[Dev] Gumd and security-manager integration

Dominig ar Foll (Intel OTC) dominig.arfoll at fridu.net
Tue Oct 28 08:16:02 GMT 2014


Dominig ar Foll
Senior Software Architect
Open Source Technology Centre
Intel SSG

Le 27/10/2014 13:31, Rafał Krypa a écrit :
> On 2014-10-16 14:39, Jussi Laako wrote:
>> On 16.10.2014 11:43, Rafał Krypa wrote:
>>> Could you please describe this subject in detail? What problems did 
>>> you encounter while considering integration by hooks? Why was it 
>>> considered unfeasible?
>>> If similar problems could also affect integration with 
>>> security-manager, I'd like to avoid them as early as possible.
>>
>> Conclusion was that it is impossible to perfectly roll-back hook 
>> actions in case of failure because the roll-back can also fail. If 
>> not for anything else but due to bugs in implementation.
>
> IMHO a perfect roll-back for operations like user creation and removal 
> isn't that important.
> If some step during creation of a user fails (or is interrupted by 
> power loss) it should be enough to leave the user in half-created 
> state. Such half-created account should have the following 
> characteristics:
> - cannot be utilized, prevent users from logging into it (this can be 
> achieved by enabling the account in the very last step of the process)
> - can be enumerated and removed, like any proper user account
> - until removed, cannot be re-used by subsequent user creations
>
> Having that, a device administrator could recover from failed user 
> creation by entering user management again, removing the half-baked 
> account and trying to create it again. It is possible to handle user 
> removal in a similar way.
>
> To be honest, in my proposal for wrapping gumd with security-manager 
> functions I didn't intend to provide fully transactional removal and 
> creationof users. I considered it too difficult and not worth it. And 
> similarly, as far as i know there is no roll-back support forfailed 
> application installation(or de-installation or upgrade).Do we need to 
> discuss it for applications as well?
>
> Dominig, if you have any concerns about my approach, please letus 
> know. At themoment I don't see technical reasons for choosing gumd 
> wrapping over hooks. Since hooks seem to be preferred by gumd 
> developers and should be easier for all of us, they look like a viable 
> option to me.
>
>
>
That proposition is perfectly acceptable for Tizen market target.
I'd rather have such a simple system rather than a complex roll back model.

Dominig


More information about the Dev mailing list