protocol-native: don't allow recursive security context

Place the engine name in pipewire.sec.context and make sure that a
client with a pipewire.sec.context property can't make new contexts.

src/modules/module-protocol-native/security-context.c

@@ -35,9 +35,44 @@ static int security_context_create(void *object,
 {
 	struct resource_data *d = object;
 	struct impl *impl = d->impl;
-	pw_protocol_add_fd_server(impl->protocol, impl->context->core,
-			listen_fd, close_fd, props);
-	return 0;
+	struct pw_impl_client *client;
+	const struct pw_properties *cp;
+	struct pw_properties *p;
+	int res = 0;
+
+	if (engine_name == NULL)
+		goto invalid;
+
+	if ((client = impl->context->current_client) == NULL)
+		goto not_allowed;
+	if (client->protocol != impl->protocol)
+		goto not_allowed;
+
+	/* we can't make a nested security context */
+	cp = pw_impl_client_get_properties(client);
+	if (pw_properties_get(cp, PW_KEY_SEC_CONTEXT) != NULL)
+		goto not_allowed;
+
+	p = props ? pw_properties_new_dict(props) : pw_properties_new(NULL, NULL);
+	if (p == NULL)
+		goto not_allowed;
+
+	pw_properties_set(p, PW_KEY_SEC_CONTEXT, engine_name);
+
+	if (pw_protocol_add_fd_server(impl->protocol, impl->context->core,
+			listen_fd, close_fd, &p->dict) == NULL)
+		res = -errno;
+
+	pw_properties_free(p);
+
+	return res;
+
+invalid:
+	pw_log_warn("missing engine name");
+	return -EINVAL;
+not_allowed:
+	pw_log_warn("can't make security context");
+	return -EPERM;
 }
 
 static const struct pw_security_context_methods security_context_methods = {