Re: [gpm] Privilege of GPM

From: "Richard Hughes" <hughsient gmail com>
To: "Jeff Cai" <Jeff Cai sun com>
Cc: gnome-power-manager-list gnome org
Subject: Re: [gpm] Privilege of GPM
Date: Thu, 23 Aug 2007 09:32:37 +0100

On 22/08/07, Jeff Cai <Jeff Cai sun com> wrote:
> Hi, Richard and all
> As I know, GPM uses PolicyKit to implement permission control for users.

Nope. It used to use Policykit to work out if the user could do an
action before doing it, but that code has now bitrotted. I need to
update that now DavidZ has changed the API.

> I take "hibernate" as an Example. If a user wants to perform the action
> of hibernate, GPM will invoke "gpm_control_allowed_hibernate" to
> determine whether the current user has the permission to do that. In
> "gpm_control_allowed_hibernate", GPM will invoke
> "gpm_polkit_is_user_privileged" to get the answer according to the
> PolicyKit policy. But from the working diagram of
> PolicyKit(http://webcvs.freedesktop.org/hal/PolicyKit/doc/spec/polkit-arch.png?revision=1.1),
> the permission checking should really occur within HAL service
> implementation while not in GPM code.

Yes, the is_user_priv function just works out if HAL would grant
permission on that action, i.e. if it's worth doing or if HAL would
just refuse the action.

> GPM also invodes "power_management.can_hibernate" to know whether the
> kernel supports this action , this is not related with permission checking.

Agree.

> My questions here are:
> 1. Is there any permission checking in HAL?

Yup, HAL uses the default DBUS permissions, and also PolicyKit itself
internally.

> 2. Does GPM plan to implement that kind of permission checking like
> http://webcvs.freedesktop.org/hal/PolicyKit/doc/spec/polkit-arch.png?revision=1.1?

Well, I guess so. If we call Shutdown() and get permission denied then
we could use PolicyKit to try and grant access, tbh I just need to
write the code. At the moment you get a refusal, and that just gets
presented to the user.

You have to bear in mind that PolicyKit is very new, and gpm and HAL
worked together long before PolicyKit was integrated. We might need to
rejig things a little in the new PolicyKit world order :-)

I hope that helps,

Richard.

References:
- [gpm] Privilege of GPM
  - From: Jeff Cai

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]