From 761e6467d12e2935785774383adca9ddbd3e1c26 Mon Sep 17 00:00:00 2001 From: George Kiagiadakis Date: Thu, 11 Feb 2021 14:13:55 +0200 Subject: meta-pipewire: update to pipewire 0.3.25 and wireplumber master Bug-AGL: SPEC-3844 Change-Id: Ie32bfa43bf078c7d218d3150dc616501b8848bd0 Signed-off-by: George Kiagiadakis Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26094 Reviewed-by: Jan-Simon Moeller Tested-by: Jan-Simon Moeller --- ...005-module-access-add-same-sec-label-mode.patch | 94 ---------------------- 1 file changed, 94 deletions(-) delete mode 100644 meta-pipewire/recipes-multimedia/pipewire/pipewire/0005-module-access-add-same-sec-label-mode.patch (limited to 'meta-pipewire/recipes-multimedia/pipewire/pipewire/0005-module-access-add-same-sec-label-mode.patch') diff --git a/meta-pipewire/recipes-multimedia/pipewire/pipewire/0005-module-access-add-same-sec-label-mode.patch b/meta-pipewire/recipes-multimedia/pipewire/pipewire/0005-module-access-add-same-sec-label-mode.patch deleted file mode 100644 index 07a1ec114..000000000 --- a/meta-pipewire/recipes-multimedia/pipewire/pipewire/0005-module-access-add-same-sec-label-mode.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 19fad1a4fa8bdc4f02aac4e169e7ff9cab18bdcd Mon Sep 17 00:00:00 2001 -From: George Kiagiadakis -Date: Tue, 19 Nov 2019 17:09:07 +0200 -Subject: [PATCH] module-access: add same-sec-label-mode - -This is a mode where the access module allows all clients that have -the same security label as the pipewire daemon, and every other -client is put on the restricted state. - -In systems that use SMACK security labels, such as AGL, this allows -the session manager (which is spawned by pipewire, inheriting the -same smack label) to have full access to all objects, while every -other client is restricted and the session manager must decide -what to do with it - -Note that while this option is configurable, there is no loss of -security if this option is not set in the configuration. Clients -that don't have the same security context will be considered to -be flatpak clients because pipewire will not be able to open -/proc/pid/cmdline. This however results in some unwanted error -messages that may be confusing. - -Upstream-Status: Inappropriate [agl/smack specific] ---- - src/modules/module-access.c | 45 ++++++++++++++++++++++++++++++++++++- - 1 file changed, 44 insertions(+), 1 deletion(-) - -diff --git a/src/modules/module-access.c b/src/modules/module-access.c -index 09dafa43..f75306d9 100644 ---- a/src/modules/module-access.c -+++ b/src/modules/module-access.c -@@ -50,6 +50,30 @@ struct impl { - struct spa_hook module_listener; - }; - -+static int check_seclabel(const char *str) -+{ -+ char attr[1024]; -+ int fd, len; -+ -+ fd = open("/proc/self/attr/current", O_RDONLY); -+ if (fd < 0) -+ return -errno; -+ -+ if ((len = read(fd, attr, 1024)) <= 0) { -+ close(fd); -+ return -EIO; -+ } -+ attr[len] = '\0'; -+ -+ if (strcmp(attr, str) == 0) { -+ close(fd); -+ return 1; -+ } -+ -+ close(fd); -+ return 0; -+} -+ - static int check_cmdline(struct pw_client *client, int pid, const char *str) - { - char path[2048]; -@@ -121,8 +145,27 @@ core_check_access(void *data, struct pw_client *client) - const char *str; - int pid, res; - -+ props = pw_client_get_properties(client); -+ -+ if (impl->properties && -+ (str = pw_properties_get(impl->properties, "same-sec-label-mode")) != NULL && -+ strcmp(str, "1") == 0) { -+ if (props && (str = pw_properties_get(props, PW_KEY_SEC_LABEL)) != NULL) { -+ res = check_seclabel(str); -+ if (res == 1) -+ goto granted; -+ else if (res < 0) -+ pw_log_warn("module %p: client %p seclabel check failed: %s", -+ impl, client, spa_strerror(res)); -+ } -+ pw_log_debug("module %p: seclabel restricted client %p added", -+ impl, client); -+ items[0] = SPA_DICT_ITEM_INIT(PW_KEY_ACCESS, "restricted"); -+ goto wait_permissions; -+ } -+ - pid = -EINVAL; -- if ((props = pw_client_get_properties(client)) != NULL) { -+ if (props != NULL) { - if ((str = pw_properties_get(props, PW_KEY_SEC_PID)) != NULL) - pid = atoi(str); - } --- -2.24.0 - -- cgit 1.2.3-korg