New context API for privilege check

[Version] 5.0-71
[Profile] Common
[Issue Type] New feature

Change-Id: Ib6367f9c50c2bae02fb16571aa1869c8410bec1e

diff --git a/packaging/pulseaudio.spec b/packaging/pulseaudio.spec
index 8463adf..b2d4a3d 100644 (file)
--- a/packaging/pulseaudio.spec
+++ b/packaging/pulseaudio.spec
@@ -10,7 +10,7 @@
 Name:             pulseaudio
 Summary:          Improved Linux sound server
 Version:          5.0
-Release:          70
+Release:          71
 Group:            Multimedia/Audio
 License:          LGPL-2.1+
 URL:              http://pulseaudio.org

diff --git a/src/map-file b/src/map-file
index d173935..f700e65 100644 (file)
--- a/src/map-file
+++ b/src/map-file
@@ -121,6 +121,7 @@ pa_context_suspend_source_by_index;
 pa_context_suspend_source_by_name;
 pa_context_unload_module;
 pa_context_unref;
+pa_context_check_privilege;
 pa_cvolume_avg;
 pa_cvolume_avg_mask;
 pa_cvolume_channels_equal_to;

diff --git a/src/pulse/context.c b/src/pulse/context.c
index 9c9c3d9..1064fc9 100644 (file)
--- a/src/pulse/context.c
+++ b/src/pulse/context.c
@@ -1192,6 +1192,28 @@ pa_operation* pa_context_set_default_source(pa_context *c, const char *name, pa_
     return o;
 }
 
+#ifdef USE_SECURITY
+pa_operation* pa_context_check_privilege(pa_context *c, const char *privilege, pa_context_success_cb_t cb, void *userdata) {
+    pa_tagstruct *t;
+    pa_operation *o;
+    uint32_t tag;
+
+    pa_assert(c);
+    pa_assert(PA_REFCNT_VALUE(c) >= 1);
+
+    PA_CHECK_VALIDITY_RETURN_NULL(c, !pa_detect_fork(), PA_ERR_FORKED);
+    PA_CHECK_VALIDITY_RETURN_NULL(c, c->state == PA_CONTEXT_READY, PA_ERR_BADSTATE);
+
+    o = pa_operation_new(c, NULL, (pa_operation_cb_t) cb, userdata);
+    t = pa_tagstruct_command(c, PA_COMMAND_CHECK_PRIVILEGE, &tag);
+    pa_tagstruct_puts(t, privilege);
+    pa_pstream_send_tagstruct(c->pstream, t);
+    pa_pdispatch_register_reply(c->pdispatch, tag, DEFAULT_TIMEOUT,  pa_context_simple_ack_callback, pa_operation_ref(o), (pa_free_cb_t) pa_operation_unref);
+
+    return o;
+}
+#endif
+
 int pa_context_is_local(pa_context *c) {
     pa_assert(c);
     pa_assert(PA_REFCNT_VALUE(c) >= 1);

diff --git a/src/pulse/context.h b/src/pulse/context.h
index 68516a2..e51c07b 100644 (file)
--- a/src/pulse/context.h
+++ b/src/pulse/context.h
@@ -288,6 +288,10 @@ size_t pa_context_get_tile_size(pa_context *c, const pa_sample_spec *ss);
  * location, feel free to use this function. \since 5.0 */
 int pa_context_load_cookie_from_file(pa_context *c, const char *cookie_file_path);
 
+#ifdef USE_SECURITY
+pa_operation* pa_context_check_privilege(pa_context *c, const char *privilege, pa_context_success_cb_t cb, void *userdata);
+#endif
+
 PA_C_DECL_END
 
 #endif

diff --git a/src/pulsecore/native-common.h b/src/pulsecore/native-common.h
index b6c2b2b..b467096 100644 (file)
--- a/src/pulsecore/native-common.h
+++ b/src/pulsecore/native-common.h
@@ -187,6 +187,10 @@ enum {
     PA_COMMAND_SET_SINK_VOLUME_RAMP,
     PA_COMMAND_SET_SINK_INPUT_VOLUME_RAMP,
 
+#ifdef USE_SECURITY
+    PA_COMMAND_CHECK_PRIVILEGE,
+#endif
+
     PA_COMMAND_MAX
 };
 

diff --git a/src/pulsecore/protocol-native.c b/src/pulsecore/protocol-native.c
index b62c4c4..ac2b6b0 100644 (file)
--- a/src/pulsecore/protocol-native.c
+++ b/src/pulsecore/protocol-native.c
@@ -304,6 +304,9 @@ static void command_set_card_profile(pa_pdispatch *pd, uint32_t command, uint32_
 static void command_set_sink_or_source_port(pa_pdispatch *pd, uint32_t command, uint32_t tag, pa_tagstruct *t, void *userdata);
 static void command_set_port_latency_offset(pa_pdispatch *pd, uint32_t command, uint32_t tag, pa_tagstruct *t, void *userdata);
 static void command_set_volume_ramp(pa_pdispatch *pd, uint32_t command, uint32_t tag, pa_tagstruct *t, void *userdata);
+#ifdef USE_SECURITY
+static void command_check_privilege(pa_pdispatch *pd, uint32_t command, uint32_t tag, pa_tagstruct *t, void *userdata);
+#endif
 
 static const pa_pdispatch_cb_t command_table[PA_COMMAND_MAX] = {
     [PA_COMMAND_ERROR] = NULL,
@@ -409,6 +412,9 @@ static const pa_pdispatch_cb_t command_table[PA_COMMAND_MAX] = {
 
     [PA_COMMAND_SET_SINK_VOLUME_RAMP] = command_set_volume_ramp,
     [PA_COMMAND_SET_SINK_INPUT_VOLUME_RAMP] = command_set_volume_ramp,
+#ifdef USE_SECURITY
+    [PA_COMMAND_CHECK_PRIVILEGE] = command_check_privilege,
+#endif
 
     [PA_COMMAND_EXTENSION] = command_extension
 };
@@ -2408,6 +2414,24 @@ static void command_delete_stream(pa_pdispatch *pd, uint32_t command, uint32_t t
     pa_pstream_send_simple_ack(c->pstream, tag);
 }
 
+#ifdef USE_SECURITY
+static void command_check_privilege(pa_pdispatch *pd, uint32_t command, uint32_t tag, pa_tagstruct *t, void *userdata) {
+    pa_native_connection *c = PA_NATIVE_CONNECTION(userdata);
+    const char *privilege;
+
+    pa_native_connection_assert_ref(c);
+    pa_assert(t);
+
+    if (pa_tagstruct_gets(t, &privilege) < 0) {
+        protocol_error(c);
+        return;
+    }
+
+    CHECK_VALIDITY(c->pstream, cynara_check_privilege(_get_connection_out_fd(c), privilege), tag, PA_ERR_ACCESS);
+    pa_pstream_send_simple_ack(c->pstream, tag);
+}
+#endif
+
 static void command_create_record_stream(pa_pdispatch *pd, uint32_t command, uint32_t tag, pa_tagstruct *t, void *userdata) {
     pa_native_connection *c = PA_NATIVE_CONNECTION(userdata);
     record_stream *s;