Class

GioDebugControllerDBus

Description

class Gio.DebugControllerDBus : GObject.Object {
  parent_instance: GObject
}

GDebugControllerDBus is an implementation of GDebugController which exposes debug settings as a D-Bus object.

It is a GInitable object, and will register an object at /org/gtk/Debugging on the bus given as GDebugControllerDBus:connection once it’s initialized. The object will be unregistered when the last reference to the GDebugControllerDBus is dropped.

This D-Bus object can be used by remote processes to enable or disable debug output in this process. Remote processes calling org.gtk.Debugging.SetDebugEnabled() will affect the value of GDebugController:debug-enabled and, by default, g_log_get_debug_enabled(). default.

By default, all processes will be able to call SetDebugEnabled(). If this process is privileged, or might expose sensitive information in its debug output, you may want to restrict the ability to enable debug output to privileged users or processes.

One option is to install a D-Bus security policy which restricts access to SetDebugEnabled(), installing something like the following in $datadir/dbus-1/system.d/:

<?xml version="1.0"?> <!--*-nxml-*-->
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
     "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
  <policy user="root">
    <allow send_destination="com.example.MyService" send_interface="org.gtk.Debugging"/>
  </policy>
  <policy context="default">
    <deny send_destination="com.example.MyService" send_interface="org.gtk.Debugging"/>
  </policy>
</busconfig>

This will prevent the SetDebugEnabled() method from being called by all except root. It will not prevent the DebugEnabled property from being read, as it’s accessed through the org.freedesktop.DBus.Properties interface.

Another option is to use polkit to allow or deny requests on a case-by-case basis, allowing for the possibility of dynamic authorisation. To do this, connect to the GDebugControllerDBus::authorize signal and query polkit in it:

  g_autoptr(GError) child_error = NULL;
  g_autoptr(GDBusConnection) connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, NULL);
  gulong debug_controller_authorize_id = 0;

  // Set up the debug controller.
  debug_controller = G_DEBUG_CONTROLLER (g_debug_controller_dbus_new (priv->connection, NULL, &child_error));
  if (debug_controller == NULL)
    {
      g_error ("Could not register debug controller on bus: %s"),
               child_error->message);
    }

  debug_controller_authorize_id = g_signal_connect (debug_controller,
                                                    "authorize",
                                                    G_CALLBACK (debug_controller_authorize_cb),
                                                    self);

  static gboolean
  debug_controller_authorize_cb (GDebugControllerDBus  *debug_controller,
                                 GDBusMethodInvocation *invocation,
                                 gpointer               user_data)
  {
    g_autoptr(PolkitAuthority) authority = NULL;
    g_autoptr(PolkitSubject) subject = NULL;
    g_autoptr(PolkitAuthorizationResult) auth_result = NULL;
    g_autoptr(GError) local_error = NULL;
    GDBusMessage *message;
    GDBusMessageFlags message_flags;
    PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE;

    message = g_dbus_method_invocation_get_message (invocation);
    message_flags = g_dbus_message_get_flags (message);

    authority = polkit_authority_get_sync (NULL, &local_error);
    if (authority == NULL)
      {
        g_warning ("Failed to get polkit authority: %s", local_error->message);
        return FALSE;
      }

    if (message_flags & G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION)
      flags |= POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION;

    subject = polkit_system_bus_name_new (g_dbus_method_invocation_get_sender (invocation));

    auth_result = polkit_authority_check_authorization_sync (authority,
                                                             subject,
                                                             "com.example.MyService.set-debug-enabled",
                                                             NULL,
                                                             flags,
                                                             NULL,
                                                             &local_error);
    if (auth_result == NULL)
      {
        g_warning ("Failed to get check polkit authorization: %s", local_error->message);
        return FALSE;
      }

    return polkit_authorization_result_get_is_authorized (auth_result);
  }
Available since:2.72

Hierarchy

hierarchy this GDebugControllerDBus implements_0 GDebugController this--implements_0 implements_1 GInitable this--implements_1 ancestor_0 GObject ancestor_0--this

Ancestors

Constructors

g_debug_controller_dbus_new

Create a new GDebugControllerDBus and synchronously initialize it.

Available since: 2.72

Instance methods

g_debug_controller_dbus_stop

Stop the debug controller, unregistering its object from the bus.

Available since: 2.72

Methods inherited from GObject (43)

Please see GObject for a full list of methods.

Methods inherited from GDebugController (2)
g_debug_controller_get_debug_enabled

Get the value of GDebugController:debug-enabled.

Available since: 2.72

g_debug_controller_set_debug_enabled

Set the value of GDebugController:debug-enabled.

Available since: 2.72

Methods inherited from GInitable (1)
g_initable_init

Initializes the object implementing the interface.

Available since: 2.22

Properties

Gio.DebugControllerDBus:connection

The D-Bus connection to expose the debugging interface on.

Available since: 2.72

Properties inherited from GDebugController (1)
Gio.DebugController:debug-enabled

TRUE if debug output should be exposed (for example by forwarding it to the journal), FALSE otherwise.

Available since: 2.72

Signals

Gio.DebugControllerDBus::authorize

Emitted when a D-Bus peer is trying to change the debug settings and used to determine if that is authorized.

Available since: 2.72

Signals inherited from GObject (1)
GObject.Object::notify

The notify signal is emitted on an object when one of its properties has its value set through g_object_set_property(), g_object_set(), et al.

Class structure

struct GioDebugControllerDBusClass {
  GObjectClass parent_class;
  gboolean (* authorize) (
    GDebugControllerDBus* controller,
    GDBusMethodInvocation* invocation
  );
  None padding;
  
}

The virtual function table for GDebugControllerDBus.

Class members
parent_class
GObjectClass
 

The parent class.

authorize
gboolean (* authorize) (
    GDebugControllerDBus* controller,
    GDBusMethodInvocation* invocation
  )
  No description available.
padding
None
  No description available.

Virtual methods

Gio.DebugControllerDBusClass.authorize
No description available.