From 23ac9e5f3ca21cbdb935873a0b9a4d97bdfa5606 Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Tue, 16 Nov 2021 17:27:05 +0100 Subject: [PATCH] module-access: improve pipewire.client.access handling If a client (pipewire-pulse) has performed the access check and creates a client with a specific access path, it will set this in the pipewire.client.access property. For example, when a flatpak client connects to pipewire-pulse, it will create a client with the flatpak pipewire.client.access property. Check the property after reading it so that we don't blindly grant complete access to the flatpak client. Instead let the session manager to assign the permissions. This fixes a problem where flatpak clients entering pipewire-pulse would initially get full access and then be downgraded by the session manager. This would result in the pulse client thinking that it has access to objects while failing later. --- src/modules/module-access.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/modules/module-access.c b/src/modules/module-access.c index b70519ecd..ceb10b7ea 100644 --- a/src/modules/module-access.c +++ b/src/modules/module-access.c @@ -319,6 +319,11 @@ context_check_access(void *data, struct pw_impl_client *client) if ((access = pw_properties_get(props, PW_KEY_CLIENT_ACCESS)) == NULL) access = "unrestricted"; + if (spa_streq(access, "unrestricted") || spa_streq(access, "allowed")) + goto granted; + else + goto wait_permissions; + granted: pw_log_info("%p: client %p '%s' access granted", impl, client, access); items[0] = SPA_DICT_ITEM_INIT(PW_KEY_ACCESS, access);