src/udev/udev-builtin-uaccess.c

   1 /* SPDX-License-Identifier: GPL-2.0+ */
   2 /*
   3  * manage device node user ACL
   4  */
   5
   6 #include <errno.h>
   7 #include <stdio.h>
   8 #include <stdlib.h>
   9 #include <sys/stat.h>
  10
  11 #include "sd-login.h"
  12
  13 #include "login-util.h"
  14 #include "logind-acl.h"
  15 #include "log.h"
  16 #include "udev-builtin.h"
  17
  18 static int builtin_uaccess(sd_device *dev, int argc, char *argv[], bool test) {
  19         int r;
  20         const char *path = NULL, *seat;
  21         bool changed_acl = false;
  22         uid_t uid;
  23
  24         umask(0022);
  25
  26         /* don't muck around with ACLs when the system is not running systemd */
  27         if (!logind_running())
  28                 return 0;
  29
  30         r = sd_device_get_devname(dev, &path);
  31         if (r < 0)
  32                 goto finish;
  33
  34         if (sd_device_get_property_value(dev, "ID_SEAT", &seat) < 0)
  35                 seat = "seat0";
  36
  37         r = sd_seat_get_active(seat, NULL, &uid);
  38         if (r < 0) {
  39                 if (IN_SET(r, -ENXIO, -ENODATA))
  40                         /* No active session on this seat */
  41                         r = 0;
  42                 else
  43                         log_error_errno(r, "Failed to determine active user on seat %s: %m", seat);
  44
  45                 goto finish;
  46         }
  47
  48         r = devnode_acl(path, true, false, 0, true, uid);
  49         if (r < 0) {
  50                 log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path);
  51                 goto finish;
  52         }
  53
  54         changed_acl = true;
  55         r = 0;
  56
  57 finish:
  58         if (path && !changed_acl) {
  59                 int k;
  60
  61                 /* Better be safe than sorry and reset ACL */
  62                 k = devnode_acl(path, true, false, 0, false, 0);
  63                 if (k < 0) {
  64                         log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path);
  65                         if (r >= 0)
  66                                 r = k;
  67                 }
  68         }
  69
  70         return r;
  71 }
  72
  73 const struct udev_builtin udev_builtin_uaccess = {
  74         .name = "uaccess",
  75         .cmd = builtin_uaccess,
  76         .help = "Manage device node user ACL",
  77 };