condition.c revision 592fd144ae313855f48d0ca52a103013b41e5d59
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
Copyright 2010 Lennart Poettering
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>
#include <sys/capability.h>
#include <fnmatch.h>
#include "sd-id128.h"
#include "util.h"
#include "condition.h"
#include "virt.h"
#include "path-util.h"
#include "fileio.h"
#include "unit.h"
#include "smack-util.h"
#include "apparmor-util.h"
#include "ima-util.h"
#include "selinux-util.h"
#include "audit.h"
static int condition_test_security(Condition *c) {
assert(c);
return mac_selinux_use() == !c->negate;
return mac_smack_use() == !c->negate;
return mac_apparmor_use() == !c->negate;
return c->negate;
}
static int condition_test_capability(Condition *c) {
unsigned long long capabilities = -1;
assert(c);
/* If it's an invalid capability, we don't have it */
return -EINVAL;
/* If it's a valid capability we default to assume
* that we have it */
if (!f)
return -errno;
break;
}
}
}
static bool condition_test_needs_update(Condition *c) {
const char *p;
assert(c);
/* If the file system is read-only we shouldn't suggest an update */
if (path_is_read_only_fs(c->parameter) > 0)
return c->negate;
/* Any other failure means we should allow the condition to be true,
* so that we rather invoke too many update tools then too
* few. */
if (!path_is_absolute(c->parameter))
return !c->negate;
return !c->negate;
return !c->negate;
(usr.st_mtim.tv_sec == other.st_mtim.tv_sec && usr.st_mtim.tv_nsec > other.st_mtim.tv_nsec)) == !c->negate;
}
static bool condition_test_first_boot(Condition *c) {
int r;
assert(c);
r = parse_boolean(c->parameter);
if (r < 0)
return r;
}
static int condition_test(Condition *c) {
assert(c);
switch(c->type) {
case CONDITION_PATH_EXISTS:
case CONDITION_PATH_IS_DIRECTORY: {
return c->negate;
}
case CONDITION_PATH_IS_SYMBOLIC_LINK: {
return c->negate;
}
case CONDITION_DIRECTORY_NOT_EMPTY: {
int k;
k = dir_is_empty(c->parameter);
}
case CONDITION_FILE_NOT_EMPTY: {
return c->negate;
}
case CONDITION_FILE_IS_EXECUTABLE: {
return c->negate;
}
return condition_test_kernel_command_line(c);
case CONDITION_VIRTUALIZATION:
return condition_test_virtualization(c);
case CONDITION_SECURITY:
return condition_test_security(c);
case CONDITION_CAPABILITY:
return condition_test_capability(c);
case CONDITION_HOST:
return condition_test_host(c);
case CONDITION_AC_POWER:
return condition_test_ac_power(c);
case CONDITION_ARCHITECTURE:
return condition_test_architecture(c);
case CONDITION_NEEDS_UPDATE:
return condition_test_needs_update(c);
case CONDITION_FIRST_BOOT:
return condition_test_first_boot(c);
case CONDITION_NULL:
return !c->negate;
default:
assert_not_reached("Invalid condition type.");
}
}
Condition *c;
int triggered = -1;
/* If the condition list is empty, then it is true */
if (!first)
return true;
/* Otherwise, if all of the non-trigger conditions apply and
* if any of the trigger conditions apply (unless there are
* none) we return true */
int r;
r = condition_test(c);
if (r < 0)
"Couldn't determine result for %s=%s%s%s for %s, assuming failed: %s",
c->parameter,
unit,
strerror(-r));
else
"%s=%s%s%s %s for %s.",
c->parameter,
r > 0 ? "succeeded" : "failed",
unit);
if (!c->trigger && r <= 0)
return false;
triggered = r > 0;
}
return triggered != 0;
}