Add spa_json_begin_array/object to replace
spa_json_init+spa_json_begin_array/object
This function is better because it does not waste a useless spa_json
structure as an iterator. The relaxed versions also error out when the
container is mismatched because parsing a mismatched container is not
going to give any results anyway.
Since `spa/utils/cleanup.h` is not a private header anymore, there is
no need for a separate `pipewire/cleanup.h` since the definitions of
the cleanup routines can now be moved into the respective headers.
Add access.socket option, which sets PW_KEY_ACCESS based only on which
socket the client connected from.
Remove the executable-based permissions and all old options. Add
access.legacy=true option that enables the old default behavior. The
legacy mode cannot be used together with the socket-based access.
Emit warnings if any of the removed old options have been set.
Set pipewire.sec.flatpak=true for Flatpak applications.
The socket-based access ignores PW_KEY_CLIENT_ACCESS and the Flatpak
status when setting PW_KEY_ACCESS. Dealing with them becomes
responsibility of the session manager (or equivalent) which processes
the permission rules.
Make the default access.socket value compatible with the
module-protocol-native default two-socket configuration.
However, if neither access.socket or access.legacy is specified, we will
for now use the legacy mode for backward compatibility.
Decisions on whether an application is considered Flatpak sandboxed
should be in pw_check_flatpak.
Added the comment from 4169d9196d why we consider EACCES as
non-sandboxed. This is probably OK as it shouldn't occur on functioning
Flatpak setup.
Determine application executable file so that the result can be trusted,
and the file exists in the current namespace.
Don't use /proc/pid/cmdline, since that contains whatever was specified
by the exec() call.
Most feature checks already use #ifdef, and do not care about
the value of the macro. Convert all feature checks to do that,
and simplify the meson build scripts by replacing
if cond
cdata.set('X', 1)
endif
with
cdata.set('X', cond)
If a client (pipewire-pulse) has performed the access check and creates
a client with a specific access path, it will set this in the
pipewire.client.access property. For example, when a flatpak client
connects to pipewire-pulse, it will create a client with the flatpak
pipewire.client.access property.
Check the property after reading it so that we don't blindly grant
complete access to the flatpak client. Instead let the session
manager to assign the permissions.
This fixes a problem where flatpak clients entering pipewire-pulse would
initially get full access and then be downgraded by the session manager.
This would result in the pulse client thinking that it has access to
objects while failing later.
Just like the real free() we should just ignore a NULL pointer, makes the
caller code easier for those instances where properties are optional.
Patch generated with concinelle with a few manual fixes.
When nothing else was decided, use the client requested access
method. The idea is that pipewire-pulse will detect a flatpak client
an performs the pipewire connection on behalf of the client,
requesting flatpak access restrictions.
Assume -EACCES is a normal thing when checking /proc/<pid>/root and
continue with just an info message. Log a warning and assume
flatpak for all other errors.
Fixes#432
Drop the current client context to check permissions. This restores the
previous behaviour and fixes the permissions set by the portal module.
This fixes screen sharing again.
Fixes#362
If we can't access the root filesystem, grant access to the app.
This should not happen but for now it is a workaround for selinux
where we can't access the gnome-shell root when it connects for
screen sharing.
The proxy API is the one that we would like to expose for applications
and the other API is used internally when implementing modules or
factories.
The current pw_core object is really a context for all objects so
name it that way. It also makes it possible to rename pw_core_proxy
to pw_proxy later.
