[pulseaudio] 01/03: Add initial snappy support

Luke Yelavich themuso-guest at moszumanska.debian.org
Wed Jun 1 02:13:20 UTC 2016


This is an automated email from the git hooks/post-receive script.

themuso-guest pushed a commit to branch ubuntu
in repository pulseaudio.

commit c2ecd0662023595528aa63240d29aedd62002ac1
Author: Simon Fels <simon.fels at canonical.com>
Date:   Tue May 17 17:59:58 2016 +0200

    Add initial snappy support
    
    Add initial support for a snappy specific policy manager which will deny
    all audio recording from snaps for now until real integration with the
    trust-store is available.
---
 debian/changelog                                   |  13 ++
 .../0700-modules-add-snappy-policy-module.patch    | 200 +++++++++++++++++++++
 debian/patches/series                              |   3 +
 debian/pulseaudio.install                          |   1 +
 debian/rules                                       |   2 +-
 5 files changed, 218 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 1bdfb41..20302e6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+pulseaudio (1:8.0-2ubuntu2) UNRELEASED; urgency=medium
+
+  * debian/patches/0700-modules-add-snappy-policy-module.patch:
+    - Add initial support for a snappy specific policy manager
+      which will deny all audio recording from snaps for now
+      until real integration with the trust-store is available.
+  * debian/rules:
+    - Build with snappy support
+  * debian/pulseaudio.install:
+    - Include new snappy policy module
+
+ -- Simon Fels <simon.fels at canonical.com>  Tue, 17 May 2016 17:59:58 +0200
+
 pulseaudio (1:8.0-2ubuntu1) yakkety; urgency=medium
 
   * Merge from Debian experimental, remaining changes:
diff --git a/debian/patches/0700-modules-add-snappy-policy-module.patch b/debian/patches/0700-modules-add-snappy-policy-module.patch
new file mode 100644
index 0000000..ae0bf0e
--- /dev/null
+++ b/debian/patches/0700-modules-add-snappy-policy-module.patch
@@ -0,0 +1,200 @@
+From a430ebc2271f5a07389ee25631a8ba5524371764 Mon Sep 17 00:00:00 2001
+From: Simon Fels <simon.fels at canonical.com>
+Date: Tue, 17 May 2016 17:29:31 +0200
+Subject: [PATCH] modules: add snappy policy module
+
+---
+ configure.ac                       | 18 +++++++-
+ src/Makefile.am                    | 18 ++++++++
+ src/modules/module-snappy-policy.c | 94 ++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 129 insertions(+), 1 deletion(-)
+ create mode 100644 src/modules/module-snappy-policy.c
+
+Index: pa-debian/src/Makefile.am
+===================================================================
+--- pa-debian.orig/src/Makefile.am
++++ pa-debian/src/Makefile.am
+@@ -1216,6 +1216,11 @@ modlibexec_LTLIBRARIES += \
+ 		module-esound-sink.la
+ endif
+ 
++if HAVE_APPARMOR
++modlibexec_LTLIBRARIES += \
++		module-snappy-policy.la
++endif
++
+ # See comment at librtp.la above
+ if !OS_IS_WIN32
+ modlibexec_LTLIBRARIES += \
+@@ -1603,6 +1608,11 @@ SYMDEF_FILES += \
+ 		module-esound-sink-symdef.h
+ endif
+ 
++if HAVE_APPARMOR
++SYMDEF_FILES += \
++		module-snappy-policy-symdef.h
++endif
++
+ EXTRA_DIST += $(SYMDEF_FILES)
+ BUILT_SOURCES += $(SYMDEF_FILES) builddirs
+ 
+@@ -2210,6 +2220,14 @@ module_trust_store_la_LIBADD = $(MODULE_
+ module_trust_store_la_CFLAGS = $(AM_CFLAGS) -DHAVE_TRUST_STORE=1
+ endif
+ 
++# Snappy
++if HAVE_APPARMOR
++module_snappy_policy_la_SOURCES = modules/module-snappy-policy.c
++module_snappy_policy_la_LDFLAGS = $(MODULE_LDFLAGS) -lapparmor
++module_snappy_policy_la_LIBADD = $(MODULE_LIBADD)
++module_snappy_policy_la_CFLAGS = $(AM_CFLAGS) -DHAVE_SNAPPY=1
++endif
++
+ # RTP modules
+ module_rtp_send_la_SOURCES = modules/rtp/module-rtp-send.c
+ module_rtp_send_la_LDFLAGS = $(MODULE_LDFLAGS)
+Index: pa-debian/src/modules/module-snappy-policy.c
+===================================================================
+--- /dev/null
++++ pa-debian/src/modules/module-snappy-policy.c
+@@ -0,0 +1,98 @@
++/***
++    This file is part of PulseAudio.
++
++    Copyright 2016 Canonical Ltd.
++    Written by Simon Fels <simon.fels at canonical.com>
++
++    PulseAudio is free software; you can redistribute it and/or modify
++    it under the terms of the GNU Lesser General Public License as published
++    by the Free Software Foundation; either version 2.1 of the License,
++    or (at your option) any later version.
++
++    PulseAudio is distributed in the hope that it will be useful, but
++    WITHOUT ANY WARRANTY; without even the implied warranty of
++    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++    General Public License for more details.
++
++    You should have received a copy of the GNU Lesser General Public License
++    along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
++***/
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <sys/apparmor.h>
++#include <errno.h>
++
++#include <pulsecore/i18n.h>
++#include <pulsecore/core.h>
++#include <pulsecore/module.h>
++#include <pulse/xmalloc.h>
++#include <pulsecore/fdsem.h>
++#include <pulsecore/thread.h>
++#include <pulsecore/core-util.h>
++#include <pulse/mainloop-api.h>
++
++#include "module-snappy-policy-symdef.h"
++
++#define SNAP_LABEL_PREFIX           "snap."
++#define SNAP_LABEL_PREFIX_LENGTH    5
++
++PA_MODULE_AUTHOR("Simon Fels");
++PA_MODULE_DESCRIPTION("Ubuntu Snappy policy management");
++PA_MODULE_VERSION(PACKAGE_VERSION);
++PA_MODULE_LOAD_ONCE(true);
++
++struct userdata {
++    pa_core *core;
++    pa_hook_slot *connect_hook_slot;
++};
++
++static pa_hook_result_t connect_record_hook(pa_core *core, pa_access_data *d, struct userdata *u) {
++    pa_client *client = pa_idxset_get_by_index(u->core->clients, d->client_index);
++    if (!client)
++        return PA_HOOK_OK;
++
++    char *label = NULL;
++    char *mode = NULL;
++    if (aa_gettaskcon(client->creds.pid, &label, &mode) < 0) {
++        pa_log_warn("Failed to retrieve apparmor security label for pid %u: %s",
++                    client->creds.pid, strerror(-errno));
++        return PA_HOOK_OK;
++    }
++
++    pa_hook_result_t decision = PA_HOOK_OK;
++
++    // We only cancel the attempt of the client to start audio recording
++    // when we could successfully determine that the request is coming
++    // from an app which is part of a snap. Otherwise we continue to
++    // work as normal.
++    if (label && strncmp(SNAP_LABEL_PREFIX, label, SNAP_LABEL_PREFIX_LENGTH) == 0)
++        decision = PA_HOOK_CANCEL;
++
++    free(label);
++
++    return decision;
++}
++
++int pa__init(pa_module *m) {
++    struct userdata *u;
++    u = pa_xnew0(struct userdata, 1);
++    u->core = m->core;
++
++    m->userdata = u;
++    u->connect_hook_slot = pa_hook_connect(&m->core->access[PA_ACCESS_HOOK_CONNECT_RECORD],
++        PA_HOOK_NORMAL, (pa_hook_cb_t) connect_record_hook, u);
++
++    return 0;
++}
++
++void pa__done(pa_module *m) {
++    struct userdata *u = m->userdata;
++    if (u) {
++        if (u->connect_hook_slot)
++            pa_hook_slot_free(u->connect_hook_slot);
++        pa_xfree(u);
++    }
++}
+Index: pa-debian/configure.ac
+===================================================================
+--- pa-debian.orig/configure.ac
++++ pa-debian/configure.ac
+@@ -1445,6 +1445,19 @@ AS_IF([test "x$enable_trust_store" = "xy
+ 
+ AM_CONDITIONAL([HAVE_TRUST_STORE], [test "x$HAVE_TRUST_STORE" = "x1"])
+ 
++# Snappy support
++ 
++AC_ARG_ENABLE([snappy],
++    AS_HELP_STRING([--enable-snappy], [Enable snappy support]))
++
++AS_IF([test "x$enable_snappy" != "xno"],
++    [PKG_CHECK_MODULES(APPARMOR, [libapparmor], [HAVE_APPARMOR=1], [HAVE_APPARMOR=0])],
++    [HAVE_APPARMOR=0])
++
++AS_IF([test "x$enable_snappy" = "xyes" && test "x$HAVE_APPARMOR" = "x0"],
++    [AC_MSG_ERROR([*** Apparmor library not found])])
++
++AM_CONDITIONAL([HAVE_APPARMOR], [test "x$HAVE_APPARMOR" = "x1"])
+ 
+ ###################################
+ #            Output               #
+@@ -1624,6 +1637,8 @@ AS_IF([test "x$HAVE_ESOUND" = "x1" -a "x
+ AS_IF([test "x$HAVE_GCOV" = "x1"], ENABLE_GCOV=yes, ENABLE_GCOV=no)
+ AS_IF([test "x$HAVE_LIBCHECK" = "x1"], ENABLE_TESTS=yes, ENABLE_TESTS=no)
+ AS_IF([test "x$enable_legacy_database_entry_format" != "xno"], ENABLE_LEGACY_DATABASE_ENTRY_FORMAT=yes, ENABLE_LEGACY_DATABASE_ENTRY_FORMAT=no)
++AS_IF([test "x$enable_snappy" = "x1"], ENABLE_SNAPPY=yes, ENABLE_SNAPPY=no)
++AS_IF([test "x$HAVE_APPARMOR" = "x1"], ENABLE_APPARMOR=yes, ENABLE_APPARMOR=no)
+ 
+ echo "
+  ---{ $PACKAGE_NAME $VERSION }---
+@@ -1683,6 +1698,8 @@ echo "
+     Enable soxr (resampler):       ${ENABLE_SOXR}
+     Enable WebRTC echo canceller:  ${ENABLE_WEBRTC}
+     Enable Ubuntu trust store:     ${ENABLE_TRUST_STORE}
++    Enable Snappy support:         ${ENABLE_SNAPPY}
++    Enable Apparmor:               ${ENABLE_APPARMOR}
+     Enable gcov coverage:          ${ENABLE_GCOV}
+     Enable unit tests:             ${ENABLE_TESTS}
+     Database
diff --git a/debian/patches/series b/debian/patches/series
index e2d6904..960b2ef 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -43,3 +43,6 @@ switch-on-port-available:-Switch-from-HDMI-to-analog.patch
 0601-droid-alternative-hw-module-id.patch
 0602-droid-inputstream-config-parameters.pach
 0603-droid-port-priority-and-availability.patch
+
+# Ubuntu Snappy
+0700-modules-add-snappy-policy-module.patch
diff --git a/debian/pulseaudio.install b/debian/pulseaudio.install
index b137241..1f732cf 100755
--- a/debian/pulseaudio.install
+++ b/debian/pulseaudio.install
@@ -77,6 +77,7 @@ usr/lib/pulse-*/modules/module-virtual-sink.so
 usr/lib/pulse-*/modules/module-virtual-source.so
 usr/lib/pulse-*/modules/module-switch-on-port-available.so
 usr/lib/pulse-*/modules/module-virtual-surround-sink.so
+usr/lib/pulse-*/modules/module-snappy-policy.so
 [linux-any] usr/lib/pulse-*/modules/module-systemd-login.so
 [linux-any] usr/lib/systemd/user/pulseaudio.*
 usr/share/bash-completion/completions/*
diff --git a/debian/rules b/debian/rules
index 1c4c34d..e4d732b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -30,7 +30,7 @@ DEB_CONFIGURE_EXTRA_FLAGS = --enable-x11 --disable-hal-compat \
   --with-zsh-completion-dir=\$${datadir}/zsh/vendor-completions \
   --with-bash-completion-dir=\$${datadir}/bash-completion/completions \
   --with-systemduserunitdir=\$${prefix}/lib/systemd/user \
-  --disable-bluez4
+  --disable-bluez4 --enable-snappy
 
 ifeq ($(words $(sort $(filter stage1,$(DEB_BUILD_PROFILES)))),1)
   DEB_CONFIGURE_EXTRA_FLAGS += --disable-bluez5

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-pulseaudio/pulseaudio.git



More information about the pkg-pulseaudio-devel mailing list