]>
Commit | Line | Data |
---|---|---|
e7145211 | 1 | /* SPDX-License-Identifier: GPL-2.0+ */ |
83cd6b75 KS |
2 | /* |
3 | * manage device node user ACL | |
4 | * | |
96b2fb93 | 5 | * Copyright © 2010-2012 Kay Sievers <kay@vrfy.org> |
83cd6b75 KS |
6 | * |
7 | * This program is free software: you can redistribute it and/or modify | |
8 | * it under the terms of the GNU General Public License as published by | |
9 | * the Free Software Foundation, either version 2 of the License, or | |
10 | * (at your option) any later version. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, | |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
15 | * GNU General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU General Public License | |
18 | * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
19 | */ | |
20 | ||
cf0fbc49 | 21 | #include <errno.h> |
83cd6b75 KS |
22 | #include <stdio.h> |
23 | #include <stdlib.h> | |
83cd6b75 | 24 | |
00229fe4 LP |
25 | #include "sd-login.h" |
26 | ||
27 | #include "login-util.h" | |
83cd6b75 KS |
28 | #include "logind-acl.h" |
29 | #include "udev.h" | |
30 | #include "util.h" | |
31 | ||
9ec6e95b | 32 | static int builtin_uaccess(struct udev_device *dev, int argc, char *argv[], bool test) { |
83cd6b75 KS |
33 | int r; |
34 | const char *path = NULL, *seat; | |
35 | bool changed_acl = false; | |
36 | uid_t uid; | |
37 | ||
83cd6b75 KS |
38 | umask(0022); |
39 | ||
40 | /* don't muck around with ACLs when the system is not running systemd */ | |
79d860fe | 41 | if (!logind_running()) |
83cd6b75 KS |
42 | return 0; |
43 | ||
44 | path = udev_device_get_devnode(dev); | |
45 | seat = udev_device_get_property_value(dev, "ID_SEAT"); | |
46 | if (!seat) | |
47 | seat = "seat0"; | |
48 | ||
49 | r = sd_seat_get_active(seat, NULL, &uid); | |
4c701096 | 50 | if (IN_SET(r, -ENXIO, -ENODATA)) { |
83cd6b75 KS |
51 | /* No active session on this seat */ |
52 | r = 0; | |
53 | goto finish; | |
54 | } else if (r < 0) { | |
55 | log_error("Failed to determine active user on seat %s.", seat); | |
56 | goto finish; | |
57 | } | |
58 | ||
59 | r = devnode_acl(path, true, false, 0, true, uid); | |
60 | if (r < 0) { | |
709f6e46 | 61 | log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path); |
83cd6b75 KS |
62 | goto finish; |
63 | } | |
64 | ||
65 | changed_acl = true; | |
66 | r = 0; | |
67 | ||
68 | finish: | |
69 | if (path && !changed_acl) { | |
70 | int k; | |
71 | ||
72 | /* Better be safe than sorry and reset ACL */ | |
73 | k = devnode_acl(path, true, false, 0, false, 0); | |
74 | if (k < 0) { | |
8dbf6265 | 75 | log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path); |
83cd6b75 KS |
76 | if (r >= 0) |
77 | r = k; | |
78 | } | |
79 | } | |
80 | ||
81 | return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; | |
82 | } | |
83 | ||
84 | const struct udev_builtin udev_builtin_uaccess = { | |
85 | .name = "uaccess", | |
86 | .cmd = builtin_uaccess, | |
5ac0162c | 87 | .help = "Manage device node user ACL", |
83cd6b75 | 88 | }; |