mirror of
https://gitlab.freedesktop.org/pipewire/pipewire.git
synced 2025-11-04 13:30:12 -05:00
modules: refactor check_flatpak to a common place
Move check_flatpak used by module-access and module-protocol-pulse to a common flatpak-utils.h
This commit is contained in:
Pauli Virtanen
Wim Taymans
parent
f32017c874
commit
5e5339ce6c
3 changed files with 94 additions and 52 deletions
|
|
@ -46,6 +46,8 @@
|
|||
#include <pipewire/impl.h>
|
||||
#include <pipewire/private.h>
|
||||
|
||||
#include "flatpak-utils.h"
|
||||
|
||||
/** \page page_module_access PipeWire Module: Access
|
||||
*
|
||||
*
|
||||
|
|
@ -184,54 +186,6 @@ exit:
|
|||
return res;
|
||||
}
|
||||
|
||||
#if defined(__linux__)
|
||||
static int check_flatpak(struct pw_impl_client *client, int pid)
|
||||
{
|
||||
char root_path[2048];
|
||||
int root_fd, info_fd, res;
|
||||
struct stat stat_buf;
|
||||
|
||||
sprintf(root_path, "/proc/%u/root", pid);
|
||||
root_fd = openat (AT_FDCWD, root_path, O_RDONLY | O_NONBLOCK | O_DIRECTORY | O_CLOEXEC | O_NOCTTY);
|
||||
if (root_fd == -1) {
|
||||
res = -errno;
|
||||
if (res == -EACCES) {
|
||||
struct statfs buf;
|
||||
/* Access to the root dir isn't allowed. This can happen if the root is on a fuse
|
||||
* filesystem, such as in a toolbox container. We will never have a fuse rootfs
|
||||
* in the flatpak case, so in that case its safe to ignore this and
|
||||
* continue to detect other types of apps. */
|
||||
if (statfs(root_path, &buf) == 0 &&
|
||||
buf.f_type == 0x65735546) /* FUSE_SUPER_MAGIC */
|
||||
return 0;
|
||||
}
|
||||
/* Not able to open the root dir shouldn't happen. Probably the app died and
|
||||
* we're failing due to /proc/$pid not existing. In that case fail instead
|
||||
* of treating this as privileged. */
|
||||
pw_log_info("failed to open \"%s\": %s", root_path, spa_strerror(res));
|
||||
return res;
|
||||
}
|
||||
info_fd = openat (root_fd, ".flatpak-info", O_RDONLY | O_CLOEXEC | O_NOCTTY);
|
||||
close (root_fd);
|
||||
if (info_fd == -1) {
|
||||
if (errno == ENOENT) {
|
||||
pw_log_debug("no .flatpak-info, client on the host");
|
||||
/* No file => on the host */
|
||||
return 0;
|
||||
}
|
||||
res = -errno;
|
||||
pw_log_error("error opening .flatpak-info: %m");
|
||||
return res;
|
||||
}
|
||||
if (fstat (info_fd, &stat_buf) != 0 || !S_ISREG (stat_buf.st_mode)) {
|
||||
/* Some weird fd => failure, assume sandboxed */
|
||||
pw_log_error("error fstat .flatpak-info: %m");
|
||||
}
|
||||
close(info_fd);
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
static void
|
||||
context_check_access(void *data, struct pw_impl_client *client)
|
||||
{
|
||||
|
|
@ -298,8 +252,7 @@ context_check_access(void *data, struct pw_impl_client *client)
|
|||
(access = pw_properties_get(impl->properties, "access.force")) != NULL)
|
||||
goto wait_permissions;
|
||||
|
||||
#if defined(__linux__)
|
||||
res = check_flatpak(client, pid);
|
||||
res = pw_check_flatpak(pid);
|
||||
if (res != 0) {
|
||||
if (res < 0) {
|
||||
if (res == -EACCES) {
|
||||
|
|
@ -315,7 +268,7 @@ context_check_access(void *data, struct pw_impl_client *client)
|
|||
access = "flatpak";
|
||||
goto wait_permissions;
|
||||
}
|
||||
#endif
|
||||
|
||||
if ((access = pw_properties_get(props, PW_KEY_CLIENT_ACCESS)) == NULL)
|
||||
access = "unrestricted";
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue