pipewire-pulse: add snap permissions support
SNAP containers have two main "audio" security rules: * audio-playback: the applications inside the container can send audio samples into a sink * audio-record: the applications inside the container can get audio samples from a source Also, old SNAP containers had the "pulseaudio" rule, which just exposed the pulseaudio socket directly, without limits. This is similar to the current Flatpak audio permissions. In the pulseaudio days, a specific pulseaudio module was used that checked the permissions given to the application and allowed or forbade access to the pulseaudio operations. With the change to pipewire, this functionality must be implemented in pipewire-pulse to guarantee the sandbox security. This patch adds support for sandboxing permissions in the pulseaudio module, and implements support for the SNAP audio security model, thus forbiding a SNAP application to record audio unless it has permissions to do so. The current code for pipewire-pulseaudio checks the permissions of the snap and adds three properties to each new client: * pipewire.snap.id: contains the Snap ID of the client. * pipewire.snap.audio.playback: its value is 'true' if the client has permission to play audio, or 'false' if not. * pipewire.snap.audio.record: its value is 'true' if the client has permission to record audio, or 'false' if not. These properties must be processed by wireplumber to add or remove access permissions to the corresponding nodes. That code is available in a separate patch: wireplumber!567
Showing
- .gitlab-ci.yml 11 additions, 7 deletions.gitlab-ci.yml
- meson.build 16 additions, 0 deletionsmeson.build
- meson_options.txt 4 additions, 0 deletionsmeson_options.txt
- src/modules/meson.build 7 additions, 0 deletionssrc/modules/meson.build
- src/modules/module-protocol-pulse/server.c 21 additions, 0 deletionssrc/modules/module-protocol-pulse/server.c
Loading
Please register or sign in to comment