Class
GioDebugControllerDBus
since: 2.72
Description [src]
class Gio.DebugControllerDBus : GObject.Object
implements Gio.DebugController, Gio.Initable {
/* No available fields */
}GDebugControllerDBus is an implementation of GDebugController
which exposes debug settings as a D-Bus object.
It is a GInitable object, and will register an object at
/org/gtk/Debugging on the bus given as
GDebugControllerDBus:connection once it’s initialized. The
object will be unregistered when the last reference to the
GDebugControllerDBus is dropped.
This D-Bus object can be used by remote processes to enable or disable debug
output in this process. Remote processes calling
org.gtk.Debugging.SetDebugEnabled() will affect the value of
GDebugController:debug-enabled and, by default,
g_log_get_debug_enabled().
By default, no processes are allowed to call SetDebugEnabled() unless a
GDebugControllerDBus::authorize signal handler is installed. This
is because the process may be privileged, or might expose sensitive
information in its debug output. You may want to restrict the ability to
enable debug output to privileged users or processes.
One option is to install a D-Bus security policy which restricts access to
SetDebugEnabled(), installing something like the following in
$datadir/dbus-1/system.d/:
<?xml version="1.0"?> <!--*-nxml-*-->
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
<allow send_destination="com.example.MyService" send_interface="org.gtk.Debugging"/>
</policy>
<policy context="default">
<deny send_destination="com.example.MyService" send_interface="org.gtk.Debugging"/>
</policy>
</busconfig>
This will prevent the SetDebugEnabled() method from being called by all
except root. It will not prevent the DebugEnabled property from being read,
as it’s accessed through the org.freedesktop.DBus.Properties interface.
Another option is to use polkit to allow or deny requests on a case-by-case
basis, allowing for the possibility of dynamic authorisation. To do this,
connect to the GDebugControllerDBus::authorize signal and query
polkit in it:
g_autoptr(GError) child_error = NULL;
g_autoptr(GDBusConnection) connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, NULL);
gulong debug_controller_authorize_id = 0;
// Set up the debug controller.
debug_controller = G_DEBUG_CONTROLLER (g_debug_controller_dbus_new (priv->connection, NULL, &child_error));
if (debug_controller == NULL)
{
g_error ("Could not register debug controller on bus: %s"),
child_error->message);
}
debug_controller_authorize_id = g_signal_connect (debug_controller,
"authorize",
G_CALLBACK (debug_controller_authorize_cb),
self);
static gboolean
debug_controller_authorize_cb (GDebugControllerDBus *debug_controller,
GDBusMethodInvocation *invocation,
gpointer user_data)
{
g_autoptr(PolkitAuthority) authority = NULL;
g_autoptr(PolkitSubject) subject = NULL;
g_autoptr(PolkitAuthorizationResult) auth_result = NULL;
g_autoptr(GError) local_error = NULL;
GDBusMessage *message;
GDBusMessageFlags message_flags;
PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE;
message = g_dbus_method_invocation_get_message (invocation);
message_flags = g_dbus_message_get_flags (message);
authority = polkit_authority_get_sync (NULL, &local_error);
if (authority == NULL)
{
g_warning ("Failed to get polkit authority: %s", local_error->message);
return FALSE;
}
if (message_flags & G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION)
flags |= POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION;
subject = polkit_system_bus_name_new (g_dbus_method_invocation_get_sender (invocation));
auth_result = polkit_authority_check_authorization_sync (authority,
subject,
"com.example.MyService.set-debug-enabled",
NULL,
flags,
NULL,
&local_error);
if (auth_result == NULL)
{
g_warning ("Failed to get check polkit authorization: %s", local_error->message);
return FALSE;
}
return polkit_authorization_result_get_is_authorized (auth_result);
}
Available since: 2.72
Constructors
g_debug_controller_dbus_new
Create a new GDebugControllerDBus and synchronously initialize it.
since: 2.72
Instance methods
g_debug_controller_dbus_stop
Stop the debug controller, unregistering its object from the bus.
since: 2.72
Methods inherited from GDebugController (2)
g_debug_controller_get_debug_enabled
Get the value of GDebugController:debug-enabled.
since: 2.72
g_debug_controller_set_debug_enabled
Set the value of GDebugController:debug-enabled.
since: 2.72
Methods inherited from GInitable (1)
Properties
Gio.DebugControllerDBus:connection
The D-Bus connection to expose the debugging interface on.
since: 2.72
Properties inherited from GDebugController (1)
GDebugController:debug-enabled
TRUE if debug output should be exposed (for example by forwarding it to
the journal), FALSE otherwise.
since: 2.72
Signals
Gio.DebugControllerDBus::authorize
Emitted when a D-Bus peer is trying to change the debug settings and used to determine if that is authorized.
since: 2.72
Signals inherited from GObject (1)
GObject::notify
The notify signal is emitted on an object when one of its properties has its value set through g_object_set_property(), g_object_set(), et al.
Class structure
struct GioDebugControllerDBusClass {
GObjectClass parent_class;
gboolean (* authorize) (
GDebugControllerDBus* controller,
GDBusMethodInvocation* invocation
);
None padding;
}The virtual function table for GDebugControllerDBus.
Class members
parent_class: GObjectClassThe parent class.
authorize: gboolean (* authorize) ( GDebugControllerDBus* controller, GDBusMethodInvocation* invocation )Default handler for the
GDebugControllerDBus::authorizesignal.padding: NoneNo description available.
Virtual methods
Gio.DebugControllerDBusClass.authorize
Default handler for the GDebugControllerDBus::authorize signal.