-
- free(c->parameter);
- free(c);
-}
-
-void condition_free_list(Condition *first) {
- Condition *c, *n;
-
- LIST_FOREACH_SAFE(conditions, c, n, first)
- condition_free(c);
-}
-
-static bool test_kernel_command_line(const char *parameter) {
- char *line, *w, *state, *word = NULL;
- bool equal;
- int r;
- size_t l, pl;
- bool found = false;
-
- assert(parameter);
-
- r = proc_cmdline(&line);
- if (r < 0)
- log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
- if (r <= 0)
- return false;
-
- equal = !!strchr(parameter, '=');
- pl = strlen(parameter);
-
- FOREACH_WORD_QUOTED(w, l, line, state) {
-
- free(word);
- word = strndup(w, l);
- if (!word)
- break;
-
- if (equal) {
- if (streq(word, parameter)) {
- found = true;
- break;
- }
- } else {
- if (startswith(word, parameter) && (word[pl] == '=' || word[pl] == 0)) {
- found = true;
- break;
- }
- }
-
- }
-
- free(word);
- free(line);
-
- return found;
-}
-
-static bool test_virtualization(const char *parameter) {
- int b;
- Virtualization v;
- const char *id;
-
- assert(parameter);
-
- v = detect_virtualization(&id);
- if (v < 0) {
- log_warning("Failed to detect virtualization, ignoring: %s", strerror(-v));
- return false;
- }
-
- /* First, compare with yes/no */
- b = parse_boolean(parameter);
-
- if (v > 0 && b > 0)
- return true;
-
- if (v == 0 && b == 0)
- return true;
-
- /* Then, compare categorization */
- if (v == VIRTUALIZATION_VM && streq(parameter, "vm"))
- return true;
-
- if (v == VIRTUALIZATION_CONTAINER && streq(parameter, "container"))
- return true;
-
- /* Finally compare id */
- return v > 0 && streq(parameter, id);
-}
-
-static bool test_security(const char *parameter) {
- if (streq(parameter, "selinux"))
- return use_selinux();
- if (streq(parameter, "apparmor"))
- return use_apparmor();
- if (streq(parameter, "ima"))
- return use_ima();
- if (streq(parameter, "smack"))
- return use_smack();
- return false;
+ assert(c->parameter);
+ assert(c->type == CONDITION_SECURITY);
+
+ if (streq(c->parameter, "selinux"))
+ return mac_selinux_use() == !c->negate;
+ if (streq(c->parameter, "smack"))
+ return mac_smack_use() == !c->negate;
+ if (streq(c->parameter, "apparmor"))
+ return mac_apparmor_use() == !c->negate;
+ if (streq(c->parameter, "ima"))
+ return use_ima() == !c->negate;
+
+ return c->negate;