.TH "libpipewire-module-access" 7 "1.4.7" "PipeWire" \" -*- nroff -*-
.ad l
.nh
.SH NAME
libpipewire-module-access \- Access 
.SH DESCRIPTION
.PP
The \fRaccess\fP module performs access checks on clients\&. The access check is only performed once per client, subsequent checks return the same resolution\&.

.PP
Permissions assigned to a client are configured as arguments to this module, see below\&. Permission management beyond unrestricted access is delegated to an external agent, usually the session manager\&.

.PP
This module sets the \fBpipewire.access\fP as follows:

.PP
.IP "\(bu" 2
If \fRaccess\&.legacy\fP module option is not enabled:

.PP
The value defined for the socket in \fRaccess\&.socket\fP module option, or \fR"default"\fP if no value is defined\&.
.IP "\(bu" 2
If \fRaccess\&.legacy\fP is enabled, the value is:
.IP "  \(bu" 4
\fR"flatpak"\fP: if client is a Flatpak client
.IP "  \(bu" 4
\fR"unrestricted"\fP: if \fBpipewire.client.access\fP client property is set to \fR"allowed"\fP
.IP "  \(bu" 4
Value of \fBpipewire.client.access\fP client property, if set
.IP "  \(bu" 4
\fR"unrestricted"\fP: otherwise
.PP

.PP

.PP
If the resulting \fBpipewire.access\fP value is \fR"unrestricted"\fP, this module will give the client all permissions to access all resources\&. Otherwise, the client will be forced to wait until an external actor, such as the session manager, updates the client permissions\&.

.PP
For connections from applications running inside Flatpak, and not mediated by other clients (eg\&. portal or pipewire-pulse), the \fRpipewire\&.access\&.portal\&.app_id\fP property is to the Flatpak application ID, if found\&. In addition, \fRpipewire\&.sec\&.flatpak\fP is set to \fRtrue\fP\&.

.PP
.SH "MODULE NAME"
.PP

.PP
\fRlibpipewire-module-access\fP

.PP
.SH "MODULE OPTIONS"
.PP

.PP
Options specific to the behavior of this module

.PP
.IP "\(bu" 2
\fRaccess\&.socket = { "socket-name" = "access-value", \&.\&.\&. }\fP:

.PP
Socket-specific access permissions\&. Has the default value \fR{ "CORENAME-manager": "unrestricted" }\fP where \fRCORENAME\fP is the name of the PipeWire core, usually \fRpipewire-0\fP\&.
.IP "\(bu" 2
\fRaccess\&.legacy = true\fP: enable backward-compatible access mode\&. Cannot be enabled when using socket-based permissions\&.

.PP
If \fRaccess\&.socket\fP is not specified, has the default value \fRtrue\fP otherwise \fRfalse\fP\&.

.PP
\fBWarning\fP
.RS 4
The legacy mode is deprecated\&. The default value is subject to change and the legacy mode may be removed in future PipeWire releases\&.
.RE
.PP
.SH "GENERAL OPTIONS"
.PP

.PP

.PP
Options with well-known behavior:

.PP
.IP "\(bu" 2
\fBpipewire.access\fP
.IP "\(bu" 2
\fBpipewire.client.access\fP
.PP

.PP
.SH "CONFIG OVERRIDE"
.PP

.PP
A \fRmodule\&.access\&.args\fP config section can be added to override the module arguments\&.

.PP
.PP
.nf
# ~/\&.config/pipewire/pipewire\&.conf\&.d/my\-access\-args\&.conf

module\&.access\&.args = {
     access\&.socket = {
         pipewire\-0 = "default",
         pipewire\-0\-manager = "unrestricted",
     }
}
.fi
.PP

.PP
.SH "EXAMPLE CONFIGURATION"
.PP

.PP
.PP
.nf
 context\&.modules = [
  {   name = libpipewire\-module\-access
      args = {
          # Use separate socket for session manager applications,
          # and pipewire\-0 for usual applications\&.
          access\&.socket = {
              pipewire\-0 = "default",
              pipewire\-0\-manager = "unrestricted",
          }
      }
  }
]
.fi
.PP

.PP
\fBSee also\fP
.RS 4
\fBpw_resource_error\fP 

.PP
\fBpw_impl_client_update_permissions\fP 
.RE
.PP