src/udev/udev-builtin-uaccess.c

   1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
   2
   3 /*
   4  * manage device node user ACL
   5  *
   6  * Copyright 2010-2012 Kay Sievers <kay@vrfy.org>
   7  * Copyright 2010 Lennart Poettering
   8  *
   9  * This program is free software: you can redistribute it and/or modify
  10  * it under the terms of the GNU General Public License as published by
  11  * the Free Software Foundation, either version 2 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * This program is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU General Public License
  20  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21  */
  22
  23 #include <errno.h>
  24 #include <stdio.h>
  25 #include <stdlib.h>
  26
  27 #include "sd-login.h"
  28
  29 #include "login-util.h"
  30 #include "logind-acl.h"
  31 #include "udev.h"
  32 #include "util.h"
  33
  34 static int builtin_uaccess(struct udev_device *dev, int argc, char *argv[], bool test) {
  35         int r;
  36         const char *path = NULL, *seat;
  37         bool changed_acl = false;
  38         uid_t uid;
  39
  40         umask(0022);
  41
  42         /* don't muck around with ACLs when the system is not running systemd */
  43         if (!logind_running())
  44                 return 0;
  45
  46         path = udev_device_get_devnode(dev);
  47         seat = udev_device_get_property_value(dev, "ID_SEAT");
  48         if (!seat)
  49                 seat = "seat0";
  50
  51         r = sd_seat_get_active(seat, NULL, &uid);
  52         if (r == -ENXIO || r == -ENODATA) {
  53                 /* No active session on this seat */
  54                 r = 0;
  55                 goto finish;
  56         } else if (r < 0) {
  57                 log_error("Failed to determine active user on seat %s.", seat);
  58                 goto finish;
  59         }
  60
  61         r = devnode_acl(path, true, false, 0, true, uid);
  62         if (r < 0) {
  63                 log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r, "Failed to apply ACL on %s: %m", path);
  64                 goto finish;
  65         }
  66
  67         changed_acl = true;
  68         r = 0;
  69
  70 finish:
  71         if (path && !changed_acl) {
  72                 int k;
  73
  74                 /* Better be safe than sorry and reset ACL */
  75                 k = devnode_acl(path, true, false, 0, false, 0);
  76                 if (k < 0) {
  77                         log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, k, "Failed to apply ACL on %s: %m", path);
  78                         if (r >= 0)
  79                                 r = k;
  80                 }
  81         }
  82
  83         return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
  84 }
  85
  86 const struct udev_builtin udev_builtin_uaccess = {
  87         .name = "uaccess",
  88         .cmd = builtin_uaccess,
  89         .help = "Manage device node user ACL",
  90 };