src/udev/udev-builtin-uaccess.c

   1 /* SPDX-License-Identifier: GPL-2.0+ */
   2 /*
   3  * manage device node user ACL
   4  */
   5
   6 #include <errno.h>
   7 #include <stdio.h>
   8 #include <stdlib.h>
   9 #include <sys/stat.h>
  10
  11 #include "sd-login.h"
  12
  13 #include "login-util.h"
  14 #include "logind-acl.h"
  15 #include "log.h"
  16 #include "udev-builtin.h"
  17
  18 static int builtin_uaccess(struct udev_device *dev, int argc, char *argv[], bool test) {
  19         int r;
  20         const char *path = NULL, *seat;
  21         bool changed_acl = false;
  22         uid_t uid;
  23
  24         umask(0022);
  25
  26         /* don't muck around with ACLs when the system is not running systemd */
  27         if (!logind_running())
  28                 return 0;
  29
  30         path = udev_device_get_devnode(dev);
  31         seat = udev_device_get_property_value(dev, "ID_SEAT");
  32         if (!seat)
  33                 seat = "seat0";
  34
  35         r = sd_seat_get_active(seat, NULL, &uid);
  36         if (IN_SET(r, -ENXIO, -ENODATA)) {
  37                 /* No active session on this seat */
  38                 r = 0;
  39                 goto finish;
  40         } else if (r < 0) {
  41                 log_error("Failed to determine active user on seat %s.", seat);
  42                 goto finish;
  43         }
  44
  45         r = devnode_acl(path, true, false, 0, true, uid);
  46         if (r < 0) {
  47                 log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path);
  48                 goto finish;
  49         }
  50
  51         changed_acl = true;
  52         r = 0;
  53
  54 finish:
  55         if (path && !changed_acl) {
  56                 int k;
  57
  58                 /* Better be safe than sorry and reset ACL */
  59                 k = devnode_acl(path, true, false, 0, false, 0);
  60                 if (k < 0) {
  61                         log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path);
  62                         if (r >= 0)
  63                                 r = k;
  64                 }
  65         }
  66
  67         return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
  68 }
  69
  70 const struct udev_builtin udev_builtin_uaccess = {
  71         .name = "uaccess",
  72         .cmd = builtin_uaccess,
  73         .help = "Manage device node user ACL",
  74 };