Introduce spa_hook_list_call_simple_safe() as a new helper that uses
spa_list_for_each_safe() and use it for pw_node_events_* This way multiple
threads can iterate at the same time and, if only one thread is active, the
current list entry can be safely removed (e.g. in
pw_node_events_destroy()).
Without this the node listener_list may be corrupted when the main and data
loop iterate over the list at the same time (See #143).
pw_core_find_format() is currently broken when one of the ports is already
active: The format of the active port is used and the other port is
completely ignored.
As a result, the autolink module may try to link a new port to the first
already active port even if the formats do not match.
To fix this, use the format of the active port as a filter and enumerate
the formats of the other port.
Detect what clients were started by the portal, and use the permission
store to determine permissions of existing and future nodes.
Clients are detected whether they are from the portal or not by
comparing the PID of the client with the PID of the owner of the
portal D-Bus name.
It is assumed that the portal will set an appropriate app_id, and a
comma seperated list of media roles (e.g. "Camera"), that should be
queried. If app_id is an empty string, it's assumed to be a
non-sandboxed client, and permissions are assumed to be allowing.
Add a permissions_changed event when the permissions change for a
global for a client.
Recheck if a link is still allowed when node permissions changed
and destroy the link if not.
To get the permissions of an object, combine the permissions
of the object and all the parent nodes up to the root.
This is necessary to enforce that a client can never see and
object id (in this case the parent id) it is not allowed to see.
Don't pass the ucred to the client construct, just set the properties
in the protocol.
Use the client properties to get ucred.
Add the security label to the client properties (from SO_PEERSEC)
Destroy all resources (except the core) for a client when it
does a hello. This typically needs to be done after passing the
connection fd from one client to another.
Properties that start with "pipewire." can only be set once. This
prevents a client from overwriting the ucred or any of the other
protected properties once they are set by the core or a module.
Allow disabling real time thread, this is useful to run inside
valgrind without being killed.
Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>
Depending on the compiler configuration 'char' may be an unsigned type
which will not work as expected.
Signed-off-by: Matthias Fend <matthias.fend@wolfvision.net>
An unquoted $@ will break for arguments with spaces in their names. Unquoted $@ will work until it doesn't, and then it can be tricky to track down exactly what went wrong. Using "$@" will save someone some headache in the future.
