src/udev/udev-builtin-uaccess.c

   1 /* SPDX-License-Identifier: GPL-2.0+ */
   2 /*
   3  * manage device node user ACL
   4  *
   5  *
   6  */
   7
   8 #include <errno.h>
   9 #include <stdio.h>
  10 #include <stdlib.h>
  11
  12 #include "sd-login.h"
  13
  14 #include "login-util.h"
  15 #include "logind-acl.h"
  16 #include "udev.h"
  17 #include "util.h"
  18
  19 static int builtin_uaccess(struct udev_device *dev, int argc, char *argv[], bool test) {
  20         int r;
  21         const char *path = NULL, *seat;
  22         bool changed_acl = false;
  23         uid_t uid;
  24
  25         umask(0022);
  26
  27         /* don't muck around with ACLs when the system is not running systemd */
  28         if (!logind_running())
  29                 return 0;
  30
  31         path = udev_device_get_devnode(dev);
  32         seat = udev_device_get_property_value(dev, "ID_SEAT");
  33         if (!seat)
  34                 seat = "seat0";
  35
  36         r = sd_seat_get_active(seat, NULL, &uid);
  37         if (IN_SET(r, -ENXIO, -ENODATA)) {
  38                 /* No active session on this seat */
  39                 r = 0;
  40                 goto finish;
  41         } else if (r < 0) {
  42                 log_error("Failed to determine active user on seat %s.", seat);
  43                 goto finish;
  44         }
  45
  46         r = devnode_acl(path, true, false, 0, true, uid);
  47         if (r < 0) {
  48                 log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path);
  49                 goto finish;
  50         }
  51
  52         changed_acl = true;
  53         r = 0;
  54
  55 finish:
  56         if (path && !changed_acl) {
  57                 int k;
  58
  59                 /* Better be safe than sorry and reset ACL */
  60                 k = devnode_acl(path, true, false, 0, false, 0);
  61                 if (k < 0) {
  62                         log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path);
  63                         if (r >= 0)
  64                                 r = k;
  65                 }
  66         }
  67
  68         return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
  69 }
  70
  71 const struct udev_builtin udev_builtin_uaccess = {
  72         .name = "uaccess",
  73         .cmd = builtin_uaccess,
  74         .help = "Manage device node user ACL",
  75 };