[Libva] [PATCH v2 1/7] API: add support for raw DRM.

[Gwenole Beauchesne]

Hi,

2012/7/30 Yuan, Shengquan <shengquan.yuan at gmail.com>:
> On Sat, Jul 28, 2012 at 12:21 AM, Gwenole Beauchesne <gb.devel at gmail.com> wrote:
>     /* Default: root + master privs are needed for the following call */
>     return drmAuthMagic(fd, magic) == 0;
>
> Does it need root permission? Android media stack runs as a normal user, is
> it possible to support non-root user?

Actually, you get authenticated if you are the first and only user, no
matter you are root or not. However, if you need another client to be
authenticated, you need someone (a third-party) that owns and controls
access to graphics memory. Typically, this is the display server (X11,
Wayland, etc.) that has this role and can get this call to succeed.

Another thing, you only need to be authenticated to submit commands,
i.e. you don't really need to be "master" for that.

For console apps, and probably others in Android context (should you
use this API), I wanted to create a standalone library (e.g.
libdrm_auth) that would manage authentication. Basically, you'd need a
third-party app (setuid root) that says "hey, you are a good guy and I
accept to authenticate you". Something similar to the Weston startup
helper actually. I didn't implement this yet as I didn't come yet to a
point I actually need this functionality.

Do you need this soon? In terms of security, there are also ways to
deprivilege root and also grant specific rights to specific users,
should this be required in a self-contained environment. e.g. with an
RSBAC-enabled environment, but I don't know if you want to get extreme
and enable this in Android :)

Kristian also suggested other means in the past, but this would need
further changes to DRM. The point is to fulfill the following model:
user A should not see graphics memory of user B, unless user B allows
it.

Regards,
Gwenole.