wireplumber/0001-policy-dsp-add-ability-to-hide-parent-nodes.patch

From 7a65d76a57a5a656a5d9385b0144d15b376ddc7d Mon Sep 17 00:00:00 2001
From: James Calligeros <jcalligeros99@gmail.com>
Date: Sun, 29 Oct 2023 11:03:36 +1000
Subject: [PATCH] policy-dsp: add ability to hide parent nodes

some hardware devices are never supposed to be accessed directly by
clients, and are designed under the assumption that they will be
front-loaded by some sort of DSP. add a hide_parent property
to policy-dsp and revoke all permissions to the bound node of a DSP
graph where this is set to prevent hardware misuse or damage by poorly
behaved/configured clients.

Signed-off-by: James Calligeros <jcalligeros99@gmail.com>
---
 src/scripts/policy-dsp.lua | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/src/scripts/policy-dsp.lua b/src/scripts/policy-dsp.lua
index 55f86c68..ce23a67a 100644
--- a/src/scripts/policy-dsp.lua
+++ b/src/scripts/policy-dsp.lua
@@ -28,7 +28,12 @@ nodes_om = ObjectManager {
   Interest { type = "node" },
 }
 
+clients_om = ObjectManager {
+  Interest { type = "client" }
+}
+
 filter_chains = {}
+hidden_nodes = {}
 
 nodes_om:connect("object-added", function (om, node)
   for _, r in ipairs(config.rules or {}) do
@@ -43,6 +48,17 @@ nodes_om:connect("object-added", function (om, node)
             filter_chains[id] = LocalModule("libpipewire-module-filter-chain", r.filter_chain, {}, true)
           end
         end
+
+        if r.hide_parent then
+          Log.debug("Hiding node " .. node["bound-id"] .. " from clients")
+          for client in clients_om:iterate { type = "client" } do
+            if not client["properties"]["wireplumber.daemon"] then
+              client:update_permissions { [node["bound-id"]] = "-" }
+            end
+          end
+          hidden_nodes[node["bound-id"]] = id
+        end
+
       end
     end
   end
@@ -58,4 +74,13 @@ nodes_om:connect("object-removed", function (om, node)
   end
 end)
 
+clients_om:connect("object-added", function (om, client)
+  for id, _ in pairs(hidden_nodes) do
+    if not client["properties"]["wireplumber.daemon"] then
+      client:update_permissions { [id] = "-" }
+    end
+  end
+end)
+
 nodes_om:activate()
+clients_om:activate()
-- 
GitLab
Accepting request 1121397 from home:alarrosa:branches:multimedia:libs - Add patch from upstream that fixes too many matches for property interest: * 0001-object-manager-reduce-the-amount-of-globals-that-initially.patch - Add patch from upstream that fixes an odd failure of a test after applying the previous patch: * 0002-object-manager-use-an-idle-callback-to-expose-tmp-globals.patch - Add patch from upstream that adds ability to hide parent nodes, which is useful to prevent hardware misuse or damage by poorly behaves/configured clients: * 0001-policy-dsp-add-ability-to-hide-parent-nodes.patch OBS-URL: https://build.opensuse.org/request/show/1121397 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/wireplumber?expand=0&rev=61 2023-10-31 10:23:11 +01:00			`From 7a65d76a57a5a656a5d9385b0144d15b376ddc7d Mon Sep 17 00:00:00 2001`
			`From: James Calligeros <jcalligeros99@gmail.com>`
			`Date: Sun, 29 Oct 2023 11:03:36 +1000`
			`Subject: [PATCH] policy-dsp: add ability to hide parent nodes`

			`some hardware devices are never supposed to be accessed directly by`
			`clients, and are designed under the assumption that they will be`
			`front-loaded by some sort of DSP. add a hide_parent property`
			`to policy-dsp and revoke all permissions to the bound node of a DSP`
			`graph where this is set to prevent hardware misuse or damage by poorly`
			`behaved/configured clients.`

			`Signed-off-by: James Calligeros <jcalligeros99@gmail.com>`
			`---`
			`src/scripts/policy-dsp.lua \| 25 +++++++++++++++++++++++++`
			`1 file changed, 25 insertions(+)`

			`diff --git a/src/scripts/policy-dsp.lua b/src/scripts/policy-dsp.lua`
			`index 55f86c68..ce23a67a 100644`
			`--- a/src/scripts/policy-dsp.lua`
			`+++ b/src/scripts/policy-dsp.lua`
			`@@ -28,7 +28,12 @@ nodes_om = ObjectManager {`
			`Interest { type = "node" },`
			`}`

			`+clients_om = ObjectManager {`
			`+ Interest { type = "client" }`
			`+}`
			`+`
			`filter_chains = {}`
			`+hidden_nodes = {}`

			`nodes_om:connect("object-added", function (om, node)`
			`for _, r in ipairs(config.rules or {}) do`
			`@@ -43,6 +48,17 @@ nodes_om:connect("object-added", function (om, node)`
			`filter_chains[id] = LocalModule("libpipewire-module-filter-chain", r.filter_chain, {}, true)`
			`end`
			`end`
			`+`
			`+ if r.hide_parent then`
			`+ Log.debug("Hiding node " .. node["bound-id"] .. " from clients")`
			`+ for client in clients_om:iterate { type = "client" } do`
			`+ if not client["properties"]["wireplumber.daemon"] then`
			`+ client:update_permissions { [node["bound-id"]] = "-" }`
			`+ end`
			`+ end`
			`+ hidden_nodes[node["bound-id"]] = id`
			`+ end`
			`+`
			`end`
			`end`
			`end`
			`@@ -58,4 +74,13 @@ nodes_om:connect("object-removed", function (om, node)`
			`end`
			`end)`

			`+clients_om:connect("object-added", function (om, client)`
			`+ for id, _ in pairs(hidden_nodes) do`
			`+ if not client["properties"]["wireplumber.daemon"] then`
			`+ client:update_permissions { [id] = "-" }`
			`+ end`
			`+ end`
			`+end)`
			`+`
			`nodes_om:activate()`
			`+clients_om:activate()`
			`--`
			`GitLab`