Mark and Zach and I talked.
Zach said that "dmabuf" is not a hard requirement. Another "anon_inode" would probably be OK as long as the app cannot turn on any permissions besides PCM access. Our security team will just need to review the changes.
So I think you should proceed with the "anon_inode:snd-pcm" if you think that will be more secure. Thanks for proposing this.
Zach has some notes in his initial review of Jaroslav's code. Zach?
One thing Zach mentioned is that the API should only allow *removing* permissions and not adding permissions.
What permissions would be set on the FD given to the app?
Also Mark mentioned that the FD app would have PCM access and "close" permission. What flag allows close? What else is permitted under that flag? Or is close permission just a generic "FD" permission unrelated to ALSA?
Thanks for all your work on this. Sorry if I caused alarm. I just wanted to make sure we could use the solution you provide.
Phil Burk