Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
pipewire.30041
0001-impl-link-enforce-permissions-in-links.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-impl-link-enforce-permissions-in-links.patch of Package pipewire.30041
From 0a214bf6b32ae72ec8b88d8446dde8b2f18a2852 Mon Sep 17 00:00:00 2001 From: Wim Taymans <wtaymans@redhat.com> Date: Mon, 17 Jul 2023 13:32:40 +0200 Subject: [PATCH] impl-link: enforce permissions in links Enforce that the owner client of the output node can see the input node and vice versa. This works around an issue where the session manager performs a link between nodes that should not be linked, like when doing screensharing and the portal has set permissions to only see the screenshared stream, wireplumber will link to the camera when the target.object is not set. See also wireplumber#218 This has unfortunately the downside that patchbays like helvum will also not be able to link those nodes. We should probably add a new link permission to allow this explicitly. --- src/pipewire/impl-link.c | 44 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/src/pipewire/impl-link.c b/src/pipewire/impl-link.c index 23e4a3cd1e..74795ce280 100644 --- a/src/pipewire/impl-link.c +++ b/src/pipewire/impl-link.c @@ -1091,12 +1091,56 @@ static void try_unlink_controls(struct impl *impl, struct pw_impl_port *output, } } +static int check_owner_permissions(struct pw_context *context, + struct pw_impl_node *node, uint32_t id, uint32_t permissions) +{ + const char *str; + struct pw_impl_client *client; + struct pw_global *global; + uint32_t perms; + uint32_t client_id; + + str = pw_properties_get(node->properties, PW_KEY_CLIENT_ID); + if (str == NULL) + /* node not owned by client */ + return 0; + + if (!spa_atou32(str, &client_id, 0)) + /* invalid client_id, something is wrong */ + return -EIO; + if ((global = pw_context_find_global(context, client_id)) == NULL) + /* current client can't see the owner client */ + return -ENOENT; + if (!pw_global_is_type(global, PW_TYPE_INTERFACE_Client) || + (client = global->object) == NULL) + /* not the right object, something wrong */ + return -EIO; + + if ((global = pw_context_find_global(context, id)) == NULL) + /* current client can't see node id */ + return -ENOENT; + + perms = pw_global_get_permissions(global, client); + if ((perms & permissions) != permissions) + /* owner client can't see other node */ + return -EPERM; + + return 0; +} + static int check_permission(struct pw_context *context, struct pw_impl_port *output, struct pw_impl_port *input, struct pw_properties *properties) { + int res; + if ((res = check_owner_permissions(context, output->node, + input->node->info.id, PW_PERM_R)) < 0) + return res; + if ((res = check_owner_permissions(context, input->node, + output->node->info.id, PW_PERM_R)) < 0) + return res; return 0; } -- GitLab
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor