mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2025-11-04 13:30:12 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

access: don't check access if already set

Browse source 
If we already have an access property, leave the client as is.
This commit is contained in:
Wim Taymans 2020-07-17 13:23:50 +02:00
parent 4d4904187b
commit 89b189d190
1 changed files with 15 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

23
src/modules/module-access.c
View file

@ -36,6 +36,8 @@
#include <pipewire/impl.h>
#define NAME "access"
#define MODULE_USAGE "[ access.force=flatpak ] " \
"[ access.allowed=<cmd-line> ] " \
"[ access.rejected=<cmd-line> ] " \
@ -131,6 +133,10 @@ context_check_access(void *data, struct pw_impl_client *client)
pid = -EINVAL;
if ((props = pw_impl_client_get_properties(client)) != NULL) {
if ((str = pw_properties_get(props, PW_KEY_ACCESS)) != NULL) {
pw_log_info("client %p: already has access checked", client);
return;
}
if ((str = pw_properties_get(props, PW_KEY_SEC_PID)) != NULL)
pid = atoi(str);
}
@ -145,7 +151,7 @@ context_check_access(void *data, struct pw_impl_client *client)
if (impl->properties && (str = pw_properties_get(impl->properties, "access.allowed")) != NULL) {
res = check_cmdline(client, pid, str);
if (res < 0) {
pw_log_warn("module %p: client %p allowed check failed: %s",
pw_log_warn(NAME" %p: client %p allowed check failed: %s",
impl, client, spa_strerror(res));
} else if (res > 0)
goto granted;
@ -154,7 +160,7 @@ context_check_access(void *data, struct pw_impl_client *client)
if (impl->properties && (str = pw_properties_get(impl->properties, "access.rejected")) != NULL) {
res = check_cmdline(client, pid, str);
if (res < 0) {
pw_log_warn("module %p: client %p rejected check failed: %s",
pw_log_warn(NAME" %p: client %p rejected check failed: %s",
impl, client, spa_strerror(res));
} else if (res > 0) {
res = -EACCES;
@ -166,11 +172,11 @@ context_check_access(void *data, struct pw_impl_client *client)
if (impl->properties && (str = pw_properties_get(impl->properties, "access.restricted")) != NULL) {
res = check_cmdline(client, pid, str);
if (res < 0) {
pw_log_warn("module %p: client %p restricted check failed: %s",
pw_log_warn(NAME" %p: client %p restricted check failed: %s",
impl, client, spa_strerror(res));
}
else if (res > 0) {
pw_log_debug("module %p: restricted client %p added", impl, client);
pw_log_debug(NAME" %p: restricted client %p added", impl, client);
items[0] = SPA_DICT_ITEM_INIT(PW_KEY_ACCESS, "restricted");
goto wait_permissions;
}
@ -184,25 +190,26 @@ context_check_access(void *data, struct pw_impl_client *client)
}
if (res != 0) {
if (res < 0) {
pw_log_warn("module %p: client %p sandbox check failed: %s",
pw_log_warn(NAME" %p: client %p sandbox check failed: %s",
impl, client, spa_strerror(res));
if (res == -EACCES)
goto granted;
}
else if (res > 0) {
pw_log_debug("module %p: sandboxed client %p added", impl, client);
pw_log_debug(NAME" %p: sandboxed client %p added", impl, client);
}
items[0] = SPA_DICT_ITEM_INIT(PW_KEY_ACCESS, access);
goto wait_permissions;
}
granted:
pw_log_debug("module %p: client %p access granted", impl, client);
pw_log_info(NAME" %p: client %p full access granted", impl, client);
permissions[0] = PW_PERMISSION_INIT(PW_ID_ANY, PW_PERM_RWX);
pw_impl_client_update_permissions(client, 1, permissions);
return;
wait_permissions:
pw_log_debug("module %p: client %p wait for permissions", impl, client);
pw_log_debug(NAME " %p: client %p wait for '%s' permissions",
impl, client, items[0].value);
pw_impl_client_update_properties(client, &SPA_DICT_INIT(items, 1));
pw_impl_client_set_busy(client, true);
return;