gio/org.gtkkn.bindings.gio/DebugControllerDBus

DebugControllerDBus

open class DebugControllerDBus(pointer: <Error class: unknown class><<Error class: unknown class>>) : DebugController, Initable

GDebugControllerDBus is an implementation of iface@Gio.DebugController which exposes debug settings as a D-Bus object.

It is a iface@Gio.Initable object, and will register an object at /org/gtk/Debugging on the bus given as property@Gio.DebugControllerDBus:connection once it’s initialized. The object will be unregistered when the last reference to the GDebugControllerDBus is dropped.

This D-Bus object can be used by remote processes to enable or disable debug output in this process. Remote processes calling org.gtk.Debugging.SetDebugEnabled() will affect the value of property@Gio.DebugController:debug-enabled and, by default, func@GLib.log_get_debug_enabled.

By default, no processes are allowed to call SetDebugEnabled() unless a signal@Gio.DebugControllerDBus::authorize signal handler is installed. This is because the process may be privileged, or might expose sensitive information in its debug output. You may want to restrict the ability to enable debug output to privileged users or processes.

One option is to install a D-Bus security policy which restricts access to SetDebugEnabled(), installing something like the following in $datadir/dbus-1/system.d/:

<?xml version="1.0"?> <!--*-nxml-*-->
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
     "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
  <policy user="root">
    <allow send_destination="com.example.MyService" send_interface="org.gtk.Debugging"/>
  </policy>
  <policy context="default">
    <deny send_destination="com.example.MyService" send_interface="org.gtk.Debugging"/>
  </policy>
</busconfig>
Content copied to clipboard

This will prevent the SetDebugEnabled() method from being called by all except root. It will not prevent the DebugEnabled property from being read, as it’s accessed through the org.freedesktop.DBus.Properties interface.

Another option is to use polkit to allow or deny requests on a case-by-case basis, allowing for the possibility of dynamic authorisation. To do this, connect to the signal@Gio.DebugControllerDBus::authorize signal and query polkit in it:

g_autoptr(GError) child_error = NULL;
g_autoptr(GDBusConnection) connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, NULL);
gulong debug_controller_authorize_id = 0;

// Set up the debug controller.
debug_controller = G_DEBUG_CONTROLLER (g_debug_controller_dbus_new (priv->connection, NULL, &child_error));
if (debug_controller == NULL)
  {
    g_error ("Could not register debug controller on bus: %s"),
             child_error->message);
  }

debug_controller_authorize_id = g_signal_connect (debug_controller,
                                                  "authorize",
                                                  G_CALLBACK (debug_controller_authorize_cb),
                                                  self);

static gboolean
debug_controller_authorize_cb (GDebugControllerDBus  *debug_controller,
                               GDBusMethodInvocation *invocation,
                               gpointer               user_data)
{
  g_autoptr(PolkitAuthority) authority = NULL;
  g_autoptr(PolkitSubject) subject = NULL;
  g_autoptr(PolkitAuthorizationResult) auth_result = NULL;
  g_autoptr(GError) local_error = NULL;
  GDBusMessage *message;
  GDBusMessageFlags message_flags;
  PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE;

  message = g_dbus_method_invocation_get_message (invocation);
  message_flags = g_dbus_message_get_flags (message);

  authority = polkit_authority_get_sync (NULL, &local_error);
  if (authority == NULL)
    {
      g_warning ("Failed to get polkit authority: %s", local_error->message);
      return FALSE;
    }

  if (message_flags & G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION)
    flags |= POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION;

  subject = polkit_system_bus_name_new (g_dbus_method_invocation_get_sender (invocation));

  auth_result = polkit_authority_check_authorization_sync (authority,
                                                           subject,
                                                           "com.example.MyService.set-debug-enabled",
                                                           NULL,
                                                           flags,
                                                           NULL,
                                                           &local_error);
  if (auth_result == NULL)
    {
      g_warning ("Failed to get check polkit authorization: %s", local_error->message);
      return FALSE;
    }

  return polkit_authorization_result_get_is_authorized (auth_result);
}
Content copied to clipboard

Skipped during bindings generation

  • method connection: Property has no getter nor setter

Since

2.72

Constructors

Link copied to clipboard
constructor(connection: DBusConnection, cancellable: Cancellable? = null)

Create a new #GDebugControllerDBus and synchronously initialize it.

constructor(pointer: <Error class: unknown class><<Error class: unknown class>>)

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard
open var debugEnabled: Boolean

true if debug output should be exposed (for example by forwarding it to the journal), false otherwise.

Link copied to clipboard
val gioDebugControllerDBusPointer: <Error class: unknown class><<Error class: unknown class>>
Link copied to clipboard
open override val gioDebugControllerPointer: <Error class: unknown class><<Error class: unknown class>>
Link copied to clipboard
open override val gioInitablePointer: <Error class: unknown class><<Error class: unknown class>>

Functions

Link copied to clipboard
fun connectAuthorize(connectFlags: <Error class: unknown class> = ConnectFlags(0u), handler: (invocation: DBusMethodInvocation) -> Boolean): <Error class: unknown class>

Emitted when a D-Bus peer is trying to change the debug settings and used to determine if that is authorized.

Link copied to clipboard
open fun getDebugEnabled(): Boolean

Get the value of #GDebugController:debug-enabled.

Link copied to clipboard
open fun init(cancellable: Cancellable? = null): <Error class: unknown class><Boolean>

Initializes the object implementing the interface.

Link copied to clipboard
open fun setDebugEnabled(debugEnabled: Boolean)

Set the value of #GDebugController:debug-enabled.

Link copied to clipboard
open fun stop()

Stop the debug controller, unregistering its object from the bus.