mirror of
https://gitlab.freedesktop.org/pipewire/pipewire
synced 2024-09-30 05:05:27 +00:00
protocol-native: improve permission checks
This commit is contained in:
parent
eb0a561f8c
commit
e107d75248
|
@ -33,9 +33,7 @@ extern "C" {
|
|||
|
||||
struct pw_protocol_native_demarshal {
|
||||
int (*func) (void *object, void *data, size_t size);
|
||||
|
||||
#define PW_PROTOCOL_NATIVE_PERM_W (1<<0)
|
||||
uint32_t flags;
|
||||
uint32_t permissions;
|
||||
};
|
||||
|
||||
/** \ref pw_protocol_native_ext methods */
|
||||
|
|
|
@ -132,7 +132,7 @@ process_messages(struct client_data *data)
|
|||
struct pw_resource *resource;
|
||||
const struct pw_protocol_native_demarshal *demarshal;
|
||||
const struct pw_protocol_marshal *marshal;
|
||||
uint32_t permissions;
|
||||
uint32_t permissions, required;
|
||||
|
||||
if (!pw_protocol_native_connection_get_next(conn, &opcode, &id, &message, &size))
|
||||
break;
|
||||
|
@ -149,12 +149,8 @@ process_messages(struct client_data *data)
|
|||
if (resource == NULL) {
|
||||
pw_log_error("protocol-native %p: unknown resource %u",
|
||||
client->protocol, id);
|
||||
continue;
|
||||
}
|
||||
permissions = pw_resource_get_permissions(resource);
|
||||
if ((permissions & PW_PERM_X) == 0) {
|
||||
pw_log_error("protocol-native %p: execute not allowed on resource %u",
|
||||
client->protocol, id);
|
||||
pw_core_resource_error(client->core_resource, id,
|
||||
-EINVAL, "unknown resource %u", id);
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -166,10 +162,14 @@ process_messages(struct client_data *data)
|
|||
if (!demarshal[opcode].func)
|
||||
goto invalid_message;
|
||||
|
||||
if ((demarshal[opcode].flags & PW_PROTOCOL_NATIVE_PERM_W) &&
|
||||
((permissions & PW_PERM_W) == 0)) {
|
||||
pw_log_error("protocol-native %p: method %u requires write access on %u",
|
||||
client->protocol, opcode, id);
|
||||
permissions = pw_resource_get_permissions(resource);
|
||||
required = demarshal[opcode].permissions | PW_PERM_X;
|
||||
|
||||
if ((required & permissions) != required) {
|
||||
pw_log_error("protocol-native %p: method %u on %u requires %08x, have %08x",
|
||||
client->protocol, opcode, id, required, permissions);
|
||||
pw_core_resource_error(client->core_resource, id,
|
||||
-EACCES, "no permission to call method %u ", opcode, id);
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -183,11 +183,15 @@ process_messages(struct client_data *data)
|
|||
invalid_method:
|
||||
pw_log_error("protocol-native %p: invalid method %u on resource %u",
|
||||
client->protocol, opcode, id);
|
||||
pw_core_resource_error(client->core_resource, id,
|
||||
-EINVAL, "invalid method %u on resource %u", opcode, id);
|
||||
pw_client_destroy(client);
|
||||
goto done;
|
||||
invalid_message:
|
||||
pw_log_error("protocol-native %p: invalid message received %u %u",
|
||||
client->protocol, id, opcode);
|
||||
pw_core_resource_error(client->core_resource, id,
|
||||
-EINVAL, "invalid message %u %u", opcode, id);
|
||||
spa_debug_pod(0, NULL, (struct spa_pod *)message);
|
||||
pw_client_destroy(client);
|
||||
goto done;
|
||||
|
|
|
@ -1440,8 +1440,8 @@ static const struct pw_node_proxy_methods pw_protocol_native_node_method_marshal
|
|||
|
||||
static const struct pw_protocol_native_demarshal pw_protocol_native_node_method_demarshal[] = {
|
||||
{ &node_demarshal_enum_params, 0, },
|
||||
{ &node_demarshal_set_param, PW_PROTOCOL_NATIVE_PERM_W, },
|
||||
{ &node_demarshal_send_command, PW_PROTOCOL_NATIVE_PERM_W, },
|
||||
{ &node_demarshal_set_param, PW_PERM_W, },
|
||||
{ &node_demarshal_send_command, PW_PERM_W, },
|
||||
};
|
||||
|
||||
static const struct pw_node_proxy_events pw_protocol_native_node_event_marshal = {
|
||||
|
@ -1506,9 +1506,9 @@ static const struct pw_client_proxy_methods pw_protocol_native_client_method_mar
|
|||
};
|
||||
|
||||
static const struct pw_protocol_native_demarshal pw_protocol_native_client_method_demarshal[] = {
|
||||
{ &client_demarshal_error, PW_PROTOCOL_NATIVE_PERM_W, },
|
||||
{ &client_demarshal_error, PW_PERM_W, },
|
||||
{ &client_demarshal_get_permissions, 0, },
|
||||
{ &client_demarshal_update_permissions, PW_PROTOCOL_NATIVE_PERM_W, },
|
||||
{ &client_demarshal_update_permissions, PW_PERM_W, },
|
||||
};
|
||||
|
||||
static const struct pw_client_proxy_events pw_protocol_native_client_event_marshal = {
|
||||
|
|
Loading…
Reference in a new issue