Home Explore Help
Sign In
Sekhali
/
Configs
Watch 1
Star 0
Fork 0
Files Issues 0
Branch: master
Branches Tags
Configs
/
.config
/
wireplumber
/
scripts
/
access
/
access-portal.lua

access-portal.lua 4.0 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 
  1. MEDIA_ROLE_NONE = 0
    2. 

  2. MEDIA_ROLE_CAMERA = 1 << 0
    3. 

  3. 

  4. function hasPermission (permissions, app_id, lookup)
    5. 

  5.   if permissions then
    6. 

  6.     for key, values in pairs(permissions) do
    7. 

  7.       if key == app_id then
    8. 

  8.         for _, v in pairs(values) do
    9. 

  9.           if v == lookup then
    10. 

  10.             return true
    11. 

  11.           end
    12. 

  12.         end
    13. 

  13.       end
    14. 

  14.     end
    15. 

  15.   end
    16. 

  16.   return false
    17. 

  17. end
    18. 

  18. 

  19. function parseMediaRoles (media_roles_str)
    20. 

  20.   local media_roles = MEDIA_ROLE_NONE
    21. 

  21.   for role in media_roles_str:gmatch('[^,%s]+') do
    22. 

  22.     if role == "Camera" then
    23. 

  23.       media_roles = media_roles | MEDIA_ROLE_CAMERA
    24. 

  24.     end
    25. 

  25.   end
    26. 

  26.   return media_roles
    27. 

  27. end
    28. 

  28. 

  29. function setPermissions (client, allow_client, allow_nodes)
    30. 

  30.   local client_id = client["bound-id"]
    31. 

  31.   Log.info(client, "Granting ALL access to client " .. client_id)
    32. 

  32. 

  33.   -- Update permissions on client
    34. 

  34.   client:update_permissions { [client_id] = allow_client and "all" or "-" }
    35. 

  35. 

  36.   -- Update permissions on camera source nodes
    37. 

  37.   for node in nodes_om:iterate() do
    38. 

  38.     local node_id = node["bound-id"]
    39. 

  39.     client:update_permissions { [node_id] = allow_nodes and "all" or "-" }
    40. 

  40.   end
    41. 

  41. end
    42. 

  42. 

  43. function updateClientPermissions (client, permissions)
    44. 

  44.   local client_id = client["bound-id"]
    45. 

  45.   local str_prop = nil
    46. 

  46.   local app_id = nil
    47. 

  47.   local media_roles = nil
    48. 

  48.   local allowed = false
    49. 

  49. 

  50.   -- Make sure the client is not the portal itself
    51. 

  51.   str_prop = client.properties["pipewire.access.portal.is_portal"]
    52. 

  52.   if str_prop == "yes" then
    53. 

  53.     Log.info (client, "client is the portal itself")
    54. 

  54.     return
    55. 

  55.   end
    56. 

  56. 

  57.   -- Make sure the client has a portal app Id
    58. 

  58.   str_prop = client.properties["pipewire.access.portal.app_id"]
    59. 

  59.   if str_prop == nil then
    60. 

  60.     Log.info (client, "Portal managed client did not set app_id")
    61. 

  61.     return
    62. 

  62.   end
    63. 

  63.   if str_prop == "" then
    64. 

  64.     Log.info (client, "Ignoring portal check for non-sandboxed client")
    65. 

  65.     setPermissions (client, true, true)
    66. 

  66.     return
    67. 

  67.   end
    68. 

  68.   app_id = str_prop
    69. 

  69. 

  70.   -- Make sure the client has portal media roles
    71. 

  71.   str_prop = client.properties["pipewire.access.portal.media_roles"]
    72. 

  72.   if str_prop == nil then
    73. 

  73.   Log.info (client, "Portal managed client did not set media_roles")
    74. 

  74.     return
    75. 

  75.   end
    76. 

  76.   media_roles = parseMediaRoles (str_prop)
    77. 

  77.   if (media_roles & MEDIA_ROLE_CAMERA) == 0 then
    78. 

  78.     Log.info (client, "Ignoring portal check for clients without camera role")
    79. 

  79.     return
    80. 

  80.   end
    81. 

  81. 

  82.   -- Update permissions
    83. 

  83.   allowed = hasPermission (permissions, app_id, "yes")
    84. 

  84. 

  85.   Log.info (client, "setting permissions: " .. tostring(allowed))
    86. 

  86.   setPermissions (client, allowed, allowed)
    87. 

  87. end
    88. 

  88. 

  89. -- Create portal clients object manager
    90. 

  90. clients_om = ObjectManager {
    91. 

  91.   Interest {
    92. 

  92.     type = "client",
    93. 

  93.     Constraint { "pipewire.access", "=", "portal" },
    94. 

  94.   }
    95. 

  95. }
    96. 

  96. 

  97. -- Set permissions to portal clients from the permission store if loaded
    98. 

  98. pps_plugin = Plugin.find("portal-permissionstore")
    99. 

  99. if pps_plugin then
    100. 

  100.   nodes_om = ObjectManager {
    101. 

  101.     Interest {
    102. 

  102.       type = "node",
    103. 

  103.       Constraint { "media.role", "=", "Camera" },
    104. 

  104.       Constraint { "media.class", "=", "Video/Source" },
    105. 

  105.     }
    106. 

  106.   }
    107. 

  107.   nodes_om:activate()
    108. 

  108. 

  109.   clients_om:connect("object-added", function (om, client)
    110. 

  110.     local new_perms = pps_plugin:call("lookup", "devices", "camera");
    111. 

  111.     updateClientPermissions (client, new_perms)
    112. 

  112.   end)
    113. 

  113. 

  114.   nodes_om:connect("object-added", function (om, node)
    115. 

  115.     local new_perms = pps_plugin:call("lookup", "devices", "camera");
    116. 

  116.     for client in clients_om:iterate() do
    117. 

  117.       updateClientPermissions (client, new_perms)
    118. 

  118.     end
    119. 

  119.   end)
    120. 

  120. 

  121.   pps_plugin:connect("changed", function (p, table, id, deleted, permissions)
    122. 

  122.     if table == "devices" or id == "camera" then
    123. 

  123.       for app_id, _ in pairs(permissions) do
    124. 

  124.         for client in clients_om:iterate {
    125. 

  125.             Constraint { "pipewire.access.portal.app_id", "=", app_id }
    126. 

  126.         } do
    127. 

  127.           updateClientPermissions (client, permissions)
    128. 

  128.         end
    129. 

  129.       end
    130. 

  130.     end
    131. 

  131.   end)
    132. 

  132. else
    133. 

  133.   -- Otherwise, just set all permissions to all portal clients
    134. 

  134.   clients_om:connect("object-added", function (om, client)
    135. 

  135.     local id = client["bound-id"]
    136. 

  136.     Log.info(client, "Granting ALL access to client " .. id)
    137. 

  137.     client:update_permissions { ["any"] = "all" }
    138. 

  138.   end)
    139. 

  139. end
    140. 

  140. 

  141. clients_om:activate()
    142. 

  142.