#include "apparmor-util.h"
#include "ima-util.h"
#include "selinux-util.h"
+#include "audit.h"
static bool condition_test_security(Condition *c) {
assert(c);
assert(c->type == CONDITION_SECURITY);
if (streq(c->parameter, "selinux"))
- return use_selinux() == !c->negate;
+ return mac_selinux_use() == !c->negate;
+ if (streq(c->parameter, "smack"))
+ return mac_smack_use() == !c->negate;
if (streq(c->parameter, "apparmor"))
- return use_apparmor() == !c->negate;
+ return mac_apparmor_use() == !c->negate;
+ if (streq(c->parameter, "audit"))
+ return use_audit() == !c->negate;
if (streq(c->parameter, "ima"))
return use_ima() == !c->negate;
- if (streq(c->parameter, "smack"))
- return use_smack() == !c->negate;
return c->negate;
}
(usr.st_mtim.tv_sec == other.st_mtim.tv_sec && usr.st_mtim.tv_nsec > other.st_mtim.tv_nsec)) == !c->negate;
}
+static bool condition_test_first_boot(Condition *c) {
+ int r;
+
+ assert(c);
+ assert(c->parameter);
+ assert(c->type == CONDITION_FIRST_BOOT);
+
+ r = parse_boolean(c->parameter);
+ if (r < 0)
+ return c->negate;
+
+ return ((access("/run/systemd/first-boot", F_OK) >= 0) == !!r) == !c->negate;
+}
+
static bool condition_test(Condition *c) {
assert(c);
case CONDITION_NEEDS_UPDATE:
return condition_test_needs_update(c);
+ case CONDITION_FIRST_BOOT:
+ return condition_test_first_boot(c);
+
case CONDITION_NULL:
return !c->negate;
~ianmdlvl / elogind.git / blobdiff