[thirdparty/systemd.git] / src / udev / udev-builtin-uaccess.c

/* SPDX-License-Identifier: GPL-2.0+ */
/*
 * manage device node user ACL
 *
 * Copyright © 2010-2012 Kay Sievers <kay@vrfy.org>
 *
 */

#include <errno.h>
#include <stdio.h>
#include <stdlib.h>

#include "sd-login.h"

#include "login-util.h"
#include "logind-acl.h"
#include "udev.h"
#include "util.h"

static int builtin_uaccess(struct udev_device *dev, int argc, char *argv[], bool test) {
        int r;
        const char *path = NULL, *seat;
        bool changed_acl = false;
        uid_t uid;

        umask(0022);

        /* don't muck around with ACLs when the system is not running systemd */
        if (!logind_running())
                return 0;

        path = udev_device_get_devnode(dev);
        seat = udev_device_get_property_value(dev, "ID_SEAT");
        if (!seat)
                seat = "seat0";

        r = sd_seat_get_active(seat, NULL, &uid);
        if (IN_SET(r, -ENXIO, -ENODATA)) {
                /* No active session on this seat */
                r = 0;
                goto finish;
        } else if (r < 0) {
                log_error("Failed to determine active user on seat %s.", seat);
                goto finish;
        }

        r = devnode_acl(path, true, false, 0, true, uid);
        if (r < 0) {
                log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path);
                goto finish;
        }

        changed_acl = true;
        r = 0;

finish:
        if (path && !changed_acl) {
                int k;

                /* Better be safe than sorry and reset ACL */
                k = devnode_acl(path, true, false, 0, false, 0);
                if (k < 0) {
                        log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path);
                        if (r >= 0)
                                r = k;
                }
        }

        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}

const struct udev_builtin udev_builtin_uaccess = {
        .name = "uaccess",
        .cmd = builtin_uaccess,
        .help = "Manage device node user ACL",
};
Commit	Line	Data
e7145211	1	/* SPDX-License-Identifier: GPL-2.0+ */
83cd6b75 KS	2	/*
	3	* manage device node user ACL
	4	*
96b2fb93	5	* Copyright © 2010-2012 Kay Sievers <kay@vrfy.org>
83cd6b75	6	*
83cd6b75 KS	7	*/
83cd6b75 KS	8
cf0fbc49	9	#include <errno.h>
83cd6b75 KS	10	#include <stdio.h>
83cd6b75 KS	11	#include <stdlib.h>
83cd6b75	12
00229fe4 LP	13	#include "sd-login.h"
	14
	15	#include "login-util.h"
83cd6b75 KS	16	#include "logind-acl.h"
	17	#include "udev.h"
	18	#include "util.h"
	19
9ec6e95b	20	static int builtin_uaccess(struct udev_device dev, int argc, char argv[], bool test) {
83cd6b75 KS	21	int r;
	22	const char path = NULL, seat;
	23	bool changed_acl = false;
	24	uid_t uid;
	25
83cd6b75 KS	26	umask(0022);
	27
	28	/* don't muck around with ACLs when the system is not running systemd */
79d860fe	29	if (!logind_running())
83cd6b75 KS	30	return 0;
	31
	32	path = udev_device_get_devnode(dev);
	33	seat = udev_device_get_property_value(dev, "ID_SEAT");
	34	if (!seat)
	35	seat = "seat0";
	36
	37	r = sd_seat_get_active(seat, NULL, &uid);
4c701096	38	if (IN_SET(r, -ENXIO, -ENODATA)) {
83cd6b75 KS	39	/* No active session on this seat */
	40	r = 0;
	41	goto finish;
	42	} else if (r < 0) {
	43	log_error("Failed to determine active user on seat %s.", seat);
	44	goto finish;
	45	}
	46
	47	r = devnode_acl(path, true, false, 0, true, uid);
	48	if (r < 0) {
709f6e46	49	log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path);
83cd6b75 KS	50	goto finish;
	51	}
	52
	53	changed_acl = true;
	54	r = 0;
	55
	56	finish:
	57	if (path && !changed_acl) {
	58	int k;
	59
	60	/* Better be safe than sorry and reset ACL */
	61	k = devnode_acl(path, true, false, 0, false, 0);
	62	if (k < 0) {
8dbf6265	63	log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path);
83cd6b75 KS	64	if (r >= 0)
	65	r = k;
	66	}
	67	}
	68
	69	return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
	70	}
	71
	72	const struct udev_builtin udev_builtin_uaccess = {
	73	.name = "uaccess",
	74	.cmd = builtin_uaccess,
5ac0162c	75	.help = "Manage device node user ACL",
83cd6b75	76	};