Gio.DebugControllerDBus¶

Subclasses:: None

Methods¶

Inherited:: GObject.Object (37), Gio.DebugController (2), Gio.Initable (2)
Structs:: GObject.ObjectClass (5)

class	`new` (connection, cancellable)
	`stop` ()

Virtual Methods¶

Inherited:: GObject.Object (7), Gio.Initable (1)

do_authorize (invocation)

Properties¶

Inherited:: Gio.DebugController (1)

Name	Type	Flags	Short Description
`connection`	`Gio.DBusConnection`	r/w/co

Signals¶

Inherited:: GObject.Object (1)

Name	Short Description
`authorize`	Emitted when a D-Bus peer is trying to change the debug settings and used to determine if that is authorized.

Fields¶

Inherited:: GObject.Object (1)

Name	Type	Access	Description
parent_instance	`GObject.Object`	r

Class Details¶

class Gio.DebugControllerDBus(**kwargs)¶

Bases:: GObject.Object, Gio.DebugController, Gio.Initable
Abstract:: No
Structure:: Gio.DebugControllerDBusClass

GDebugControllerDBus is an implementation of [iface`Gio`.DebugController] which exposes debug settings as a D-Bus object.

It is a [iface`Gio`.Initable] object, and will register an object at /org/gtk/Debugging on the bus given as [property`Gio`.DebugControllerDBus:connection] once it’s initialized. The object will be unregistered when the last reference to the GDebugControllerDBus is dropped.

This D-Bus object can be used by remote processes to enable or disable debug output in this process. Remote processes calling org.gtk.Debugging.SetDebugEnabled() will affect the value of [property`Gio`.DebugController:debug-enabled] and, by default, [func`GLib`.log_get_debug_enabled].

By default, no processes are allowed to call SetDebugEnabled() unless a [signal`Gio`.DebugControllerDBus::authorize] signal handler is installed. This is because the process may be privileged, or might expose sensitive information in its debug output. You may want to restrict the ability to enable debug output to privileged users or processes.

One option is to install a D-Bus security policy which restricts access to SetDebugEnabled(), installing something like the following in $datadir/dbus-1/system.d/ :

``xml <?xml version=”1.0”?> <!–-nxml-–> <!DOCTYPE busconfig PUBLIC “-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN”

“http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd”>

<busconfig>

<policy user=”root”>: <allow send_destination=”com.example.MyService” send_interface=”org.gtk.Debugging”/>

</policy> <policy context=”default”>

<deny send_destination=”com.example.MyService” send_interface=”org.gtk.Debugging”/>

</policy>

</busconfig> ``

This will prevent the SetDebugEnabled() method from being called by all except root. It will not prevent the DebugEnabled property from being read, as it’s accessed through the org.freedesktop.DBus.Properties interface.

Another option is to use polkit to allow or deny requests on a case-by-case basis, allowing for the possibility of dynamic authorisation. To do this, connect to the [signal`Gio`.DebugControllerDBus::authorize] signal and query polkit in it:

```c g_autoptr(GLib.Error) child_error = None; g_autoptr(Gio.DBusConnection) connection = Gio.bus_get_sync (Gio.BusType.SYSTEM, None, None); int debug_controller_authorize_id = 0;

// Set up the debug controller. debug_controller = G_DEBUG_CONTROLLER (Gio.DebugControllerDBus.new (priv->connection, None, &child_error)); if (debug_controller == None) { g_error (“Could not register debug controller on bus: %s”), child_error->message); }

debug_controller_authorize_id = g_signal_connect (debug_controller, “authorize”, G_CALLBACK (debug_controller_authorize_cb), self);

static bool debug_controller_authorize_cb (Gio.DebugControllerDBus *debug_controller, Gio.DBusMethodInvocation *invocation, object user_data) { g_autoptr(PolkitAuthority) authority = None; g_autoptr(PolkitSubject) subject = None; g_autoptr(PolkitAuthorizationResult) auth_result = None; g_autoptr(GLib.Error) local_error = None; Gio.DBusMessage *message; Gio.DBusMessageFlags message_flags; PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE;

message = Gio.DBusMethodInvocation.get_message (invocation); message_flags = Gio.DBusMessage.get_flags (message);

authority = polkit_authority_get_sync (None, &local_error); if (authority == None) { g_warning (“Failed to get polkit authority: %s”, local_error->message); return False; }

if (message_flags & Gio.DBusMessageFlags.ALLOW_INTERACTIVE_AUTHORIZATION) flags |= POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION;

subject = polkit_system_bus_name_new (Gio.DBusMethodInvocation.get_sender (invocation));

auth_result = polkit_authority_check_authorization_sync (authority, subject, “com.example.MyService.set-debug-enabled”, None, flags, None, &local_error); if (auth_result == None) { g_warning (“Failed to get check polkit authorization: %s”, local_error->message); return False; }

return polkit_authorization_result_get_is_authorized (auth_result); } ```

New in version 2.72.

classmethod new(connection, cancellable)[source]¶

Parameters:

connection (Gio.DBusConnection) – a Gio.DBusConnection to register the debug object on
cancellable (Gio.Cancellable or None) – a Gio.Cancellable, or None

Raises:

GLib.Error

Returns:

a new Gio.DebugControllerDBus, or None on failure

Return type:

Gio.DebugControllerDBus or None

Create a new Gio.DebugControllerDBus and synchronously initialize it.

Initializing the object will export the debug object on connection. The object will remain registered until the last reference to the Gio.DebugControllerDBus is dropped.

Initialization may fail if registering the object on connection fails.

New in version 2.72.

stop()[source]¶

Stop the debug controller, unregistering its object from the bus.

Any pending method calls to the object will complete successfully, but new ones will return an error. This method will block until all pending Gio.DebugControllerDBus ::authorize signals have been handled. This is expected to not take long, as it will just be waiting for threads to join. If any Gio.DebugControllerDBus ::authorize signal handlers are still executing in other threads, this will block until after they have returned.

This method will be called automatically when the final reference to the Gio.DebugControllerDBus is dropped. You may want to call it explicitly to know when the controller has been fully removed from the bus, or to break reference count cycles.

Calling this method from within a Gio.DebugControllerDBus ::authorize signal handler will cause a deadlock and must not be done.

New in version 2.72.

do_authorize(invocation) virtual¶

Parameters:: invocation (Gio.DBusMethodInvocation) –
Return type:: bool

Default handler for the Gio.DebugControllerDBus ::authorize signal.

Signal Details¶

Gio.DebugControllerDBus.signals.authorize(debug_controller_d_bus, invocation)¶

Signal Name:

authorize

Flags:

RUN_LAST

Parameters:

debug_controller_d_bus (Gio.DebugControllerDBus) – The object which received the signal
invocation (Gio.DBusMethodInvocation) – A Gio.DBusMethodInvocation.

Returns:

True if the call is authorized, False otherwise.

Return type:

bool

Emitted when a D-Bus peer is trying to change the debug settings and used to determine if that is authorized.

This signal is emitted in a dedicated worker thread, so handlers are allowed to perform blocking I/O. This means that, for example, it is appropriate to call polkit_authority_check_authorization_sync() to check authorization using polkit.

If False is returned then no further handlers are run and the request to change the debug settings is rejected.

Otherwise, if True is returned, signal emission continues. If no handlers return False, then the debug settings are allowed to be changed.

Signal handlers must not modify invocation, or cause it to return a value.

The default class handler just returns True.

New in version 2.72.

Property Details¶

Gio.DebugControllerDBus.props.connection¶

Name:: connection
Type:: Gio.DBusConnection
Default Value:: None
Flags:: READABLE, WRITABLE, CONSTRUCT_ONLY

The D-Bus connection to expose the debugging interface on.

Typically this will be the same connection (to the system or session bus) which the rest of the application or service’s D-Bus objects are registered on.

New in version 2.72.