static int device_monitor_handler(sd_device_monitor *monitor, sd_device *device, void *userdata) {
const char *action = NULL, *devpath = NULL, *subsystem = NULL;
MonitorNetlinkGroup group = PTR_TO_INT(userdata);
struct timespec ts;
assert(device);
assert(IN_SET(group, MONITOR_GROUP_UDEV, MONITOR_GROUP_KERNEL));
(void) sd_device_get_property_value(device, "ACTION", &action);
(void) sd_device_get_devpath(device, &devpath);
(void) sd_device_get_subsystem(device, &subsystem);
assert_se(clock_gettime(CLOCK_MONOTONIC, &ts) == 0);
printf("%-6s[%"PRI_TIME".%06"PRI_NSEC"] %-8s %s (%s)\n",
group == MONITOR_GROUP_UDEV ? "UDEV" : "KERNEL",
ts.tv_sec, (nsec_t)ts.tv_nsec/1000,
action, devpath, subsystem);
if (arg_show_property) {
const char *key, *value;
FOREACH_DEVICE_PROPERTY(device, key, value)
printf("%s=%s\n", key, value);
printf("\n");
}
return 0;
}
/**
* udev_device_get_subsystem:
* @udev_device: udev device
*
* Retrieve the subsystem string of the udev device. The string does not
* contain any "/".
*
* Returns: the subsystem name of the udev device, or #NULL if it can not be determined
**/
_public_ const char *udev_device_get_subsystem(struct udev_device *udev_device)
{
const char *subsystem;
int r;
assert_return_errno(udev_device, NULL, EINVAL);
r = sd_device_get_subsystem(udev_device->device, &subsystem);
if (r < 0) {
errno = -r;
return NULL;
} else if (!subsystem)
errno = ENODATA;
return subsystem;
}
static int node_permissions_apply(sd_device *dev, bool apply,
mode_t mode, uid_t uid, gid_t gid,
Hashmap *seclabel_list) {
const char *devnode, *subsystem, *id_filename = NULL;
struct stat stats;
dev_t devnum;
int r = 0;
assert(dev);
r = sd_device_get_devname(dev, &devnode);
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to get devname: %m");
r = sd_device_get_subsystem(dev, &subsystem);
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to get subsystem: %m");
r = sd_device_get_devnum(dev, &devnum);
if (r < 0)
return log_device_debug_errno(dev, r, "Failed to get devnum: %m");
(void) device_get_id_filename(dev, &id_filename);
if (streq(subsystem, "block"))
mode |= S_IFBLK;
else
mode |= S_IFCHR;
if (lstat(devnode, &stats) < 0)
return log_device_debug_errno(dev, errno, "cannot stat() node '%s' (%m)", devnode);
if (((stats.st_mode & S_IFMT) != (mode & S_IFMT)) || (stats.st_rdev != devnum))
return log_device_debug_errno(dev, EEXIST, "Found node '%s' with non-matching devnum %s, skip handling",
devnode, id_filename);
if (apply) {
bool selinux = false, smack = false;
const char *name, *label;
Iterator i;
if ((stats.st_mode & 0777) != (mode & 0777) || stats.st_uid != uid || stats.st_gid != gid) {
log_device_debug(dev, "Setting permissions %s, %#o, uid=%u, gid=%u", devnode, mode, uid, gid);
if (chmod(devnode, mode) < 0)
r = log_device_warning_errno(dev, errno, "Failed to set mode of %s to %#o: %m", devnode, mode);
if (chown(devnode, uid, gid) < 0)
r = log_device_warning_errno(dev, errno, "Failed to set owner of %s to uid=%u, gid=%u: %m", devnode, uid, gid);
} else
log_device_debug(dev, "Preserve permissions of %s, %#o, uid=%u, gid=%u", devnode, mode, uid, gid);
/* apply SECLABEL{$module}=$label */
HASHMAP_FOREACH_KEY(label, name, seclabel_list, i) {
int q;
if (streq(name, "selinux")) {
selinux = true;
q = mac_selinux_apply(devnode, label);
if (q < 0)
log_device_error_errno(dev, q, "SECLABEL: failed to set SELinux label '%s': %m", label);
else
log_device_debug(dev, "SECLABEL: set SELinux label '%s'", label);
} else if (streq(name, "smack")) {
smack = true;
q = mac_smack_apply(devnode, SMACK_ATTR_ACCESS, label);
if (q < 0)
log_device_error_errno(dev, q, "SECLABEL: failed to set SMACK label '%s': %m", label);
else
log_device_debug(dev, "SECLABEL: set SMACK label '%s'", label);
} else
log_device_error(dev, "SECLABEL: unknown subsystem, ignoring '%s'='%s'", name, label);
}
/* set the defaults */
if (!selinux)
(void) mac_selinux_fix(devnode, LABEL_IGNORE_ENOENT);
if (!smack)
(void) mac_smack_apply(devnode, SMACK_ATTR_ACCESS, NULL);
}
