]>
Commit | Line | Data |
---|---|---|
e7145211 | 1 | /* SPDX-License-Identifier: GPL-2.0+ */ |
83cd6b75 KS |
2 | /* |
3 | * manage device node user ACL | |
83cd6b75 KS |
4 | */ |
5 | ||
cf0fbc49 | 6 | #include <errno.h> |
83cd6b75 KS |
7 | #include <stdio.h> |
8 | #include <stdlib.h> | |
07a26e42 | 9 | #include <sys/stat.h> |
83cd6b75 | 10 | |
00229fe4 LP |
11 | #include "sd-login.h" |
12 | ||
883658b8 | 13 | #include "device-util.h" |
00229fe4 | 14 | #include "login-util.h" |
83cd6b75 | 15 | #include "logind-acl.h" |
07a26e42 YW |
16 | #include "log.h" |
17 | #include "udev-builtin.h" | |
83cd6b75 | 18 | |
3fc2e9a2 | 19 | static int builtin_uaccess(sd_device *dev, int argc, char *argv[], bool test) { |
83cd6b75 KS |
20 | const char *path = NULL, *seat; |
21 | bool changed_acl = false; | |
22 | uid_t uid; | |
883658b8 | 23 | int r; |
83cd6b75 | 24 | |
83cd6b75 KS |
25 | umask(0022); |
26 | ||
27 | /* don't muck around with ACLs when the system is not running systemd */ | |
79d860fe | 28 | if (!logind_running()) |
83cd6b75 KS |
29 | return 0; |
30 | ||
4b60fe6e | 31 | r = sd_device_get_devname(dev, &path); |
dc4fedd8 | 32 | if (r < 0) { |
883658b8 | 33 | log_device_error_errno(dev, r, "Failed to get device name: %m"); |
4b60fe6e | 34 | goto finish; |
dc4fedd8 | 35 | } |
4b60fe6e YW |
36 | |
37 | if (sd_device_get_property_value(dev, "ID_SEAT", &seat) < 0) | |
83cd6b75 KS |
38 | seat = "seat0"; |
39 | ||
40 | r = sd_seat_get_active(seat, NULL, &uid); | |
d354690e YW |
41 | if (r < 0) { |
42 | if (IN_SET(r, -ENXIO, -ENODATA)) | |
43 | /* No active session on this seat */ | |
44 | r = 0; | |
45 | else | |
883658b8 | 46 | log_device_error_errno(dev, r, "Failed to determine active user on seat %s: %m", seat); |
d354690e | 47 | |
83cd6b75 KS |
48 | goto finish; |
49 | } | |
50 | ||
51 | r = devnode_acl(path, true, false, 0, true, uid); | |
52 | if (r < 0) { | |
883658b8 | 53 | log_device_full(dev, r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL: %m"); |
83cd6b75 KS |
54 | goto finish; |
55 | } | |
56 | ||
57 | changed_acl = true; | |
58 | r = 0; | |
59 | ||
60 | finish: | |
61 | if (path && !changed_acl) { | |
62 | int k; | |
63 | ||
64 | /* Better be safe than sorry and reset ACL */ | |
65 | k = devnode_acl(path, true, false, 0, false, 0); | |
66 | if (k < 0) { | |
7388cea3 | 67 | log_device_full(dev, k == -ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL: %m"); |
83cd6b75 KS |
68 | if (r >= 0) |
69 | r = k; | |
70 | } | |
71 | } | |
72 | ||
d354690e | 73 | return r; |
83cd6b75 KS |
74 | } |
75 | ||
25de7aa7 | 76 | const UdevBuiltin udev_builtin_uaccess = { |
83cd6b75 KS |
77 | .name = "uaccess", |
78 | .cmd = builtin_uaccess, | |
5ac0162c | 79 | .help = "Manage device node user ACL", |
83cd6b75 | 80 | }; |