Polkit.Authority

g GObject.GInterface GObject.GInterface Gio.AsyncInitable Gio.AsyncInitable GObject.GInterface->Gio.AsyncInitable Gio.Initable Gio.Initable GObject.GInterface->Gio.Initable GObject.Object GObject.Object Polkit.Authority Polkit.Authority GObject.Object->Polkit.Authority Gio.AsyncInitable->Polkit.Authority Gio.Initable->Polkit.Authority

Subclasses:

None

Methods

Inherited:

GObject.Object (37), Gio.AsyncInitable (4), Gio.Initable (2)

Structs:

GObject.ObjectClass (5)

class

get ()

class

get_async (cancellable, callback, *user_data)

class

get_finish (res)

class

get_sync (cancellable)

authentication_agent_response (cookie, identity, cancellable, callback, *user_data)

authentication_agent_response_finish (res)

authentication_agent_response_sync (cookie, identity, cancellable)

check_authorization (subject, action_id, details, flags, cancellable, callback, *user_data)

check_authorization_finish (res)

check_authorization_sync (subject, action_id, details, flags, cancellable)

enumerate_actions (cancellable, callback, *user_data)

enumerate_actions_finish (res)

enumerate_actions_sync (cancellable)

enumerate_temporary_authorizations (subject, cancellable, callback, *user_data)

enumerate_temporary_authorizations_finish (res)

enumerate_temporary_authorizations_sync (subject, cancellable)

get_backend_features ()

get_backend_name ()

get_backend_version ()

get_owner ()

register_authentication_agent (subject, locale, object_path, cancellable, callback, *user_data)

register_authentication_agent_finish (res)

register_authentication_agent_sync (subject, locale, object_path, cancellable)

register_authentication_agent_with_options (subject, locale, object_path, options, cancellable, callback, *user_data)

register_authentication_agent_with_options_finish (res)

register_authentication_agent_with_options_sync (subject, locale, object_path, options, cancellable)

revoke_temporary_authorization_by_id (id, cancellable, callback, *user_data)

revoke_temporary_authorization_by_id_finish (res)

revoke_temporary_authorization_by_id_sync (id, cancellable)

revoke_temporary_authorizations (subject, cancellable, callback, *user_data)

revoke_temporary_authorizations_finish (res)

revoke_temporary_authorizations_sync (subject, cancellable)

unregister_authentication_agent (subject, object_path, cancellable, callback, *user_data)

unregister_authentication_agent_finish (res)

unregister_authentication_agent_sync (subject, object_path, cancellable)

Virtual Methods

Inherited:

GObject.Object (7), Gio.AsyncInitable (2), Gio.Initable (1)

Properties

Name

Type

Flags

Short Description

backend-features

Polkit.AuthorityFeatures

r

The features of the currently used Authority backend.

backend-name

str

r

The name of the currently used Authority backend.

backend-version

str

r

The version of the currently used Authority backend.

owner

str

r

Owner.

Signals

Inherited:

GObject.Object (1)

Name

Short Description

changed

Emitted when actions and/or authorizations change

Fields

Inherited:

GObject.Object (1)

Class Details

class Polkit.Authority(**kwargs)
Bases:

GObject.Object, Gio.AsyncInitable, Gio.Initable

Abstract:

No

Structure:

Polkit.AuthorityClass

Polkit.Authority is used for checking whether a given subject is authorized to perform a given action. Typically privileged system daemons or suid helpers will use this when handling requests from untrusted clients.

User sessions can register an authentication agent with the authority. This is used for requests from untrusted clients where system policy requires that the user needs to acknowledge (through proving he is the user or the administrator) a given action. See #PolkitAgentListener and #PolkitAgentSession for details.

classmethod get()
Returns:

value

Return type:

Polkit.Authority

(deprecated)

classmethod get_async(cancellable, callback, *user_data)
Parameters:

Asynchronously gets a reference to the authority.

This is an asynchronous failable function. When the result is ready, callback will be invoked in the thread-default main loop of the thread you are calling this method from and you can use Polkit.Authority.get_finish() to get the result. See Polkit.Authority.get_sync() for the synchronous version.

classmethod get_finish(res)
Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the Gio.AsyncReadyCallback passed to Polkit.Authority.get_async().

Raises:

GLib.Error

Returns:

A Polkit.Authority. Free it with GObject.Object.unref() when done with it.

Return type:

Polkit.Authority

Finishes an operation started with Polkit.Authority.get_async().

classmethod get_sync(cancellable)
Parameters:

cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

Raises:

GLib.Error

Returns:

A Polkit.Authority. Free it with GObject.Object.unref() when done with it.

Return type:

Polkit.Authority

Synchronously gets a reference to the authority.

This is a synchronous failable function - the calling thread is blocked until a reply is received. See Polkit.Authority.get_async() for the asynchronous version.

authentication_agent_response(cookie, identity, cancellable, callback, *user_data)
Parameters:

Asynchronously provide response that identity successfully authenticated for the authentication request identified by cookie.

This function is only used by the privileged bits of an authentication agent. It will fail if the caller is not sufficiently privileged (typically uid 0).

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.authentication_agent_response_finish() to get the result of the operation.

authentication_agent_response_finish(res)
Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

True if self acknowledged the call, False if error is set.

Return type:

bool

Finishes providing response from an authentication agent.

authentication_agent_response_sync(cookie, identity, cancellable)
Parameters:
Raises:

GLib.Error

Returns:

True if self acknowledged the call, False if error is set.

Return type:

bool

Provide response that identity successfully authenticated for the authentication request identified by cookie. See Polkit.Authority.authentication_agent_response() for limitations on who is allowed is to call this method.

The calling thread is blocked until a reply is received. See Polkit.Authority.authentication_agent_response() for the asynchronous version.

check_authorization(subject, action_id, details, flags, cancellable, callback, *user_data)
Parameters:

Asynchronously checks if subject is authorized to perform the action represented by action_id.

Note that Polkit.CheckAuthorizationFlags.ALLOW_USER_INTERACTION SHOULD be passed ONLY if the event that triggered the authorization check is stemming from an user action, e.g. the user pressing a button or attaching a device.

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.check_authorization_finish() to get the result of the operation.

Known keys in details include polkit.message and polkit.gettext_domain that can be used to override the message shown to the user. See the documentation for the ‘D-Bus method [eggdbus-method-org.freedesktop.PolicyKit1.Authority.CheckAuthorization]’ for more details.

If details is non-empty then the request will fail with Polkit.Error.FAILED unless the process doing the check itsef is sufficiently authorized (e.g. running as uid 0).

check_authorization_finish(res)
Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

A Polkit.AuthorizationResult or None if error is set. Free with GObject.Object.unref().

Return type:

Polkit.AuthorizationResult

Finishes checking if a subject is authorized for an action.

check_authorization_sync(subject, action_id, details, flags, cancellable)
Parameters:
Raises:

GLib.Error

Returns:

A Polkit.AuthorizationResult or None if error is set. Free with GObject.Object.unref().

Return type:

Polkit.AuthorizationResult

Checks if subject is authorized to perform the action represented by action_id.

Note that Polkit.CheckAuthorizationFlags.ALLOW_USER_INTERACTION SHOULD be passed ONLY if the event that triggered the authorization check is stemming from an user action, e.g. the user pressing a button or attaching a device.

Note the calling thread is blocked until a reply is received. You should therefore NEVER do this from a GUI thread or a daemon service thread when using the Polkit.CheckAuthorizationFlags.ALLOW_USER_INTERACTION flag. This is because it may potentially take minutes (or even hours) for the operation to complete because it involves waiting for the user to authenticate.

Known keys in details include polkit.message and polkit.gettext_domain that can be used to override the message shown to the user. See the documentation for the ‘D-Bus method [eggdbus-method-org.freedesktop.PolicyKit1.Authority.CheckAuthorization]’ for more details.

enumerate_actions(cancellable, callback, *user_data)
Parameters:

Asynchronously retrieves all registered actions.

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.enumerate_actions_finish() to get the result of the operation.

enumerate_actions_finish(res)
Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

A list of Polkit.ActionDescription objects or None if error is set. The returned list should be freed with g_list_free() after each element have been freed with GObject.Object.unref().

Return type:

[Polkit.ActionDescription]

Finishes retrieving all registered actions.

enumerate_actions_sync(cancellable)
Parameters:

cancellable (Gio.Cancellable or None) – A Gio.Cancellable or None.

Raises:

GLib.Error

Returns:

A list of Polkit.ActionDescription or None if error is set. The returned list should be freed with g_list_free() after each element have been freed with GObject.Object.unref().

Return type:

[Polkit.ActionDescription]

Synchronously retrieves all registered actions - the calling thread is blocked until a reply is received. See Polkit.Authority.enumerate_actions() for the asynchronous version.

enumerate_temporary_authorizations(subject, cancellable, callback, *user_data)
Parameters:

Asynchronously gets all temporary authorizations for subject.

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.enumerate_temporary_authorizations_finish() to get the result of the operation.

enumerate_temporary_authorizations_finish(res)
Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

A list of Polkit.TemporaryAuthorization objects or None if error is set. The returned list should be freed with g_list_free() after each element have been freed with GObject.Object.unref().

Return type:

[Polkit.TemporaryAuthorization]

Finishes retrieving all registered actions.

enumerate_temporary_authorizations_sync(subject, cancellable)
Parameters:
Raises:

GLib.Error

Returns:

A list of Polkit.TemporaryAuthorization objects or None if error is set. The returned list should be freed with g_list_free() after each element have been freed with GObject.Object.unref().

Return type:

[Polkit.TemporaryAuthorization]

Synchronousky gets all temporary authorizations for subject.

The calling thread is blocked until a reply is received. See Polkit.Authority.enumerate_temporary_authorizations() for the asynchronous version.

get_backend_features()
Returns:

Flags from Polkit.AuthorityFeatures.

Return type:

Polkit.AuthorityFeatures

Gets the features supported by the authority backend.

get_backend_name()
Returns:

The name of the backend.

Return type:

str

Gets the name of the authority backend.

get_backend_version()
Returns:

The version string for the backend.

Return type:

str

Gets the version of the authority backend.

get_owner()
Returns:

None or a string that should be freed with GLib.free().

Return type:

str or None

The unique name on the system message bus of the owner of the name org.freedesktop.PolicyKit1 or None if no-one currently owns the name. You may connect to the GObject.Object ::notify signal to track changes to the Polkit.Authority :owner property.

register_authentication_agent(subject, locale, object_path, cancellable, callback, *user_data)
Parameters:

Asynchronously registers an authentication agent.

Note that this should be called by the same effective UID which will be the real UID using the #PolkitAgentSession API or otherwise calling Polkit.Authority.authentication_agent_response().

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.register_authentication_agent_finish() to get the result of the operation.

register_authentication_agent_finish(res)
Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

True if the authentication agent was successfully registered, False if error is set.

Return type:

bool

Finishes registering an authentication agent.

register_authentication_agent_sync(subject, locale, object_path, cancellable)
Parameters:
Raises:

GLib.Error

Returns:

True if the authentication agent was successfully registered, False if error is set.

Return type:

bool

Registers an authentication agent.

Note that this should be called by the same effective UID which will be the real UID using the #PolkitAgentSession API or otherwise calling Polkit.Authority.authentication_agent_response().

The calling thread is blocked until a reply is received. See Polkit.Authority.register_authentication_agent() for the asynchronous version.

register_authentication_agent_with_options(subject, locale, object_path, options, cancellable, callback, *user_data)
Parameters:

Asynchronously registers an authentication agent.

Note that this should be called by the same effective UID which will be the real UID using the #PolkitAgentSession API or otherwise calling Polkit.Authority.authentication_agent_response().

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.register_authentication_agent_with_options_finish() to get the result of the operation.

register_authentication_agent_with_options_finish(res)
Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

True if the authentication agent was successfully registered, False if error is set.

Return type:

bool

Finishes registering an authentication agent.

register_authentication_agent_with_options_sync(subject, locale, object_path, options, cancellable)
Parameters:
Raises:

GLib.Error

Returns:

True if the authentication agent was successfully registered, False if error is set.

Return type:

bool

Registers an authentication agent.

Note that this should be called by the same effective UID which will be the real UID using the #PolkitAgentSession API or otherwise calling Polkit.Authority.authentication_agent_response().

The calling thread is blocked until a reply is received. See Polkit.Authority.register_authentication_agent_with_options() for the asynchronous version.

revoke_temporary_authorization_by_id(id, cancellable, callback, *user_data)
Parameters:

Asynchronously revoke a temporary authorization.

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.revoke_temporary_authorization_by_id_finish() to get the result of the operation.

revoke_temporary_authorization_by_id_finish(res)
Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

True if the temporary authorization was revoked, False if error is set.

Return type:

bool

Finishes revoking a temporary authorization by id.

revoke_temporary_authorization_by_id_sync(id, cancellable)
Parameters:
Raises:

GLib.Error

Returns:

True if the temporary authorization was revoked, False if error is set.

Return type:

bool

Synchronously revokes a temporary authorization.

The calling thread is blocked until a reply is received. See Polkit.Authority.revoke_temporary_authorization_by_id() for the asynchronous version.

revoke_temporary_authorizations(subject, cancellable, callback, *user_data)
Parameters:

Asynchronously revokes all temporary authorizations for subject.

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.revoke_temporary_authorizations_finish() to get the result of the operation.

revoke_temporary_authorizations_finish(res)
Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

True if all the temporary authorizations was revoked, False if error is set.

Return type:

bool

Finishes revoking temporary authorizations.

revoke_temporary_authorizations_sync(subject, cancellable)
Parameters:
Raises:

GLib.Error

Returns:

True if the temporary authorization was revoked, False if error is set.

Return type:

bool

Synchronously revokes all temporary authorization from subject.

The calling thread is blocked until a reply is received. See Polkit.Authority.revoke_temporary_authorizations() for the asynchronous version.

unregister_authentication_agent(subject, object_path, cancellable, callback, *user_data)
Parameters:

Asynchronously unregisters an authentication agent.

When the operation is finished, callback will be invoked in the

thread-default main loop of the thread you are calling this method from. You can then call Polkit.Authority.unregister_authentication_agent_finish() to get the result of the operation.

unregister_authentication_agent_finish(res)
Parameters:

res (Gio.AsyncResult) – A Gio.AsyncResult obtained from the callback.

Raises:

GLib.Error

Returns:

True if the authentication agent was successfully unregistered, False if error is set.

Return type:

bool

Finishes unregistering an authentication agent.

unregister_authentication_agent_sync(subject, object_path, cancellable)
Parameters:
Raises:

GLib.Error

Returns:

True if the authentication agent was successfully unregistered, False if error is set.

Return type:

bool

Unregisters an authentication agent. The calling thread is blocked until a reply is received. See Polkit.Authority.unregister_authentication_agent() for the asynchronous version.

Signal Details

Polkit.Authority.signals.changed(authority)
Signal Name:

changed

Flags:

RUN_LAST

Parameters:

authority (Polkit.Authority) – The object which received the signal

Emitted when actions and/or authorizations change

Property Details

Polkit.Authority.props.backend_features
Name:

backend-features

Type:

Polkit.AuthorityFeatures

Default Value:

Polkit.AuthorityFeatures.NONE

Flags:

READABLE

The features of the currently used Authority backend.

Polkit.Authority.props.backend_name
Name:

backend-name

Type:

str

Default Value:

None

Flags:

READABLE

The name of the currently used Authority backend.

Polkit.Authority.props.backend_version
Name:

backend-version

Type:

str

Default Value:

None

Flags:

READABLE

The version of the currently used Authority backend.

Polkit.Authority.props.owner
Name:

owner

Type:

str

Default Value:

None

Flags:

READABLE

The unique name of the owner of the org.freedesktop.PolicyKit1 D-Bus service or None if there is no owner. Connect to the GObject.Object ::notify signal to track changes to this property.