ACL troubles

[Alesh Slovak]

Hi,

I am a developer working on third party scanner drivers and we are 
having some trouble with HAL and access management.

In order to support a wide range of distributions, we run a post install 
script that searches for the SANE fdi file and mimicks it as close as 
possible. We then drop the generated file into the same location we 
found the SANE fdi file in, except we put it in the "20thirdparty" 
directory.

This works just fine for most of the distributions we support, including 
Debian, Ubuntu, and openSUSE, but Fedora is giving us trouble because it 
is using ACL.

Specifically, the problem is that 
"/usr/share/hal/fdi/policy/10osvendor/20-acl-management.fdi" is 
processed before our fdi file, which is located in 
"/usr/share/hal/fdi/policy/20thirdparty".

This results in our scanners not getting the appropriate permissions set 
and users not being able to scan (unless they log in as root or set 
permissions manually).

I thought of several solutions:
   1. put the generated fdi file in "/usr/share/hal/fdi/preprobe" 
unconditionally
   2. put the generated fdi file in "/usr/share/hal/fdi/information" 
unconditionally
   3. put the generated fdi file in the "10osvendor" directory
   4. copy the needed ACL entries from "20-acl-management.fdi" into our 
fdi file
   5. set the access_control.grant_group property to grant permissions 
to a group

I am trying to find a solution that is compatible across all 
distributions and none of these solutions are ideal. Some are just plain 
bad. I won't get into the details here, since this e-mail would get way 
too long.

I am looking for any ideas or suggestions as well as comments on the 
above ideas. More specifically, I would like to know from the HAL dev 
community if there is some recommended way of dealing with this kind of 
situation.

Thank you.

-- 
Alesh Slovak                    Linux Team -- AVASYS Corporation
alesh.slovak at avasys.jp          http://avasys.jp