Gio.DebugControllerDBus

g GObject.GInterface GObject.GInterface Gio.DebugController Gio.DebugController GObject.GInterface->Gio.DebugController Gio.Initable Gio.Initable GObject.GInterface->Gio.Initable GObject.Object GObject.Object Gio.DebugControllerDBus Gio.DebugControllerDBus GObject.Object->Gio.DebugControllerDBus Gio.DebugController->Gio.DebugControllerDBus Gio.Initable->Gio.DebugControllerDBus

Subclasses:

None

Methods

Inherited:

GObject.Object (37), Gio.DebugController (2), Gio.Initable (2)

Structs:

GObject.ObjectClass (5)

class

new (connection, cancellable)

stop ()

Virtual Methods

Inherited:

GObject.Object (7), Gio.Initable (1)

do_authorize (invocation)

Properties

Inherited:

Gio.DebugController (1)

Name

Type

Flags

Short Description

connection

Gio.DBusConnection

r/w/co

Signals

Inherited:

GObject.Object (1)

Name

Short Description

authorize

Emitted when a D-Bus peer is trying to change the debug settings and used to determine if that is authorized.

Fields

Inherited:

GObject.Object (1)

Name

Type

Access

Description

parent_instance

GObject.Object

r

Class Details

class Gio.DebugControllerDBus(**kwargs)
Bases:

GObject.Object, Gio.DebugController, Gio.Initable

Abstract:

No

Structure:

Gio.DebugControllerDBusClass

GDebugControllerDBus is an implementation of [iface`Gio`.DebugController] which exposes debug settings as a D-Bus object.

It is a [iface`Gio`.Initable] object, and will register an object at /org/gtk/Debugging on the bus given as [property`Gio`.DebugControllerDBus:connection] once it’s initialized. The object will be unregistered when the last reference to the GDebugControllerDBus is dropped.

This D-Bus object can be used by remote processes to enable or disable debug output in this process. Remote processes calling org.gtk.Debugging.SetDebugEnabled() will affect the value of [property`Gio`.DebugController:debug-enabled] and, by default, [func`GLib`.log_get_debug_enabled].

By default, no processes are allowed to call SetDebugEnabled() unless a [signal`Gio`.DebugControllerDBus::authorize] signal handler is installed. This is because the process may be privileged, or might expose sensitive information in its debug output. You may want to restrict the ability to enable debug output to privileged users or processes.

One option is to install a D-Bus security policy which restricts access to SetDebugEnabled(), installing something like the following in $datadir/dbus-1/system.d/ :

``xml <?xml version=”1.0”?> <!–-nxml-–> <!DOCTYPE busconfig PUBLIC “-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN”

<busconfig>
<policy user=”root”>

<allow send_destination=”com.example.MyService” send_interface=”org.gtk.Debugging”/>

</policy> <policy context=”default”>

<deny send_destination=”com.example.MyService” send_interface=”org.gtk.Debugging”/>

</policy>

</busconfig> ``

This will prevent the SetDebugEnabled() method from being called by all except root. It will not prevent the DebugEnabled property from being read, as it’s accessed through the org.freedesktop.DBus.Properties interface.

Another option is to use polkit to allow or deny requests on a case-by-case basis, allowing for the possibility of dynamic authorisation. To do this, connect to the [signal`Gio`.DebugControllerDBus::authorize] signal and query polkit in it:

```c g_autoptr(GLib.Error) child_error = None; g_autoptr(Gio.DBusConnection) connection = Gio.bus_get_sync (Gio.BusType.SYSTEM, None, None); int debug_controller_authorize_id = 0;

// Set up the debug controller. debug_controller = G_DEBUG_CONTROLLER (Gio.DebugControllerDBus.new (priv->connection, None, &child_error)); if (debug_controller == None) { g_error (“Could not register debug controller on bus: %s”), child_error->message); }

debug_controller_authorize_id = g_signal_connect (debug_controller, “authorize”, G_CALLBACK (debug_controller_authorize_cb), self);

static bool debug_controller_authorize_cb (Gio.DebugControllerDBus *debug_controller, Gio.DBusMethodInvocation *invocation, object user_data) { g_autoptr(PolkitAuthority) authority = None; g_autoptr(PolkitSubject) subject = None; g_autoptr(PolkitAuthorizationResult) auth_result = None; g_autoptr(GLib.Error) local_error = None; Gio.DBusMessage *message; Gio.DBusMessageFlags message_flags; PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE;

message = Gio.DBusMethodInvocation.get_message (invocation); message_flags = Gio.DBusMessage.get_flags (message);

authority = polkit_authority_get_sync (None, &local_error); if (authority == None) { g_warning (“Failed to get polkit authority: %s”, local_error->message); return False; }

if (message_flags & Gio.DBusMessageFlags.ALLOW_INTERACTIVE_AUTHORIZATION) flags |= POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION;

subject = polkit_system_bus_name_new (Gio.DBusMethodInvocation.get_sender (invocation));

auth_result = polkit_authority_check_authorization_sync (authority, subject, “com.example.MyService.set-debug-enabled”, None, flags, None, &local_error); if (auth_result == None) { g_warning (“Failed to get check polkit authorization: %s”, local_error->message); return False; }

return polkit_authorization_result_get_is_authorized (auth_result); } ```

New in version 2.72.

classmethod new(connection, cancellable)[source]
Parameters:
Raises:

GLib.Error

Returns:

a new Gio.DebugControllerDBus, or None on failure

Return type:

Gio.DebugControllerDBus or None

Create a new Gio.DebugControllerDBus and synchronously initialize it.

Initializing the object will export the debug object on connection. The object will remain registered until the last reference to the Gio.DebugControllerDBus is dropped.

Initialization may fail if registering the object on connection fails.

New in version 2.72.

stop()[source]

Stop the debug controller, unregistering its object from the bus.

Any pending method calls to the object will complete successfully, but new ones will return an error. This method will block until all pending Gio.DebugControllerDBus ::authorize signals have been handled. This is expected to not take long, as it will just be waiting for threads to join. If any Gio.DebugControllerDBus ::authorize signal handlers are still executing in other threads, this will block until after they have returned.

This method will be called automatically when the final reference to the Gio.DebugControllerDBus is dropped. You may want to call it explicitly to know when the controller has been fully removed from the bus, or to break reference count cycles.

Calling this method from within a Gio.DebugControllerDBus ::authorize signal handler will cause a deadlock and must not be done.

New in version 2.72.

do_authorize(invocation) virtual
Parameters:

invocation (Gio.DBusMethodInvocation) –

Return type:

bool

Default handler for the Gio.DebugControllerDBus ::authorize signal.

Signal Details

Gio.DebugControllerDBus.signals.authorize(debug_controller_d_bus, invocation)
Signal Name:

authorize

Flags:

RUN_LAST

Parameters:
Returns:

True if the call is authorized, False otherwise.

Return type:

bool

Emitted when a D-Bus peer is trying to change the debug settings and used to determine if that is authorized.

This signal is emitted in a dedicated worker thread, so handlers are allowed to perform blocking I/O. This means that, for example, it is appropriate to call polkit_authority_check_authorization_sync() to check authorization using polkit.

If False is returned then no further handlers are run and the request to change the debug settings is rejected.

Otherwise, if True is returned, signal emission continues. If no handlers return False, then the debug settings are allowed to be changed.

Signal handlers must not modify invocation, or cause it to return a value.

The default class handler just returns True.

New in version 2.72.

Property Details

Gio.DebugControllerDBus.props.connection
Name:

connection

Type:

Gio.DBusConnection

Default Value:

None

Flags:

READABLE, WRITABLE, CONSTRUCT_ONLY

The D-Bus connection to expose the debugging interface on.

Typically this will be the same connection (to the system or session bus) which the rest of the application or service’s D-Bus objects are registered on.

New in version 2.72.