src/udev/udev-builtin-uaccess.c

   1 /* SPDX-License-Identifier: GPL-2.0+ */
   2 /*
   3  * manage device node user ACL
   4  */
   5
   6 #include <errno.h>
   7 #include <stdio.h>
   8 #include <stdlib.h>
   9
  10 #include "sd-login.h"
  11
  12 #include "login-util.h"
  13 #include "logind-acl.h"
  14 #include "udev.h"
  15 #include "util.h"
  16
  17 static int builtin_uaccess(struct udev_device *dev, int argc, char *argv[], bool test) {
  18         int r;
  19         const char *path = NULL, *seat;
  20         bool changed_acl = false;
  21         uid_t uid;
  22
  23         umask(0022);
  24
  25         /* don't muck around with ACLs when the system is not running systemd */
  26         if (!logind_running())
  27                 return 0;
  28
  29         path = udev_device_get_devnode(dev);
  30         seat = udev_device_get_property_value(dev, "ID_SEAT");
  31         if (!seat)
  32                 seat = "seat0";
  33
  34         r = sd_seat_get_active(seat, NULL, &uid);
  35         if (IN_SET(r, -ENXIO, -ENODATA)) {
  36                 /* No active session on this seat */
  37                 r = 0;
  38                 goto finish;
  39         } else if (r < 0) {
  40                 log_error("Failed to determine active user on seat %s.", seat);
  41                 goto finish;
  42         }
  43
  44         r = devnode_acl(path, true, false, 0, true, uid);
  45         if (r < 0) {
  46                 log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path);
  47                 goto finish;
  48         }
  49
  50         changed_acl = true;
  51         r = 0;
  52
  53 finish:
  54         if (path && !changed_acl) {
  55                 int k;
  56
  57                 /* Better be safe than sorry and reset ACL */
  58                 k = devnode_acl(path, true, false, 0, false, 0);
  59                 if (k < 0) {
  60                         log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path);
  61                         if (r >= 0)
  62                                 r = k;
  63                 }
  64         }
  65
  66         return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
  67 }
  68
  69 const struct udev_builtin udev_builtin_uaccess = {
  70         .name = "uaccess",
  71         .cmd = builtin_uaccess,
  72         .help = "Manage device node user ACL",
  73 };