zeuthen at gmail.com
Thu Apr 29 04:36:23 PDT 2010
On Thu, Apr 29, 2010 at 6:38 AM, Bastien Nocera <hadess at hadess.net> wrote:
> I wanted to work on an authorisation framework for GeoClue. The goal is
> for Geoclue to only be available to applications that the user actively
> As Geoclue works with multiple D-Bus services, I would first disallow
> all the backends to talk to anyone but the Geoclue master D-Bus service
> (through checking for binary name, and D-Bus name).
> Then, in Geoclue master, keep a list of known binary/D-Bus names to
> authorise, and refuse access if they're not on the list.
> The problem I have is where would I put the authorisation dialogue?
> Could I put it in a separate daemon whose only task would be to write
> the authorised binary name/daemon (maybe PID, for one-shot ones)
> The goal is to avoid random applications accessing the service without
> explicit approval of the user, bar for "special" applications that I'd
> like to whitelist (such as a geoclue preferences tab, which would
> control the overall authorisation).
It seems to me this is exactly what polkit is doing - have you thought
about using it for this? You'd handle the "special" applications by
simply not asking polkit about those. Control of the whitelist could
be done using standard polkit mechanism that might pop up
authentication dialogs. See http://hal.freedesktop.org/docs/polkit/
for more information.
Btw, I hope you realize that on Linux, the binary name don't work
great for interpreted languages and isn't really secure at all. See
I like the "whitelist of known applications" authorization style.. but
I don't think it's straightforward to do in a secure way. Then again,
maybe you don't need it to be secure. Then again, you are dealing with
sensitive information and private information like location here. I
More information about the dbus