How to debug dbus access issues?

[Simon McVittie]

You seem to be mixing up well-known bus names, interface names (which don't
appear in any of your Python code), and object paths. Try reading
<http://www.freedesktop.org/wiki/Software/DBusAnalogy> and/or
<http://www.freedesktop.org/wiki/IntroductionToDBus>; I recommend doing
some experimenting on the session bus, and coming back to the system bus
when you know the principles and can see whether you're about to open up a
security hole in your system.

On Wed, 24 Aug 2011 at 10:43:18 +0200, tomw wrote:
> OBJ = "org.foo.Baz"

(Terminology: this is a well-known bus name, not an object path.)

> PATH=  '/' + OBJ.replace('.','/')

(Terminology: this is an object path.)

> dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied:
> Rejected send message, 5 matched rules; type="method_call",
> sender=":1.15" (uid=500 pid=1386 comm="python) interface="(unset)"
                                                 ^^^^^^^^^^^^^^^^^^^
> member="GetStatus" error name="(unset)" requested_reply=0
> destination=":1.13" (uid=500 pid=1380 comm="python))

> $ dbus-send --system --print-reply --dest=org.foo.Baz /org/foo/Baz
> org.foo.Baz.GetStatus
  ^^^^^^^^^^^

One difference here is that in the Python case you're sending a method call
without an explicit interface, which would usually cause the recipient to
guess what you meant; in the dbus-send case you're explicitly specifying
the interface. You can fix this by either calling via a dbus.Interface object,
or using baz.GetStatus(dbus_interface='blah.blah.blah').

That shouldn't matter with the policy you quoted (although best-practice is
to always use an explicit interface name), but perhaps you have other
policy files that affect message delivery to the same service names?
I'm pretty sure you don't own foo.org - try with a real reversed-domain
that you control, e.g. com.ubilix.tomw.Example, or net.sf.example if you're
the "example" project on Sourceforge.

Regards,
    S