From: Seungbae Shin Date: Tue, 18 Aug 2020 11:10:32 +0000 (+0900) Subject: stream-manager: add restriction for accessing denied remote device X-Git-Tag: submit/tizen/20200821.074009~4 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ee06cef6ad7a087ddb440271f072c065cdee9b20;p=platform%2Fcore%2Fmultimedia%2Fpulseaudio-modules-tizen.git stream-manager: add restriction for accessing denied remote device includes minor code refactoring [Version] 13.0.26 [Issue Type] Update Change-Id: I1d77ff249192bde15b861c9a9d481e3564b791d6 --- diff --git a/packaging/pulseaudio-modules-tizen.spec b/packaging/pulseaudio-modules-tizen.spec index 3d9e02b..06d9cea 100644 --- a/packaging/pulseaudio-modules-tizen.spec +++ b/packaging/pulseaudio-modules-tizen.spec @@ -1,6 +1,6 @@ Name: pulseaudio-modules-tizen Summary: Pulseaudio modules for Tizen -Version: 13.0.25 +Version: 13.0.26 Release: 0 Group: Multimedia/Audio License: LGPL-2.1+ diff --git a/src/stream-manager-restriction-priv.h b/src/stream-manager-restriction-priv.h index bc1906d..1e738e3 100644 --- a/src/stream-manager-restriction-priv.h +++ b/src/stream-manager-restriction-priv.h @@ -24,10 +24,8 @@ #include "stream-manager.h" -/* dbus method args */ -#define STREAM_MANAGER_METHOD_ARGS_BLOCK_RECORDING_MEDIA "block_recording_media" - int32_t handle_restrictions(pa_stream_manager *m, const char *name, uint32_t value); -bool check_restrictions(pa_stream_manager *m, void *stream, stream_type_t stream_type); +bool is_restricted(pa_stream_manager *m, void *stream, stream_type_t stream_type); +bool is_remote_restricted(void *stream, stream_type_t type); #endif diff --git a/src/stream-manager-restriction.c b/src/stream-manager-restriction.c index 818b6c5..27a91a6 100644 --- a/src/stream-manager-restriction.c +++ b/src/stream-manager-restriction.c @@ -23,9 +23,14 @@ #include #endif +#include + #include "stream-manager-priv.h" #include "stream-manager-restriction-priv.h" +/* dbus method args */ +#define STREAM_MANAGER_METHOD_ARGS_BLOCK_RECORDING_MEDIA "block_recording_media" + int32_t handle_restrictions(pa_stream_manager *m, const char *name, uint32_t value) { const char *role; void *s; @@ -33,33 +38,54 @@ int32_t handle_restrictions(pa_stream_manager *m, const char *name, uint32_t val pa_assert(m); - if (pa_safe_streq(name, STREAM_MANAGER_METHOD_ARGS_BLOCK_RECORDING_MEDIA) ) { - if (value == 1) { - pa_log_info("block MEDIA recording"); - m->restrictions.block_recording_media = true; - PA_IDXSET_FOREACH(s, m->core->source_outputs, idx) { - role = pa_proplist_gets(GET_STREAM_PROPLIST(s, STREAM_SOURCE_OUTPUT), PA_PROP_MEDIA_ROLE); - if (pa_safe_streq(role, "media")) { - pa_log_info(" -- kill source-output(%p, %u)", s, ((pa_source_output*)s)->index); - pa_source_output_kill((pa_source_output*)s); - } + if (!pa_safe_streq(name, STREAM_MANAGER_METHOD_ARGS_BLOCK_RECORDING_MEDIA)) { + pa_log_error("unknown name : %s", pa_strnull(name)); + return -1; + } + + if (value == 1) { + pa_log_info("block MEDIA recording"); + m->restrictions.block_recording_media = true; + PA_IDXSET_FOREACH(s, m->core->source_outputs, idx) { + role = pa_proplist_gets(GET_STREAM_PROPLIST(s, STREAM_SOURCE_OUTPUT), PA_PROP_MEDIA_ROLE); + if (pa_safe_streq(role, "media")) { + pa_log_info(" -- kill source-output(%p, %u)", s, ((pa_source_output*)s)->index); + pa_source_output_kill((pa_source_output*)s); } - } else if (value == 0) { - pa_log_info("MEDIA recording is now available"); - m->restrictions.block_recording_media = false; - } else { - pa_log_error("unknown value"); - return -1; } + } else if (value == 0) { + pa_log_info("MEDIA recording is now available"); + m->restrictions.block_recording_media = false; } else { - pa_log_error("unknown name"); + pa_log_error("unknown value : %u", value); return -1; } return 0; } -bool check_restrictions(pa_stream_manager *m, void *stream, stream_type_t type) { +bool is_remote_restricted(void *stream, stream_type_t type) { + pa_proplist* p = NULL; + if (type == STREAM_SOURCE_OUTPUT) + p = ((pa_source_output_new_data *)stream)->source->proplist; + else + p = ((pa_sink_input_new_data *)stream)->sink->proplist; + + if (!pa_proplist_has_remote_name(p)) { + pa_log_debug("it is a local stream(%p)", stream); + return false; + } + + if (pa_proplist_remote_is_allowed(p)) { + pa_log_info("stream(%p) is currently allowed", stream); + return false; + } + + pa_log_warn("restricted due to denied remote access of stream(%p)!!!", stream); + return true; +} + +bool is_restricted(pa_stream_manager *m, void *stream, stream_type_t type) { const char *role; pa_assert(m); diff --git a/src/stream-manager.c b/src/stream-manager.c index 981d4c6..f75e8f7 100644 --- a/src/stream-manager.c +++ b/src/stream-manager.c @@ -2480,6 +2480,8 @@ static pa_hook_result_t sink_input_new_cb(pa_core *core, pa_sink_input_new_data pa_log_debug("sink-input-new-data(%p)", new_data); process_stream(m, new_data, STREAM_SINK_INPUT, PROCESS_COMMAND_PREPARE, true); + if (is_remote_restricted(new_data, STREAM_SINK_INPUT)) + return PA_HOOK_CANCEL; process_stream(m, new_data, STREAM_SINK_INPUT, PROCESS_COMMAND_UPDATE_BUFFER_ATTR, true); process_stream(m, new_data, STREAM_SINK_INPUT, PROCESS_COMMAND_UPDATE_VOLUME, true); process_stream(m, new_data, STREAM_SINK_INPUT, PROCESS_COMMAND_CHANGE_ROUTE_BY_STREAM_STARTED, true); @@ -2635,7 +2637,8 @@ static pa_hook_result_t source_output_new_cb(pa_core *core, pa_source_output_new pa_log_debug("source-output-new-data(%p)", new_data); process_stream(m, new_data, STREAM_SOURCE_OUTPUT, PROCESS_COMMAND_PREPARE, true); - if (check_restrictions(m, new_data, STREAM_SOURCE_OUTPUT)) + if (is_restricted(m, new_data, STREAM_SOURCE_OUTPUT) || + is_remote_restricted(new_data, STREAM_SOURCE_OUTPUT)) return PA_HOOK_CANCEL; process_stream(m, new_data, STREAM_SOURCE_OUTPUT, PROCESS_COMMAND_UPDATE_BUFFER_ATTR, true); process_stream(m, new_data, STREAM_SOURCE_OUTPUT, PROCESS_COMMAND_UPDATE_VOLUME, true);