1 /* SPDX-License-Identifier: GPL-2.0+ */
3 * manage device node user ACL
13 #include "device-util.h"
14 #include "login-util.h"
15 #include "logind-acl.h"
17 #include "udev-builtin.h"
19 static int builtin_uaccess(sd_device
*dev
, int argc
, char *argv
[], bool test
) {
20 const char *path
= NULL
, *seat
;
21 bool changed_acl
= false;
27 /* don't muck around with ACLs when the system is not running systemd */
28 if (!logind_running())
31 r
= sd_device_get_devname(dev
, &path
);
33 log_device_error_errno(dev
, r
, "Failed to get device name: %m");
37 if (sd_device_get_property_value(dev
, "ID_SEAT", &seat
) < 0)
40 r
= sd_seat_get_active(seat
, NULL
, &uid
);
42 if (IN_SET(r
, -ENXIO
, -ENODATA
))
43 /* No active session on this seat */
46 log_device_error_errno(dev
, r
, "Failed to determine active user on seat %s: %m", seat
);
51 r
= devnode_acl(path
, true, false, 0, true, uid
);
53 log_device_full(dev
, r
== -ENOENT
? LOG_DEBUG
: LOG_ERR
, r
, "Failed to apply ACL: %m");
61 if (path
&& !changed_acl
) {
64 /* Better be safe than sorry and reset ACL */
65 k
= devnode_acl(path
, true, false, 0, false, 0);
67 log_device_full(dev
, errno
== ENOENT
? LOG_DEBUG
: LOG_ERR
, k
, "Failed to apply ACL: %m");
76 const struct udev_builtin udev_builtin_uaccess
= {
78 .cmd
= builtin_uaccess
,
79 .help
= "Manage device node user ACL",