aboutsummaryrefslogtreecommitdiffstats
path: root/meta-pipewire
diff options
context:
space:
mode:
Diffstat (limited to 'meta-pipewire')
-rw-r--r--meta-pipewire/conf/layer.conf5
-rw-r--r--meta-pipewire/dynamic-layers/meta-app-framework/recipes-apis/agl-service-audiomixer/agl-service-audiomixer_git.bb17
-rw-r--r--meta-pipewire/dynamic-layers/meta-app-framework/recipes-core/packagegroups/packagegroup-pipewire.bbappend3
-rw-r--r--meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/0001-modules-add-new-access-seclabel-module.patch263
-rw-r--r--meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/pipewire.conf56
-rw-r--r--meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/pipewire.service24
-rw-r--r--meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/pipewire.socket16
-rw-r--r--meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/smack-pipewire8
-rw-r--r--meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire_0.3.30.bbappend34
-rw-r--r--meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/wireplumber/wireplumber-config-agl/50-access-agl.lua1
-rw-r--r--meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/wireplumber/wireplumber-config-agl/access-smack.lua17
-rw-r--r--meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/wireplumber/wireplumber-config-agl_git.bbappend15
-rw-r--r--meta-pipewire/dynamic-layers/meta-app-framework/recipes-security/cynagora/cynagora_%.bbappend4
-rw-r--r--meta-pipewire/dynamic-layers/meta-app-framework/recipes-security/security-manager/security-manager_%.bbappend3
-rwxr-xr-xmeta-pipewire/scripts/run-yocto-check-layer.sh2
15 files changed, 1 insertions, 467 deletions
diff --git a/meta-pipewire/conf/layer.conf b/meta-pipewire/conf/layer.conf
index a4965e5e8..aec34d7e4 100644
--- a/meta-pipewire/conf/layer.conf
+++ b/meta-pipewire/conf/layer.conf
@@ -12,10 +12,5 @@ BBFILE_PRIORITY_meta-pipewire = "71"
LAYERSERIES_COMPAT_meta-pipewire = "dunfell"
LAYERDEPENDS_meta-pipewire = "openembedded-layer"
-BBFILES_DYNAMIC += " \
- app-framework:${LAYERDIR}/dynamic-layers/meta-app-framework/*/*/*.bb \
- app-framework:${LAYERDIR}/dynamic-layers/meta-app-framework/*/*/*.bbappend \
-"
-
#
LICENSE_PATH += "${LAYERDIR}/licenses"
diff --git a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-apis/agl-service-audiomixer/agl-service-audiomixer_git.bb b/meta-pipewire/dynamic-layers/meta-app-framework/recipes-apis/agl-service-audiomixer/agl-service-audiomixer_git.bb
deleted file mode 100644
index f7235c177..000000000
--- a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-apis/agl-service-audiomixer/agl-service-audiomixer_git.bb
+++ /dev/null
@@ -1,17 +0,0 @@
-SUMMARY = "Audio Mixer Service Binding"
-DESCRIPTION = "AGL Audio Mixer Service Binding"
-SECTION = "apps"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;beginline=3;md5=e8ad01a5182f2c1b3a2640e9ea268264"
-
-PV = "0.1+git${SRCPV}"
-
-SRC_URI = "git://gerrit.automotivelinux.org/gerrit/apps/agl-service-audiomixer.git;protocol=https;branch=${AGL_BRANCH}"
-SRCREV = "${AGL_APP_REVISION}"
-
-S = "${WORKDIR}/git"
-
-inherit cmake aglwgt pkgconfig
-
-DEPENDS += "pipewire wireplumber json-c"
-RDEPENDS:${PN} = "agl-service-signal-composer"
diff --git a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-core/packagegroups/packagegroup-pipewire.bbappend b/meta-pipewire/dynamic-layers/meta-app-framework/recipes-core/packagegroups/packagegroup-pipewire.bbappend
deleted file mode 100644
index 691236d41..000000000
--- a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-core/packagegroups/packagegroup-pipewire.bbappend
+++ /dev/null
@@ -1,3 +0,0 @@
-RDEPENDS:${PN} += " \
- agl-service-audiomixer \
- "
diff --git a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/0001-modules-add-new-access-seclabel-module.patch b/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/0001-modules-add-new-access-seclabel-module.patch
deleted file mode 100644
index 17cb6ec79..000000000
--- a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/0001-modules-add-new-access-seclabel-module.patch
+++ /dev/null
@@ -1,263 +0,0 @@
-From b6854927aaf5e5970178ed9b0c6647bb759f2092 Mon Sep 17 00:00:00 2001
-From: George Kiagiadakis <george.kiagiadakis@collabora.com>
-Date: Tue, 16 Feb 2021 17:26:20 +0200
-Subject: [PATCH] modules: add new access-seclabel module
-
-This module allows access control based on the security label
-of the client. It is tailored for use with the semantics of SMACK
-
-Upstream-Status: Inappropriate [smack specific]
-
----
- src/modules/meson.build | 10 ++
- src/modules/module-access-seclabel.c | 220 +++++++++++++++++++++++++++
- 2 files changed, 230 insertions(+)
- create mode 100644 src/modules/module-access-seclabel.c
-
-diff --git a/src/modules/meson.build b/src/modules/meson.build
-index f51aa29c..21b52d49 100644
---- a/src/modules/meson.build
-+++ b/src/modules/meson.build
-@@ -56,6 +56,16 @@ pipewire_module_echo_cancel = shared_library('pipewire-module-echo-cancel',
- dependencies : [mathlib, dl_lib, pipewire_dep, webrtc_dep],
- )
-
-+pipewire_module_access_seclabel = shared_library('pipewire-module-access-seclabel',
-+ [ 'module-access-seclabel.c' ],
-+ c_args : pipewire_module_c_args,
-+ include_directories : [configinc, spa_inc],
-+ install : true,
-+ install_dir : modules_install_dir,
-+ install_rpath: modules_install_dir,
-+ dependencies : [mathlib, dl_lib, pipewire_dep],
-+)
-+
- pipewire_module_profiler = shared_library('pipewire-module-profiler',
- [ 'module-profiler.c',
- 'module-profiler/protocol-native.c', ],
-diff --git a/src/modules/module-access-seclabel.c b/src/modules/module-access-seclabel.c
-new file mode 100644
-index 00000000..3739f2e4
---- /dev/null
-+++ b/src/modules/module-access-seclabel.c
-@@ -0,0 +1,220 @@
-+/* PipeWire
-+ *
-+ * Copyright © 2018 Wim Taymans
-+ * Copyright © 2021 Collabora Ltd.
-+ * @author George Kiagiadakis <george.kiagiadakis@collabora.com>
-+ *
-+ * Permission is hereby granted, free of charge, to any person obtaining a
-+ * copy of this software and associated documentation files (the "Software"),
-+ * to deal in the Software without restriction, including without limitation
-+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
-+ * and/or sell copies of the Software, and to permit persons to whom the
-+ * Software is furnished to do so, subject to the following conditions:
-+ *
-+ * The above copyright notice and this permission notice (including the next
-+ * paragraph) shall be included in all copies or substantial portions of the
-+ * Software.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-+ * DEALINGS IN THE SOFTWARE.
-+ */
-+
-+#include <string.h>
-+#include <stdio.h>
-+#include <errno.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <sys/vfs.h>
-+#include <fcntl.h>
-+#include <unistd.h>
-+
-+#include "config.h"
-+
-+#include <spa/utils/result.h>
-+#include <spa/utils/json.h>
-+
-+#include <pipewire/impl.h>
-+#include <pipewire/private.h>
-+
-+#define NAME "access-seclabel"
-+
-+#define MODULE_USAGE "[ seclabel.allowed=<cmd-line> ] " \
-+ "[ seclabel.rejected=<cmd-line> ] " \
-+ "[ seclabel.restricted=<cmd-line> ] " \
-+
-+static const struct spa_dict_item module_props[] = {
-+ { PW_KEY_MODULE_AUTHOR, "George Kiagiadakis <george.kiagiadakis@collabora.com>" },
-+ { PW_KEY_MODULE_DESCRIPTION, "Perform access check based on the security label" },
-+ { PW_KEY_MODULE_USAGE, MODULE_USAGE },
-+ { PW_KEY_MODULE_VERSION, PACKAGE_VERSION },
-+};
-+
-+struct impl {
-+ struct pw_context *context;
-+ struct pw_properties *properties;
-+
-+ struct spa_hook context_listener;
-+ struct spa_hook module_listener;
-+};
-+
-+static int check_label(const char *label, const char *str)
-+{
-+ char key[1024];
-+ int res = 0;
-+ struct spa_json it[2];
-+
-+ spa_json_init(&it[0], str, strlen(str));
-+ if ((res = spa_json_enter_array(&it[0], &it[1])) <= 0)
-+ goto exit;
-+
-+ res = 0;
-+ while (spa_json_get_string(&it[1], key, sizeof(key)) > 0) {
-+ if (strcmp(label, key) == 0) {
-+ res = 1;
-+ break;
-+ }
-+ }
-+exit:
-+ return res;
-+}
-+
-+static void
-+context_check_access(void *data, struct pw_impl_client *client)
-+{
-+ struct impl *impl = data;
-+ struct pw_permission permissions[1];
-+ struct spa_dict_item items[2];
-+ const struct pw_properties *props;
-+ const char *str, *access, *label = NULL;
-+ int res;
-+
-+ if ((props = pw_impl_client_get_properties(client)) != NULL) {
-+ if ((str = pw_properties_get(props, PW_KEY_ACCESS)) != NULL) {
-+ pw_log_info(NAME " client %p: has already access: '%s'", client, str);
-+ return;
-+ }
-+ label = pw_properties_get(props, PW_KEY_SEC_LABEL);
-+ }
-+
-+ if (!label) {
-+ pw_log_info(NAME " client %p: has no security label", client);
-+ return;
-+ }
-+
-+ if (impl->properties && (str = pw_properties_get(impl->properties, "seclabel.allowed")) != NULL) {
-+ res = check_label(label, str);
-+ if (res < 0) {
-+ pw_log_warn(NAME" %p: client %p allowed check failed: %s",
-+ impl, client, spa_strerror(res));
-+ } else if (res > 0) {
-+ access = "allowed";
-+ goto granted;
-+ }
-+ }
-+
-+ if (impl->properties && (str = pw_properties_get(impl->properties, "seclabel.rejected")) != NULL) {
-+ res = check_label(label, str);
-+ if (res < 0) {
-+ pw_log_warn(NAME" %p: client %p rejected check failed: %s",
-+ impl, client, spa_strerror(res));
-+ } else if (res > 0) {
-+ res = -EACCES;
-+ access = "rejected";
-+ goto rejected;
-+ }
-+ }
-+
-+ if (impl->properties && (str = pw_properties_get(impl->properties, "seclabel.restricted")) != NULL) {
-+ res = check_label(label, str);
-+ if (res < 0) {
-+ pw_log_warn(NAME" %p: client %p restricted check failed: %s",
-+ impl, client, spa_strerror(res));
-+ }
-+ else if (res > 0) {
-+ pw_log_debug(NAME" %p: restricted client %p added", impl, client);
-+ access = "restricted";
-+ goto wait_permissions;
-+ }
-+ }
-+
-+ return;
-+
-+granted:
-+ pw_log_info(NAME" %p: client %p '%s' access granted", impl, client, access);
-+ items[0] = SPA_DICT_ITEM_INIT(PW_KEY_ACCESS, access);
-+ pw_impl_client_update_properties(client, &SPA_DICT_INIT(items, 1));
-+
-+ permissions[0] = PW_PERMISSION_INIT(PW_ID_ANY, PW_PERM_ALL);
-+ pw_impl_client_update_permissions(client, 1, permissions);
-+ return;
-+
-+wait_permissions:
-+ pw_log_info(NAME " %p: client %p wait for '%s' permissions",
-+ impl, client, access);
-+ items[0] = SPA_DICT_ITEM_INIT(PW_KEY_ACCESS, access);
-+ pw_impl_client_update_properties(client, &SPA_DICT_INIT(items, 1));
-+ return;
-+
-+rejected:
-+ pw_resource_error(pw_impl_client_get_core_resource(client), res, access);
-+ items[0] = SPA_DICT_ITEM_INIT(PW_KEY_ACCESS, access);
-+ pw_impl_client_update_properties(client, &SPA_DICT_INIT(items, 1));
-+ return;
-+}
-+
-+static const struct pw_context_events context_events = {
-+ PW_VERSION_CONTEXT_EVENTS,
-+ .check_access = context_check_access,
-+};
-+
-+static void module_destroy(void *data)
-+{
-+ struct impl *impl = data;
-+
-+ spa_hook_remove(&impl->context_listener);
-+ spa_hook_remove(&impl->module_listener);
-+
-+ if (impl->properties)
-+ pw_properties_free(impl->properties);
-+
-+ free(impl);
-+}
-+
-+static const struct pw_impl_module_events module_events = {
-+ PW_VERSION_IMPL_MODULE_EVENTS,
-+ .destroy = module_destroy,
-+};
-+
-+SPA_EXPORT
-+int pipewire__module_init(struct pw_impl_module *module, const char *args)
-+{
-+ struct pw_context *context = pw_impl_module_get_context(module);
-+ struct pw_properties *props;
-+ struct impl *impl;
-+
-+ impl = calloc(1, sizeof(struct impl));
-+ if (impl == NULL)
-+ return -errno;
-+
-+ pw_log_debug(NAME" module %p: new %s", impl, args);
-+
-+ if (args)
-+ props = pw_properties_new_string(args);
-+ else
-+ props = NULL;
-+
-+ impl->context = context;
-+ impl->properties = props;
-+
-+ pw_context_add_listener(context, &impl->context_listener, &context_events, impl);
-+ pw_impl_module_add_listener(module, &impl->module_listener, &module_events, impl);
-+
-+ pw_impl_module_update_properties(module, &SPA_DICT_INIT_ARRAY(module_props));
-+
-+ return 0;
-+}
diff --git a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/pipewire.conf b/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/pipewire.conf
deleted file mode 100644
index 5857c4861..000000000
--- a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/pipewire.conf
+++ /dev/null
@@ -1,56 +0,0 @@
-context.properties = {
- core.daemon = true
- core.name = pipewire-0
- support.dbus = false
- link.max-buffers = 16
-
- # 1=error, 2=warning, 3=info, 4=debug, 5=trace
- log.level = 2
-
- ## Properties for the DSP configuration.
- default.clock.rate = 48000
- default.clock.quantum = 1024
- default.clock.min-quantum = 512
- default.clock.max-quantum = 8192
-}
-
-context.spa-libs = {
- audio.convert.* = audioconvert/libspa-audioconvert
- api.alsa.* = alsa/libspa-alsa
- api.v4l2.* = v4l2/libspa-v4l2
- support.* = support/libspa-support
-}
-
-context.modules = [
- { name = libpipewire-module-protocol-native }
- { name = libpipewire-module-metadata }
- { name = libpipewire-module-spa-device-factory }
- { name = libpipewire-module-spa-node-factory }
- { name = libpipewire-module-client-node }
- { name = libpipewire-module-client-device }
- { name = libpipewire-module-adapter }
- { name = libpipewire-module-link-factory }
- { name = libpipewire-module-session-manager }
-
- # allow clients with the "System" SMACK label
- # such a client is also the session manager (wireplumber)
- {
- name = libpipewire-module-access-seclabel
- args= {
- seclabel.allowed = [ System ]
- }
- }
-
- # and restrict all other clients
- {
- name = libpipewire-module-access
- args= {
- access.force = restricted
- }
- }
-
- # The profile module. Allows application to access profiler
- # and performance data. It provides an interface that is used
- # by pw-top and pw-profiler.
- #{ name = libpipewire-module-profiler }
-]
diff --git a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/pipewire.service b/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/pipewire.service
deleted file mode 100644
index b37fe2551..000000000
--- a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/pipewire.service
+++ /dev/null
@@ -1,24 +0,0 @@
-[Unit]
-Description=Multimedia Service
-Requires=pipewire.socket
-
-[Service]
-LockPersonality=yes
-MemoryDenyWriteExecute=yes
-NoNewPrivileges=yes
-RestrictNamespaces=yes
-SystemCallArchitectures=native
-SystemCallFilter=@system-service
-Type=simple
-ExecStart=/usr/bin/pipewire
-Restart=on-failure
-RuntimeDirectory=pipewire
-RuntimeDirectoryPreserve=yes
-User=pipewire
-Environment=PIPEWIRE_RUNTIME_DIR=%t/pipewire
-SmackProcessLabel=System::Pipewire
-UMask=0077
-
-[Install]
-Also=pipewire.socket
-WantedBy=default.target
diff --git a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/pipewire.socket b/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/pipewire.socket
deleted file mode 100644
index a83435be4..000000000
--- a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/pipewire.socket
+++ /dev/null
@@ -1,16 +0,0 @@
-[Unit]
-Description=Multimedia System
-
-[Socket]
-Priority=6
-Backlog=5
-ListenStream=%t/pipewire/pipewire-0
-SocketUser=pipewire
-SocketGroup=pipewire
-SocketMode=0666
-SmackLabel=*
-SmackLabelIPIn=System
-SmackLabelIPOut=System
-
-[Install]
-WantedBy=sockets.target
diff --git a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/smack-pipewire b/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/smack-pipewire
deleted file mode 100644
index 8d5b541ff..000000000
--- a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/smack-pipewire
+++ /dev/null
@@ -1,8 +0,0 @@
-System System::Pipewire rwxa--
-System::Pipewire System -wx---
-System::Pipewire System::Shared r-x---
-System::Pipewire System::Run rwxat-
-System::Pipewire System::Log rwxa--
-System::Pipewire _ r-x--l
-System::Pipewire User::Home r-x--l
-System::Pipewire User::App-Shared rwxat-
diff --git a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire_0.3.30.bbappend b/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire_0.3.30.bbappend
deleted file mode 100644
index d0d7e9d29..000000000
--- a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire_0.3.30.bbappend
+++ /dev/null
@@ -1,34 +0,0 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/pipewire:"
-
-SRC_URI:append= "\
- file://0001-modules-add-new-access-seclabel-module.patch \
- file://pipewire.conf \
- file://pipewire.service \
- file://pipewire.socket \
- file://smack-pipewire \
-"
-
-do_install:append() {
- # replace the original config with our smack-aware config
- mkdir -p ${D}${sysconfdir}/pipewire/
- install -m 0644 ${WORKDIR}/pipewire.conf ${D}${sysconfdir}/pipewire/pipewire.conf
-
- if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
- # remove the original unit files shipped by pipewire
- rm -rf ${D}${systemd_system_unitdir}/pipewire.*
-
- # install our own system-level templates
- mkdir -p ${D}${systemd_system_unitdir}/
- install -m 0644 ${WORKDIR}/pipewire.service ${D}${systemd_system_unitdir}/pipewire.service
- install -m 0644 ${WORKDIR}/pipewire.socket ${D}${systemd_system_unitdir}/pipewire.socket
-
- # install smack rules
- mkdir -p ${D}${sysconfdir}/smack/accesses.d
- install -m 0644 ${WORKDIR}/smack-pipewire ${D}${sysconfdir}/smack/accesses.d/pipewire
- fi
-}
-
-FILES:${PN}:append = "\
- ${sysconfdir}/smack/accesses.d/* \
- ${sysconfdir}/pipewire/pipewire.conf \
-"
diff --git a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/wireplumber/wireplumber-config-agl/50-access-agl.lua b/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/wireplumber/wireplumber-config-agl/50-access-agl.lua
deleted file mode 100644
index 10b3d7ae3..000000000
--- a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/wireplumber/wireplumber-config-agl/50-access-agl.lua
+++ /dev/null
@@ -1 +0,0 @@
-load_access("smack")
diff --git a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/wireplumber/wireplumber-config-agl/access-smack.lua b/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/wireplumber/wireplumber-config-agl/access-smack.lua
deleted file mode 100644
index a662a0f20..000000000
--- a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/wireplumber/wireplumber-config-agl/access-smack.lua
+++ /dev/null
@@ -1,17 +0,0 @@
-clients_om = ObjectManager {
- Interest {
- type = "client",
- Constraint { "pipewire.access", "=", "restricted" },
- }
-}
-
-clients_om:connect("object-added", function (om, client)
- local smack_label = client["global-properties"]["pipewire.sec.label"]
-
- if smack_label:match("^User::App::.+") then
- -- FIXME: apps can work with less permissions
- client:update_permissions { ["any"] = "all" }
- end
-end)
-
-clients_om:activate()
diff --git a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/wireplumber/wireplumber-config-agl_git.bbappend b/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/wireplumber/wireplumber-config-agl_git.bbappend
deleted file mode 100644
index 6a40b5f35..000000000
--- a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/wireplumber/wireplumber-config-agl_git.bbappend
+++ /dev/null
@@ -1,15 +0,0 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/wireplumber-config-agl:"
-
-SRC_URI += "\
- file://50-access-agl.lua \
- file://access-smack.lua \
-"
-
-do_install:append() {
- # install smack-specific config
- config_dir="${D}${sysconfdir}/wireplumber/host.lua.d/"
- access_dir="${D}${datadir}/wireplumber/scripts/access/"
- install -d ${access_dir}
- install -m 0644 ${WORKDIR}/50-access-agl.lua ${config_dir}
- install -m 0644 ${WORKDIR}/access-smack.lua ${access_dir}
-}
diff --git a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-security/cynagora/cynagora_%.bbappend b/meta-pipewire/dynamic-layers/meta-app-framework/recipes-security/cynagora/cynagora_%.bbappend
deleted file mode 100644
index 9dbf47afc..000000000
--- a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-security/cynagora/cynagora_%.bbappend
+++ /dev/null
@@ -1,4 +0,0 @@
-do_install:append() {
- echo "System::Pipewire * * http://tizen.org/privilege/internal/dbus yes forever" >> ${D}${sysconfdir}/security/cynagora.initial
-}
-
diff --git a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-security/security-manager/security-manager_%.bbappend b/meta-pipewire/dynamic-layers/meta-app-framework/recipes-security/security-manager/security-manager_%.bbappend
deleted file mode 100644
index 6ab9d07ef..000000000
--- a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-security/security-manager/security-manager_%.bbappend
+++ /dev/null
@@ -1,3 +0,0 @@
-do_install:append() {
- echo "~APP~ System::Pipewire rw" >> ${D}${datadir}/security-manager/policy/app-rules-template.smack
-}
diff --git a/meta-pipewire/scripts/run-yocto-check-layer.sh b/meta-pipewire/scripts/run-yocto-check-layer.sh
index 894153917..508d8f749 100755
--- a/meta-pipewire/scripts/run-yocto-check-layer.sh
+++ b/meta-pipewire/scripts/run-yocto-check-layer.sh
@@ -20,7 +20,7 @@ AGL_EXTRA_IMAGE_FSTYPES ?= ""
# important settings imported from poky-agl.conf
# we do not import
-DISTRO_FEATURES:append = " systemd smack"
+DISTRO_FEATURES:append = " systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED:append = " sysvinit"
VIRTUAL-RUNTIME_init_manager = "systemd"