global: combine all permissions of the object tree

To get the permissions of an object, combine the permissions of the object and all the parent nodes up to the root. This is necessary to enforce that a client can never see and object id (in this case the parent id) it is not allowed to see.
author: Wim Taymans <wtaymans@redhat.com> 2019-05-13 15:46:32 +0200
committer: Wim Taymans <wtaymans@redhat.com> 2019-05-13 15:46:32 +0200
commit: 83bc033837f7525d898f1de91119f669f9bf97f5 (patch)
tree: 79fbbcebabce8bf941557ea30b17c35d962a478f
parent: d7acbb222e6e163a3e461c083fd2d346ca380a2f (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/src/pipewire/global.c b/src/pipewire/global.c
index 00258ff8..c963965e 100644
--- a/src/pipewire/global.c
+++ b/src/pipewire/global.c
@@ -38,9 +38,15 @@ uint32_t pw_global_get_permissions(struct pw_global *global, struct pw_client *c
 {
 	uint32_t perms = PW_PERM_RWX;
 
-	if (client->permission_func != NULL)
-		perms &= client->permission_func(global, client, client->permission_data);
+	if (client->permission_func == NULL)
+		return perms;
+
+	perms = client->permission_func(global, client, client->permission_data);
 
+	while (global != global->parent) {
+		global = global->parent;
+		perms &= client->permission_func(global, client, client->permission_data);
+	}
 	return perms;
 }
author	Wim Taymans <wtaymans@redhat.com>	2019-05-13 15:46:32 +0200
committer	Wim Taymans <wtaymans@redhat.com>	2019-05-13 15:46:32 +0200
commit	83bc033837f7525d898f1de91119f669f9bf97f5 (patch)
tree	79fbbcebabce8bf941557ea30b17c35d962a478f
parent	d7acbb222e6e163a3e461c083fd2d346ca380a2f (diff)