Skip to content

Connecting Backend with UI

saurabhsood91 edited this page · 11 revisions
Clone this wiki locally

Connecting the User Interface and Backend

Problem

The problem is in finding a feasible way to connect the backend, which needs Root privileges to run, and the frontend, which runs with normal privileges.

Approach

The approach that is being used is using two executables, which communicate with the help of files.

Implementation Details

The backend is based on libzypp, and thus needs root privileges to run. The entire backend functions will be called by a backend helper, which will be built as a separate executable called 'backendhelper', which will be stored in /sbin. The rest of the application, containing the user interface classes will be built into another executable called 'oneclickinstaller', which will be stored in /usr/bin and does not need root privileges to run.

The 'backendhelper' will be called when the application needs to access the backend functions. It will be called by 'oneclickinstaller' using xdg-su, to run as root. The call will be seen by the user as:

xdg-su -u root -c "/sbin/backendhelper /tmp/<some file>"

The communication between the 'oneclickinstaller' and 'backendhelper' is implemented using a plain text file, which will carry information required by the backend, such as repositories to be added, and packages to be installed. This file will be created, when the YMP file is being parsed, and will be stored in /tmp. It has a simple format.

Format of File:

R < repo1 >

R < repo2 >

...

P < package1 >

P < package1 >

...

The Repository URL's will be stored in the file, whereas the package will be stored by name in the file. When the call to 'backendhelper' is made, this file is passed as parameter in the call. The file is then read in 'backendhelper' and the information is extracted, and utilised by the backend.

Security Concerns

As plain text files are being used to store the information, it can be a potential security concern. To tackle this problem, the files will have a random suffix at the end, such that the name of the file will be nearly impossible to guess by a potential attacker.

< packagename >< random suffix >

Something went wrong with that request. Please try again.