[thirdparty/systemd.git] / src / udev / udev-builtin-uaccess.c

/* SPDX-License-Identifier: GPL-2.0+ */
/*
 * manage device node user ACL
 */

#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>

#include "sd-login.h"

#include "device-util.h"
#include "login-util.h"
#include "logind-acl.h"
#include "log.h"
#include "udev-builtin.h"

static int builtin_uaccess(sd_device *dev, int argc, char *argv[], bool test) {
        const char *path = NULL, *seat;
        bool changed_acl = false;
        uid_t uid;
        int r;

        umask(0022);

        /* don't muck around with ACLs when the system is not running systemd */
        if (!logind_running())
                return 0;

        r = sd_device_get_devname(dev, &path);
        if (r < 0) {
                log_device_error_errno(dev, r, "Failed to get device name: %m");
                goto finish;
        }

        if (sd_device_get_property_value(dev, "ID_SEAT", &seat) < 0)
                seat = "seat0";

        r = sd_seat_get_active(seat, NULL, &uid);
        if (r < 0) {
                if (IN_SET(r, -ENXIO, -ENODATA))
                        /* No active session on this seat */
                        r = 0;
                else
                        log_device_error_errno(dev, r, "Failed to determine active user on seat %s: %m", seat);

                goto finish;
        }

        r = devnode_acl(path, true, false, 0, true, uid);
        if (r < 0) {
                log_device_full(dev, r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL: %m");
                goto finish;
        }

        changed_acl = true;
        r = 0;

finish:
        if (path && !changed_acl) {
                int k;

                /* Better be safe than sorry and reset ACL */
                k = devnode_acl(path, true, false, 0, false, 0);
                if (k < 0) {
                        log_device_full(dev, k == -ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL: %m");
                        if (r >= 0)
                                r = k;
                }
        }

        return r;
}

const UdevBuiltin udev_builtin_uaccess = {
        .name = "uaccess",
        .cmd = builtin_uaccess,
        .help = "Manage device node user ACL",
};
Commit	Line	Data
e7145211	1	/* SPDX-License-Identifier: GPL-2.0+ */
83cd6b75 KS	2	/*
83cd6b75 KS	3	* manage device node user ACL
83cd6b75 KS	4	*/
83cd6b75 KS	5
cf0fbc49	6	#include <errno.h>
83cd6b75 KS	7	#include <stdio.h>
83cd6b75 KS	8	#include <stdlib.h>
07a26e42	9	#include <sys/stat.h>
83cd6b75	10
00229fe4 LP	11	#include "sd-login.h"
00229fe4 LP	12
883658b8	13	#include "device-util.h"
00229fe4	14	#include "login-util.h"
83cd6b75	15	#include "logind-acl.h"
07a26e42 YW	16	#include "log.h"
07a26e42 YW	17	#include "udev-builtin.h"
83cd6b75	18
3fc2e9a2	19	static int builtin_uaccess(sd_device dev, int argc, char argv[], bool test) {
83cd6b75 KS	20	const char path = NULL, seat;
	21	bool changed_acl = false;
	22	uid_t uid;
883658b8	23	int r;
83cd6b75	24
83cd6b75 KS	25	umask(0022);
	26
	27	/* don't muck around with ACLs when the system is not running systemd */
79d860fe	28	if (!logind_running())
83cd6b75 KS	29	return 0;
83cd6b75 KS	30
4b60fe6e	31	r = sd_device_get_devname(dev, &path);
dc4fedd8	32	if (r < 0) {
883658b8	33	log_device_error_errno(dev, r, "Failed to get device name: %m");
4b60fe6e	34	goto finish;
dc4fedd8	35	}
4b60fe6e YW	36
4b60fe6e YW	37	if (sd_device_get_property_value(dev, "ID_SEAT", &seat) < 0)
83cd6b75 KS	38	seat = "seat0";
	39
	40	r = sd_seat_get_active(seat, NULL, &uid);
d354690e YW	41	if (r < 0) {
	42	if (IN_SET(r, -ENXIO, -ENODATA))
	43	/* No active session on this seat */
	44	r = 0;
	45	else
883658b8	46	log_device_error_errno(dev, r, "Failed to determine active user on seat %s: %m", seat);
d354690e	47
83cd6b75 KS	48	goto finish;
	49	}
	50
	51	r = devnode_acl(path, true, false, 0, true, uid);
	52	if (r < 0) {
883658b8	53	log_device_full(dev, r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL: %m");
83cd6b75 KS	54	goto finish;
	55	}
	56
	57	changed_acl = true;
	58	r = 0;
	59
	60	finish:
	61	if (path && !changed_acl) {
	62	int k;
	63
	64	/* Better be safe than sorry and reset ACL */
	65	k = devnode_acl(path, true, false, 0, false, 0);
	66	if (k < 0) {
7388cea3	67	log_device_full(dev, k == -ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL: %m");
83cd6b75 KS	68	if (r >= 0)
	69	r = k;
	70	}
	71	}
	72
d354690e	73	return r;
83cd6b75 KS	74	}
83cd6b75 KS	75
25de7aa7	76	const UdevBuiltin udev_builtin_uaccess = {
83cd6b75 KS	77	.name = "uaccess",
83cd6b75 KS	78	.cmd = builtin_uaccess,
5ac0162c	79	.help = "Manage device node user ACL",
83cd6b75	80	};