logind: only apply ACLs for device currently tagged with "uaccess"

This is about security, hence let's be particularly careful here: only devices currenlty tagged with "uaccess" will get ACL management, and it's not sufficient if they once were (though that is used for filtering).
2018-12-13 18:35:06 +01:00 · 2018-12-13 18:35:06 +01:00 · fccb48b286
parent 242c1c075a
commit fccb48b286
1 changed files with 4 additions and 0 deletions
--- a/src/login/logind-acl.c
+++ b/src/login/logind-acl.c
@ -195,6 +195,10 @@ int devnode_acl_all(const char *seat,
        FOREACH_DEVICE(e, d) {
                const char *node, *sn;

+                /* Make sure the tag is still in place */
+                if (sd_device_has_current_tag(d, "uaccess") <= 0)
+                        continue;
+
                if (sd_device_get_property_value(d, "ID_SEAT", &sn) < 0 || isempty(sn))
                        sn = "seat0";