diff options
Diffstat (limited to 'udev')
-rw-r--r-- | udev/udev-node.c | 25 | ||||
-rw-r--r-- | udev/udev-rules.c | 141 | ||||
-rw-r--r-- | udev/udev.h | 15 | ||||
-rw-r--r-- | udev/udevd.c | 115 |
4 files changed, 229 insertions, 67 deletions
diff --git a/udev/udev-node.c b/udev/udev-node.c index d55700d70f..8339eb732f 100644 --- a/udev/udev-node.c +++ b/udev/udev-node.c @@ -72,22 +72,22 @@ int udev_node_mknod(struct udev_device *dev, const char *file, mode_t mode, uid_ err = mknod(file_tmp, mode, devnum); udev_selinux_resetfscreatecon(udev); if (err != 0) { - err(udev, "mknod(%s, %#o, %u, %u) failed: %m\n", - file_tmp, mode, major(devnum), minor(devnum)); + err(udev, "mknod '%s' %u:%u %#o failed: %m\n", + file_tmp, major(devnum), minor(devnum), mode); goto exit; } err = rename(file_tmp, file); if (err != 0) { - err(udev, "rename(%s, %s) failed: %m\n", file_tmp, file); + err(udev, "rename '%s' '%s' failed: %m\n", file_tmp, file); unlink(file_tmp); goto exit; } - info(udev, "set permissions %s, %#o, uid=%u, gid=%u\n", file, mode, uid, gid); + info(udev, "set permissions '%s' %#o uid=%u gid=%u\n", file, mode, uid, gid); chmod(file, mode); chown(file, uid, gid); } } else { - info(udev, "mknod(%s, %#o, (%u,%u))\n", file, mode, major(devnum), minor(devnum)); + info(udev, "mknod '%s' %u:%u %#o\n", file, major(devnum), minor(devnum), mode); do { err = util_create_path(udev, file); if (err != 0 && err != -ENOENT) @@ -99,8 +99,8 @@ int udev_node_mknod(struct udev_device *dev, const char *file, mode_t mode, uid_ udev_selinux_resetfscreatecon(udev); } while (err == -ENOENT); if (err != 0) - err(udev, "mknod(%s, %#o, (%u,%u) failed: %m\n", file, mode, major(devnum), minor(devnum)); - info(udev, "set permissions %s, %#o, uid=%u, gid=%u\n", file, mode, uid, gid); + err(udev, "mknod '%s' %u:%u %#o' failed: %m\n", file, major(devnum), minor(devnum), mode); + info(udev, "set permissions '%s' %#o uid=%u gid=%u\n", file, mode, uid, gid); chmod(file, mode); chown(file, uid, gid); } @@ -204,12 +204,12 @@ static int node_symlink(struct udev *udev, const char *node, const char *slink) udev_selinux_resetfscreatecon(udev); } while (err == -ENOENT); if (err != 0) { - err(udev, "symlink(%s, %s) failed: %m\n", target, slink_tmp); + err(udev, "symlink '%s' '%s' failed: %m\n", target, slink_tmp); goto exit; } err = rename(slink_tmp, slink); if (err != 0) { - err(udev, "rename(%s, %s) failed: %m\n", slink_tmp, slink); + err(udev, "rename '%s' '%s' failed: %m\n", slink_tmp, slink); unlink(slink_tmp); } exit: @@ -396,7 +396,6 @@ int udev_node_remove(struct udev_device *dev) const char *devnode; struct stat stats; struct udev_device *dev_check; - char filename[UTIL_PATH_SIZE]; int err = 0; /* remove/update symlinks, remove symlinks from name index */ @@ -426,12 +425,6 @@ int udev_node_remove(struct udev_device *dev) goto out; } - util_strscpyl(filename, sizeof(filename), LIBEXECDIR "/devices", &devnode[strlen(udev_get_dev_path(udev))], NULL); - if (stat(filename, &stats) == 0 && stats.st_rdev == udev_device_get_devnum(dev)) { - info(udev, "static device entry found '%s', skip removal\n", devnode); - goto out; - } - info(udev, "removing device node '%s'\n", devnode); err = util_unlink_secure(udev, devnode); util_delete_path(udev, devnode); diff --git a/udev/udev-rules.c b/udev/udev-rules.c index 8fc804a3c2..5dcd760c55 100644 --- a/udev/udev-rules.c +++ b/udev/udev-rules.c @@ -157,6 +157,7 @@ enum token_type { TK_A_OWNER_ID, /* uid_t */ TK_A_GROUP_ID, /* gid_t */ TK_A_MODE_ID, /* mode_t */ + TK_A_STATIC_NODE, /* val */ TK_A_ENV, /* val, attr */ TK_A_TAG, /* val */ TK_A_NAME, /* val */ @@ -172,10 +173,12 @@ enum token_type { /* we try to pack stuff in a way that we take only 12 bytes per token */ struct token { union { - unsigned char type; /* same as in rule and key */ + unsigned char type; /* same in rule and key */ struct { enum token_type type:8; - unsigned int flags:8; + bool can_set_name:1; + bool has_static_node:1; + unsigned int unused:6; unsigned short token_count; unsigned int label_off; unsigned short filename_off; @@ -286,6 +289,7 @@ static const char *token_str(enum token_type type) [TK_A_MODE] = "A MODE", [TK_A_OWNER_ID] = "A OWNER_ID", [TK_A_GROUP_ID] = "A GROUP_ID", + [TK_A_STATIC_NODE] = "A STATIC_NODE", [TK_A_MODE_ID] = "A MODE_ID", [TK_A_ENV] = "A ENV", [TK_A_TAG] = "A ENV", @@ -374,7 +378,7 @@ static void dump_token(struct udev_rules *rules, struct token *token) dbg(rules->udev, "%s %u\n", token_str(type), token->key.watch); break; case TK_A_DEVLINK_PRIO: - dbg(rules->udev, "%s %s %u\n", token_str(type), operation_str(op), token->key.devlink_prio); + dbg(rules->udev, "%s %u\n", token_str(type), token->key.devlink_prio); break; case TK_A_OWNER_ID: dbg(rules->udev, "%s %s %u\n", token_str(type), operation_str(op), token->key.uid); @@ -385,8 +389,11 @@ static void dump_token(struct udev_rules *rules, struct token *token) case TK_A_MODE_ID: dbg(rules->udev, "%s %s %#o\n", token_str(type), operation_str(op), token->key.mode); break; + case TK_A_STATIC_NODE: + dbg(rules->udev, "%s '%s'\n", token_str(type), value); + break; case TK_A_EVENT_TIMEOUT: - dbg(rules->udev, "%s %s %u\n", token_str(type), operation_str(op), token->key.event_timeout); + dbg(rules->udev, "%s %u\n", token_str(type), token->key.event_timeout); break; case TK_A_GOTO: dbg(rules->udev, "%s '%s' %u\n", token_str(type), value, token->key.rule_goto); @@ -834,7 +841,7 @@ static int wait_for_file(struct udev_device *dev, const char *file, int timeout) static int attr_subst_subdir(char *attr, size_t len) { - int found = 0; + bool found = false; if (strstr(attr, "/*/")) { char *pos; @@ -859,7 +866,7 @@ static int attr_subst_subdir(char *attr, size_t len) continue; util_strscpyl(attr, len, dirname, "/", dent->d_name, tail, NULL); if (stat(attr, &stats) == 0) { - found = 1; + found = true; break; } } @@ -1053,6 +1060,9 @@ static int rule_add_key(struct rule_tmp *rule_tmp, enum token_type type, case TK_A_MODE_ID: token->key.mode = *(mode_t *)data; break; + case TK_A_STATIC_NODE: + token->key.value_off = add_string(rule_tmp->rules, value); + break; case TK_A_EVENT_TIMEOUT: token->key.event_timeout = *(int *)data; break; @@ -1480,7 +1490,7 @@ static int add_rule(struct udev_rules *rules, char *line, } rule_add_key(&rule_tmp, TK_A_NAME, op, value, NULL); } - rule_tmp.rule.rule.flags = 1; + rule_tmp.rule.rule.can_set_name = true; continue; } @@ -1495,7 +1505,7 @@ static int add_rule(struct udev_rules *rules, char *line, flag = 1; rule_add_key(&rule_tmp, TK_A_DEVLINK, op, value, &flag); } - rule_tmp.rule.rule.flags = 1; + rule_tmp.rule.rule.can_set_name = true; continue; } @@ -1512,7 +1522,7 @@ static int add_rule(struct udev_rules *rules, char *line, } else if (rules->resolve_names >= 0) { rule_add_key(&rule_tmp, TK_A_OWNER, op, value, NULL); } - rule_tmp.rule.rule.flags = 1; + rule_tmp.rule.rule.can_set_name = true; continue; } @@ -1529,7 +1539,7 @@ static int add_rule(struct udev_rules *rules, char *line, } else if (rules->resolve_names >= 0) { rule_add_key(&rule_tmp, TK_A_GROUP, op, value, NULL); } - rule_tmp.rule.rule.flags = 1; + rule_tmp.rule.rule.can_set_name = true; continue; } @@ -1542,7 +1552,7 @@ static int add_rule(struct udev_rules *rules, char *line, rule_add_key(&rule_tmp, TK_A_MODE_ID, op, NULL, &mode); else rule_add_key(&rule_tmp, TK_A_MODE, op, value, NULL); - rule_tmp.rule.rule.flags = 1; + rule_tmp.rule.rule.can_set_name = true; continue; } @@ -1586,6 +1596,11 @@ static int add_rule(struct udev_rules *rules, char *line, dbg(rules->udev, "inotify watch of device requested\n"); } } + pos = strstr(value, "static_node="); + if (pos != NULL) { + rule_add_key(&rule_tmp, TK_A_STATIC_NODE, 0, &pos[strlen("static_node=")], NULL); + rule_tmp.rule.rule.has_static_node = true; + } continue; } err(rules->udev, "unknown key '%s' in %s:%u\n", key, filename, lineno); @@ -1907,7 +1922,7 @@ static int match_key(struct udev_rules *rules, struct token *token, const char * { char *key_value = &rules->buf[token->key.value_off]; char *pos; - int match = 0; + bool match = false; if (val == NULL) val = ""; @@ -2056,14 +2071,14 @@ int udev_rules_apply_to_event(struct udev_rules *rules, struct udev_event *event /* loop through token list, match, run actions or forward to next rule */ cur = &rules->tokens[0]; rule = cur; - while (1) { + for (;;) { dump_token(rules, cur); switch (cur->type) { case TK_RULE: /* current rule */ rule = cur; /* possibly skip rules which want to set NAME, SYMLINK, OWNER, GROUP, MODE */ - if (!can_set_name && rule->rule.flags) + if (!can_set_name && rule->rule.can_set_name) goto nomatch; esc = ESCAPE_UNSET; break; @@ -2083,14 +2098,14 @@ int udev_rules_apply_to_event(struct udev_rules *rules, struct udev_event *event { size_t devlen = strlen(udev_get_dev_path(event->udev))+1; struct udev_list_entry *list_entry; - int match = 0; + bool match = false; udev_list_entry_foreach(list_entry, udev_device_get_devlinks_list_entry(event->dev)) { const char *devlink; devlink = &udev_list_entry_get_name(list_entry)[devlen]; if (match_key(rules, cur, devlink) == 0) { - match = 1; + match = true; break; } } @@ -2348,7 +2363,7 @@ int udev_rules_apply_to_event(struct udev_rules *rules, struct udev_event *event if (event->owner_final) break; if (cur->key.op == OP_ASSIGN_FINAL) - event->owner_final = 1; + event->owner_final = true; udev_event_apply_format(event, &rules->buf[cur->key.value_off], owner, sizeof(owner)); event->uid = util_lookup_user(event->udev, owner); info(event->udev, "OWNER %u %s:%u\n", @@ -2364,7 +2379,7 @@ int udev_rules_apply_to_event(struct udev_rules *rules, struct udev_event *event if (event->group_final) break; if (cur->key.op == OP_ASSIGN_FINAL) - event->group_final = 1; + event->group_final = true; udev_event_apply_format(event, &rules->buf[cur->key.value_off], group, sizeof(group)); event->gid = util_lookup_group(event->udev, group); info(event->udev, "GROUP %u %s:%u\n", @@ -2381,12 +2396,12 @@ int udev_rules_apply_to_event(struct udev_rules *rules, struct udev_event *event if (event->mode_final) break; if (cur->key.op == OP_ASSIGN_FINAL) - event->mode_final = 1; + event->mode_final = true; udev_event_apply_format(event, &rules->buf[cur->key.value_off], mode, sizeof(mode)); event->mode = strtol(mode, &endptr, 8); if (endptr[0] != '\0') { - err(event->udev, "invalide mode '%s' set default mode 0660\n", mode); - event->mode = 0660; + err(event->udev, "invalide mode '%s' set default mode 0600\n", mode); + event->mode = 0600; } info(event->udev, "MODE %#o %s:%u\n", event->mode, @@ -2398,7 +2413,7 @@ int udev_rules_apply_to_event(struct udev_rules *rules, struct udev_event *event if (event->owner_final) break; if (cur->key.op == OP_ASSIGN_FINAL) - event->owner_final = 1; + event->owner_final = true; event->uid = cur->key.uid; info(event->udev, "OWNER %u %s:%u\n", event->uid, @@ -2409,7 +2424,7 @@ int udev_rules_apply_to_event(struct udev_rules *rules, struct udev_event *event if (event->group_final) break; if (cur->key.op == OP_ASSIGN_FINAL) - event->group_final = 1; + event->group_final = true; event->gid = cur->key.gid; info(event->udev, "GROUP %u %s:%u\n", event->gid, @@ -2420,13 +2435,15 @@ int udev_rules_apply_to_event(struct udev_rules *rules, struct udev_event *event if (event->mode_final) break; if (cur->key.op == OP_ASSIGN_FINAL) - event->mode_final = 1; + event->mode_final = true; event->mode = cur->key.mode; info(event->udev, "MODE %#o %s:%u\n", event->mode, &rules->buf[rule->rule.filename_off], rule->rule.filename_line); break; + case TK_A_STATIC_NODE: + break; case TK_A_ENV: { const char *name = &rules->buf[cur->key.attr_off]; @@ -2460,7 +2477,7 @@ int udev_rules_apply_to_event(struct udev_rules *rules, struct udev_event *event if (event->name_final) break; if (cur->key.op == OP_ASSIGN_FINAL) - event->name_final = 1; + event->name_final = true; udev_event_apply_format(event, name, name_str, sizeof(name_str)); if (esc == ESCAPE_UNSET || esc == ESCAPE_REPLACE) { count = udev_util_replace_chars(name_str, "/"); @@ -2487,7 +2504,7 @@ int udev_rules_apply_to_event(struct udev_rules *rules, struct udev_event *event if (major(udev_device_get_devnum(event->dev)) == 0) break; if (cur->key.op == OP_ASSIGN_FINAL) - event->devlink_final = 1; + event->devlink_final = true; if (cur->key.op == OP_ASSIGN || cur->key.op == OP_ASSIGN_FINAL) udev_device_cleanup_devlinks_list(event->dev); @@ -2592,3 +2609,75 @@ int udev_rules_apply_to_event(struct udev_rules *rules, struct udev_event *event (unsigned int) (cur - rules->tokens)); } } + +void udev_rules_apply_static_dev_perms(struct udev_rules *rules) +{ + struct token *cur; + struct token *rule; + uid_t uid = 0; + gid_t gid = 0; + mode_t mode = 0; + + if (rules->tokens == NULL) + return; + + cur = &rules->tokens[0]; + rule = cur; + for (;;) { + switch (cur->type) { + case TK_RULE: + /* current rule */ + rule = cur; + + /* skip rules without a static_node tag */ + if (!rule->rule.has_static_node) + goto next; + + uid = 0; + gid = 0; + mode = 0; + break; + case TK_A_OWNER_ID: + uid = cur->key.uid; + break; + case TK_A_GROUP_ID: + gid = cur->key.gid; + break; + case TK_A_MODE_ID: + mode = cur->key.mode; + break; + case TK_A_STATIC_NODE: { + char filename[UTIL_PATH_SIZE]; + struct stat stats; + /* we assure, that the permissions tokens are sorted before the static token */ + if (mode == 0 && uid == 0 && gid == 0) + goto next; + util_strscpyl(filename, sizeof(filename), udev_get_dev_path(rules->udev), "/", + &rules->buf[cur->key.value_off], NULL); + if (stat(filename, &stats) != 0) + goto next; + if (!S_ISBLK(stats.st_mode) && !S_ISCHR(stats.st_mode)) + goto next; + if (mode != 0 && mode != (stats.st_mode & 0777)) { + chmod(filename, mode); + info(rules->udev, "chmod '%s' %#o\n", filename, mode); + } + if ((uid != 0 && uid != stats.st_uid) || (gid != 0 && gid != stats.st_gid)) { + chown(filename, uid, gid); + info(rules->udev, "chown '%s' %u %u\n", filename, uid, gid); + } + utimensat(AT_FDCWD, filename, NULL, 0); + break; + } + case TK_END: + return; + } + + cur++; + continue; +next: + /* fast-forward to next rule */ + cur = rule + rule->rule.token_count; + continue; + } +} diff --git a/udev/udev.h b/udev/udev.h index b1b65c5617..4150c16af7 100644 --- a/udev/udev.h +++ b/udev/udev.h @@ -43,13 +43,13 @@ struct udev_event { uid_t uid; gid_t gid; struct udev_list_node run_list; - unsigned int group_final:1; - unsigned int owner_final:1; - unsigned int mode_final:1; - unsigned int name_final:1; - unsigned int devlink_final:1; - unsigned int run_final:1; - unsigned int inotify_watch:1; + bool group_final; + bool owner_final; + bool mode_final; + bool name_final; + bool devlink_final; + bool run_final; + bool inotify_watch; }; struct udev_watch { @@ -63,6 +63,7 @@ struct udev_rules; struct udev_rules *udev_rules_new(struct udev *udev, int resolve_names); void udev_rules_unref(struct udev_rules *rules); int udev_rules_apply_to_event(struct udev_rules *rules, struct udev_event *event); +void udev_rules_apply_static_dev_perms(struct udev_rules *rules); /* udev-event.c */ struct udev_event *udev_event_new(struct udev_device *dev); diff --git a/udev/udevd.c b/udev/udevd.c index 1bde8f4a74..ab24885309 100644 --- a/udev/udevd.c +++ b/udev/udevd.c @@ -41,6 +41,7 @@ #include <sys/stat.h> #include <sys/ioctl.h> #include <sys/inotify.h> +#include <sys/utsname.h> #include "udev.h" @@ -745,6 +746,72 @@ static void handle_signal(struct udev *udev, int signo) } } +static void static_dev_create_from_modules(struct udev *udev) +{ + struct utsname kernel; + char modules[UTIL_PATH_SIZE]; + char buf[4096]; + FILE *f; + + uname(&kernel); + util_strscpyl(modules, sizeof(modules), "/lib/modules/", kernel.release, "/modules.devname", NULL); + f = fopen(modules, "r"); + if (f == NULL) + return; + + while (fgets(buf, sizeof(buf), f) != NULL) { + char *s; + const char *modname; + const char *devname; + const char *devno; + int maj, min; + char type; + mode_t mode; + char filename[UTIL_PATH_SIZE]; + + if (buf[0] == '#') + continue; + + modname = buf; + s = strchr(modname, ' '); + if (s == NULL) + continue; + s[0] = '\0'; + + devname = &s[1]; + s = strchr(devname, ' '); + if (s == NULL) + continue; + s[0] = '\0'; + + devno = &s[1]; + s = strchr(devno, ' '); + if (s == NULL) + s = strchr(devno, '\n'); + if (s != NULL) + s[0] = '\0'; + if (sscanf(devno, "%c%u:%u", &type, &maj, &min) != 3) + continue; + + if (type == 'c') + mode = 0600 | S_IFCHR; + else if (type == 'b') + mode = 0600 | S_IFBLK; + else + continue; + + util_strscpyl(filename, sizeof(filename), udev_get_dev_path(udev), "/", devname, NULL); + util_create_path(udev, filename); + udev_selinux_setfscreatecon(udev, filename, mode); + info(udev, "mknod '%s' %c%u:%u\n", filename, type, maj, min); + if (mknod(filename, mode, makedev(maj, min)) < 0 && errno == EEXIST) + utimensat(AT_FDCWD, filename, NULL, 0); + udev_selinux_resetfscreatecon(udev); + } + + fclose(f); +} + static int copy_dir(struct udev *udev, DIR *dir_from, DIR *dir_to, int maxdepth) { struct dirent *dent; @@ -808,7 +875,7 @@ static int copy_dir(struct udev *udev, DIR *dir_from, DIR *dir_to, int maxdepth) return 0; } -static void prepare_dev(struct udev *udev) +static void static_dev_create_links(struct udev *udev, DIR *dir) { struct stdlinks { const char *link; @@ -822,28 +889,38 @@ static void prepare_dev(struct udev *udev) { "stderr", "/proc/self/fd/2" }, }; unsigned int i; - DIR *dir_from, *dir_to; - dir_to = opendir(udev_get_dev_path(udev)); - if (dir_to == NULL) - return; - - /* create standard symlinks to /proc */ for (i = 0; i < ARRAY_SIZE(stdlinks); i++) { - udev_selinux_setfscreateconat(udev, dirfd(dir_to), stdlinks[i].link, S_IFLNK); - if (symlinkat(stdlinks[i].target, dirfd(dir_to), stdlinks[i].link) < 0 && errno == EEXIST) - utimensat(dirfd(dir_to), stdlinks[i].link, NULL, AT_SYMLINK_NOFOLLOW); + udev_selinux_setfscreateconat(udev, dirfd(dir), stdlinks[i].link, S_IFLNK); + if (symlinkat(stdlinks[i].target, dirfd(dir), stdlinks[i].link) < 0 && errno == EEXIST) + utimensat(dirfd(dir), stdlinks[i].link, NULL, AT_SYMLINK_NOFOLLOW); udev_selinux_resetfscreatecon(udev); } +} + +static void static_dev_create_from_devices(struct udev *udev, DIR *dir) +{ + DIR *dir_from; - /* copy content from /lib/udev/devices to /dev */ dir_from = opendir(LIBEXECDIR "/devices"); - if (dir_from != NULL) { - copy_dir(udev, dir_from, dir_to, 8); - closedir(dir_from); - } + if (dir_from == NULL) + return; + copy_dir(udev, dir_from, dir, 8); + closedir(dir_from); +} + +static void static_dev_create(struct udev *udev) +{ + DIR *dir; - closedir(dir_to); + dir = opendir(udev_get_dev_path(udev)); + if (dir == NULL) + return; + + static_dev_create_links(udev, dir); + static_dev_create_from_devices(udev, dir); + + closedir(dir); } static int mem_size_mb(void) @@ -959,8 +1036,6 @@ int main(int argc, char *argv[]) if (write(STDERR_FILENO, 0, 0) < 0) dup2(fd, STDERR_FILENO); - prepare_dev(udev); - /* init control socket, bind() ensures, that only one udevd instance is running */ udev_ctrl = udev_ctrl_new_from_socket(udev, UDEV_CTRL_SOCK_PATH); if (udev_ctrl == NULL) { @@ -1118,6 +1193,10 @@ int main(int argc, char *argv[]) max_childs = strtoul(value, NULL, 10); info(udev, "initialize max_childs to %u\n", max_childs); + static_dev_create(udev); + static_dev_create_from_modules(udev); + udev_rules_apply_static_dev_perms(rules); + udev_list_init(&event_list); udev_list_init(&worker_list); |