From d468ce3b3d602f7c8a88d67126a32900b76fd433 Mon Sep 17 00:00:00 2001
From: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Date: Mon, 18 Oct 2021 14:07:53 +0200
Subject: Prepare master for new framework integration

During the last workshop the transition to the new framework was presented.
This change essentially deprecates the SMACK-based application framework.

To prepare the integration of it, we remove the deprecated components:
- meta-agl-core: remove Smack kernel patches
- meta-app-framework
- meta-pipewire/dynamic-layers/meta-app-framework/

v2: rebased

Bug-AGL: SPEC-4121

Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Change-Id: Icdaeadfb5d2193f3a4c535168c88da6073423e67
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26752
---
 ...01-modules-add-new-access-seclabel-module.patch | 263 ---------------------
 1 file changed, 263 deletions(-)
 delete mode 100644 meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/0001-modules-add-new-access-seclabel-module.patch

(limited to 'meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/0001-modules-add-new-access-seclabel-module.patch')

diff --git a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/0001-modules-add-new-access-seclabel-module.patch b/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/0001-modules-add-new-access-seclabel-module.patch
deleted file mode 100644
index 17cb6ec79..000000000
--- a/meta-pipewire/dynamic-layers/meta-app-framework/recipes-multimedia/pipewire/pipewire/0001-modules-add-new-access-seclabel-module.patch
+++ /dev/null
@@ -1,263 +0,0 @@
-From b6854927aaf5e5970178ed9b0c6647bb759f2092 Mon Sep 17 00:00:00 2001
-From: George Kiagiadakis <george.kiagiadakis@collabora.com>
-Date: Tue, 16 Feb 2021 17:26:20 +0200
-Subject: [PATCH] modules: add new access-seclabel module
-
-This module allows access control based on the security label
-of the client. It is tailored for use with the semantics of SMACK
-
-Upstream-Status: Inappropriate [smack specific]
-
----
- src/modules/meson.build              |  10 ++
- src/modules/module-access-seclabel.c | 220 +++++++++++++++++++++++++++
- 2 files changed, 230 insertions(+)
- create mode 100644 src/modules/module-access-seclabel.c
-
-diff --git a/src/modules/meson.build b/src/modules/meson.build
-index f51aa29c..21b52d49 100644
---- a/src/modules/meson.build
-+++ b/src/modules/meson.build
-@@ -56,6 +56,16 @@ pipewire_module_echo_cancel = shared_library('pipewire-module-echo-cancel',
-   dependencies : [mathlib, dl_lib, pipewire_dep, webrtc_dep],
- )
- 
-+pipewire_module_access_seclabel = shared_library('pipewire-module-access-seclabel',
-+  [ 'module-access-seclabel.c' ],
-+  c_args : pipewire_module_c_args,
-+  include_directories : [configinc, spa_inc],
-+  install : true,
-+  install_dir : modules_install_dir,
-+  install_rpath: modules_install_dir,
-+  dependencies : [mathlib, dl_lib, pipewire_dep],
-+)
-+
- pipewire_module_profiler = shared_library('pipewire-module-profiler',
-   [ 'module-profiler.c',
-     'module-profiler/protocol-native.c', ],
-diff --git a/src/modules/module-access-seclabel.c b/src/modules/module-access-seclabel.c
-new file mode 100644
-index 00000000..3739f2e4
---- /dev/null
-+++ b/src/modules/module-access-seclabel.c
-@@ -0,0 +1,220 @@
-+/* PipeWire
-+ *
-+ * Copyright © 2018 Wim Taymans
-+ * Copyright © 2021 Collabora Ltd.
-+ *   @author George Kiagiadakis <george.kiagiadakis@collabora.com>
-+ *
-+ * Permission is hereby granted, free of charge, to any person obtaining a
-+ * copy of this software and associated documentation files (the "Software"),
-+ * to deal in the Software without restriction, including without limitation
-+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
-+ * and/or sell copies of the Software, and to permit persons to whom the
-+ * Software is furnished to do so, subject to the following conditions:
-+ *
-+ * The above copyright notice and this permission notice (including the next
-+ * paragraph) shall be included in all copies or substantial portions of the
-+ * Software.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
-+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-+ * DEALINGS IN THE SOFTWARE.
-+ */
-+
-+#include <string.h>
-+#include <stdio.h>
-+#include <errno.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <sys/vfs.h>
-+#include <fcntl.h>
-+#include <unistd.h>
-+
-+#include "config.h"
-+
-+#include <spa/utils/result.h>
-+#include <spa/utils/json.h>
-+
-+#include <pipewire/impl.h>
-+#include <pipewire/private.h>
-+
-+#define NAME "access-seclabel"
-+
-+#define MODULE_USAGE	"[ seclabel.allowed=<cmd-line> ] "	\
-+			"[ seclabel.rejected=<cmd-line> ] "	\
-+			"[ seclabel.restricted=<cmd-line> ] "	\
-+
-+static const struct spa_dict_item module_props[] = {
-+	{ PW_KEY_MODULE_AUTHOR, "George Kiagiadakis <george.kiagiadakis@collabora.com>" },
-+	{ PW_KEY_MODULE_DESCRIPTION, "Perform access check based on the security label" },
-+	{ PW_KEY_MODULE_USAGE, MODULE_USAGE },
-+	{ PW_KEY_MODULE_VERSION, PACKAGE_VERSION },
-+};
-+
-+struct impl {
-+	struct pw_context *context;
-+	struct pw_properties *properties;
-+
-+	struct spa_hook context_listener;
-+	struct spa_hook module_listener;
-+};
-+
-+static int check_label(const char *label, const char *str)
-+{
-+	char key[1024];
-+	int res = 0;
-+	struct spa_json it[2];
-+
-+	spa_json_init(&it[0], str, strlen(str));
-+	if ((res = spa_json_enter_array(&it[0], &it[1])) <= 0)
-+		goto exit;
-+
-+	res = 0;
-+	while (spa_json_get_string(&it[1], key, sizeof(key)) > 0) {
-+		if (strcmp(label, key) == 0) {
-+			res = 1;
-+			break;
-+		}
-+	}
-+exit:
-+	return res;
-+}
-+
-+static void
-+context_check_access(void *data, struct pw_impl_client *client)
-+{
-+	struct impl *impl = data;
-+	struct pw_permission permissions[1];
-+	struct spa_dict_item items[2];
-+	const struct pw_properties *props;
-+	const char *str, *access, *label = NULL;
-+	int res;
-+
-+	if ((props = pw_impl_client_get_properties(client)) != NULL) {
-+		if ((str = pw_properties_get(props, PW_KEY_ACCESS)) != NULL) {
-+			pw_log_info(NAME " client %p: has already access: '%s'", client, str);
-+			return;
-+		}
-+		label = pw_properties_get(props, PW_KEY_SEC_LABEL);
-+	}
-+
-+	if (!label) {
-+		pw_log_info(NAME " client %p: has no security label", client);
-+		return;
-+	}
-+
-+	if (impl->properties && (str = pw_properties_get(impl->properties, "seclabel.allowed")) != NULL) {
-+		res = check_label(label, str);
-+		if (res < 0) {
-+			pw_log_warn(NAME" %p: client %p allowed check failed: %s",
-+				impl, client, spa_strerror(res));
-+		} else if (res > 0) {
-+			access = "allowed";
-+			goto granted;
-+		}
-+	}
-+
-+	if (impl->properties && (str = pw_properties_get(impl->properties, "seclabel.rejected")) != NULL) {
-+		res = check_label(label, str);
-+		if (res < 0) {
-+			pw_log_warn(NAME" %p: client %p rejected check failed: %s",
-+				impl, client, spa_strerror(res));
-+		} else if (res > 0) {
-+			res = -EACCES;
-+			access = "rejected";
-+			goto rejected;
-+		}
-+	}
-+
-+	if (impl->properties && (str = pw_properties_get(impl->properties, "seclabel.restricted")) != NULL) {
-+		res = check_label(label, str);
-+		if (res < 0) {
-+			pw_log_warn(NAME" %p: client %p restricted check failed: %s",
-+				impl, client, spa_strerror(res));
-+		}
-+		else if (res > 0) {
-+			pw_log_debug(NAME" %p: restricted client %p added", impl, client);
-+			access = "restricted";
-+			goto wait_permissions;
-+		}
-+	}
-+
-+	return;
-+
-+granted:
-+	pw_log_info(NAME" %p: client %p '%s' access granted", impl, client, access);
-+	items[0] = SPA_DICT_ITEM_INIT(PW_KEY_ACCESS, access);
-+	pw_impl_client_update_properties(client, &SPA_DICT_INIT(items, 1));
-+
-+	permissions[0] = PW_PERMISSION_INIT(PW_ID_ANY, PW_PERM_ALL);
-+	pw_impl_client_update_permissions(client, 1, permissions);
-+	return;
-+
-+wait_permissions:
-+	pw_log_info(NAME " %p: client %p wait for '%s' permissions",
-+			impl, client, access);
-+	items[0] = SPA_DICT_ITEM_INIT(PW_KEY_ACCESS, access);
-+	pw_impl_client_update_properties(client, &SPA_DICT_INIT(items, 1));
-+	return;
-+
-+rejected:
-+	pw_resource_error(pw_impl_client_get_core_resource(client), res, access);
-+	items[0] = SPA_DICT_ITEM_INIT(PW_KEY_ACCESS, access);
-+	pw_impl_client_update_properties(client, &SPA_DICT_INIT(items, 1));
-+	return;
-+}
-+
-+static const struct pw_context_events context_events = {
-+	PW_VERSION_CONTEXT_EVENTS,
-+	.check_access = context_check_access,
-+};
-+
-+static void module_destroy(void *data)
-+{
-+	struct impl *impl = data;
-+
-+	spa_hook_remove(&impl->context_listener);
-+	spa_hook_remove(&impl->module_listener);
-+
-+	if (impl->properties)
-+		pw_properties_free(impl->properties);
-+
-+	free(impl);
-+}
-+
-+static const struct pw_impl_module_events module_events = {
-+	PW_VERSION_IMPL_MODULE_EVENTS,
-+	.destroy = module_destroy,
-+};
-+
-+SPA_EXPORT
-+int pipewire__module_init(struct pw_impl_module *module, const char *args)
-+{
-+	struct pw_context *context = pw_impl_module_get_context(module);
-+	struct pw_properties *props;
-+	struct impl *impl;
-+
-+	impl = calloc(1, sizeof(struct impl));
-+	if (impl == NULL)
-+		return -errno;
-+
-+	pw_log_debug(NAME" module %p: new %s", impl, args);
-+
-+	if (args)
-+		props = pw_properties_new_string(args);
-+	else
-+		props = NULL;
-+
-+	impl->context = context;
-+	impl->properties = props;
-+
-+	pw_context_add_listener(context, &impl->context_listener, &context_events, impl);
-+	pw_impl_module_add_listener(module, &impl->module_listener, &module_events, impl);
-+
-+	pw_impl_module_update_properties(module, &SPA_DICT_INIT_ARRAY(module_props));
-+
-+	return 0;
-+}
-- 
cgit 1.2.3-korg