protocol-native: improve security context properties

Remove the engine_name, use pipewire.sec.engine in the properties. Make some constants for this. Document some more properties.
2026-05-23 21:37:42 -04:00 · 2024-02-08 13:24:41 +01:00 · 2024-02-08 13:24:41 +01:00 · 477c6e8e90
commit 477c6e8e90
parent d250f6932c
5 changed files with 26 additions and 33 deletions
--- a/src/pipewire/extensions/security-context.h
+++ b/src/pipewire/extensions/security-context.h
@ -70,19 +70,25 @@ struct pw_security_context_methods {
 	 * After sending this request, closing listen_fd and close_fd remains the
 	 * only valid operation on them.
 	 *
-	 * \param engine_name a unique sandbox engine name.
 	 * \param listen_fd the fd to listen on for new connections
 	 * \param close_fd the fd used to stop listening
-	 * \param props extra (engine_name specific) properties. These will be
-	 *       copied on the client that connects through this context.
+	 * \param props extra properties. These will be copied on the client
+	 *     that connects through this context.
+	 *
+	 * Some properties to set:
+	 *
+	 *  - pipewire.sec.engine with the engine name.
+	 *  - pipewire.sec.app-id with the application id, this is an opaque,
+	 *      engine specific id for an application
+	 *  - pipewire.sec.instance-id with the instance id, this is an opaque,
+	 *      engine specific id for a running instance of an application.
 	 *
 	 * See https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md
-	 * For a list of engine_names and the properties to set.
+	 * For a list of engine names and the properties to set.
 	 *
 	 * This requires X and W permissions on the security_context.
 	 */
 	int (*create) (void *object,
-			const char *engine_name,
 			int listen_fd,
 			int close_fd,
 			const struct spa_dict *props);
--- a/src/pipewire/keys.h
+++ b/src/pipewire/keys.h
@ -39,7 +39,12 @@ extern "C" {
 #define PW_KEY_SEC_LABEL		"pipewire.sec.label"	/**< client security label, set by protocol*/

 #define PW_KEY_SEC_SOCKET		"pipewire.sec.socket"	/**< client socket name, set by protocol */
-#define PW_KEY_SEC_CONTEXT		"pipewire.sec.context"	/**< client secure context, set by protocol */
+
+#define PW_KEY_SEC_ENGINE		"pipewire.sec.engine"	/**< client secure context engine, set by protocol.
+								  *  This can also be set by a client when making a
+								  *  new security context. */
+#define PW_KEY_SEC_APP_ID		"pipewire.sec.app-id"	/**< client secure application id */
+#define PW_KEY_SEC_INSTANCE_ID		"pipewire.sec.instance-id"	/**< client secure instance id */

 #define PW_KEY_LIBRARY_NAME_SYSTEM	"library.name.system"	/**< name of the system library to use */
 #define PW_KEY_LIBRARY_NAME_LOOP	"library.name.loop"	/**< name of the loop library to use */