-
- free(c->parameter);
- free(c);
-}
-
-void condition_free_list(Condition *first) {
- Condition *c, *n;
-
- LIST_FOREACH_SAFE(conditions, c, n, first)
- condition_free(c);
-}
-
-static bool test_kernel_command_line(const char *parameter) {
- char *line, *w, *state, *word = NULL;
- bool equal;
- int r;
- size_t l, pl;
- bool found = false;
-
- assert(parameter);
-
- if (detect_container(NULL) > 0)
- return false;
-
- r = read_one_line_file("/proc/cmdline", &line);
- if (r < 0) {
- log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
- return false;
- }
-
- equal = !!strchr(parameter, '=');
- pl = strlen(parameter);
-
- FOREACH_WORD_QUOTED(w, l, line, state) {
-
- free(word);
- word = strndup(w, l);
- if (!word)
- break;
-
- if (equal) {
- if (streq(word, parameter)) {
- found = true;
- break;
- }
- } else {
- if (startswith(word, parameter) && (word[pl] == '=' || word[pl] == 0)) {
- found = true;
- break;
- }
- }
-
- }
-
- free(word);
- free(line);
-
- return found;
-}
-
-static bool test_virtualization(const char *parameter) {
- int b;
- Virtualization v;
- const char *id;
-
- assert(parameter);
-
- v = detect_virtualization(&id);
- if (v < 0) {
- log_warning("Failed to detect virtualization, ignoring: %s", strerror(-v));
- return false;
- }
-
- /* First, compare with yes/no */
- b = parse_boolean(parameter);
-
- if (v > 0 && b > 0)
- return true;
-
- if (v == 0 && b == 0)
- return true;
-
- /* Then, compare categorization */
- if (v == VIRTUALIZATION_VM && streq(parameter, "vm"))
- return true;
-
- if (v == VIRTUALIZATION_CONTAINER && streq(parameter, "container"))
- return true;
-
- /* Finally compare id */
- return v > 0 && streq(parameter, id);
-}
-
-static bool test_security(const char *parameter) {
-#ifdef HAVE_SELINUX
- if (streq(parameter, "selinux"))
- return is_selinux_enabled() > 0;
-#endif
- return false;
+ assert(c->parameter);
+ assert(c->type == CONDITION_SECURITY);
+
+ if (streq(c->parameter, "selinux"))
+ return use_selinux() == !c->negate;
+ if (streq(c->parameter, "apparmor"))
+ return use_apparmor() == !c->negate;
+ if (streq(c->parameter, "ima"))
+ return use_ima() == !c->negate;
+ if (streq(c->parameter, "smack"))
+ return use_smack() == !c->negate;
+ return c->negate;