libhal-policy -> PolicyKit

[David Zeuthen]

On Thu, 2006-03-09 at 13:28 -0800, Artem Kachitchkine wrote:
> >     particular it puts the (policy, uid, pid) tupple in a list
> >     called temporary_policy_overrides. Should the end-point suddenly
> >     disconnect we catch this and delete the tupple from the list
> >     temporary_policy_overrides.
> > 
> >  7. If successful, gnome-mount does Mount() again on HAL. This flows
> >     through HAL and eventually hal-storage-mount is invoked. This binary
> >     uses libpolkit in particular libpolkit_is_uid_allowed_for_policy()
> >     to check whether the given $HAL_METHOD_INVOKED_BY_UID and
> >     $HAL_METHOD_INVOKED_BY_PID (we will start exporting this soon in
> >     HAL :-) is privileged. 
> 
> PolicyKit daemon will also have to protect against a race when process 
> PID gets a temporary policy, suddenly disconnects, the PID gets reused 
> by another process, which tries to gain access to the same policy before 
> the policy backing store (local file or a distributed database) deletes 
> the temporary_policy_override entry from the previous process.

I thought about this and I think we are safe:

 1. The PolicyKit daemon will be single threaded and process requests
    sequentially; and

 2. temporary_policy_override will just be an in-memory object - the
    backing store will _not_ be modified for this; and

 2. The Disconnected signal from the message bus for pid X
    is guaranteed to arrive before a new call to the PolicyKit service
    checking for the stuff in temporary_policy_override is done by
    another pid X.

Yes?

Thanks,
David