@ int pw_impl_factory_register(struct pw_impl_factory *factory,
         factory->global = pw_global_new(context,
 					PW_TYPE_INTERFACE_Factory,
 					PW_VERSION_FACTORY,
+					PW_FACTORY_PERM_MASK,
 					properties,
 					global_bind,
 					factory);

src/pipewire/impl-link.c

@@ -1462,6 +1462,7 @@ int pw_impl_link_register(struct pw_impl_link *link,
 	link->global = pw_global_new(context,
 				     PW_TYPE_INTERFACE_Link,
 				     PW_VERSION_LINK,
+				     PW_LINK_PERM_MASK,
 				     properties,
 				     global_bind,
 				     link);

src/pipewire/impl-metadata.c

@@ -519,6 +519,7 @@ int pw_impl_metadata_register(struct pw_impl_metadata *metadata,
         metadata->global = pw_global_new(context,
 					PW_TYPE_INTERFACE_Metadata,
 					PW_VERSION_METADATA,
+					PW_METADATA_PERM_MASK,
 					properties,
 					global_bind,
 					metadata);

src/pipewire/impl-module.c

@@ -222,6 +222,7 @@ pw_context_load_module(struct pw_context *context,
 	this->global = pw_global_new(context,
 				     PW_TYPE_INTERFACE_Module,
 				     PW_VERSION_MODULE,
+				     PW_MODULE_PERM_MASK,
 				     NULL,
 				     global_bind,
 				     this);

src/pipewire/impl-node.c

@@ -773,6 +773,7 @@ int pw_impl_node_register(struct pw_impl_node *this,
 	this->global = pw_global_new(context,
 				     PW_TYPE_INTERFACE_Node,
 				     PW_VERSION_NODE,
+				     PW_NODE_PERM_MASK,
 				     properties,
 				     global_bind,
 				     this);

src/pipewire/impl-port.c

@@ -1000,6 +1000,7 @@ int pw_impl_port_register(struct pw_impl_port *port,
 	port->global = pw_global_new(node->context,
 				PW_TYPE_INTERFACE_Port,
 				PW_VERSION_PORT,
+				PW_PORT_PERM_MASK,
 				properties,
 				global_bind,
 				port);

src/pipewire/link.h

@@ -31,6 +31,8 @@ extern "C" {
 
 #define PW_TYPE_INTERFACE_Link	PW_TYPE_INFO_INTERFACE_BASE "Link"
 
+#define PW_LINK_PERM_MASK	PW_PERM_R
+
 #define PW_VERSION_LINK		3
 struct pw_link;
 

src/pipewire/module.h

@@ -24,6 +24,8 @@ extern "C" {
  */
 #define PW_TYPE_INTERFACE_Module	PW_TYPE_INFO_INTERFACE_BASE "Module"
 
+#define PW_MODULE_PERM_MASK		PW_PERM_R
+
 #define PW_VERSION_MODULE		3
 struct pw_module;
 

src/pipewire/node.h

@@ -29,6 +29,8 @@ extern "C" {
  */
 #define PW_TYPE_INTERFACE_Node	PW_TYPE_INFO_INTERFACE_BASE "Node"
 
+#define PW_NODE_PERM_MASK	PW_PERM_RWXM
+
 #define PW_VERSION_NODE		3
 struct pw_node;
 

src/pipewire/permission.h

@@ -30,7 +30,8 @@ extern "C" {
 				  *  present in order to call methods that modify the object. */
 #define PW_PERM_M	0010	/**< metadata can be set on object, Since 0.3.9 */
 
-#define PW_PERM_RWX	(PW_PERM_R|PW_PERM_W|PW_PERM_X)
+#define PW_PERM_RW	(PW_PERM_R|PW_PERM_W)
+#define PW_PERM_RWX	(PW_PERM_RW|PW_PERM_X)
 #define PW_PERM_RWXM	(PW_PERM_RWX|PW_PERM_M)
 
 #define PW_PERM_IS_R(p) (((p)&PW_PERM_R) == PW_PERM_R)

src/pipewire/port.h

@@ -29,6 +29,8 @@ extern "C" {
 
 #define PW_TYPE_INTERFACE_Port	PW_TYPE_INFO_INTERFACE_BASE "Port"
 
+#define PW_PORT_PERM_MASK	PW_PERM_R|PW_PERM_X|PW_PERM_M
+
 #define PW_VERSION_PORT		3
 struct pw_port;
 

src/pipewire/private.h

@@ -288,6 +288,7 @@ struct pw_global {
 
 	const char *type;		/**< type of interface */
 	uint32_t version;		/**< version of interface */
+	uint32_t permission_mask;	/**< possible permissions */
 
 	pw_global_bind_func_t func;	/**< bind function */
 	void *object;			/**< object associated with the interface */