Monday, January 06, 2025

Re: support multiply webcam in chromium-based browsers

On 1/6/25 8:43 AM, Stuart Henderson wrote:
> On 2025/01/06 14:10, Kirill A. Korinsky wrote:
>> On Sat, 04 Jan 2025 02:02:26 +0100,
>> Kirill A. Korinsky <kirill@korins.ky> wrote:
>>> On Fri, 03 Jan 2025 14:06:23 +0100,
>>> Ian Darwin <ian@darwinsys.com> wrote:
>>>> On Fri, Jan 03, 2025 at 01:59:38PM +0100, Kirill A. Korinsky wrote:
>>>>> On Fri, 03 Jan 2025 10:35:24 +0100,
>>>>> Stuart Henderson <stu@spacehopper.org> wrote:
>>>>>> I don't think it's _too_ unreasonable for the code to check higher than
>>>>>> the default unveil to allow unusual cases without a recompile, although
>>>>>> this is probably going to trigger warnings in /etc/daily if accounting
>>>>>> is enabled (the "lastcomm | grep") so perhaps it does make sense to use
>>>>>> a smaller number (8 seems alright to me) and align the loop and unveil.
>>>> 8 would be enough for my use case and seems like a reasonable upper bound.
>>>> It's also twice what many cheap offshore off-the-shelf "security" solutions offer.
>>> I see only one issue here: to increase the value inside the loop the user
>>> need to recompile chrome, and it might be quite long.
>>>
>>> From another hand /dev/video0.../dev/video7 looks as reasonable limit.
>>>
>>> So, here an updated version of diff.
>>>
>> Oops, it wasn't sent to ports@.
>>
>> Here the diff.
>>
>> Ok?
> ok with me
Me too.
>
>
>> Index: www/chromium/Makefile
>> ===================================================================
>> RCS file: /home/cvs/ports/www/chromium/Makefile,v
>> diff -u -p -u -p -r1.820 Makefile
>> --- www/chromium/Makefile 21 Dec 2024 11:39:11 -0000 1.820
>> +++ www/chromium/Makefile 31 Dec 2024 19:54:02 -0000
>> @@ -11,6 +11,7 @@ DPB_PROPERTIES+= lonesome
>> COMMENT= Chromium browser
>>
>> V= 131.0.6778.204
>> +REVISION= 0
>>
>> DISTNAME= chromium-${V}
>>
>> Index: www/chromium/files/unveil.main
>> ===================================================================
>> RCS file: /home/cvs/ports/www/chromium/files/unveil.main,v
>> diff -u -p -u -p -r1.16 unveil.main
>> --- www/chromium/files/unveil.main 15 Nov 2024 14:03:20 -0000 1.16
>> +++ www/chromium/files/unveil.main 4 Jan 2025 00:50:52 -0000
>> @@ -1,5 +1,12 @@
>> # needed for video(4)
>> -/dev/video rw
>> +/dev/video0 rw
>> +/dev/video1 rw
>> +/dev/video2 rw
>> +/dev/video3 rw
>> +/dev/video4 rw
>> +/dev/video5 rw
>> +/dev/video6 rw
>> +/dev/video7 rw
>>
>> # needed for FIDO authentication
>> /dev/fido rw
>> Index: www/chromium/files/unveil.utility_video
>> ===================================================================
>> RCS file: /home/cvs/ports/www/chromium/files/unveil.utility_video,v
>> diff -u -p -u -p -r1.2 unveil.utility_video
>> --- www/chromium/files/unveil.utility_video 11 Mar 2022 20:09:41 -0000 1.2
>> +++ www/chromium/files/unveil.utility_video 4 Jan 2025 00:50:47 -0000
>> @@ -5,4 +5,11 @@
>> /tmp rwc
>>
>> # needed for video(4)
>> -/dev/video rw
>> +/dev/video0 rw
>> +/dev/video1 rw
>> +/dev/video2 rw
>> +/dev/video3 rw
>> +/dev/video4 rw
>> +/dev/video5 rw
>> +/dev/video6 rw
>> +/dev/video7 rw
>> Index: www/chromium/patches/patch-media_capture_video_linux_video_capture_device_factory_v4l2_cc
>> ===================================================================
>> RCS file: /home/cvs/ports/www/chromium/patches/patch-media_capture_video_linux_video_capture_device_factory_v4l2_cc,v
>> diff -u -p -u -p -r1.3 patch-media_capture_video_linux_video_capture_device_factory_v4l2_cc
>> --- www/chromium/patches/patch-media_capture_video_linux_video_capture_device_factory_v4l2_cc 21 Apr 2024 10:14:33 -0000 1.3
>> +++ www/chromium/patches/patch-media_capture_video_linux_video_capture_device_factory_v4l2_cc 4 Jan 2025 00:58:02 -0000
>> @@ -9,7 +9,7 @@ Index: media/capture/video/linux/video_c
>> // USB VID and PID are both 4 bytes long.
>> const size_t kVidPidSize = 4;
>> const size_t kMaxInterfaceNameSize = 256;
>> -@@ -70,11 +71,15 @@ std::string ExtractFileNameFromDeviceId(const std::str
>> +@@ -70,11 +71,24 @@ std::string ExtractFileNameFromDeviceId(const std::str
>> DCHECK(base::StartsWith(device_id, kDevDir, base::CompareCase::SENSITIVE));
>> return device_id.substr(strlen(kDevDir), device_id.length());
>> }
>> @@ -20,12 +20,21 @@ Index: media/capture/video/linux/video_c
>> public:
>> void GetDeviceIds(std::vector<std::string>* target_container) override {
>> +#if BUILDFLAG(IS_OPENBSD)
>> -+ target_container->emplace_back("/dev/video");
>> ++ char device[12];
>> ++ int fd;
>> ++ /* unveil(2) limits access to /dev/, try /dev/video[0-7] */
>> ++ for (int n = 0; n < 8; n++) {
>> ++ snprintf(device, sizeof(device), "/dev/video%d", n);
>> ++ if ((fd = open(device, O_RDONLY)) != -1) {
>> ++ close(fd);
>> ++ target_container->emplace_back(device);
>> ++ }
>> ++ }
>> +#else
>> const base::FilePath path("/dev/");
>> base::FileEnumerator enumerator(path, false, base::FileEnumerator::FILES,
>> "video*");
>> -@@ -82,9 +87,13 @@ class DevVideoFilePathsDeviceProvider
>> +@@ -82,9 +96,13 @@ class DevVideoFilePathsDeviceProvider
>> const base::FileEnumerator::FileInfo info = enumerator.GetInfo();
>> target_container->emplace_back(path.value() + info.GetName().value());
>> }
>> @@ -39,7 +48,7 @@ Index: media/capture/video/linux/video_c
>> const std::string file_name = ExtractFileNameFromDeviceId(device_id);
>> std::string usb_id;
>> const std::string vid_path =
>> -@@ -101,9 +110,13 @@ class DevVideoFilePathsDeviceProvider
>> +@@ -101,9 +119,13 @@ class DevVideoFilePathsDeviceProvider
>> }
>>
>> return usb_id;
>> @@ -53,7 +62,7 @@ Index: media/capture/video/linux/video_c
>> const std::string file_name = ExtractFileNameFromDeviceId(device_id);
>> const std::string interface_path =
>> base::StringPrintf(kInterfacePathTemplate, file_name.c_str());
>> -@@ -114,6 +127,7 @@ class DevVideoFilePathsDeviceProvider
>> +@@ -114,6 +136,7 @@ class DevVideoFilePathsDeviceProvider
>> return std::string();
>> }
>> return display_name;
>> @@ -61,7 +70,7 @@ Index: media/capture/video/linux/video_c
>> }
>> };
>>
>> -@@ -219,7 +233,7 @@ void VideoCaptureDeviceFactoryV4L2::GetDevicesInfo(
>> +@@ -219,7 +242,7 @@ void VideoCaptureDeviceFactoryV4L2::GetDevicesInfo(
>> std::move(callback).Run(std::move(devices_info));
>> }
>>
>> Index: www/iridium/Makefile
>> ===================================================================
>> RCS file: /home/cvs/ports/www/iridium/Makefile,v
>> diff -u -p -u -p -r1.214 Makefile
>> --- www/iridium/Makefile 21 Dec 2024 11:39:11 -0000 1.214
>> +++ www/iridium/Makefile 31 Dec 2024 19:53:57 -0000
>> @@ -12,6 +12,7 @@ DPB_PROPERTIES+= lonesome
>> COMMENT= Iridium browser
>>
>> V= 2024.11.131.1
>> +REVISION= 0
>>
>> DISTNAME= iridium-browser-${V}
>> PKGNAME= iridium-${V}
>> Index: www/iridium/files/unveil.main
>> ===================================================================
>> RCS file: /home/cvs/ports/www/iridium/files/unveil.main,v
>> diff -u -p -u -p -r1.14 unveil.main
>> --- www/iridium/files/unveil.main 27 Aug 2023 20:52:48 -0000 1.14
>> +++ www/iridium/files/unveil.main 4 Jan 2025 00:50:36 -0000
>> @@ -1,5 +1,12 @@
>> # needed for video(4)
>> -/dev/video rw
>> +/dev/video0 rw
>> +/dev/video1 rw
>> +/dev/video2 rw
>> +/dev/video3 rw
>> +/dev/video4 rw
>> +/dev/video5 rw
>> +/dev/video6 rw
>> +/dev/video7 rw
>>
>> # needed for FIDO authentication
>> /dev/fido rw
>> Index: www/iridium/files/unveil.utility_video
>> ===================================================================
>> RCS file: /home/cvs/ports/www/iridium/files/unveil.utility_video,v
>> diff -u -p -u -p -r1.2 unveil.utility_video
>> --- www/iridium/files/unveil.utility_video 11 Mar 2022 20:09:56 -0000 1.2
>> +++ www/iridium/files/unveil.utility_video 4 Jan 2025 00:50:28 -0000
>> @@ -5,4 +5,11 @@
>> /tmp rwc
>>
>> # needed for video(4)
>> -/dev/video rw
>> +/dev/video0 rw
>> +/dev/video1 rw
>> +/dev/video2 rw
>> +/dev/video3 rw
>> +/dev/video4 rw
>> +/dev/video5 rw
>> +/dev/video6 rw
>> +/dev/video7 rw
>> Index: www/iridium/patches/patch-media_capture_video_linux_video_capture_device_factory_v4l2_cc
>> ===================================================================
>> RCS file: /home/cvs/ports/www/iridium/patches/patch-media_capture_video_linux_video_capture_device_factory_v4l2_cc,v
>> diff -u -p -u -p -r1.3 patch-media_capture_video_linux_video_capture_device_factory_v4l2_cc
>> --- www/iridium/patches/patch-media_capture_video_linux_video_capture_device_factory_v4l2_cc 22 Jun 2024 06:03:33 -0000 1.3
>> +++ www/iridium/patches/patch-media_capture_video_linux_video_capture_device_factory_v4l2_cc 4 Jan 2025 00:58:06 -0000
>> @@ -9,7 +9,7 @@ Index: media/capture/video/linux/video_c
>> // USB VID and PID are both 4 bytes long.
>> const size_t kVidPidSize = 4;
>> const size_t kMaxInterfaceNameSize = 256;
>> -@@ -70,11 +71,15 @@ std::string ExtractFileNameFromDeviceId(const std::str
>> +@@ -70,11 +71,24 @@ std::string ExtractFileNameFromDeviceId(const std::str
>> DCHECK(base::StartsWith(device_id, kDevDir, base::CompareCase::SENSITIVE));
>> return device_id.substr(strlen(kDevDir), device_id.length());
>> }
>> @@ -20,12 +20,21 @@ Index: media/capture/video/linux/video_c
>> public:
>> void GetDeviceIds(std::vector<std::string>* target_container) override {
>> +#if BUILDFLAG(IS_OPENBSD)
>> -+ target_container->emplace_back("/dev/video");
>> ++ char device[12];
>> ++ int fd;
>> ++ /* unveil(2) limits access to /dev/, try /dev/video[0-7] */
>> ++ for (int n = 0; n < 8; n++) {
>> ++ snprintf(device, sizeof(device), "/dev/video%d", n);
>> ++ if ((fd = open(device, O_RDONLY)) != -1) {
>> ++ close(fd);
>> ++ target_container->emplace_back(device);
>> ++ }
>> ++ }
>> +#else
>> const base::FilePath path("/dev/");
>> base::FileEnumerator enumerator(path, false, base::FileEnumerator::FILES,
>> "video*");
>> -@@ -82,9 +87,13 @@ class DevVideoFilePathsDeviceProvider
>> +@@ -82,9 +96,13 @@ class DevVideoFilePathsDeviceProvider
>> const base::FileEnumerator::FileInfo info = enumerator.GetInfo();
>> target_container->emplace_back(path.value() + info.GetName().value());
>> }
>> @@ -39,7 +48,7 @@ Index: media/capture/video/linux/video_c
>> const std::string file_name = ExtractFileNameFromDeviceId(device_id);
>> std::string usb_id;
>> const std::string vid_path =
>> -@@ -101,9 +110,13 @@ class DevVideoFilePathsDeviceProvider
>> +@@ -101,9 +119,13 @@ class DevVideoFilePathsDeviceProvider
>> }
>>
>> return usb_id;
>> @@ -53,7 +62,7 @@ Index: media/capture/video/linux/video_c
>> const std::string file_name = ExtractFileNameFromDeviceId(device_id);
>> const std::string interface_path =
>> base::StringPrintf(kInterfacePathTemplate, file_name.c_str());
>> -@@ -114,6 +127,7 @@ class DevVideoFilePathsDeviceProvider
>> +@@ -114,6 +136,7 @@ class DevVideoFilePathsDeviceProvider
>> return std::string();
>> }
>> return display_name;
>> @@ -61,7 +70,7 @@ Index: media/capture/video/linux/video_c
>> }
>> };
>>
>> -@@ -219,7 +233,7 @@ void VideoCaptureDeviceFactoryV4L2::GetDevicesInfo(
>> +@@ -219,7 +242,7 @@ void VideoCaptureDeviceFactoryV4L2::GetDevicesInfo(
>> std::move(callback).Run(std::move(devices_info));
>> }
>>
>> Index: www/ungoogled-chromium/Makefile
>> ===================================================================
>> RCS file: /home/cvs/ports/www/ungoogled-chromium/Makefile,v
>> diff -u -p -u -p -r1.148 Makefile
>> --- www/ungoogled-chromium/Makefile 22 Dec 2024 11:05:44 -0000 1.148
>> +++ www/ungoogled-chromium/Makefile 29 Dec 2024 22:58:39 -0000
>> @@ -13,6 +13,7 @@ COMMENT= Chromium browser sans integrat
>>
>> V= 131.0.6778.204
>> UGV= ${V}-1
>> +REVISION= 0
>>
>> DISTNAME= ungoogled-chromium-${V}
>>
>> Index: www/ungoogled-chromium/files/unveil.main
>> ===================================================================
>> RCS file: /home/cvs/ports/www/ungoogled-chromium/files/unveil.main,v
>> diff -u -p -u -p -r1.5 unveil.main
>> --- www/ungoogled-chromium/files/unveil.main 16 Nov 2024 12:12:27 -0000 1.5
>> +++ www/ungoogled-chromium/files/unveil.main 4 Jan 2025 00:48:45 -0000
>> @@ -1,5 +1,12 @@
>> # needed for video(4)
>> -/dev/video rw
>> +/dev/video0 rw
>> +/dev/video1 rw
>> +/dev/video2 rw
>> +/dev/video3 rw
>> +/dev/video4 rw
>> +/dev/video5 rw
>> +/dev/video6 rw
>> +/dev/video7 rw
>>
>> # needed for FIDO authentication
>> /dev/fido rw
>> Index: www/ungoogled-chromium/files/unveil.utility_video
>> ===================================================================
>> RCS file: /home/cvs/ports/www/ungoogled-chromium/files/unveil.utility_video,v
>> diff -u -p -u -p -r1.1.1.1 unveil.utility_video
>> --- www/ungoogled-chromium/files/unveil.utility_video 4 Oct 2022 12:55:55 -0000 1.1.1.1
>> +++ www/ungoogled-chromium/files/unveil.utility_video 4 Jan 2025 00:48:50 -0000
>> @@ -5,4 +5,11 @@
>> /tmp rwc
>>
>> # needed for video(4)
>> -/dev/video rw
>> +/dev/video0 rw
>> +/dev/video1 rw
>> +/dev/video2 rw
>> +/dev/video3 rw
>> +/dev/video4 rw
>> +/dev/video5 rw
>> +/dev/video6 rw
>> +/dev/video7 rw
>> Index: www/ungoogled-chromium/patches/patch-media_capture_video_linux_video_capture_device_factory_v4l2_cc
>> ===================================================================
>> RCS file: /home/cvs/ports/www/ungoogled-chromium/patches/patch-media_capture_video_linux_video_capture_device_factory_v4l2_cc,v
>> diff -u -p -u -p -r1.3 patch-media_capture_video_linux_video_capture_device_factory_v4l2_cc
>> --- www/ungoogled-chromium/patches/patch-media_capture_video_linux_video_capture_device_factory_v4l2_cc 23 Apr 2024 07:27:06 -0000 1.3
>> +++ www/ungoogled-chromium/patches/patch-media_capture_video_linux_video_capture_device_factory_v4l2_cc 4 Jan 2025 00:54:06 -0000
>> @@ -9,7 +9,7 @@ Index: media/capture/video/linux/video_c
>> // USB VID and PID are both 4 bytes long.
>> const size_t kVidPidSize = 4;
>> const size_t kMaxInterfaceNameSize = 256;
>> -@@ -70,11 +71,15 @@ std::string ExtractFileNameFromDeviceId(const std::str
>> +@@ -70,11 +71,24 @@ std::string ExtractFileNameFromDeviceId(const std::str
>> DCHECK(base::StartsWith(device_id, kDevDir, base::CompareCase::SENSITIVE));
>> return device_id.substr(strlen(kDevDir), device_id.length());
>> }
>> @@ -20,12 +20,21 @@ Index: media/capture/video/linux/video_c
>> public:
>> void GetDeviceIds(std::vector<std::string>* target_container) override {
>> +#if BUILDFLAG(IS_OPENBSD)
>> -+ target_container->emplace_back("/dev/video");
>> ++ char device[12];
>> ++ int fd;
>> ++ /* unveil(2) limits access to /dev/, try /dev/video[0-7] */
>> ++ for (int n = 0; n < 8; n++) {
>> ++ snprintf(device, sizeof(device), "/dev/video%d", n);
>> ++ if ((fd = open(device, O_RDONLY)) != -1) {
>> ++ close(fd);
>> ++ target_container->emplace_back(device);
>> ++ }
>> ++ }
>> +#else
>> const base::FilePath path("/dev/");
>> base::FileEnumerator enumerator(path, false, base::FileEnumerator::FILES,
>> "video*");
>> -@@ -82,9 +87,13 @@ class DevVideoFilePathsDeviceProvider
>> +@@ -82,9 +96,13 @@ class DevVideoFilePathsDeviceProvider
>> const base::FileEnumerator::FileInfo info = enumerator.GetInfo();
>> target_container->emplace_back(path.value() + info.GetName().value());
>> }
>> @@ -39,7 +48,7 @@ Index: media/capture/video/linux/video_c
>> const std::string file_name = ExtractFileNameFromDeviceId(device_id);
>> std::string usb_id;
>> const std::string vid_path =
>> -@@ -101,9 +110,13 @@ class DevVideoFilePathsDeviceProvider
>> +@@ -101,9 +119,13 @@ class DevVideoFilePathsDeviceProvider
>> }
>>
>> return usb_id;
>> @@ -53,7 +62,7 @@ Index: media/capture/video/linux/video_c
>> const std::string file_name = ExtractFileNameFromDeviceId(device_id);
>> const std::string interface_path =
>> base::StringPrintf(kInterfacePathTemplate, file_name.c_str());
>> -@@ -114,6 +127,7 @@ class DevVideoFilePathsDeviceProvider
>> +@@ -114,6 +136,7 @@ class DevVideoFilePathsDeviceProvider
>> return std::string();
>> }
>> return display_name;
>> @@ -61,7 +70,7 @@ Index: media/capture/video/linux/video_c
>> }
>> };
>>
>> -@@ -219,7 +233,7 @@ void VideoCaptureDeviceFactoryV4L2::GetDevicesInfo(
>> +@@ -219,7 +242,7 @@ void VideoCaptureDeviceFactoryV4L2::GetDevicesInfo(
>> std::move(callback).Run(std::move(devices_info));
>> }
>>
>>
>> --
>> wbr, Kirill

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)