From f5e78196c45f52b8e2acb404733c077e4a091b7d Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Thu, 30 Jul 2020 16:23:13 +0200
Subject: [PATCH] pulse: check that we have access to change metadata

---
 pipewire-pulseaudio/src/context.c    |  3 +++
 pipewire-pulseaudio/src/introspect.c | 19 +++++++++++--------
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/pipewire-pulseaudio/src/context.c b/pipewire-pulseaudio/src/context.c
index f5ba494c2..75d386083 100644
--- a/pipewire-pulseaudio/src/context.c
+++ b/pipewire-pulseaudio/src/context.c
@@ -1623,6 +1623,9 @@ static void do_default_node(pa_operation *o, void *userdata)
 	g = pa_context_find_global_by_name(c, d->mask, d->name);
 	if (g == NULL) {
 		error = PA_ERR_NOENTITY;
+	} else if (!SPA_FLAG_IS_SET(g->permissions, PW_PERM_R) ||
+		(c->metadata && !SPA_FLAG_IS_SET(c->metadata->permissions, PW_PERM_W|PW_PERM_X))) {
+		error = PA_ERR_ACCESS;
 	} else if (c->metadata) {
 		char buf[16];
 		snprintf(buf, sizeof(buf), "%d", g->id);
diff --git a/pipewire-pulseaudio/src/introspect.c b/pipewire-pulseaudio/src/introspect.c
index 10f5cb7cb..1a6c5e94f 100644
--- a/pipewire-pulseaudio/src/introspect.c
+++ b/pipewire-pulseaudio/src/introspect.c
@@ -2056,7 +2056,7 @@ static void do_target_node(pa_operation *o, void *userdata)
 {
 	struct target_node *d = userdata;
 	pa_context *c = o->context;
-	struct global *g;
+	struct global *g, *t;
 	int error = 0;
 
 	pw_log_debug("%p", c);
@@ -2068,19 +2068,22 @@ static void do_target_node(pa_operation *o, void *userdata)
 	}
 
 	if (d->target_name) {
-		g = pa_context_find_global_by_name(c, d->target_mask, d->target_name);
+		t = pa_context_find_global_by_name(c, d->target_mask, d->target_name);
 	} else {
-		if ((g = pa_context_find_global(c, d->target_idx)) == NULL ||
-		    !(g->mask & d->target_mask))
-			g = NULL;
+		if ((t = pa_context_find_global(c, d->target_idx)) == NULL ||
+		    !(t->mask & d->target_mask))
+			t = NULL;
 	}
-	if (g == NULL) {
+	if (t == NULL) {
 		error = PA_ERR_NOENTITY;
+	} else if (!SPA_FLAG_IS_SET(g->permissions, PW_PERM_R) ||
+		(c->metadata && !SPA_FLAG_IS_SET(c->metadata->permissions, PW_PERM_W|PW_PERM_X))) {
+		error = PA_ERR_ACCESS;
 	} else if (c->metadata) {
 		char buf[16];
-		snprintf(buf, sizeof(buf), "%d", g->id);
+		snprintf(buf, sizeof(buf), "%d", t->id);
 		pw_metadata_set_property(c->metadata->proxy,
-				d->idx, d->key, SPA_TYPE_INFO_BASE "Id", buf);
+				g->id, d->key, SPA_TYPE_INFO_BASE "Id", buf);
 	} else {
 		error = PA_ERR_NOTIMPLEMENTED;
 	}