[libcamera-devel] [RFC PATCH v2 0/7] Add IPA process isolation
Paul Elder
paul.elder at ideasonboard.com
Wed Jul 3 10:00:00 CEST 2019
We need to be able to isolate untrusted IPA implementations into a
separate process. To achieve this, we use an IPA proxy, that acts like a
regular IPAInterface to the pipeline handler, but will initialize and
communicate with the real IPA module in a separate, isolated process.
Changes in v2:
- renamed Shim to Proxy
- build proxies into libcamera, and not into separate .so
- add Process and ProcessManager
- add license field to IPAModuleInfo (as opposed to a "please isolate me" flag)
- use IPCUnixSocket (it's only initialized for now)
- moved out some patches into their own series
Paul Elder (7):
libcamera: ipa_module_info: add license field
libcamera: process, process manager: create process and manager
classes
libcamera: add IPA proxy
libcamera: proxy: add default linux proxy
libcamera: ipa_manager: use proxy
libcamera: ipa: add dummy IPA that needs to be isolated
libcamera: ipa: meson: build dummy IPA that needs isolation
Documentation/Doxyfile.in | 3 +-
include/libcamera/ipa/ipa_module_info.h | 2 +
src/ipa/ipa_dummy.cpp | 1 +
src/ipa/ipa_dummy_isolate.cpp | 46 ++++
src/ipa/meson.build | 23 +-
src/libcamera/include/ipa_proxy.h | 68 ++++++
src/libcamera/include/process.h | 35 +++
src/libcamera/include/process_manager.h | 40 ++++
src/libcamera/ipa_manager.cpp | 48 +++-
src/libcamera/ipa_module.cpp | 3 +
src/libcamera/ipa_proxy.cpp | 219 ++++++++++++++++++
src/libcamera/meson.build | 9 +
src/libcamera/process.cpp | 140 +++++++++++
src/libcamera/process_manager.cpp | 104 +++++++++
src/libcamera/proxy/meson.build | 3 +
src/libcamera/proxy/proxy_linux_default.cpp | 90 +++++++
src/libcamera/proxy_worker/meson.build | 18 ++
.../proxy_linux_default_worker.cpp | 46 ++++
test/ipa/ipa_test.cpp | 1 +
test/libtest/test.cpp | 4 +
20 files changed, 890 insertions(+), 13 deletions(-)
create mode 100644 src/ipa/ipa_dummy_isolate.cpp
create mode 100644 src/libcamera/include/ipa_proxy.h
create mode 100644 src/libcamera/include/process.h
create mode 100644 src/libcamera/include/process_manager.h
create mode 100644 src/libcamera/ipa_proxy.cpp
create mode 100644 src/libcamera/process.cpp
create mode 100644 src/libcamera/process_manager.cpp
create mode 100644 src/libcamera/proxy/meson.build
create mode 100644 src/libcamera/proxy/proxy_linux_default.cpp
create mode 100644 src/libcamera/proxy_worker/meson.build
create mode 100644 src/libcamera/proxy_worker/proxy_linux_default_worker.cpp
--
2.20.1
More information about the libcamera-devel
mailing list