morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 08:25:20 +09:00
Code Issues Packages Projects Releases Wiki Activity

udev: move devnode_acl() back to libshared

Browse Source 
This effectively reverts 1abb592f2f.
No functional change, preparation for the next commit.
This commit is contained in:
Yu Watanabe
2025-09-23 09:56:09 +09:00
parent 64376936c7
commit 41c4a69653
3 changed files with 100 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
src/shared/acl-util.c
View File

@@ -6,12 +6,106 @@
#include "alloc-util.h"
#include "errno-util.h"
#include "extract-word.h"
#include "fd-util.h"
#include "string-util.h"
#include "strv.h"
#include "user-util.h"
#if HAVE_ACL
int devnode_acl(int fd, uid_t uid) {
bool changed = false, found = false;
int r;
assert(fd >= 0);
_cleanup_(acl_freep) acl_t acl = NULL;
acl = acl_get_file(FORMAT_PROC_FD_PATH(fd), ACL_TYPE_ACCESS);
if (!acl)
return -errno;
acl_entry_t entry;
for (r = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry);
r > 0;
r = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry)) {
acl_tag_t tag;
if (acl_get_tag_type(entry, &tag) < 0)
return -errno;
if (tag != ACL_USER)
continue;
if (uid > 0) {
uid_t *u = acl_get_qualifier(entry);
if (!u)
return -errno;
if (*u == uid) {
acl_permset_t permset;
if (acl_get_permset(entry, &permset) < 0)
return -errno;
int rd = acl_get_perm(permset, ACL_READ);
if (rd < 0)
return -errno;
int wt = acl_get_perm(permset, ACL_WRITE);
if (wt < 0)
return -errno;
if (!rd || !wt) {
if (acl_add_perm(permset, ACL_READ|ACL_WRITE) < 0)
return -errno;
changed = true;
}
found = true;
continue;
}
}
if (acl_delete_entry(acl, entry) < 0)
return -errno;
changed = true;
}
if (r < 0)
return -errno;
if (!found && uid > 0) {
if (acl_create_entry(&acl, &entry) < 0)
return -errno;
if (acl_set_tag_type(entry, ACL_USER) < 0)
return -errno;
if (acl_set_qualifier(entry, &uid) < 0)
return -errno;
acl_permset_t permset;
if (acl_get_permset(entry, &permset) < 0)
return -errno;
if (acl_add_perm(permset, ACL_READ|ACL_WRITE) < 0)
return -errno;
changed = true;
}
if (!changed)
return 0;
if (acl_calc_mask(&acl) < 0)
return -errno;
if (acl_set_file(FORMAT_PROC_FD_PATH(fd), ACL_TYPE_ACCESS, acl) < 0)
return -errno;
return 0;
}
static int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *ret_entry) {
acl_entry_t i;
int r;

6
src/shared/acl-util.h
View File

@@ -10,6 +10,8 @@ int fd_acl_make_writable_fallback(int fd);
#include <acl/libacl.h> /* IWYU pragma: export */
#include <sys/acl.h> /* IWYU pragma: export */
int devnode_acl(int fd, uid_t uid);
int calc_acl_mask_if_needed(acl_t *acl_p);
int add_base_acls_if_needed(acl_t *acl_p, const char *path);
int acl_search_groups(const char* path, char ***ret_groups);
@@ -40,6 +42,10 @@ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(gid_t*, acl_free_gid_tp, NULL);
#define ACL_WRITE 0x02
#define ACL_EXECUTE 0x01
static inline int devnode_acl(int fd, uid_t uid) {
return -EOPNOTSUPP;
}
static inline int fd_add_uid_acl_permission(int fd, uid_t uid, unsigned mask) {
return -EOPNOTSUPP;
}

96
src/udev/udev-builtin-uaccess.c
View File

@@ -1,7 +1,4 @@
/* SPDX-License-Identifier: GPL-2.0-or-later */
/*
* manage device node user ACL
*/
#include "sd-login.h"
@@ -12,99 +9,6 @@
#include "login-util.h"
#include "udev-builtin.h"
static int devnode_acl(int fd, uid_t uid) {
bool changed = false, found = false;
int r;
assert(fd >= 0);
_cleanup_(acl_freep) acl_t acl = NULL;
acl = acl_get_file(FORMAT_PROC_FD_PATH(fd), ACL_TYPE_ACCESS);
if (!acl)
return -errno;
acl_entry_t entry;
for (r = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry);
r > 0;
r = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry)) {
acl_tag_t tag;
if (acl_get_tag_type(entry, &tag) < 0)
return -errno;
if (tag != ACL_USER)
continue;
if (uid > 0) {
uid_t *u = acl_get_qualifier(entry);
if (!u)
return -errno;
if (*u == uid) {
acl_permset_t permset;
if (acl_get_permset(entry, &permset) < 0)
return -errno;
int rd = acl_get_perm(permset, ACL_READ);
if (rd < 0)
return -errno;
int wt = acl_get_perm(permset, ACL_WRITE);
if (wt < 0)
return -errno;
if (!rd || !wt) {
if (acl_add_perm(permset, ACL_READ|ACL_WRITE) < 0)
return -errno;
changed = true;
}
found = true;
continue;
}
}
if (acl_delete_entry(acl, entry) < 0)
return -errno;
changed = true;
}
if (r < 0)
return -errno;
if (!found && uid > 0) {
if (acl_create_entry(&acl, &entry) < 0)
return -errno;
if (acl_set_tag_type(entry, ACL_USER) < 0)
return -errno;
if (acl_set_qualifier(entry, &uid) < 0)
return -errno;
acl_permset_t permset;
if (acl_get_permset(entry, &permset) < 0)
return -errno;
if (acl_add_perm(permset, ACL_READ|ACL_WRITE) < 0)
return -errno;
changed = true;
}
if (!changed)
return 0;
if (acl_calc_mask(&acl) < 0)
return -errno;
if (acl_set_file(FORMAT_PROC_FD_PATH(fd), ACL_TYPE_ACCESS, acl) < 0)
return -errno;
return 0;
}
static int builtin_uaccess(UdevEvent *event, int argc, char *argv[]) {
sd_device *dev = ASSERT_PTR(ASSERT_PTR(event)->dev);
int r, k;