[Dev] Gumd and security-manager integration
r.krypa at samsung.com
Mon Oct 27 12:31:28 GMT 2014
On 2014-10-16 14:39, Jussi Laako wrote:
> On 16.10.2014 11:43, Rafał Krypa wrote:
>> Could you please describe this subject in detail? What problems did you encounter while considering integration by hooks? Why was it considered unfeasible?
>> If similar problems could also affect integration with security-manager, I'd like to avoid them as early as possible.
> Conclusion was that it is impossible to perfectly roll-back hook actions in case of failure because the roll-back can also fail. If not for anything else but due to bugs in implementation.
IMHO a perfect roll-back for operations like user creation and removal isn't that important.
If some step during creation of a user fails (or is interrupted by power loss) it should be enough to leave the user in half-created state. Such half-created account should have the following characteristics:
- cannot be utilized, prevent users from logging into it (this can be achieved by enabling the account in the very last step of the process)
- can be enumerated and removed, like any proper user account
- until removed, cannot be re-used by subsequent user creations
Having that, a device administrator could recover from failed user creation by entering user management again, removing the half-baked account and trying to create it again. It is possible to handle user removal in a similar way.
To be honest, in my proposal for wrapping gumd with security-manager functions I didn't intend to provide fully transactional removal and creationof users. I considered it too difficult and not worth it. And similarly, as far as i know there is no roll-back support forfailed application
installation(or de-installation or upgrade).Do we need to discuss it for applications as well?
Dominig, if you have any concerns about my approach, please letus know. At themoment I don't see technical reasons for choosing gumd wrapping over hooks. Since hooks seem to be preferred by gumd developers and should be easier for all of us, they look like a viable option to me.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev