SNAP containers have two main "audio" security rules:
* audio-playback: the applications inside the container can
send audio samples into a sink
* audio-record: the applications inside the container can
get audio samples from a source
Also, old SNAP containers had the "pulseaudio" rule, which just
exposed the pulseaudio socket directly, without limits. This
is similar to the current Flatpak audio permissions.
In the pulseaudio days, a specific pulseaudio module was used
that checked the permissions given to the application and
allowed or forbade access to the pulseaudio operations.
With the change to pipewire, this functionality must be
implemented in pipewire-pulse to guarantee the sandbox
security.
This patch adds support for sandboxing permissions in the
pulseaudio module, and implements support for the SNAP audio
security model, thus forbiding a SNAP application to record
audio unless it has permissions to do so.
The current code for pipewire-pulseaudio checks the permissions
of the snap and adds three properties to each new client:
* pipewire.snap.id: contains the Snap ID of the client.
* pipewire.snap.audio.playback: its value is 'true' if the client
has permission to play audio, or 'false' if not.
* pipewire.snap.audio.record: its value is 'true' if the client
has permission to record audio, or 'false' if not.
These properties must be processed by wireplumber to add or
remove access permissions to the corresponding nodes. That
code is available in a separate patch: https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
Add a /core message to set the log level of the pulse-server.
An alternative would be to watch the settings metadata and follow the
server settings. This is however less flexible so the custom message
was chosen.
Add a function to check if a specfic custom log level has been defined
for a topic.
We can use this to dynamically check if we need to do the connection debug
messages.
We can also get rid of the conn.* pattern hack to disable connection
messages by default.
get_device_info() requires us to call update_object_info() in the added
and updated events.
Fixes a bug where the properties were invalid in the avahi txt record.
The monitor sources also list the port of the sink and so the active
port needs to be collected as well so it doesn't fall back to the first
port (which might not be available).
Check for errors when loading the geometry instead of silently failing.
The points need to be given in the user locale and so might fail to
parse when given in JSON format.
Format the geometry nicely when loading the module.
For params that don't emit change events, the param enumeration does not
start core sync, and its enumeration may be incomplete if a previous
core sync completes first.
Fix by always starting a core sync if we are updating params.
This fixes dev_info.active_port being sporadically SPA_ID_INVALID if
there is event pressure, which causes do_set_volume randomly set the
volume on the node instead of setting it on the device. This can be
triggered e.g. by shaking the volume slider in Pavucontrol with mouse.
Also include and update the state of the device/stream in
collect_device_info so that we can compare it against the previous value
and emit a change event.
Fixes#3660
Add (minimal) reference documentation for each pipewire-pulse module.
Add some preprocessing to substitute @pulse_module_options@ in docs from
PW_KEY_MODULE_USAGE so the module options don't need to be repeated.
Produce Doxygen docs + generate manpages pipewire-pulse-modules.7,
pipewire-pulse-module-*.7
Instead of passing the pw_manager object, pass the client
object to the message handler. The client's manager can
still be accessed via `client->manager`. Furthermore,
message handlers now have access to `client->impl`.
Use `open_memstream()` to create a FILE stream and pass
that to message handlers to store their response. This allows
the `open_memstream()` calls and related error handling to be
removed from the message handlers.
`spa_streq()` already checks if any of its arguments
are NULL, and NULL is not considered equal to any non-NULL
string, therefore the check can be removed.
Set `pulse.module.id` on every node that libpipewire-module-echo-cancel
creates so that one can see in the output of `pactl list {sinks,sources}`
which nodes were created by a particular instance of module-echo-cancel.
Fixes#3541
Piggy back on the Latency param change to emit a stream changed event
because we now might have a link between the stream and a device.
We should really watch for new links and emit change events for the
streams that it links to.
Fixes#3522
Let the source write into a ringbuffer when there is data available.
We then read from the ringbuffer when scheduled and use a dll to keep
the delay constant. We can later make this a driver and use the rate
correction to tweak the timeouts instead of resampling.
See #3478
For sink nodes, keep a separate device_info around for the sink and
the monitor source part of the node. Only emit changes for the sink
and monitor source part when it changed.
See #3388
Make sure don't handle names ending in .monitor as a valid sink (because
it's a monitor on the sink).
Make sure we don't return a sink (monitor) as a source accidentally but
only when explicitly requested by name with the .monitor extension.
Makes
pactl set-sink-volume alsa_output.pci-0000_00_1b.0.analog-stereo.monitor -5%
pactl set-source-volume alsa_output.pci-0000_00_1b.0.analog-stereo -5%
fail as expected.
We don't actually use this counter anywhere.
Change the counter to a mask that will contain object specific changes
to the params. This should make it possible to track what kind of
changes where done to the object and make it easier to emit the right
events later.
Tag the sink/source as HARDWARE when it's not virtual, the presence
of a DEVICE_API property is not a good check.
Make a method to check if a node is a NETWORK sink/source to make it
use the same logic everywhere.
