GET

Patch Detail

Show a patch.

GET /api/patches/17721/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 17721,
    "url": "https://patchwork.libcamera.org/api/patches/17721/?format=api",
    "web_url": "https://patchwork.libcamera.org/patch/17721/",
    "project": {
        "id": 1,
        "url": "https://patchwork.libcamera.org/api/projects/1/?format=api",
        "name": "libcamera",
        "link_name": "libcamera",
        "list_id": "libcamera_core",
        "list_email": "libcamera-devel@lists.libcamera.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": ""
    },
    "msgid": "<20221028031726.4849-10-nicholas@rothemail.net>",
    "date": "2022-10-28T03:17:25",
    "name": "[libcamera-devel,v5,09/10] ipa: add a flag to disable isolation for Android",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "6686772b4253773ad3410d14e10a296df615a5ff",
    "submitter": {
        "id": 97,
        "url": "https://patchwork.libcamera.org/api/people/97/?format=api",
        "name": "Nicolas Dufresne via libcamera-devel",
        "email": "libcamera-devel@lists.libcamera.org"
    },
    "delegate": null,
    "mbox": "https://patchwork.libcamera.org/patch/17721/mbox/",
    "series": [
        {
            "id": 3583,
            "url": "https://patchwork.libcamera.org/api/series/3583/?format=api",
            "web_url": "https://patchwork.libcamera.org/project/libcamera/list/?series=3583",
            "date": "2022-10-28T03:17:17",
            "name": "[libcamera-devel,v5,01/10] ipa: workaround libcxx duration limitation",
            "version": 5,
            "mbox": "https://patchwork.libcamera.org/series/3583/mbox/"
        }
    ],
    "comments": "https://patchwork.libcamera.org/api/patches/17721/comments/",
    "check": "pending",
    "checks": "https://patchwork.libcamera.org/api/patches/17721/checks/",
    "tags": {},
    "headers": {
        "Return-Path": "<libcamera-devel-bounces@lists.libcamera.org>",
        "X-Original-To": "parsemail@patchwork.libcamera.org",
        "Delivered-To": "parsemail@patchwork.libcamera.org",
        "Received": [
            "from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id C43EAC3287\n\tfor <parsemail@patchwork.libcamera.org>;\n\tFri, 28 Oct 2022 03:17:45 +0000 (UTC)",
            "from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id 6583C62FD6;\n\tFri, 28 Oct 2022 05:17:45 +0200 (CEST)",
            "from mail-oa1-x33.google.com (mail-oa1-x33.google.com\n\t[IPv6:2001:4860:4864:20::33])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 9B2CC62FAD\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tFri, 28 Oct 2022 05:17:37 +0200 (CEST)",
            "by mail-oa1-x33.google.com with SMTP id\n\t586e51a60fabf-13b23e29e36so4973724fac.8\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tThu, 27 Oct 2022 20:17:37 -0700 (PDT)",
            "from nroth-pc.attlocal.net\n\t([2600:1700:20:20c0:293a:90ce:6463:244d])\n\tby smtp.gmail.com with ESMTPSA id\n\tfp19-20020a056870659300b0013626c1a5f6sm1527738oab.10.2022.10.27.20.17.35\n\t(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n\tThu, 27 Oct 2022 20:17:35 -0700 (PDT)"
        ],
        "DKIM-Signature": [
            "v=1; a=rsa-sha256; c=relaxed/simple; d=libcamera.org;\n\ts=mail; t=1666927065;\n\tbh=uPfBp734F70Nl4/faDEoCE+469eSaTe+2TU432+CN6U=;\n\th=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe:\n\tList-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:\n\tFrom;\n\tb=Sj9Txgd8IxFgSUwhpFOUeIx0+zBFwKPcj0JdT0mbv6NeCQ3cAnTegZKfNGXTPHLlP\n\ttyKc6NqmAMROG33Tc0BnZSNuUKCmWNjNvXyiZzSpBN2Z+6Sw+pYeUpOG90N5HiZFoN\n\tcTtnN0W8aYZupJXdtmqhU+jdBs/GkCGvZBrE5lHET5PRC7f8b2mIevfXJ+0wAY3XYn\n\tMCIMZDvAe7wYjyW1QzZ59WN+1x86/u3QJUirEwdvYm8B+2VehmGb8Mirbdwbanx8ZQ\n\tOQMDJDBzlbPAqQTsqgsGEYXdp32haTE+47uZQzUf12EGY2oNVg+3HCR/TZ55JlbsWe\n\tgFVnCb+F0fOAg==",
            "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=rothemail-net.20210112.gappssmtp.com; s=20210112;\n\th=content-transfer-encoding:mime-version:reply-to:references\n\t:in-reply-to:message-id:date:subject:cc:to:from:from:to:cc:subject\n\t:date:message-id:reply-to;\n\tbh=S6elEshRjeYKV2WspXbwSeu79nOguOd5x4rDscK6N9Y=;\n\tb=oOqzTjvvX08YAJa5XU9pFTK/n+NaMg7FWwAg0A2h115xVInJbKPxL9wROB5kzO3azR\n\tB940iBpEnFirk+tGG4EeiMfzMXrY5LHHEYJrEZy+QMMNeff936/wosL8vzNHHl7rnUDY\n\txg1bPgNchE1hvS/+4bBUM6wJlNtCVfo6SkkDL7dTYTdld6/xkeUnZlF/tQrjFBc+9JE7\n\t+VerkLLB7AUpCnF58hE+uytL361WNk7rTIY2b2z9OC4LvEZdEmO837ka78lm8Ixt1FR2\n\tN6MnKhk3d+YBx0mzLf4JEkpLXnnxipcJVXoy43j0Olh9zmNk64EtlBW7ab5r96uy5v29\n\tsg5g=="
        ],
        "Authentication-Results": "lancelot.ideasonboard.com; dkim=pass (2048-bit key; \n\tunprotected)\n\theader.d=rothemail-net.20210112.gappssmtp.com\n\theader.i=@rothemail-net.20210112.gappssmtp.com header.b=\"oOqzTjvv\"; \n\tdkim-atps=neutral",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20210112;\n\th=content-transfer-encoding:mime-version:reply-to:references\n\t:in-reply-to:message-id:date:subject:cc:to:from:x-gm-message-state\n\t:from:to:cc:subject:date:message-id:reply-to;\n\tbh=S6elEshRjeYKV2WspXbwSeu79nOguOd5x4rDscK6N9Y=;\n\tb=P7izXvwstjrOTfJyFWmRfhku211nDkgGrfTvjMjdaq7MHzqYT5cnHcB4flezW8GH1u\n\tIFemZ+BcujhyyyyZKDlmPjtaFSRNKwGzgli6cPpFI/1LJt7CPy82KSToYl+8+rPZMKt7\n\tb4WW7VUVslRkCtkBqM+Qa2dK/DdFgb0rJvVj3fQ2XrmJCuRvv22DkREO9dWVYaF997/E\n\tNG1BAKk5SVOhVUr5+/ZX7z4VeVRo8SF2KWkx1vXs9FjBK9jyQLV3CJBVg0fqxkMt9sM1\n\tEF8sAiAWxaI70YTSPPyNehGlpUBhC8NZdbfNKJX5gXy9B7KoxAwJmQ2/JXkPqMmWvHw3\n\tsoXQ==",
        "X-Gm-Message-State": "ACrzQf0DLmwYZdE9jP08MLtqaXzfL0VSZC57X/dU1kkuXQ1JrJsvY8S6\n\t+D4/eGmjog5b6GfEN7JP/hrBq3kP5aEp+3OJVrM=",
        "X-Google-Smtp-Source": "AMsMyM54g+qM054PCkV1SXu0eVSoDgG+GbmvoRiE3tJyzzWkJvrWNRmVOB5LTKtPdwI3uFTh7AQ+Aw==",
        "X-Received": "by 2002:a05:6870:6086:b0:132:e9d6:ea36 with SMTP id\n\tt6-20020a056870608600b00132e9d6ea36mr8079790oae.116.1666927055909; \n\tThu, 27 Oct 2022 20:17:35 -0700 (PDT)",
        "To": "libcamera-devel@lists.libcamera.org",
        "Date": "Thu, 27 Oct 2022 22:17:25 -0500",
        "Message-Id": "<20221028031726.4849-10-nicholas@rothemail.net>",
        "X-Mailer": "git-send-email 2.34.1",
        "In-Reply-To": "<20221028031726.4849-1-nicholas@rothemail.net>",
        "References": "<20221027224135.348115-1-nicholas@rothemail.net>\n\t<20221028031726.4849-1-nicholas@rothemail.net>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "Subject": "[libcamera-devel] [PATCH v5 09/10] ipa: add a flag to disable\n\tisolation for Android",
        "X-BeenThere": "libcamera-devel@lists.libcamera.org",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "<libcamera-devel.lists.libcamera.org>",
        "List-Unsubscribe": "<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>",
        "List-Archive": "<https://lists.libcamera.org/pipermail/libcamera-devel/>",
        "List-Post": "<mailto:libcamera-devel@lists.libcamera.org>",
        "List-Help": "<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>",
        "List-Subscribe": "<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>",
        "From": "Nicholas Roth via libcamera-devel <libcamera-devel@lists.libcamera.org>",
        "Reply-To": "libcamera-devel@lists.libcamera.org",
        "Cc": "nicholas@rothemail.net",
        "Errors-To": "libcamera-devel-bounces@lists.libcamera.org",
        "Sender": "\"libcamera-devel\" <libcamera-devel-bounces@lists.libcamera.org>"
    },
    "content": "From: Nicholas Roth <nicholas@rothemail.net>\n\nCurrently, libcamera isolates any IPAs whose signatures cannot be\nverified. Shared objects are created at build-time, and then signed. The\npublic signing key is embedded in a .cpp file, and libcamera verifies\nIPA signatures at runtime. When libcamera cannot authenticate an IPA, it\nruns it out-of-process.\n\nThis is problematic on three levels:\n* IPA signing fundamentally does not work on Android for vendor modules\n  like HALs (discussed below)\n* Executables built to run out-of-process are not ABI-compatible with\n  Android, making isolation infeasible [1]\n* Linux phone hardware tends to be low-end because of the FOSS\n  requirement, so the performance hit from out-of-process IPA isolation\n  is significant\n\nIPA signing fundamentally does not work for Android vendor modules:\nAfter we \"meson install\" built .so files to a known location, Android\nexplicitly access them in PREBUILT_SHARED_LIBRARY or BUILD_PREBUILIT\nto transform the .so files by stripping symbols among other things [2].\nBy modifying prebuilt libraries after we have already signed them, the\nbuild system renders our signatures useless on Android.\n\nAndroid distribution maintainers can use this flag to disable signature\nverification, which will allow them to use libcamera.\n\n[1] https://github.com/waydroid/waydroid/issues/519\n[2] https://cs.android.com/android/platform/superproject/+/master:build/make/core/cc_prebuilt_internal.mk?q=cc_prebuilt_internal\n\nSigned-off-by: Nicholas Roth <nicholas@rothemail.net>\n---\n meson.build                   |  4 ++++\n meson_options.txt             |  5 +++++\n src/libcamera/ipa_manager.cpp | 11 +++++++++++\n 3 files changed, 20 insertions(+)",
    "diff": "diff --git a/meson.build b/meson.build\nindex 56910698..883847ef 100644\n--- a/meson.build\n+++ b/meson.build\n@@ -74,6 +74,10 @@ if cc.has_header_symbol('stdlib.h', 'secure_getenv', prefix : '#define _GNU_SOUR\n     config_h.set('HAVE_SECURE_GETENV', 1)\n endif\n \n+if get_option('allow_unsigned_ipas_in_process')\n+    config_h.set('ALLOW_UNSIGNED_IPAS_IN_PROCESS', 1)\n+endif\n+\n common_arguments = [\n     '-Wshadow',\n     '-include', meson.current_build_dir() / 'config.h',\ndiff --git a/meson_options.txt b/meson_options.txt\nindex f1d67808..77b21b9a 100644\n--- a/meson_options.txt\n+++ b/meson_options.txt\n@@ -64,3 +64,8 @@ option('pycamera',\n         type : 'feature',\n         value : 'disabled',\n         description : 'Enable libcamera Python bindings (experimental)')\n+\n+option('allow_unsigned_ipas_in_process',\n+        type : 'boolean',\n+        value : false,\n+        description : 'Allow unsigned IPAs to run in libcamera\\'s address space')\ndiff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp\nindex 030ef43f..403cc42a 100644\n--- a/src/libcamera/ipa_manager.cpp\n+++ b/src/libcamera/ipa_manager.cpp\n@@ -114,6 +114,14 @@ IPAManager::IPAManager()\n \t\tLOG(IPAManager, Warning) << \"Public key not valid\";\n #endif\n \n+#if ALLOW_UNSIGNED_IPAS_IN_PROCESS\n+\tLOG(IPAManager, Warning)\n+\t\t<< \"All IPAs running in-process without signature verification.\"\n+\t\t<< \" This is recommended only for tightly-managed installs\"\n+\t\t<< \" in contexts where both signature verification and out-of-process\"\n+\t\t<< \" execution are infeasible, such as Android HALs.\";\n+#endif\n+\n \tunsigned int ipaCount = 0;\n \n \t/* User-specified paths take precedence. */\n@@ -281,6 +289,9 @@ IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion,\n \n bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const\n {\n+#if ALLOW_UNSIGNED_IPAS_IN_PROCESS\n+\treturn true;\n+#endif\n #if HAVE_IPA_PUBKEY\n \tchar *force = utils::secure_getenv(\"LIBCAMERA_IPA_FORCE_ISOLATION\");\n \tif (force && force[0] != '\\0') {\n",
    "prefixes": [
        "libcamera-devel",
        "v5",
        "09/10"
    ]
}