Package ch.bailu.gtk.gio

Class DebugControllerDBus

java.lang.Object
ch.bailu.gtk.type.Type
ch.bailu.gtk.type.Pointer
ch.bailu.gtk.gobject.Object
ch.bailu.gtk.gio.DebugControllerDBus
All Implemented Interfaces:
PointerInterface
public class DebugControllerDBus extends Object
#GDebugControllerDBus is an implementation of #GDebugController which exposes
debug settings as a D-Bus object.

It is a #GInitable object, and will register an object at
`/org/gtk/Debugging` on the bus given as
#GDebugControllerDBus:connection once it’s initialized. The object will be
unregistered when the last reference to the #GDebugControllerDBus is dropped.

This D-Bus object can be used by remote processes to enable or disable debug
output in this process. Remote processes calling
`org.gtk.Debugging.SetDebugEnabled()` will affect the value of
#GDebugController:debug-enabled and, by default, g_log_get_debug_enabled().
default.

By default, all processes will be able to call `SetDebugEnabled()`. If this
process is privileged, or might expose sensitive information in its debug
output, you may want to restrict the ability to enable debug output to
privileged users or processes.

One option is to install a D-Bus security policy which restricts access to
`SetDebugEnabled()`, installing something like the following in
`$datadir/dbus-1/system.d/`: 
<!-- language="XML" -->
 <?xml version="1.0"?> <!--*-nxml-*-->
 <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
      "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
 <busconfig>
   <policy user="root">
     <allow send_destination="com.example.MyService" send_interface="org.gtk.Debugging"/>
   </policy>
   <policy context="default">
     <deny send_destination="com.example.MyService" send_interface="org.gtk.Debugging"/>
   </policy>
 </busconfig>


This will prevent the `SetDebugEnabled()` method from being called by all
except root. It will not prevent the `DebugEnabled` property from being read,
as it’s accessed through the `org.freedesktop.DBus.Properties` interface.

Another option is to use polkit to allow or deny requests on a case-by-case
basis, allowing for the possibility of dynamic authorisation. To do this,
connect to the #GDebugControllerDBus::authorize signal and query polkit in
it: 
<!-- language="C" -->
   g_autoptr(GError) child_error = NULL;
   g_autoptr(GDBusConnection) connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, NULL);
   gulong debug_controller_authorize_id = 0;
 
   // Set up the debug controller.
   debug_controller = G_DEBUG_CONTROLLER (g_debug_controller_dbus_new (priv->connection, NULL, &child_error));
   if (debug_controller == NULL)
     {
       g_error ("Could not register debug controller on bus: %s"),
                child_error->message);
     }
 
   debug_controller_authorize_id = g_signal_connect (debug_controller,
                                                     "authorize",
                                                     G_CALLBACK (debug_controller_authorize_cb),
                                                     self);
 
   static gboolean
   debug_controller_authorize_cb (GDebugControllerDBus  *debug_controller,
                                  GDBusMethodInvocation *invocation,
                                  gpointer               user_data)
   {
     g_autoptr(PolkitAuthority) authority = NULL;
     g_autoptr(PolkitSubject) subject = NULL;
     g_autoptr(PolkitAuthorizationResult) auth_result = NULL;
     g_autoptr(GError) local_error = NULL;
     GDBusMessage *message;
     GDBusMessageFlags message_flags;
     PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE;
 
     message = g_dbus_method_invocation_get_message (invocation);
     message_flags = g_dbus_message_get_flags (message);
 
     authority = polkit_authority_get_sync (NULL, &local_error);
     if (authority == NULL)
       {
         g_warning ("Failed to get polkit authority: %s", local_error->message);
         return FALSE;
       }
 
     if (message_flags & G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION)
       flags |= POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION;
 
     subject = polkit_system_bus_name_new (g_dbus_method_invocation_get_sender (invocation));
 
     auth_result = polkit_authority_check_authorization_sync (authority,
                                                              subject,
                                                              "com.example.MyService.set-debug-enabled",
                                                              NULL,
                                                              flags,
                                                              NULL,
                                                              &local_error);
     if (auth_result == NULL)
       {
         g_warning ("Failed to get check polkit authorization: %s", local_error->message);
         return FALSE;
       }
 
     return polkit_authorization_result_get_is_authorized (auth_result);
   }

https://docs.gtk.org/gio/class.DebugControllerDBus.html

  • Field Details

  • Constructor Details

    • DebugControllerDBus

      public DebugControllerDBus(PointerContainer pointer)

    • DebugControllerDBus

      public DebugControllerDBus(@Nonnull DBusConnection connection, @Nullable Cancellable cancellable)
      Create a new #GDebugControllerDBus and synchronously initialize it.

      Initializing the object will export the debug object on @connection. The
      object will remain registered until the last reference to the
      #GDebugControllerDBus is dropped.

      Initialization may fail if registering the object on @connection fails.
      Parameters:
      connection - a #GDBusConnection to register the debug object on
      cancellable - a #GCancellable, or %NULL

  • Method Details

    • getClassHandler

      public static ClassHandler getClassHandler()

    • stop

      public void stop()
      Stop the debug controller, unregistering its object from the bus.

      Any pending method calls to the object will complete successfully, but new
      ones will return an error. This method will block until all pending
      #GDebugControllerDBus::authorize signals have been handled. This is expected
      to not take long, as it will just be waiting for threads to join. If any
      #GDebugControllerDBus::authorize signal handlers are still executing in other
      threads, this will block until after they have returned.

      This method will be called automatically when the final reference to the
      #GDebugControllerDBus is dropped. You may want to call it explicitly to know
      when the controller has been fully removed from the bus, or to break
      reference count cycles.

      Calling this method from within a #GDebugControllerDBus::authorize signal
      handler will cause a deadlock and must not be done.

    • onAuthorize

      public SignalHandler onAuthorize(DebugControllerDBus.OnAuthorize signal)
      Connect to signal "authorize".
      See DebugControllerDBus.OnAuthorize.onAuthorize(ch.bailu.gtk.gio.DBusMethodInvocation) for signal description.
      Field SIGNAL_ON_AUTHORIZE contains original signal name and can be used as resource reference.
      Parameters:
      signal - callback function (lambda).
      Returns:
      SignalHandler. Can be used to disconnect signal and to release callback function.

    • asDebugController

      public DebugController asDebugController()
      Implements interface DebugController. Call this to get access to interface functions.
      Returns:
      DebugController

    • asInitable

      public Initable asInitable()
      Implements interface Initable. Call this to get access to interface functions.
      Returns:
      Initable

    • getTypeID

      public static long getTypeID()

    • getParentTypeID

      public static long getParentTypeID()

    • getTypeSize

      public static TypeSystem.TypeSize getTypeSize()

    • getParentTypeSize

      public static TypeSystem.TypeSize getParentTypeSize()

    • getInstanceSize

      public static int getInstanceSize()