[thirdparty/systemd.git] / src / udev / udev-builtin-uaccess.c

/* SPDX-License-Identifier: GPL-2.0+ */
/*
 * manage device node user ACL
 *
 * Copyright © 2010-2012 Kay Sievers <kay@vrfy.org>
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

#include <errno.h>
#include <stdio.h>
#include <stdlib.h>

#include "sd-login.h"

#include "login-util.h"
#include "logind-acl.h"
#include "udev.h"
#include "util.h"

static int builtin_uaccess(struct udev_device *dev, int argc, char *argv[], bool test) {
        int r;
        const char *path = NULL, *seat;
        bool changed_acl = false;
        uid_t uid;

        umask(0022);

        /* don't muck around with ACLs when the system is not running systemd */
        if (!logind_running())
                return 0;

        path = udev_device_get_devnode(dev);
        seat = udev_device_get_property_value(dev, "ID_SEAT");
        if (!seat)
                seat = "seat0";

        r = sd_seat_get_active(seat, NULL, &uid);
        if (IN_SET(r, -ENXIO, -ENODATA)) {
                /* No active session on this seat */
                r = 0;
                goto finish;
        } else if (r < 0) {
                log_error("Failed to determine active user on seat %s.", seat);
                goto finish;
        }

        r = devnode_acl(path, true, false, 0, true, uid);
        if (r < 0) {
                log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path);
                goto finish;
        }

        changed_acl = true;
        r = 0;

finish:
        if (path && !changed_acl) {
                int k;

                /* Better be safe than sorry and reset ACL */
                k = devnode_acl(path, true, false, 0, false, 0);
                if (k < 0) {
                        log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path);
                        if (r >= 0)
                                r = k;
                }
        }

        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}

const struct udev_builtin udev_builtin_uaccess = {
        .name = "uaccess",
        .cmd = builtin_uaccess,
        .help = "Manage device node user ACL",
};
Commit	Line	Data
e7145211	1	/* SPDX-License-Identifier: GPL-2.0+ */
83cd6b75 KS	2	/*
	3	* manage device node user ACL
	4	*
96b2fb93	5	* Copyright © 2010-2012 Kay Sievers <kay@vrfy.org>
83cd6b75 KS	6	*
	7	* This program is free software: you can redistribute it and/or modify
	8	* it under the terms of the GNU General Public License as published by
	9	* the Free Software Foundation, either version 2 of the License, or
	10	* (at your option) any later version.
	11	*
	12	* This program is distributed in the hope that it will be useful,
	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	* GNU General Public License for more details.
	16	*
	17	* You should have received a copy of the GNU General Public License
	18	* along with this program. If not, see <http://www.gnu.org/licenses/>.
	19	*/
	20
cf0fbc49	21	#include <errno.h>
83cd6b75 KS	22	#include <stdio.h>
83cd6b75 KS	23	#include <stdlib.h>
83cd6b75	24
00229fe4 LP	25	#include "sd-login.h"
	26
	27	#include "login-util.h"
83cd6b75 KS	28	#include "logind-acl.h"
	29	#include "udev.h"
	30	#include "util.h"
	31
9ec6e95b	32	static int builtin_uaccess(struct udev_device dev, int argc, char argv[], bool test) {
83cd6b75 KS	33	int r;
	34	const char path = NULL, seat;
	35	bool changed_acl = false;
	36	uid_t uid;
	37
83cd6b75 KS	38	umask(0022);
	39
	40	/* don't muck around with ACLs when the system is not running systemd */
79d860fe	41	if (!logind_running())
83cd6b75 KS	42	return 0;
	43
	44	path = udev_device_get_devnode(dev);
	45	seat = udev_device_get_property_value(dev, "ID_SEAT");
	46	if (!seat)
	47	seat = "seat0";
	48
	49	r = sd_seat_get_active(seat, NULL, &uid);
4c701096	50	if (IN_SET(r, -ENXIO, -ENODATA)) {
83cd6b75 KS	51	/* No active session on this seat */
	52	r = 0;
	53	goto finish;
	54	} else if (r < 0) {
	55	log_error("Failed to determine active user on seat %s.", seat);
	56	goto finish;
	57	}
	58
	59	r = devnode_acl(path, true, false, 0, true, uid);
	60	if (r < 0) {
709f6e46	61	log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path);
83cd6b75 KS	62	goto finish;
	63	}
	64
	65	changed_acl = true;
	66	r = 0;
	67
	68	finish:
	69	if (path && !changed_acl) {
	70	int k;
	71
	72	/* Better be safe than sorry and reset ACL */
	73	k = devnode_acl(path, true, false, 0, false, 0);
	74	if (k < 0) {
8dbf6265	75	log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path);
83cd6b75 KS	76	if (r >= 0)
	77	r = k;
	78	}
	79	}
	80
	81	return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
	82	}
	83
	84	const struct udev_builtin udev_builtin_uaccess = {
	85	.name = "uaccess",
	86	.cmd = builtin_uaccess,
5ac0162c	87	.help = "Manage device node user ACL",
83cd6b75	88	};