From patchwork Mon Sep 16 10:37:22 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Celine Laurencin <celine.laurencin@nxp.com>
X-Patchwork-Id: 21288
Return-Path: <libcamera-devel-bounces@lists.libcamera.org>
X-Original-To: parsemail@patchwork.libcamera.org
Delivered-To: parsemail@patchwork.libcamera.org
Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com
	[92.243.16.209])
	by patchwork.libcamera.org (Postfix) with ESMTPS id 49DBBC3257
	for <parsemail@patchwork.libcamera.org>;
	Wed, 18 Sep 2024 06:58:24 +0000 (UTC)
Received: from lancelot.ideasonboard.com (localhost [IPv6:::1])
	by lancelot.ideasonboard.com (Postfix) with ESMTP id BB6A7634F9;
	Wed, 18 Sep 2024 08:58:22 +0200 (CEST)
Authentication-Results: lancelot.ideasonboard.com; dkim=pass (2048-bit key;
	unprotected) header.d=nxp.com header.i=@nxp.com header.b="WiD8fYRR";
	dkim-atps=neutral
Received: from DB3PR0202CU003.outbound.protection.outlook.com
	(mail-northeuropeazlp170110001.outbound.protection.outlook.com
	[IPv6:2a01:111:f403:c200::1])
	by lancelot.ideasonboard.com (Postfix) with ESMTPS id 0C128634EB
	for <libcamera-devel@lists.libcamera.org>;
	Mon, 16 Sep 2024 12:37:34 +0200 (CEST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
	b=XrCJ5XYeDBRb+KNVmPj1nJiTYVYcjAjm46EBwOSyJrbgOLVZp8kCBolw0KL95M0t6Ohm6JLYfngRfjXubdH7mSToTu9fWPckTZNSxRejwvEibwJOYBJz0CcUh48wnrmeBeyYU7X6dZReKVjuucqjjMr+g+Jr2wmXV1NcQLx4uU6IKKz+F6cX9JHZcSAyU48j1vyderRq5it+uGz4bFdvKwAuEkCfU24cSKsuec1jpZ865SsN8p+jUkyfCXE86E2WvhlWnmBDlFrk6xsd3NVS60KpsmgIcNr6fbtxoNWoJCKrYSob8TONU4zEvP0+lYfGO5BoQsWkzPXdZYYHGBvBkA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
	s=arcselector10001;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
	bh=5yW31mrhzY2Zxw1cLrdWoHObvso347zHtd0Ig1oK+OE=;
	b=KIRXtdtlcw8I8onV1YDoLa3u2NJTu3TQ1bbmc/gL3Mj1UCkw09TYERTBqYB6bXoZLJY91tVqG8tU1ruT2dQU9Fyf++m2lgdZF9CzpW9IyPB03QfV3xHdmrWIedwfiVbn1A2+8xvm34efLaTk2/I1vjoGyJrzj+XW4MCh+Eck6XxzFMhIe2YNgDfmCIkPEe0IXhH5JY8YQw5UrQq5I7LGn/TWyVG7Yhhd3OVF57AfdkuK1QmSKBeDLoyRWuZoU1YRhpAIu3uPF2Wupad7coxtiSzXEYfPIGM3JgbHp+2YC9VK+YJcIBmuYJX2Zy8+QdPNQtgKprVKaQyjLhexjHPF2g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
	smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com;
	dkim=pass header.d=nxp.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
	bh=5yW31mrhzY2Zxw1cLrdWoHObvso347zHtd0Ig1oK+OE=;
	b=WiD8fYRRlI/+MTk4DJDWk5z8CZxPV/tpgBWgPwyKGQ5KZpl64XdrUYV8gmIpJhSmlGjWn8yWcRuocO93kIdqRszmQDhCsFDzIEMTGz0VmOy4UU+VyHpOe7IxlVbAI23Mkdr7siGbsoqSIG8CW903Y9k4JYvhhxnmeLdkFL5lsgXo/ONN6kbCMJDtuiM9ttRKXBs7VOvuHBW6DSe3QdX1k9DrsueXZDPxtaXzQhEMwFAS6acUwhr5oEF9hzOGa6UUZcV/ZyIXc5wBmspdM+zGU0z+5fwHq/puEe48foOvmTwXXEAnp/d5Zew1URFhv6IqQjGBriQOIfLIttGOk9yncw==
Authentication-Results: dkim=none (message not signed)
	header.d=none;dmarc=none action=none header.from=nxp.com;
Received: from AS8PR04MB9094.eurprd04.prod.outlook.com
	(2603:10a6:20b:445::22)
	by AM8PR04MB7890.eurprd04.prod.outlook.com (2603:10a6:20b:24e::10)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.23;
	Mon, 16 Sep 2024 10:37:32 +0000
Received: from AS8PR04MB9094.eurprd04.prod.outlook.com
	([fe80::b9cf:567c:515d:f1de]) by
	AS8PR04MB9094.eurprd04.prod.outlook.com
	([fe80::b9cf:567c:515d:f1de%4]) with mapi id 15.20.7962.022;
	Mon, 16 Sep 2024 10:37:32 +0000
From: Celine Laurencin <celine.laurencin@nxp.com>
To: libcamera-devel@lists.libcamera.org, julien.vuillaumier@nxp.com,
	gilles.talis@nxp.com
Cc: Celine Laurencin <celine.laurencin@nxp.com>
Subject: [PATCH] libcamera: ipa_manager: Allow disabling IPA module isolation
Date: Mon, 16 Sep 2024 12:37:22 +0200
Message-Id: <20240916103722.29880-1-celine.laurencin@nxp.com>
X-Mailer: git-send-email 2.25.1
X-ClientProxiedBy: SJ0PR13CA0211.namprd13.prod.outlook.com
	(2603:10b6:a03:2c1::6) To AS8PR04MB9094.eurprd04.prod.outlook.com
	(2603:10a6:20b:445::22)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AS8PR04MB9094:EE_|AM8PR04MB7890:EE_
X-MS-Office365-Filtering-Correlation-Id: e796a73c-a6ed-4258-7016-08dcd63b921d
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
	ARA:13230040|366016|52116014|376014|1800799024|38350700014;
X-Microsoft-Antispam-Message-Info: 
 UFkcD1tk1dcz+ZnvOiRyBGAsfRWgfk+BshaPR0HetzeXC9Yh+EW5n2AEgu94jQAw44PsHS4+ngt/hLMYA+/CRdrg1WVF50lx8KxRA8pTY2x7dSdVhK3eoRQ8zPWUQ/MKjbE1Fgj+r9FUGRCFh7D4w7ZkBzkMSYQ81ujIBPXjAEfZgRQzMbOS+wyvhxJfaGvUuajvqm2soAb02uNF7YXQPvcRQHZVCjFDqkVd//CqGz3ahD308+qTYq1wqoGd3VHaXbdVINOMc1gETMt1gF9hz4H/T9uu3revbbBgiHigc6dv6ncKyfTCTxIGD65xiVi1R0a/LUiTYuNtwWiSn7+dEH4b7MHvV81X8UlLSfKy1efJh+IOpbME3aC5OSK0AoXLbP1nOqrTytfDfacXaP2cnv7cUCj7OJgVZLn2eX/IEv/n/i9CjMPOgSCgDvvA1N49u+3XcIgOYSW4FzHmjbuT1h2BxxAjcx8lgVTNWatt8ka5a5aK1nMIl/oYONBfgHi4ug5/2kUQj8hBzDX/UkHvI3a7uUEfnQWxasX/sx+h840RRPZKaa4amZNmFHhSjtdBDmkneKVych4Fq78mFuOA9r8KI4bNADPogvLEs99S75Y3X7H0xD05W7ZjLwOYZinQ0Det0ZGkZDYTJOpxw66nFzwkbLWf29bCd4sSC4N17xPoGx6FMVSQx/INSMeQipaBt1F6KseLOa8jYFTzmxeCn3O89rXbGjWp3sbTDn0ZtAR3lTryYwZqHweHU/ot3javKBqWhr1KgfMSPAg7eDMh1E2nm6BAntB5o47SNdegzRH5UE30PCFrDR5LEmwf12dSnyFhPni7HIphMr68qRyeoNqXeiP6IWGEVd7MUk+Ay3Gn0qXNMf3Q71RqOFQ6yzwYIXxWahJHDEve9HjJXcwElw7hauKBkjwm0ZMh9Y3g+mwMfLozEmYlr05QCTAJJ2J4VngE9WVIOUqudZMLwzCmXuEgemmN1f09FbZbVevdHMwe8bi8p3Zb81nplf0CoseETn4iJhkaF96iilu4RcIpx06MEtmFq+dmWc1gl8ojHXc+NXT1nYMJyoxmnT8ivaPhts5wPR+eFALWV0501G+XqYjVp2zgvEP007MC5O6lrvddb6r5zvHGJbREBNbdfjsZMCVWjddXnHC1RFsKo7iJAYE0ZyEtZJQ/ksvkqkdGVUW7qd5+OvvpvN6uGVIkF4rDCbTwZutK/wMOg7s6SxPtrNYLhdJM7du+ApNnKJsOL72Y3+Ymk2kw4Nf/igS8f6YRzL/Rcv1mRyd2aVYmQU1lTR1lyMQy2py4hdKeqwolqV/e8rMrXOlTA9ttQm+MM757cEN9AfUmorb8iI8LQTEQV79jhKUbWHZ8GPgLZy7VeSYA6NuAgtRac0jp1byORnCIepta7Rdj3z4gQA/WEGGNCg==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
	IPV:NLI; SFV:NSPM; H:AS8PR04MB9094.eurprd04.prod.outlook.com; PTR:;
	CAT:NONE;
	SFS:(13230040)(366016)(52116014)(376014)(1800799024)(38350700014);
	DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 358L7RiRRLvmdf4M4o5UGHnPVtX5vls4SGn5jecXIw2iQfIKy0mNYffVoLxY7uL2PzQ39VVHCZblutl7hvJyKJBOyG6MBG9G7mNXzMN2gdeaiESYVduoR/SCjo3uuZr0nv7SEAkw/tapnqJMvU8Nh+X5OevJCT6b4chU6S16LSAVqMlucGT0gciQOeUeLtSb9FXq0xdnca6an3m/8hAEbTDOG535UszIM3oTeutOKASFtrVlIcUMO55JY3SPYxloqhwtTb4OFYkl89RWv/r67cfudyjDbwo2T7LTZ9lrmSDR3qsp9hS/c9njhxcrW8ukB+ez159JW0yk2K3yziNsUeSeE+mCZUXcDgBd6eQuCNVSeMQHHgqF4WvWtF5D2BtWquBebsFym5jesaodlaARJuBjoHeLcPM+BGGuQPpcf3qzfzKexQqdec43IX/Xw4ltdH0qAxzlMKAWfpZ9fyFzfxQ6C+b5L3xHHr28EKRVZ/yYRJ43MYSsE1WvxBhvi9cnZ/+3ps6XC4X7njQzT7flfM9BRX6coYZCq2GtCkQzxw6PUujwhegjqDhHMxQNewtd0e/fGqYINEjQ/1ihBOFv62zTWXhtx1X0YZN2gU0RPgklxgoeULhjnqSv9x+YbxvUL1fegQYS4295YBOvktT7KA0P0TragAGlUwUOcdlhic2s/RMcyAH0mmbhGLHbxCdq3W9nbJdBby+pzmtiU9NrMXuH0pkYcjeoefUvb/UpRp/Zlcj2tOrHVKfP6yL86+ZsQ7rlZZdW4cz3D/d51+2W75i+R4MXGcWariU+lzMNZd+KM51+0ElKifQEhVh0oJ+PMg2Yma4jihKE+/mroH+wzOi9OV+JSvJGPsZG1T5XmdAPwhStFkLdL2zCIc1T9dQ0D7QHEvHuzxWqrfz/7XLa1TcLdk1SmECzMaURQH6q0OO+D7bDjj9P3icJ3kOzkyXxRQK8Xyfyfl1F62rw6YJw9QTn4Mx+sMX90U+o3jYJm/JP5RQ3l8ZQvwrYayen0xREpN7wLy3V8lCiiNvCaxoaq6vrTIl3HQtBPb21M1lME8sjnB8eNLm21cYD8JZ5l8uz0ilwkbCEl/Hins92/1oDKPxOlJCs5dkDiMtpQokVo6Q9sAAvGHY7hPuAUOPqHUOhe9CSC8cZtocFeDgVsDe96u2scxXcX1s0tamlm91SiCwU1QoUZOchWegLw7vgz8S+fIQ0xAUr9aGiZf+EFLdQtwLy2OLZBOiIzKrWJwe5/bgjte06XNT2UVOD3xSI/8nNlbtKv1yR9o89gjH2jn53jzLFVFX9WjbGVKU97wdaDDf+mWEFUnaP1UyL5CTeDRwLZGhWjsn051XCfCv1z10jFLq6uqFFil34U+fMbzX6iIu7LgIMnozdiuo8vxmidZT78X/sVfTM4tgZfPiVpB64q+xiVjAHushNMwUfzpd3VKyWsI0jbiZ2R3KNjh9fTuhYvtpekX7AvkpEmOO6O9NOosxt+7G6FyNGfubtsJo47Ix9THJ2YBJu8WJuqyXl9qsuzjbv49S5DeqbyNJn3dxT4qvqwKxZycgNaztFBRY6YyH6Y9I+Ci/9uyKYJ73QFW7R5B8BobG46cuI56pozg9ecQ==
X-OriginatorOrg: nxp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 e796a73c-a6ed-4258-7016-08dcd63b921d
X-MS-Exchange-CrossTenant-AuthSource: AS8PR04MB9094.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Sep 2024 10:37:32.5518
	(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 l49Mj6S4PkHrP46RlmUln02xqJomx+Mh150/uqXpr+dIZULCEdCPfT5b9pr3UcWo4vVE4RfPBL/5TgVq0QzAogTXRAby0b7wRR/45Jckw+k=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR04MB7890
X-Mailman-Approved-At: Wed, 18 Sep 2024 08:58:21 +0200
X-BeenThere: libcamera-devel@lists.libcamera.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <libcamera-devel.lists.libcamera.org>
List-Unsubscribe: <https://lists.libcamera.org/options/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>
List-Archive: <https://lists.libcamera.org/pipermail/libcamera-devel/>
List-Post: <mailto:libcamera-devel@lists.libcamera.org>
List-Help: <mailto:libcamera-devel-request@lists.libcamera.org?subject=help>
List-Subscribe: <https://lists.libcamera.org/listinfo/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>
Errors-To: libcamera-devel-bounces@lists.libcamera.org
Sender: "libcamera-devel" <libcamera-devel-bounces@lists.libcamera.org>

For testing purposes with non-signed IPA, it can be useful to run IPA in non-isolated mode
to share the libcamera privilege.

Add a way to disable IPA module isolation through a new LIBCAMERA_IPA_DISABLE_ISOLATION
environment variable.
If isolation is disabled with LIBCAMERA_IPA_DISABLE_ISOLATION, all IPA modules run in
non-isolated mode and the environment variable LIBCAMERA_IPA_FORCE_ISOLATION is not
considered.

Signed-off-by: Celine Laurencin <celine.laurencin@nxp.com>
---
 Documentation/environment_variables.rst | 7 +++++++
 src/libcamera/ipa_manager.cpp           | 8 ++++++++
 2 files changed, 15 insertions(+)

diff --git a/Documentation/environment_variables.rst b/Documentation/environment_variables.rst
index 4e9fbb27..013acaf8 100644
--- a/Documentation/environment_variables.rst
+++ b/Documentation/environment_variables.rst
@@ -32,6 +32,13 @@ LIBCAMERA_IPA_FORCE_ISOLATION
 
    Example value: ``1``
 
+LIBCAMERA_IPA_DISABLE_ISOLATION
+   When set to a non-empty string, disable process isolation of all IPA modules.
+   If isolation is disabled, all IPA modules run in non-isolated mode and
+   the environment variable LIBCAMERA_IPA_FORCE_ISOLATION is not taking effect.
+
+   Example value: ``1``
+
 LIBCAMERA_IPA_MODULE_PATH
    Define custom search locations for IPA modules (`more <IPA module_>`__).
 
diff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp
index f4e0b633..f606c74c 100644
--- a/src/libcamera/ipa_manager.cpp
+++ b/src/libcamera/ipa_manager.cpp
@@ -295,6 +295,14 @@ IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion,
 bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const
 {
 #if HAVE_IPA_PUBKEY
+	char *disableIsolation = utils::secure_getenv("LIBCAMERA_IPA_DISABLE_ISOLATION");
+	if (disableIsolation && disableIsolation[0] != '\0') {
+		LOG(IPAManager, Debug)
+			<< "Isolation of IPA module " << ipa->path()
+			<< " disabled through environment variable";
+		return true;
+	}
+
 	char *force = utils::secure_getenv("LIBCAMERA_IPA_FORCE_ISOLATION");
 	if (force && force[0] != '\0') {
 		LOG(IPAManager, Debug)