diff --git a/src/daemon/pipewire.conf.in b/src/daemon/pipewire.conf.in
index cebded96b..b0628dc4f 100644
--- a/src/daemon/pipewire.conf.in
+++ b/src/daemon/pipewire.conf.in
@@ -47,13 +47,13 @@ modules = {
     # If ifexists is given, the module is ignoed when it is not found.
     # If nofail is given, module initialization failures are ignored.
     #
-    libpipewire-module-rtkit  = { "#args" = { nice.level = -11
-				              rt.prio = 20
-					      rt.time.soft = 200000
-					      rt.time.hard = 200000
-					    }
-				  "flags" = "ifexists|nofail"
-				}
+    libpipewire-module-rtkit  = {
+        "#args" = { nice.level = -11
+	            rt.prio = 20
+                    rt.time.soft = 200000
+                    rt.time.hard = 200000 }
+        "flags" = "ifexists|nofail"
+    }
     libpipewire-module-protocol-native = null
     libpipewire-module-profiler = null
     libpipewire-module-metadata = null
@@ -62,7 +62,18 @@ modules = {
     libpipewire-module-client-node = null
     libpipewire-module-client-device = null
     libpipewire-module-portal = null
-    libpipewire-module-access = { "#args" = { access.allowed = @media_session_path@ access.force = flatpak" } }
+    libpipewire-module-access = {
+        "#args" = {
+	            # access.allowed to list an array of paths of allowed
+		    # apps.
+                    access.allowed = [
+		          @media_session_path@
+	            ]
+		    # anything not in the above lists gets assigned the
+		    # access.force permission.
+                    access.force = flatpak
+                  }
+    }
     libpipewire-module-adapter = null
     libpipewire-module-link-factory = null
     libpipewire-module-session-manager = null
@@ -84,11 +95,12 @@ objects = {
 
     # A default dummy driver. This handles nodes marked with the "node.always-driver"
     # property when no other driver is currently active. JACK clients need this.
-    spa-node-factory = { args = { factory.name = support.node.driver
-                                  node.name = Dummy-Driver
-				  priority.driver = 8000
-				}
-		       }
+    spa-node-factory = {
+        args = { factory.name = support.node.driver
+                 node.name = Dummy-Driver
+		 priority.driver = 8000
+        }
+    }
 }
 
 exec = {
diff --git a/src/modules/module-access.c b/src/modules/module-access.c
index b663e0c66..5bc6bff2a 100644
--- a/src/modules/module-access.c
+++ b/src/modules/module-access.c
@@ -34,6 +34,7 @@
 #include "config.h"
 
 #include <spa/utils/result.h>
+#include <spa/utils/json.h>
 
 #include <pipewire/impl.h>
 #include <pipewire/private.h>
@@ -62,29 +63,39 @@ struct impl {
 
 static int check_cmdline(struct pw_impl_client *client, int pid, const char *str)
 {
-	char path[2048];
+	char path[2048], key[1024];
 	ssize_t len;
-	int fd;
+	int fd, res;
+	struct spa_json it[2];
 
 	sprintf(path, "/proc/%u/cmdline", pid);
 
 	fd = open(path, O_RDONLY);
-	if (fd < 0)
-		return -errno;
-
+	if (fd < 0) {
+		res = -errno;
+		goto exit;
+	}
 	if ((len = read(fd, path, sizeof(path)-1)) < 0) {
-		close(fd);
-		return -errno;
+		res = -errno;
+		goto exit_close;
 	}
 	path[len] = '\0';
 
-	if (strcmp(path, str) == 0) {
-		close(fd);
-		return 1;
-	}
+	spa_json_init(&it[0], str, strlen(str));
+	if ((res = spa_json_enter_array(&it[0], &it[1])) <= 0)
+		goto exit_close;
 
+	while (spa_json_get_string(&it[1], key, sizeof(key)) > 0) {
+		if (strcmp(path, key) == 0) {
+			res = 1;
+			goto exit_close;
+		}
+	}
+	res = 0;
+exit_close:
 	close(fd);
-	return 0;
+exit:
+	return res;
 }
 
 static int check_flatpak(struct pw_impl_client *client, int pid)