core: rework how we validate DeviceAllow= settings

[elogind.git] / src / basic / path-util.c

diff --git a/src/basic/path-util.c b/src/basic/path-util.c
index 422543140dcd14c4e74666df4a02652ce2ad4782..ed6d0f1121dbb08572b7c869c9e0ec02e3822e05 100644 (file)
--- a/src/basic/path-util.c
+++ b/src/basic/path-util.c
@@ -902,10 +902,31 @@ bool is_device_path(const char *path) {
                path_startswith(path, "/sys/");
 }
 
-bool is_deviceallow_pattern(const char *path) {
-        return path_startswith(path, "/dev/") ||
-               startswith(path, "block-") ||
-               startswith(path, "char-");
+bool valid_device_node_path(const char *path) {
+
+        /* Some superficial checks whether the specified path is a valid device node path, all without looking at the
+         * actual device node. */
+
+        if (!PATH_STARTSWITH_SET(path, "/dev/", "/run/systemd/inaccessible/"))
+                return false;
+
+        if (endswith(path, "/")) /* can't be a device node if it ends in a slash */
+                return false;
+
+        return path_is_normalized(path);
+}
+
+bool valid_device_allow_pattern(const char *path) {
+        assert(path);
+
+        /* Like valid_device_node_path(), but also allows full-subsystem expressions, like DeviceAllow= and DeviceDeny=
+         * accept it */
+
+        if (startswith(path, "block-") ||
+            startswith(path, "char-"))
+                return true;
+
+        return valid_device_node_path(path);
 }
 
 int systemd_installation_has_version(const char *root, unsigned minimal_version) {