Pipewire: Use xdg-portal provided file descriptor The documentation for `OpenPipeWireRemote()` says: > Open a file descriptor to the PipeWire remote where the camera nodes > are available. The file descriptor should be used to create a > pw_core object, by using pw_context_connect_fd. In `InitPipeWire()` we already successfully requested the FD, but then went on and used the unrestricted default socket. This does not matter in non-sandboxed environments, as the stream we want to use is available from both FDs. In flatpak sandboxes, however, this requires to give full Pipewire access to the application. Fix this by simply using the right, restricted FD, and while on it, also make sure to not leak it. This change has already landed in downstream in Firefox, see https://phabricator.services.mozilla.com/D122904 https://phabricator.services.mozilla.com/D124508 Bug: webrtc:13152 Change-Id: I3f8995c54c797e1a90a980f231e496a13cbe65b4 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/230803 Reviewed-by: Joe Downing <joedow@chromium.org> Commit-Queue: Joe Downing <joedow@chromium.org> Cr-Commit-Position: refs/heads/main@{#34983}

commit: 593b4d550d5569997c65dc1226238da04d4ea61a [log] [tgz]
author: Robert Mader <robert.mader@posteo.de> Mon Sep 06 17:33:17 2021
committer: WebRTC LUCI CQ <webrtc-scoped@luci-project-accounts.iam.gserviceaccount.com> Mon Sep 13 16:29:52 2021
tree: 5ca230613407f65f23e88ca9d583055c83fefd45
parent: 7f876c8930a1732c898b897739455a95424dc976 [diff]
diff --git a/AUTHORS b/AUTHORS
index 645b9f3..2315b65 100644
--- a/AUTHORS
+++ b/AUTHORS

@@ -88,6 +88,7 @@
 Ramprakash Jelari <ennajelari@gmail.com>
 Riku Voipio <riku.voipio@linaro.org>
 Robert Bares <robert@bares.me>
+Robert Mader <robert.mader@posteo.de>
 Robert Nagy <robert.nagy@gmail.com>
 Ryan Yoakum <ryoakum@skobalt.com>
 Sarah Thompson <sarah@telergy.com>

diff --git a/modules/desktop_capture/linux/base_capturer_pipewire.cc b/modules/desktop_capture/linux/base_capturer_pipewire.cc
index 7212ad3..8c39772 100644
--- a/modules/desktop_capture/linux/base_capturer_pipewire.cc
+++ b/modules/desktop_capture/linux/base_capturer_pipewire.cc

@@ -348,6 +348,10 @@
     g_object_unref(proxy_);
     proxy_ = nullptr;
   }
+
+  if (pw_fd_ != -1) {
+    close(pw_fd_);
+  }
 }
 
 void BaseCapturerPipeWire::InitPortal() {
@@ -385,7 +389,7 @@
     return;
   }
 
-  pw_core_ = pw_context_connect(pw_context_, nullptr, 0);
+  pw_core_ = pw_context_connect_fd(pw_context_, pw_fd_, nullptr, 0);
   if (!pw_core_) {
     RTC_LOG(LS_ERROR) << "Failed to connect PipeWire context";
     return;

diff --git a/modules/desktop_capture/linux/pipewire03.sigs b/modules/desktop_capture/linux/pipewire03.sigs
index 78d241f..44e4100 100644
--- a/modules/desktop_capture/linux/pipewire03.sigs
+++ b/modules/desktop_capture/linux/pipewire03.sigs

@@ -44,3 +44,4 @@
 void pw_context_destroy(pw_context *context);
 pw_context *pw_context_new(pw_loop *main_loop, pw_properties *props, size_t user_data_size);
 pw_core * pw_context_connect(pw_context *context, pw_properties *properties, size_t user_data_size);
+pw_core * pw_context_connect_fd(pw_context *context, int fd, pw_properties *properties, size_t user_data_size);
commit	593b4d550d5569997c65dc1226238da04d4ea61a	[log] [tgz]
author	Robert Mader <robert.mader@posteo.de>	Mon Sep 06 17:33:17 2021
committer	WebRTC LUCI CQ <webrtc-scoped@luci-project-accounts.iam.gserviceaccount.com>	Mon Sep 13 16:29:52 2021
tree	5ca230613407f65f23e88ca9d583055c83fefd45
parent	7f876c8930a1732c898b897739455a95424dc976 [diff]