Merge ~ubuntu-audio-dev/pulseaudio:classic-snap-support into ~ubuntu-audio-dev/pulseaudio:ubuntu

Proposed by James Henstridge on 2018-08-16
Status: Merged
Merged at revision: f05181660af504509d841a6a5a5d8acb965a5c44
Proposed branch: ~ubuntu-audio-dev/pulseaudio:classic-snap-support
Merge into: ~ubuntu-audio-dev/pulseaudio:ubuntu
Diff against target: 163 lines (+62/-19)
2 files modified
debian/changelog (+6/-1)
debian/patches/0700-modules-add-snappy-policy-module.patch (+56/-18)
Reviewer Review Type Date Requested Status
Ubuntu Audio Development Team 2018-08-16 Pending
Review via email: mp+353214@code.launchpad.net

Commit message

debian/patches: grant classic snaps access to microphone.

Description of the change

The 1:12.2-0ubuntu2 release broke recording support for classic snaps. These snaps have an AppArmor label, but won't necessarily have the relevant Pulse Audio interfaces plugged: they are just expected to have access by default.

This can be demonstrated with a command like the following:

    aa-exec -p snap.skype.skype /usr/bin/parecord foo.wav

Without the changes in this branch, this gives an "access denied" error. With them, it successfully records audio to "foo.wav".

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 9c2fe54..3d85ef7 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,10 +1,15 @@
6-pulseaudio (1:12.2-0ubuntu3) UNRELEASED; urgency=medium
7+pulseaudio (1:12.2-0ubuntu3) cosmic; urgency=medium
8
9+ [ Ken VanDine ]
10 * Update patch tags with more detailed descriptions and a note about
11 not forwarding upstream:
12 - 0700-modules-add-snappy-policy-module.patch
13 - 0701-enable-snap-policy-module.patch
14
15+ [ James Henstridge ]
16+ * 0700-modules-add-snappy-policy-module.patch: grant recording access
17+ to snaps with classic confinement. (LP: #1787324)
18+
19 -- Ken VanDine <ken.vandine@canonical.com> Mon, 13 Aug 2018 10:11:10 -0400
20
21 pulseaudio (1:12.2-0ubuntu2) cosmic; urgency=medium
22diff --git a/debian/patches/0700-modules-add-snappy-policy-module.patch b/debian/patches/0700-modules-add-snappy-policy-module.patch
23index 9d66510..96f62f7 100644
24--- a/debian/patches/0700-modules-add-snappy-policy-module.patch
25+++ b/debian/patches/0700-modules-add-snappy-policy-module.patch
26@@ -1,18 +1,19 @@
27 From: James Henstridge <james.henstridge@canonical.com>
28 Date: Tue, 7 Aug 2018 12:40:59 +0800
29 Subject: [PATCH] modules: add snap policy module
30-Co-authored-by: Simon Fels <simon.fels@canonical.com>
31+
32 Forwarded: not-needed
33
34-This patch allows pulseaudio to limit audio recording to snaps with
35+This patch allows pulseaudio to limit audio recording to snaps with
36 the audio-recording interface connected. We will not pursue upstreaming
37-this patch as the longer term solution will probably use PipeWire.
38+this patch as the longer term solution will probably use PipeWire.
39
40+Co-authored-by: Simon Fels <simon.fels@canonical.com>
41 ---
42 configure.ac | 17 ++
43 src/Makefile.am | 13 ++
44- src/modules/module-snap-policy.c | 347 +++++++++++++++++++++++++++++++++++++++
45- 3 files changed, 377 insertions(+)
46+ src/modules/module-snap-policy.c | 384 +++++++++++++++++++++++++++++++++++++++
47+ 3 files changed, 414 insertions(+)
48 create mode 100644 src/modules/module-snap-policy.c
49
50 diff --git a/configure.ac b/configure.ac
51@@ -90,10 +91,10 @@ index d623d0a..16b4d5d 100644
52 module_rtp_send_la_LDFLAGS = $(MODULE_LDFLAGS)
53 diff --git a/src/modules/module-snap-policy.c b/src/modules/module-snap-policy.c
54 new file mode 100644
55-index 0000000..8660476
56+index 0000000..0a1f5f4
57 --- /dev/null
58 +++ b/src/modules/module-snap-policy.c
59-@@ -0,0 +1,347 @@
60+@@ -0,0 +1,384 @@
61 +/***
62 + This file is part of PulseAudio.
63 +
64@@ -171,18 +172,28 @@ index 0000000..8660476
65 +
66 +/* ---- Code running in glib thread ---- */
67 +
68-+static void check_interfaces_finish(GObject *source_object,
69++static void complete_check_access(struct per_client *pc, bool grant_access)
70++{
71++ struct userdata *u = pc->userdata;
72++
73++ pa_mutex_lock(u->mutex);
74++ pc->grant_access = grant_access;
75++ pc->completed = true;
76++ pa_asyncq_push(u->results, pc, true);
77++ pa_mutex_unlock(u->mutex);
78++}
79++
80++static void get_interfaces_finished(GObject *source_object,
81 + GAsyncResult *result,
82 + gpointer user_data)
83 +{
84 + struct per_client *pc = user_data;
85 + struct userdata *u = pc->userdata;
86++ bool grant_access = false;
87 + g_autoptr(GError) error = NULL;
88 + g_autoptr(GPtrArray) plugs = NULL;
89 + unsigned i;
90 +
91-+ pa_mutex_lock(u->mutex);
92-+
93 + if (!snapd_client_get_interfaces_finish(u->snapd, result, &plugs, NULL, &error)) {
94 + pa_log_warn("snapd_client_get_interfaces failed: %s", error->message);
95 + goto end;
96@@ -200,24 +211,51 @@ index 0000000..8660476
97 + continue;
98 + }
99 + if (!strcmp(iface, "pulseaudio") || !strcmp(iface, "audio-record")) {
100-+ pc->grant_access = true;
101++ grant_access = true;
102 + break;
103 + }
104 + }
105 +
106 +end:
107-+ pc->completed = true;
108-+ pa_asyncq_push(u->results, pc, true);
109-+ pa_mutex_unlock(u->mutex);
110++ complete_check_access(pc, grant_access);
111 +}
112 +
113-+static gboolean check_interfaces(void *data)
114++static void get_snap_finished(GObject *source_object,
115++ GAsyncResult *result,
116++ gpointer user_data)
117 +{
118-+ struct per_client *pc = data;
119++ struct per_client *pc = user_data;
120 + struct userdata *u = pc->userdata;
121++ g_autoptr(GError) error = NULL;
122++ g_autoptr(SnapdSnap) snap = NULL;
123++
124++ snap = snapd_client_list_one_finish(u->snapd, result, &error);
125++ if (!snap) {
126++ pa_log_warn("snapd_client_get_snap failed: %s", error->message);
127++ complete_check_access(pc, false);
128++ return;
129++ }
130++
131++ /* Snaps using classic confinement are granted access */
132++ if (snapd_snap_get_confinement(snap) == SNAPD_CONFINEMENT_CLASSIC) {
133++ complete_check_access(pc, true);
134++ return;
135++ }
136 +
137++ /* We have a non-classic snap, we need to check its connected
138++ * interfaces */
139 + snapd_client_get_interfaces_async(u->snapd, u->cancellable,
140-+ check_interfaces_finish, pc);
141++ get_interfaces_finished, pc);
142++}
143++
144++
145++static gboolean check_access(void *data)
146++{
147++ struct per_client *pc = data;
148++ struct userdata *u = pc->userdata;
149++
150++ snapd_client_list_one_async(u->snapd, pc->snap_name, u->cancellable,
151++ get_snap_finished, pc);
152 + return G_SOURCE_REMOVE;
153 +}
154 +
155@@ -351,7 +389,7 @@ index 0000000..8660476
156 + pa_dynarray_append(pc->pending_requests, d);
157 + pa_hashmap_put(u->clients, (void *) (size_t) d->client_index, pc);
158 + pa_log_info("Checking access for client %d (%s)", pc->index, pc->snap_name);
159-+ g_main_context_invoke(u->main_context, check_interfaces, pc);
160++ g_main_context_invoke(u->main_context, check_access, pc);
161 +
162 + result = PA_HOOK_CANCEL;
163 +

Subscribers

People subscribed via source and target branches