protocol-native: improve permission checks

src/extensions/protocol-native.h

@@ -33,9 +33,7 @@ extern "C" {
 
 struct pw_protocol_native_demarshal {
 	int (*func) (void *object, void *data, size_t size);
-
-#define PW_PROTOCOL_NATIVE_PERM_W	(1<<0)
-	uint32_t flags;
+	uint32_t permissions;
 };
 
 /** \ref pw_protocol_native_ext methods */

src/modules/module-protocol-native.c

@@ -132,7 +132,7 @@ process_messages(struct client_data *data)
 		struct pw_resource *resource;
 		const struct pw_protocol_native_demarshal *demarshal;
 	        const struct pw_protocol_marshal *marshal;
-		uint32_t permissions;
+		uint32_t permissions, required;
 
 		if (!pw_protocol_native_connection_get_next(conn, &opcode, &id, &message, &size))
 			break;
@@ -149,12 +149,8 @@ process_messages(struct client_data *data)
 		if (resource == NULL) {
 			pw_log_error("protocol-native %p: unknown resource %u",
 				     client->protocol, id);
-			continue;
-		}
-		permissions = pw_resource_get_permissions(resource);
-		if ((permissions & PW_PERM_X) == 0) {
-			pw_log_error("protocol-native %p: execute not allowed on resource %u",
-				     client->protocol, id);
+			pw_core_resource_error(client->core_resource, id,
+				     -EINVAL, "unknown resource %u", id);
 			continue;
 		}
 
@@ -166,10 +162,14 @@ process_messages(struct client_data *data)
 		if (!demarshal[opcode].func)
 			goto invalid_message;
 
-		if ((demarshal[opcode].flags & PW_PROTOCOL_NATIVE_PERM_W) &&
-		    ((permissions & PW_PERM_W) == 0)) {
-			pw_log_error("protocol-native %p: method %u requires write access on %u",
-				     client->protocol, opcode, id);
+		permissions = pw_resource_get_permissions(resource);
+		required = demarshal[opcode].permissions | PW_PERM_X;
+
+		if ((required & permissions) != required) {
+			pw_log_error("protocol-native %p: method %u on %u requires %08x, have %08x",
+				     client->protocol, opcode, id, required, permissions);
+			pw_core_resource_error(client->core_resource, id,
+				-EACCES, "no permission to call method %u ", opcode, id);
 			continue;
 		}
 
@@ -183,11 +183,15 @@ process_messages(struct client_data *data)
       invalid_method:
 	pw_log_error("protocol-native %p: invalid method %u on resource %u",
 		     client->protocol, opcode, id);
+	pw_core_resource_error(client->core_resource, id,
+		     -EINVAL, "invalid method %u on resource %u", opcode, id);
 	pw_client_destroy(client);
 	goto done;
       invalid_message:
 	pw_log_error("protocol-native %p: invalid message received %u %u",
 		     client->protocol, id, opcode);
+	pw_core_resource_error(client->core_resource, id,
+		     -EINVAL, "invalid message %u %u", opcode, id);
 	spa_debug_pod(0, NULL, (struct spa_pod *)message);
 	pw_client_destroy(client);
 	goto done;

src/modules/module-protocol-native/protocol-native.c

@@ -1440,8 +1440,8 @@ static const struct pw_node_proxy_methods pw_protocol_native_node_method_marshal
 
 static const struct pw_protocol_native_demarshal pw_protocol_native_node_method_demarshal[] = {
 	{ &node_demarshal_enum_params, 0, },
-	{ &node_demarshal_set_param, PW_PROTOCOL_NATIVE_PERM_W, },
-	{ &node_demarshal_send_command, PW_PROTOCOL_NATIVE_PERM_W, },
+	{ &node_demarshal_set_param, PW_PERM_W, },
+	{ &node_demarshal_send_command, PW_PERM_W, },
 };
 
 static const struct pw_node_proxy_events pw_protocol_native_node_event_marshal = {
@@ -1506,9 +1506,9 @@ static const struct pw_client_proxy_methods pw_protocol_native_client_method_mar
 };
 
 static const struct pw_protocol_native_demarshal pw_protocol_native_client_method_demarshal[] = {
-	{ &client_demarshal_error, PW_PROTOCOL_NATIVE_PERM_W, },
+	{ &client_demarshal_error, PW_PERM_W, },
 	{ &client_demarshal_get_permissions, 0, },
-	{ &client_demarshal_update_permissions, PW_PROTOCOL_NATIVE_PERM_W, },
+	{ &client_demarshal_update_permissions, PW_PERM_W, },
 };
 
 static const struct pw_client_proxy_events pw_protocol_native_client_event_marshal = {