demo/agent not following geoclue bus re-connects

Stefan Schmidt stefan at datenfreihafen.org
Thu Nov 20 04:34:29 PST 2014 

Hello.

On 20/11/14 12:26, Bastien Nocera wrote:
> On Thu, 2014-11-20 at 12:11 +0100, Stefan Schmidt wrote:
>> Hello.
>>
>> On 20/11/14 11:36, Bastien Nocera wrote:
>>> On Thu, 2014-11-20 at 10:22 +0000, Stefan Schmidt wrote:
>>>> Hello.
>>>>
>>>> I'm writing some GeoClue2 agent code for Enlightenment and for this 
>>>> purpose I play around with available demo/agent and demo/where-am-i code 
>>>> to see how things are working together.
>>>>
>>>> I changed the desktop_id setting for where-am-i to something invalid (no 
>>>> desktop file) to check how the error case is handled. After starting the 
>>>> agent I did run where-am-i and is was rejected (as it should) but 
>>>> running it again right afterwards it went through just fine. This 
>>>> confused me for a while until I was running geoclue manually from a 
>>>> shell with debug enabled.
>>>>
>>>> In the case described above geoclue would simply leave the bus after 
>>>> where-am-i got rejected but the agent kept running. A new start of 
>>>> where-am-i would trigger a on demand start of geoclue but the running 
>>>> agent would not register again so the app request would go through 
>>>> without any agent interaction.
>>>>
>>>> I guess this is just a limitation of the demo code of the agent? Does 
>>>> gnome-shell handle this correctly?
>>> That's a bug in the agent.
>> Thanks for confirming this.
>>
>>> gnome-shell would handle this properly, but
>>> the agent code isn't merged into gnome-shell, as the per-application
>>> settings don't really work with our current security framework(s) on
>>> "desktop" Linux.
>> Oh, interesting. I thought this was enabled in gnome-shell already.
>> Is there a plan forward or is it in wait and see mode? :)
>>
>> Makes me wonder if I should keep working on the agent code for
>> Enlightenment.
> We'll enable it as soon as the security it's supposed to provide is
> actually provided. That probably means kdbus and application containers
> at the very least.
Agreed. There is nothing in place to enforce this yet. Given the recent
discussions about kbus on lkml it still might take some time before it
gets in.

> I would probably have merged the gnome-shell agent
> code myself, but it's true that it might give a sense of security that
> doesn't exist (it's too easy to fake being another app).
>
Thinking about it I might go the route for now that I register an agent
to get the request from applications. That way I can at least inform the
user if he is interested. However I will avoid rejecting or approving
based on the ID for now.

regards
Stefan Schmidt

More information about the GeoClue mailing list