{"id":17685,"url":"https://patchwork.libcamera.org/api/1.1/patches/17685/?format=json","web_url":"https://patchwork.libcamera.org/patch/17685/","project":{"id":1,"url":"https://patchwork.libcamera.org/api/1.1/projects/1/?format=json","name":"libcamera","link_name":"libcamera","list_id":"libcamera_core","list_email":"libcamera-devel@lists.libcamera.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20221024055543.116040-11-nicholas@rothemail.net>","date":"2022-10-24T05:55:42","name":"[libcamera-devel,10/11] Adds a flag to disable IPA isolation, necessary for Android.","commit_ref":null,"pull_url":null,"state":"superseded","archived":false,"hash":"6686772b4253773ad3410d14e10a296df615a5ff","submitter":{"id":97,"url":"https://patchwork.libcamera.org/api/1.1/people/97/?format=json","name":"Nicolas Dufresne via libcamera-devel","email":"libcamera-devel@lists.libcamera.org"},"delegate":null,"mbox":"https://patchwork.libcamera.org/patch/17685/mbox/","series":[{"id":3575,"url":"https://patchwork.libcamera.org/api/1.1/series/3575/?format=json","web_url":"https://patchwork.libcamera.org/project/libcamera/list/?series=3575","date":"2022-10-24T05:55:33","name":"[libcamera-devel,01/11] Fixes Bug 156, which breaks libcamera on Android < 12.","version":1,"mbox":"https://patchwork.libcamera.org/series/3575/mbox/"}],"comments":"https://patchwork.libcamera.org/api/patches/17685/comments/","check":"pending","checks":"https://patchwork.libcamera.org/api/patches/17685/checks/","tags":{},"headers":{"Return-Path":"<libcamera-devel-bounces@lists.libcamera.org>","X-Original-To":"parsemail@patchwork.libcamera.org","Delivered-To":"parsemail@patchwork.libcamera.org","Received":["from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id 5B9A1C3286\n\tfor <parsemail@patchwork.libcamera.org>;\n\tMon, 24 Oct 2022 05:56:08 +0000 (UTC)","from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id BE3BA62F18;\n\tMon, 24 Oct 2022 07:56:07 +0200 (CEST)","from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com\n\t[IPv6:2607:f8b0:4864:20::32c])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 5646762F0A\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tMon, 24 Oct 2022 07:56:02 +0200 (CEST)","by mail-ot1-x32c.google.com with SMTP id\n\tz11-20020a05683020cb00b00661a95cf920so5365302otq.5\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tSun, 23 Oct 2022 22:56:02 -0700 (PDT)","from nroth-pc.attlocal.net\n\t([2600:1700:20:20c0:7bc3:aed3:676f:10a0])\n\tby smtp.gmail.com with ESMTPSA id\n\tx15-20020a9d628f000000b0066193df8edasm3980278otk.34.2022.10.23.22.56.00\n\t(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n\tSun, 23 Oct 2022 22:56:00 -0700 (PDT)"],"DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/simple; d=libcamera.org;\n\ts=mail; t=1666590967;\n\tbh=SuhQ6dhEWp88i57VP77y/jAbxTL15UkDhiV9cnvQkik=;\n\th=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe:\n\tList-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:\n\tFrom;\n\tb=km0hrn38Ib9hVLkuKSFXmQIPlpbgUmUTw3z5zoLdeyPHmWxy1CaKKwSzuO1FgGdNi\n\tbIy3dHdlrHlB+/JERkpl6CXAjrUOV9JLjBI9Ua2+SumEsWM/135jUSKS/vOUCz61TF\n\tG96N32qGLb01NWQGG9Do8osRR12jJxI0hBE+CpfKZruU08uLP0EyPOXHDbN4XDkrtU\n\tCuRA0CEVNVmTqja6Ir/vheiMbUtyAd8zLwi2iys67MSKo2c+nKAxRbFUd1r+lyotTo\n\ttVHuugizFjWcnUk8SIPFepO3cZLuuhh1sm2TywWJlBsAinAbV4wDbMUDHhjFXFWjCJ\n\tjzhaRuGLFZzQQ==","v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=rothemail-net.20210112.gappssmtp.com; s=20210112;\n\th=content-transfer-encoding:mime-version:reply-to:references\n\t:in-reply-to:message-id:date:subject:cc:to:from:from:to:cc:subject\n\t:date:message-id:reply-to;\n\tbh=huXpY0kdXALbfYSJ3F6nqYO414tLR2zn4iq7mxfc+Zk=;\n\tb=WAPOILri6uBXcMjQ4qBqAXoTnEl5GwzHyfjtheK5C+met4hKIACwiJFxWFujnyRoaO\n\tlQZg6oq7KiJiKC9OIGAmyD5BEfOTIpzOIMJ2qaRhN3AThw+A5ani10SsqaPTONBjeqFy\n\tygCxeWqRmgL/iiW0dxzOJO6yRH26pLEq7oJ4M/MvmgHPsslDyrxTve4ZstNquqJBFOV3\n\tkdX5BLQm3z4OiDBtl7+L4k1PDVc779zeagw1DVVWwP87NC5iBupPExAQTA9xKdEjnqxA\n\tDQr5ujCP4kzkGlTN7ky5dFXpGD7tOWLJ06LHZ6H9Cq5r16A20zMJcSncV1Ubh2d5DNn7\n\t9lZQ=="],"Authentication-Results":"lancelot.ideasonboard.com; dkim=pass (2048-bit key; \n\tunprotected)\n\theader.d=rothemail-net.20210112.gappssmtp.com\n\theader.i=@rothemail-net.20210112.gappssmtp.com header.b=\"WAPOILri\"; \n\tdkim-atps=neutral","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20210112;\n\th=content-transfer-encoding:mime-version:reply-to:references\n\t:in-reply-to:message-id:date:subject:cc:to:from:x-gm-message-state\n\t:from:to:cc:subject:date:message-id:reply-to;\n\tbh=huXpY0kdXALbfYSJ3F6nqYO414tLR2zn4iq7mxfc+Zk=;\n\tb=RumoWvdONlK1XqIects/T2fZtcXF59hYH0yDAYxwr/WHIyfGRVXV7YX7VZd5kh2yTh\n\t8X2YfYG/2W4zfSX1SLKbt32qun038XFPs544Iaui51a+Mr0uTArbJpCyE5gvn+amtOik\n\tvu8k28TpW0F9YqxTzqQ6HWtRg6WHZYWNqFvI46f081wrgIN/F/IADqxkC2fK2X+YvXKY\n\t8UqGbuTrZQHwqpueK8DvnYcU1Up2v3M2JAvhic2zmihIQV6lmRD9jWXT7TtNwHRW9Yky\n\t7hs+uLaosmTh/z5edxyItK90bO4i+sGZTHhTDJJjcS/n2GeQpjDSKGYQgKMBtwqbTDqe\n\tGFOw==","X-Gm-Message-State":"ACrzQf3tAi9kPnDsM4/2dWjMnqozT+ws05ca9F+RyV0h6XEPrTlbWB4Y\n\to7whjWnzmnxiA1mEddehwzSJlLl6VbFw2WDL","X-Google-Smtp-Source":"AMsMyM4tT8LCjRSBpbBgBB1BcoOHk1blD2NrmLMAKPfWRVqSnesNv6zwjwaVHC/cy6GyTTU/guI2Nw==","X-Received":"by 2002:a05:6830:618c:b0:65b:d2db:5f77 with SMTP id\n\tcb12-20020a056830618c00b0065bd2db5f77mr15423770otb.348.1666590960709; \n\tSun, 23 Oct 2022 22:56:00 -0700 (PDT)","To":"libcamera-devel@lists.libcamera.org","Date":"Mon, 24 Oct 2022 00:55:42 -0500","Message-Id":"<20221024055543.116040-11-nicholas@rothemail.net>","X-Mailer":"git-send-email 2.34.1","In-Reply-To":"<20221024055543.116040-1-nicholas@rothemail.net>","References":"<20221024055543.116040-1-nicholas@rothemail.net>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","Subject":"[libcamera-devel] [PATCH 10/11] Adds a flag to disable IPA\n\tisolation, necessary for Android.","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"<libcamera-devel.lists.libcamera.org>","List-Unsubscribe":"<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>","List-Archive":"<https://lists.libcamera.org/pipermail/libcamera-devel/>","List-Post":"<mailto:libcamera-devel@lists.libcamera.org>","List-Help":"<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>","List-Subscribe":"<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>","From":"Nicholas Roth via libcamera-devel <libcamera-devel@lists.libcamera.org>","Reply-To":"libcamera-devel@lists.libcamera.org","Cc":"nicholas@rothemail.net","Errors-To":"libcamera-devel-bounces@lists.libcamera.org","Sender":"\"libcamera-devel\" <libcamera-devel-bounces@lists.libcamera.org>"},"content":"From: Nicholas Roth <nicholas@rothemail.net>\n\n---\n meson.build                   |  4 ++++\n meson_options.txt             |  5 +++++\n src/libcamera/ipa_manager.cpp | 11 +++++++++++\n 3 files changed, 20 insertions(+)","diff":"diff --git a/meson.build b/meson.build\nindex 7d0588d2..2303f752 100644\n--- a/meson.build\n+++ b/meson.build\n@@ -74,6 +74,10 @@ if cc.has_header_symbol('stdlib.h', 'secure_getenv', prefix : '#define _GNU_SOUR\n     config_h.set('HAVE_SECURE_GETENV', 1)\n endif\n \n+if get_option('allow_unsigned_ipas_in_process')\n+    config_h.set('ALLOW_UNSIGNED_IPAS_IN_PROCESS', 1)\n+endif\n+\n common_arguments = [\n     '-Wshadow',\n     '-include', meson.current_build_dir() / 'config.h',\ndiff --git a/meson_options.txt b/meson_options.txt\nindex f1d67808..77b21b9a 100644\n--- a/meson_options.txt\n+++ b/meson_options.txt\n@@ -64,3 +64,8 @@ option('pycamera',\n         type : 'feature',\n         value : 'disabled',\n         description : 'Enable libcamera Python bindings (experimental)')\n+\n+option('allow_unsigned_ipas_in_process',\n+        type : 'boolean',\n+        value : false,\n+        description : 'Allow unsigned IPAs to run in libcamera\\'s address space')\ndiff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp\nindex 030ef43f..403cc42a 100644\n--- a/src/libcamera/ipa_manager.cpp\n+++ b/src/libcamera/ipa_manager.cpp\n@@ -114,6 +114,14 @@ IPAManager::IPAManager()\n \t\tLOG(IPAManager, Warning) << \"Public key not valid\";\n #endif\n \n+#if ALLOW_UNSIGNED_IPAS_IN_PROCESS\n+\tLOG(IPAManager, Warning)\n+\t\t<< \"All IPAs running in-process without signature verification.\"\n+\t\t<< \" This is recommended only for tightly-managed installs\"\n+\t\t<< \" in contexts where both signature verification and out-of-process\"\n+\t\t<< \" execution are infeasible, such as Android HALs.\";\n+#endif\n+\n \tunsigned int ipaCount = 0;\n \n \t/* User-specified paths take precedence. */\n@@ -281,6 +289,9 @@ IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion,\n \n bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const\n {\n+#if ALLOW_UNSIGNED_IPAS_IN_PROCESS\n+\treturn true;\n+#endif\n #if HAVE_IPA_PUBKEY\n \tchar *force = utils::secure_getenv(\"LIBCAMERA_IPA_FORCE_ISOLATION\");\n \tif (force && force[0] != '\\0') {\n","prefixes":["libcamera-devel","10/11"]}