GET

Patch Detail

Show a patch.

GET /api/patches/17700/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 17700,
    "url": "https://patchwork.libcamera.org/api/patches/17700/?format=api",
    "web_url": "https://patchwork.libcamera.org/patch/17700/",
    "project": {
        "id": 1,
        "url": "https://patchwork.libcamera.org/api/projects/1/?format=api",
        "name": "libcamera",
        "link_name": "libcamera",
        "list_id": "libcamera_core",
        "list_email": "libcamera-devel@lists.libcamera.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": ""
    },
    "msgid": "<20221027055515.321791-10-nicholas@rothemail.net>",
    "date": "2022-10-27T05:55:14",
    "name": "[libcamera-devel,09/10] ipa: add a flag to disable isolation for Android",
    "commit_ref": null,
    "pull_url": null,
    "state": "superseded",
    "archived": false,
    "hash": "6686772b4253773ad3410d14e10a296df615a5ff",
    "submitter": {
        "id": 97,
        "url": "https://patchwork.libcamera.org/api/people/97/?format=api",
        "name": "Nicolas Dufresne via libcamera-devel",
        "email": "libcamera-devel@lists.libcamera.org"
    },
    "delegate": null,
    "mbox": "https://patchwork.libcamera.org/patch/17700/mbox/",
    "series": [
        {
            "id": 3579,
            "url": "https://patchwork.libcamera.org/api/series/3579/?format=api",
            "web_url": "https://patchwork.libcamera.org/project/libcamera/list/?series=3579",
            "date": "2022-10-27T05:55:08",
            "name": "[libcamera-devel,01/10] ipa: workaround libcxx duration limitation",
            "version": 1,
            "mbox": "https://patchwork.libcamera.org/series/3579/mbox/"
        }
    ],
    "comments": "https://patchwork.libcamera.org/api/patches/17700/comments/",
    "check": "pending",
    "checks": "https://patchwork.libcamera.org/api/patches/17700/checks/",
    "tags": {},
    "headers": {
        "Return-Path": "<libcamera-devel-bounces@lists.libcamera.org>",
        "X-Original-To": "parsemail@patchwork.libcamera.org",
        "Delivered-To": "parsemail@patchwork.libcamera.org",
        "Received": [
            "from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id 625C8C328A\n\tfor <parsemail@patchwork.libcamera.org>;\n\tThu, 27 Oct 2022 05:55:36 +0000 (UTC)",
            "from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id E904662F98;\n\tThu, 27 Oct 2022 07:55:35 +0200 (CEST)",
            "from mail-oi1-x236.google.com (mail-oi1-x236.google.com\n\t[IPv6:2607:f8b0:4864:20::236])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id BE1C062F81\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tThu, 27 Oct 2022 07:55:28 +0200 (CEST)",
            "by mail-oi1-x236.google.com with SMTP id s125so216155oib.6\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tWed, 26 Oct 2022 22:55:28 -0700 (PDT)",
            "from nroth-pc.attlocal.net\n\t([2600:1700:20:20c0:6406:fc7a:e46d:1666])\n\tby smtp.gmail.com with ESMTPSA id\n\t9-20020a9d0c09000000b00661a05691fasm140021otr.79.2022.10.26.22.55.26\n\t(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n\tWed, 26 Oct 2022 22:55:26 -0700 (PDT)"
        ],
        "DKIM-Signature": [
            "v=1; a=rsa-sha256; c=relaxed/simple; d=libcamera.org;\n\ts=mail; t=1666850136;\n\tbh=uPfBp734F70Nl4/faDEoCE+469eSaTe+2TU432+CN6U=;\n\th=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe:\n\tList-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:\n\tFrom;\n\tb=lFlFgBnNYfrySN7D6gLKCd+6OvoOuRlJxrdquvTCJAR4u481MxvMM8AuNPerg7F0r\n\tr7HyCgFPkYAxZ7mUO9UUcu26C+U3EJcHe0wJWlbYrHRlMoicRMj67CK5fMEBg7fEgA\n\tc1Ry80Bz5y8Ef9gQuCT7J8WzroQ06AiBD7IH8xH5EC1dwfyC9FxK1GZr++tXFrFcij\n\tvDmekHs1zA3aRNdTloQEEFkaxgf2uw6ggGUgKF0Egpz7doRLcTTXOGc+B2NmNjHJlX\n\tBMcWzA2/F8oETWAPnfk5jGeywkUbqveV8lAtu9jcdLnTt78hBU8+Zuw87/EchCAxaS\n\tx4o4ILiZl/KZQ==",
            "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=rothemail-net.20210112.gappssmtp.com; s=20210112;\n\th=content-transfer-encoding:mime-version:reply-to:references\n\t:in-reply-to:message-id:date:subject:cc:to:from:from:to:cc:subject\n\t:date:message-id:reply-to;\n\tbh=S6elEshRjeYKV2WspXbwSeu79nOguOd5x4rDscK6N9Y=;\n\tb=zNhaNbIpGGyvsSex3/5mAlnRYKuhXRdD55HAwiHz+FvxMnIr5DCS6NjZWsd953VzSJ\n\tiWqQw1q690FmD84Kqx/aMg01rmRbedj3j95TkWmgRy6kqjzUHnJ2FEUhwFxkY+izDOGP\n\t7tlTPdKT69Yf4uH0sAgKgAWtU4zcr1ecKPRofVZecwmBM4+Lk0MbJcmXpisrSdrqy1gV\n\tBKlGpqZuJl19vpms/UmkaUWsZ4v7gOe80Oc0IGNJ6gsh4mXLEtmuTpjePsMmAbWdoY69\n\t6IJ3FPqvj+gHa1gkzAh5ywXYA1trbxWEhiQZo0RhRFA7Hr0yfw/a3/hSmDao+95KZWCJ\n\tQx0w=="
        ],
        "Authentication-Results": "lancelot.ideasonboard.com; dkim=pass (2048-bit key; \n\tunprotected)\n\theader.d=rothemail-net.20210112.gappssmtp.com\n\theader.i=@rothemail-net.20210112.gappssmtp.com header.b=\"zNhaNbIp\"; \n\tdkim-atps=neutral",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20210112;\n\th=content-transfer-encoding:mime-version:reply-to:references\n\t:in-reply-to:message-id:date:subject:cc:to:from:x-gm-message-state\n\t:from:to:cc:subject:date:message-id:reply-to;\n\tbh=S6elEshRjeYKV2WspXbwSeu79nOguOd5x4rDscK6N9Y=;\n\tb=LuKuoszIMmbjJGtiV93ijtpTYTXFfbHCodTndvIKaXY9NrVN84iVEWBBjThhmNYDuZ\n\t9QsDZsu7QHYx6a3f/mSc9wv8Fu7/3WtEc6DIDbZam3r5ryqeA3C8qng+TnJ77gGPFPki\n\tKOpHmeZOE3/QbnNCNojmAXyviALRElxD9bl6sqD/8ERzhW36iwSMObeugiSKqvoz42Ep\n\ti/PjTuaxeEPt2wpbzW6Y9ePrKE6NcAytS9aqjAK90cnHCgHjp6PT3gjSQh0KI/qQdz4L\n\t1NfQgZpanKc0Ah7gSzCOuTLW/LDZRoZkvuq0it4Wfx6c3++do9hfhY5Uv9e15FEbcDVd\n\tDWMw==",
        "X-Gm-Message-State": "ACrzQf1qQ5BSXPhKcpT+yI1fon/eMUKlNdFjlpQXeYD8wQU8W1Ln0kEh\n\tTrf+/WE3Dz1WkqAdzNKvqz/864kYWyrw9xKr",
        "X-Google-Smtp-Source": "AMsMyM709ymtJ3ooObYxuuWyYJUcgo9RC4vyFt9dUmW4+PkTyHpuqAN5RPWWG0NKk5otR79bE/6DVQ==",
        "X-Received": "by 2002:a05:6808:60c:b0:355:221e:db30 with SMTP id\n\ty12-20020a056808060c00b00355221edb30mr3984256oih.21.1666850126544; \n\tWed, 26 Oct 2022 22:55:26 -0700 (PDT)",
        "To": "libcamera-devel@lists.libcamera.org",
        "Date": "Thu, 27 Oct 2022 00:55:14 -0500",
        "Message-Id": "<20221027055515.321791-10-nicholas@rothemail.net>",
        "X-Mailer": "git-send-email 2.34.1",
        "In-Reply-To": "<20221027055515.321791-1-nicholas@rothemail.net>",
        "References": "<libcamera Android Enhancements>\n\t<20221027055515.321791-1-nicholas@rothemail.net>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "Subject": "[libcamera-devel] [PATCH 09/10] ipa: add a flag to disable\n\tisolation for Android",
        "X-BeenThere": "libcamera-devel@lists.libcamera.org",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "<libcamera-devel.lists.libcamera.org>",
        "List-Unsubscribe": "<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>",
        "List-Archive": "<https://lists.libcamera.org/pipermail/libcamera-devel/>",
        "List-Post": "<mailto:libcamera-devel@lists.libcamera.org>",
        "List-Help": "<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>",
        "List-Subscribe": "<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>",
        "From": "Nicholas Roth via libcamera-devel <libcamera-devel@lists.libcamera.org>",
        "Reply-To": "libcamera-devel@lists.libcamera.org",
        "Cc": "nicholas@rothemail.net",
        "Errors-To": "libcamera-devel-bounces@lists.libcamera.org",
        "Sender": "\"libcamera-devel\" <libcamera-devel-bounces@lists.libcamera.org>"
    },
    "content": "From: Nicholas Roth <nicholas@rothemail.net>\n\nCurrently, libcamera isolates any IPAs whose signatures cannot be\nverified. Shared objects are created at build-time, and then signed. The\npublic signing key is embedded in a .cpp file, and libcamera verifies\nIPA signatures at runtime. When libcamera cannot authenticate an IPA, it\nruns it out-of-process.\n\nThis is problematic on three levels:\n* IPA signing fundamentally does not work on Android for vendor modules\n  like HALs (discussed below)\n* Executables built to run out-of-process are not ABI-compatible with\n  Android, making isolation infeasible [1]\n* Linux phone hardware tends to be low-end because of the FOSS\n  requirement, so the performance hit from out-of-process IPA isolation\n  is significant\n\nIPA signing fundamentally does not work for Android vendor modules:\nAfter we \"meson install\" built .so files to a known location, Android\nexplicitly access them in PREBUILT_SHARED_LIBRARY or BUILD_PREBUILIT\nto transform the .so files by stripping symbols among other things [2].\nBy modifying prebuilt libraries after we have already signed them, the\nbuild system renders our signatures useless on Android.\n\nAndroid distribution maintainers can use this flag to disable signature\nverification, which will allow them to use libcamera.\n\n[1] https://github.com/waydroid/waydroid/issues/519\n[2] https://cs.android.com/android/platform/superproject/+/master:build/make/core/cc_prebuilt_internal.mk?q=cc_prebuilt_internal\n\nSigned-off-by: Nicholas Roth <nicholas@rothemail.net>\n---\n meson.build                   |  4 ++++\n meson_options.txt             |  5 +++++\n src/libcamera/ipa_manager.cpp | 11 +++++++++++\n 3 files changed, 20 insertions(+)",
    "diff": "diff --git a/meson.build b/meson.build\nindex 56910698..883847ef 100644\n--- a/meson.build\n+++ b/meson.build\n@@ -74,6 +74,10 @@ if cc.has_header_symbol('stdlib.h', 'secure_getenv', prefix : '#define _GNU_SOUR\n     config_h.set('HAVE_SECURE_GETENV', 1)\n endif\n \n+if get_option('allow_unsigned_ipas_in_process')\n+    config_h.set('ALLOW_UNSIGNED_IPAS_IN_PROCESS', 1)\n+endif\n+\n common_arguments = [\n     '-Wshadow',\n     '-include', meson.current_build_dir() / 'config.h',\ndiff --git a/meson_options.txt b/meson_options.txt\nindex f1d67808..77b21b9a 100644\n--- a/meson_options.txt\n+++ b/meson_options.txt\n@@ -64,3 +64,8 @@ option('pycamera',\n         type : 'feature',\n         value : 'disabled',\n         description : 'Enable libcamera Python bindings (experimental)')\n+\n+option('allow_unsigned_ipas_in_process',\n+        type : 'boolean',\n+        value : false,\n+        description : 'Allow unsigned IPAs to run in libcamera\\'s address space')\ndiff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp\nindex 030ef43f..403cc42a 100644\n--- a/src/libcamera/ipa_manager.cpp\n+++ b/src/libcamera/ipa_manager.cpp\n@@ -114,6 +114,14 @@ IPAManager::IPAManager()\n \t\tLOG(IPAManager, Warning) << \"Public key not valid\";\n #endif\n \n+#if ALLOW_UNSIGNED_IPAS_IN_PROCESS\n+\tLOG(IPAManager, Warning)\n+\t\t<< \"All IPAs running in-process without signature verification.\"\n+\t\t<< \" This is recommended only for tightly-managed installs\"\n+\t\t<< \" in contexts where both signature verification and out-of-process\"\n+\t\t<< \" execution are infeasible, such as Android HALs.\";\n+#endif\n+\n \tunsigned int ipaCount = 0;\n \n \t/* User-specified paths take precedence. */\n@@ -281,6 +289,9 @@ IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion,\n \n bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const\n {\n+#if ALLOW_UNSIGNED_IPAS_IN_PROCESS\n+\treturn true;\n+#endif\n #if HAVE_IPA_PUBKEY\n \tchar *force = utils::secure_getenv(\"LIBCAMERA_IPA_FORCE_ISOLATION\");\n \tif (force && force[0] != '\\0') {\n",
    "prefixes": [
        "libcamera-devel",
        "09/10"
    ]
}