[thirdparty/systemd.git] / src / shared / condition-util.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>
#include <sys/statvfs.h>
#include <fnmatch.h>

#include "sd-id128.h"
#include "util.h"
#include "condition-util.h"
#include "virt.h"
#include "path-util.h"
#include "fileio.h"
#include "unit.h"
#include "architecture.h"
#include "virt.h"
#include "smack-util.h"
#include "apparmor-util.h"
#include "ima-util.h"
#include "selinux-util.h"
#include "audit.h"

Condition* condition_new(ConditionType type, const char *parameter, bool trigger, bool negate) {
        Condition *c;
        int r;

        assert(type >= 0);
        assert(type < _CONDITION_TYPE_MAX);
        assert(!parameter == (type == CONDITION_NULL));

        c = new0(Condition, 1);
        if (!c)
                return NULL;

        c->type = type;
        c->trigger = trigger;
        c->negate = negate;

        r = free_and_strdup(&c->parameter, parameter);
        if (r < 0) {
                free(c);
                return NULL;
        }

        return c;
}

void condition_free(Condition *c) {
        assert(c);

        free(c->parameter);
        free(c);
}

void condition_free_list(Condition *first) {
        Condition *c, *n;

        LIST_FOREACH_SAFE(conditions, c, n, first)
                condition_free(c);
}

static int condition_test_kernel_command_line(Condition *c) {
        _cleanup_free_ char *line = NULL;
        const char *p;
        bool equal;
        int r;

        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_KERNEL_COMMAND_LINE);

        r = proc_cmdline(&line);
        if (r < 0)
                return r;
        if (r == 0)
                return false;

        equal = !!strchr(c->parameter, '=');
        p = line;

        for (;;) {
                _cleanup_free_ char *word = NULL;
                bool found;

                r = unquote_first_word(&p, &word);
                if (r < 0)
                        return r;
                if (r == 0)
                        break;

                if (equal)
                        found = streq(word, c->parameter);
                else {
                        const char *f;

                        f = startswith(word, c->parameter);
                        found = f && (*f == '=' || *f == 0);
                }

                if (found)
                        return true;
        }

        return false;
}

static int condition_test_virtualization(Condition *c) {
        int b, v;
        const char *id;

        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_VIRTUALIZATION);

        v = detect_virtualization(&id);
        if (v < 0)
                return v;

        /* First, compare with yes/no */
        b = parse_boolean(c->parameter);

        if (v > 0 && b > 0)
                return true;

        if (v == 0 && b == 0)
                return true;

        /* Then, compare categorization */
        if (v == VIRTUALIZATION_VM && streq(c->parameter, "vm"))
                return true;

        if (v == VIRTUALIZATION_CONTAINER && streq(c->parameter, "container"))
                return true;

        /* Finally compare id */
        return v > 0 && streq(c->parameter, id);
}

static int condition_test_architecture(Condition *c) {
        int a, b;

        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_ARCHITECTURE);

        a = uname_architecture();
        if (a < 0)
                return a;

        if (streq(c->parameter, "native"))
                b = native_architecture();
        else
                b = architecture_from_string(c->parameter);
        if (b < 0)
                return b;

        return a == b;
}

static int condition_test_host(Condition *c) {
        _cleanup_free_ char *h = NULL;
        sd_id128_t x, y;
        int r;

        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_HOST);

        if (sd_id128_from_string(c->parameter, &x) >= 0) {

                r = sd_id128_get_machine(&y);
                if (r < 0)
                        return r;

                return sd_id128_equal(x, y);
        }

        h = gethostname_malloc();
        if (!h)
                return -ENOMEM;

        return fnmatch(c->parameter, h, FNM_CASEFOLD) == 0;
}

static int condition_test_ac_power(Condition *c) {
        int r;

        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_AC_POWER);

        r = parse_boolean(c->parameter);
        if (r < 0)
                return r;

        return (on_ac_power() != 0) == !!r;
}

static int condition_test_security(Condition *c) {
        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_SECURITY);

        if (streq(c->parameter, "selinux"))
                return mac_selinux_use();
        if (streq(c->parameter, "smack"))
                return mac_smack_use();
        if (streq(c->parameter, "apparmor"))
                return mac_apparmor_use();
        if (streq(c->parameter, "audit"))
                return use_audit();
        if (streq(c->parameter, "ima"))
                return use_ima();

        return false;
}

static int condition_test_capability(Condition *c) {
        _cleanup_fclose_ FILE *f = NULL;
        cap_value_t value;
        char line[LINE_MAX];
        unsigned long long capabilities = -1;

        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_CAPABILITY);

        /* If it's an invalid capability, we don't have it */

        if (cap_from_name(c->parameter, &value) < 0)
                return -EINVAL;

        /* If it's a valid capability we default to assume
         * that we have it */

        f = fopen("/proc/self/status", "re");
        if (!f)
                return -errno;

        while (fgets(line, sizeof(line), f)) {
                truncate_nl(line);

                if (startswith(line, "CapBnd:")) {
                        (void) sscanf(line+7, "%llx", &capabilities);
                        break;
                }
        }

        return !!(capabilities & (1ULL << value));
}

static int condition_test_needs_update(Condition *c) {
        const char *p;
        struct stat usr, other;

        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_NEEDS_UPDATE);

        /* If the file system is read-only we shouldn't suggest an update */
        if (path_is_read_only_fs(c->parameter) > 0)
                return false;

        /* Any other failure means we should allow the condition to be true,
         * so that we rather invoke too many update tools then too
         * few. */

        if (!path_is_absolute(c->parameter))
                return true;

        p = strappenda(c->parameter, "/.updated");
        if (lstat(p, &other) < 0)
                return true;

        if (lstat("/usr/", &usr) < 0)
                return true;

        return usr.st_mtim.tv_sec > other.st_mtim.tv_sec ||
                (usr.st_mtim.tv_sec == other.st_mtim.tv_sec && usr.st_mtim.tv_nsec > other.st_mtim.tv_nsec);
}

static int condition_test_first_boot(Condition *c) {
        int r;

        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_FIRST_BOOT);

        r = parse_boolean(c->parameter);
        if (r < 0)
                return r;

        return (access("/run/systemd/first-boot", F_OK) >= 0) == !!r;
}

static int condition_test_path_exists(Condition *c) {
        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_PATH_EXISTS);

        return access(c->parameter, F_OK) >= 0;
}

static int condition_test_path_exists_glob(Condition *c) {
        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_PATH_EXISTS_GLOB);

        return glob_exists(c->parameter) > 0;
}

static int condition_test_path_is_directory(Condition *c) {
        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_PATH_IS_DIRECTORY);

        return is_dir(c->parameter, true) > 0;
}

static int condition_test_path_is_symbolic_link(Condition *c) {
        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_PATH_IS_SYMBOLIC_LINK);

        return is_symlink(c->parameter) > 0;
}

static int condition_test_path_is_mount_point(Condition *c) {
        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_PATH_IS_MOUNT_POINT);

        return path_is_mount_point(c->parameter, true) > 0;
}

static int condition_test_path_is_read_write(Condition *c) {
        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_PATH_IS_READ_WRITE);

        return path_is_read_only_fs(c->parameter) <= 0;
}

static int condition_test_directory_not_empty(Condition *c) {
        int r;

        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_DIRECTORY_NOT_EMPTY);

        r = dir_is_empty(c->parameter);
        return r <= 0 && r != -ENOENT;
}

static int condition_test_file_not_empty(Condition *c) {
        struct stat st;

        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_FILE_NOT_EMPTY);

        return (stat(c->parameter, &st) >= 0 &&
                S_ISREG(st.st_mode) &&
                st.st_size > 0);
}

static int condition_test_file_is_executable(Condition *c) {
        struct stat st;

        assert(c);
        assert(c->parameter);
        assert(c->type == CONDITION_FILE_IS_EXECUTABLE);

        return (stat(c->parameter, &st) >= 0 &&
                S_ISREG(st.st_mode) &&
                (st.st_mode & 0111));
}

static int condition_test_null(Condition *c) {
        assert(c);
        assert(c->type == CONDITION_NULL);

        /* Note that during parsing we already evaluate the string and
         * store it in c->negate */
        return true;
}

int condition_test(Condition *c) {

        static int (*const condition_tests[_CONDITION_TYPE_MAX])(Condition *c) = {
                [CONDITION_PATH_EXISTS] = condition_test_path_exists,
                [CONDITION_PATH_EXISTS_GLOB] = condition_test_path_exists_glob,
                [CONDITION_PATH_IS_DIRECTORY] = condition_test_path_is_directory,
                [CONDITION_PATH_IS_SYMBOLIC_LINK] = condition_test_path_is_symbolic_link,
                [CONDITION_PATH_IS_MOUNT_POINT] = condition_test_path_is_mount_point,
                [CONDITION_PATH_IS_READ_WRITE] = condition_test_path_is_read_write,
                [CONDITION_DIRECTORY_NOT_EMPTY] = condition_test_directory_not_empty,
                [CONDITION_FILE_NOT_EMPTY] = condition_test_file_not_empty,
                [CONDITION_FILE_IS_EXECUTABLE] = condition_test_file_is_executable,
                [CONDITION_KERNEL_COMMAND_LINE] = condition_test_kernel_command_line,
                [CONDITION_VIRTUALIZATION] = condition_test_virtualization,
                [CONDITION_SECURITY] = condition_test_security,
                [CONDITION_CAPABILITY] = condition_test_capability,
                [CONDITION_HOST] = condition_test_host,
                [CONDITION_AC_POWER] = condition_test_ac_power,
                [CONDITION_ARCHITECTURE] = condition_test_architecture,
                [CONDITION_NEEDS_UPDATE] = condition_test_needs_update,
                [CONDITION_FIRST_BOOT] = condition_test_first_boot,
                [CONDITION_NULL] = condition_test_null,
        };

        int r, b;

        assert(c);
        assert(c->type >= 0);
        assert(c->type < _CONDITION_TYPE_MAX);

        r = condition_tests[c->type](c);
        if (r < 0) {
                c->result = CONDITION_ERROR;
                return r;
        }

        b = (r > 0) == !c->negate;
        c->result = b ? CONDITION_SUCCEEDED : CONDITION_FAILED;
        return b;
}

void condition_dump(Condition *c, FILE *f, const char *prefix) {
        assert(c);
        assert(f);

        if (!prefix)
                prefix = "";

        fprintf(f,
                "%s\t%s: %s%s%s %s\n",
                prefix,
                condition_type_to_string(c->type),
                c->trigger ? "|" : "",
                c->negate ? "!" : "",
                c->parameter,
                condition_result_to_string(c->result));
}

void condition_dump_list(Condition *first, FILE *f, const char *prefix) {
        Condition *c;

        LIST_FOREACH(conditions, c, first)
                condition_dump(c, f, prefix);
}

static const char* const condition_type_table[_CONDITION_TYPE_MAX] = {
        [CONDITION_PATH_EXISTS] = "ConditionPathExists",
        [CONDITION_PATH_EXISTS_GLOB] = "ConditionPathExistsGlob",
        [CONDITION_PATH_IS_DIRECTORY] = "ConditionPathIsDirectory",
        [CONDITION_PATH_IS_SYMBOLIC_LINK] = "ConditionPathIsSymbolicLink",
        [CONDITION_PATH_IS_MOUNT_POINT] = "ConditionPathIsMountPoint",
        [CONDITION_PATH_IS_READ_WRITE] = "ConditionPathIsReadWrite",
        [CONDITION_DIRECTORY_NOT_EMPTY] = "ConditionDirectoryNotEmpty",
        [CONDITION_FILE_NOT_EMPTY] = "ConditionFileNotEmpty",
        [CONDITION_FILE_IS_EXECUTABLE] = "ConditionFileIsExecutable",
        [CONDITION_KERNEL_COMMAND_LINE] = "ConditionKernelCommandLine",
        [CONDITION_VIRTUALIZATION] = "ConditionVirtualization",
        [CONDITION_SECURITY] = "ConditionSecurity",
        [CONDITION_CAPABILITY] = "ConditionCapability",
        [CONDITION_HOST] = "ConditionHost",
        [CONDITION_AC_POWER] = "ConditionACPower",
        [CONDITION_ARCHITECTURE] = "ConditionArchitecture",
        [CONDITION_NEEDS_UPDATE] = "ConditionNeedsUpdate",
        [CONDITION_FIRST_BOOT] = "ConditionFirstBoot",
        [CONDITION_NULL] = "ConditionNull"
};

DEFINE_STRING_TABLE_LOOKUP(condition_type, ConditionType);

static const char* const condition_result_table[_CONDITION_RESULT_MAX] = {
        [CONDITION_UNTESTED] = "untested",
        [CONDITION_SUCCEEDED] = "succeeded",
        [CONDITION_FAILED] = "failed",
        [CONDITION_ERROR] = "error",
};

DEFINE_STRING_TABLE_LOOKUP(condition_result, ConditionResult);
Commit	Line	Data
b77c08e0 TG	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2010 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU Lesser General Public License as published by
	10	the Free Software Foundation; either version 2.1 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	Lesser General Public License for more details.
	17
	18	You should have received a copy of the GNU Lesser General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include <stdlib.h>
	23	#include <errno.h>
	24	#include <string.h>
	25	#include <unistd.h>
	26	#include <sys/statvfs.h>
	27	#include <fnmatch.h>
	28
d1bddcec	29	#include "sd-id128.h"
b77c08e0 TG	30	#include "util.h"
	31	#include "condition-util.h"
	32	#include "virt.h"
	33	#include "path-util.h"
	34	#include "fileio.h"
	35	#include "unit.h"
099524d7	36	#include "architecture.h"
d1bddcec LP	37	#include "virt.h"
	38	#include "smack-util.h"
	39	#include "apparmor-util.h"
	40	#include "ima-util.h"
	41	#include "selinux-util.h"
	42	#include "audit.h"
b77c08e0 TG	43
	44	Condition* condition_new(ConditionType type, const char *parameter, bool trigger, bool negate) {
	45	Condition *c;
d1bddcec	46	int r;
b77c08e0	47
b80ba1da	48	assert(type >= 0);
b77c08e0	49	assert(type < _CONDITION_TYPE_MAX);
b80ba1da	50	assert(!parameter == (type == CONDITION_NULL));
b77c08e0 TG	51
	52	c = new0(Condition, 1);
	53	if (!c)
	54	return NULL;
	55
	56	c->type = type;
	57	c->trigger = trigger;
	58	c->negate = negate;
	59
d1bddcec LP	60	r = free_and_strdup(&c->parameter, parameter);
	61	if (r < 0) {
	62	free(c);
	63	return NULL;
b77c08e0 TG	64	}
	65
	66	return c;
	67	}
	68
	69	void condition_free(Condition *c) {
	70	assert(c);
	71
	72	free(c->parameter);
	73	free(c);
	74	}
	75
	76	void condition_free_list(Condition *first) {
	77	Condition c, n;
	78
	79	LIST_FOREACH_SAFE(conditions, c, n, first)
	80	condition_free(c);
	81	}
	82
a4705396	83	static int condition_test_kernel_command_line(Condition *c) {
07318c29 LP	84	_cleanup_free_ char *line = NULL;
07318c29 LP	85	const char *p;
b77c08e0 TG	86	bool equal;
b77c08e0 TG	87	int r;
b77c08e0 TG	88
	89	assert(c);
	90	assert(c->parameter);
	91	assert(c->type == CONDITION_KERNEL_COMMAND_LINE);
	92
	93	r = proc_cmdline(&line);
	94	if (r < 0)
592fd144 LP	95	return r;
592fd144 LP	96	if (r == 0)
a4705396	97	return false;
b77c08e0 TG	98
b77c08e0 TG	99	equal = !!strchr(c->parameter, '=');
07318c29 LP	100	p = line;
	101
	102	for (;;) {
	103	_cleanup_free_ char *word = NULL;
	104	bool found;
	105
	106	r = unquote_first_word(&p, &word);
592fd144 LP	107	if (r < 0)
	108	return r;
	109	if (r == 0)
a4705396	110	break;
07318c29 LP	111
	112	if (equal)
	113	found = streq(word, c->parameter);
	114	else {
	115	const char *f;
	116
	117	f = startswith(word, c->parameter);
	118	found = f && (f == '=' \|\| f == 0);
b77c08e0 TG	119	}
b77c08e0 TG	120
07318c29	121	if (found)
a4705396	122	return true;
b77c08e0	123	}
b77c08e0	124
a4705396	125	return false;
b77c08e0 TG	126	}
b77c08e0 TG	127
a4705396	128	static int condition_test_virtualization(Condition *c) {
248fab74	129	int b, v;
b77c08e0 TG	130	const char *id;
	131
	132	assert(c);
	133	assert(c->parameter);
	134	assert(c->type == CONDITION_VIRTUALIZATION);
	135
	136	v = detect_virtualization(&id);
592fd144 LP	137	if (v < 0)
592fd144 LP	138	return v;
b77c08e0 TG	139
	140	/* First, compare with yes/no */
	141	b = parse_boolean(c->parameter);
	142
	143	if (v > 0 && b > 0)
a4705396	144	return true;
b77c08e0 TG	145
b77c08e0 TG	146	if (v == 0 && b == 0)
a4705396	147	return true;
b77c08e0 TG	148
	149	/* Then, compare categorization */
	150	if (v == VIRTUALIZATION_VM && streq(c->parameter, "vm"))
a4705396	151	return true;
b77c08e0 TG	152
b77c08e0 TG	153	if (v == VIRTUALIZATION_CONTAINER && streq(c->parameter, "container"))
a4705396	154	return true;
b77c08e0 TG	155
b77c08e0 TG	156	/* Finally compare id */
a4705396	157	return v > 0 && streq(c->parameter, id);
b77c08e0 TG	158	}
b77c08e0 TG	159
a4705396	160	static int condition_test_architecture(Condition *c) {
592fd144	161	int a, b;
099524d7 LP	162
	163	assert(c);
	164	assert(c->parameter);
	165	assert(c->type == CONDITION_ARCHITECTURE);
	166
	167	a = uname_architecture();
	168	if (a < 0)
592fd144	169	return a;
099524d7 LP	170
	171	if (streq(c->parameter, "native"))
	172	b = native_architecture();
	173	else
	174	b = architecture_from_string(c->parameter);
099524d7	175	if (b < 0)
592fd144	176	return b;
099524d7	177
a4705396	178	return a == b;
099524d7 LP	179	}
099524d7 LP	180
a4705396	181	static int condition_test_host(Condition *c) {
dc92e62c	182	_cleanup_free_ char *h = NULL;
b77c08e0	183	sd_id128_t x, y;
b77c08e0	184	int r;
b77c08e0 TG	185
	186	assert(c);
	187	assert(c->parameter);
	188	assert(c->type == CONDITION_HOST);
	189
	190	if (sd_id128_from_string(c->parameter, &x) >= 0) {
	191
	192	r = sd_id128_get_machine(&y);
	193	if (r < 0)
592fd144	194	return r;
b77c08e0	195
a4705396	196	return sd_id128_equal(x, y);
b77c08e0 TG	197	}
	198
	199	h = gethostname_malloc();
	200	if (!h)
592fd144	201	return -ENOMEM;
b77c08e0	202
a4705396	203	return fnmatch(c->parameter, h, FNM_CASEFOLD) == 0;
b77c08e0 TG	204	}
b77c08e0 TG	205
a4705396	206	static int condition_test_ac_power(Condition *c) {
b77c08e0 TG	207	int r;
	208
	209	assert(c);
	210	assert(c->parameter);
	211	assert(c->type == CONDITION_AC_POWER);
	212
	213	r = parse_boolean(c->parameter);
	214	if (r < 0)
592fd144	215	return r;
b77c08e0	216
a4705396	217	return (on_ac_power() != 0) == !!r;
b77c08e0 TG	218	}
b77c08e0 TG	219
d1bddcec LP	220	static int condition_test_security(Condition *c) {
	221	assert(c);
	222	assert(c->parameter);
	223	assert(c->type == CONDITION_SECURITY);
	224
	225	if (streq(c->parameter, "selinux"))
a4705396	226	return mac_selinux_use();
d1bddcec	227	if (streq(c->parameter, "smack"))
a4705396	228	return mac_smack_use();
d1bddcec	229	if (streq(c->parameter, "apparmor"))
a4705396	230	return mac_apparmor_use();
d1bddcec	231	if (streq(c->parameter, "audit"))
a4705396	232	return use_audit();
d1bddcec	233	if (streq(c->parameter, "ima"))
a4705396	234	return use_ima();
d1bddcec	235
a4705396	236	return false;
d1bddcec LP	237	}
	238
	239	static int condition_test_capability(Condition *c) {
	240	_cleanup_fclose_ FILE *f = NULL;
	241	cap_value_t value;
	242	char line[LINE_MAX];
	243	unsigned long long capabilities = -1;
	244
	245	assert(c);
	246	assert(c->parameter);
	247	assert(c->type == CONDITION_CAPABILITY);
	248
	249	/* If it's an invalid capability, we don't have it */
	250
	251	if (cap_from_name(c->parameter, &value) < 0)
	252	return -EINVAL;
	253
	254	/* If it's a valid capability we default to assume
	255	* that we have it */
	256
	257	f = fopen("/proc/self/status", "re");
	258	if (!f)
	259	return -errno;
	260
	261	while (fgets(line, sizeof(line), f)) {
	262	truncate_nl(line);
	263
	264	if (startswith(line, "CapBnd:")) {
	265	(void) sscanf(line+7, "%llx", &capabilities);
	266	break;
	267	}
	268	}
	269
a4705396	270	return !!(capabilities & (1ULL << value));
d1bddcec LP	271	}
	272
	273	static int condition_test_needs_update(Condition *c) {
	274	const char *p;
	275	struct stat usr, other;
	276
	277	assert(c);
	278	assert(c->parameter);
	279	assert(c->type == CONDITION_NEEDS_UPDATE);
	280
	281	/* If the file system is read-only we shouldn't suggest an update */
	282	if (path_is_read_only_fs(c->parameter) > 0)
a4705396	283	return false;
d1bddcec LP	284
	285	/* Any other failure means we should allow the condition to be true,
	286	* so that we rather invoke too many update tools then too
	287	* few. */
	288
	289	if (!path_is_absolute(c->parameter))
a4705396	290	return true;
d1bddcec LP	291
	292	p = strappenda(c->parameter, "/.updated");
	293	if (lstat(p, &other) < 0)
a4705396	294	return true;
d1bddcec LP	295
d1bddcec LP	296	if (lstat("/usr/", &usr) < 0)
a4705396	297	return true;
d1bddcec	298
a4705396 LP	299	return usr.st_mtim.tv_sec > other.st_mtim.tv_sec \|\|
a4705396 LP	300	(usr.st_mtim.tv_sec == other.st_mtim.tv_sec && usr.st_mtim.tv_nsec > other.st_mtim.tv_nsec);
d1bddcec LP	301	}
	302
	303	static int condition_test_first_boot(Condition *c) {
	304	int r;
	305
	306	assert(c);
	307	assert(c->parameter);
	308	assert(c->type == CONDITION_FIRST_BOOT);
	309
	310	r = parse_boolean(c->parameter);
	311	if (r < 0)
	312	return r;
	313
a4705396	314	return (access("/run/systemd/first-boot", F_OK) >= 0) == !!r;
d1bddcec LP	315	}
	316
	317	static int condition_test_path_exists(Condition *c) {
	318	assert(c);
	319	assert(c->parameter);
	320	assert(c->type == CONDITION_PATH_EXISTS);
	321
a4705396	322	return access(c->parameter, F_OK) >= 0;
d1bddcec LP	323	}
	324
	325	static int condition_test_path_exists_glob(Condition *c) {
	326	assert(c);
	327	assert(c->parameter);
	328	assert(c->type == CONDITION_PATH_EXISTS_GLOB);
	329
a4705396	330	return glob_exists(c->parameter) > 0;
d1bddcec LP	331	}
	332
	333	static int condition_test_path_is_directory(Condition *c) {
	334	assert(c);
	335	assert(c->parameter);
	336	assert(c->type == CONDITION_PATH_IS_DIRECTORY);
	337
a4705396	338	return is_dir(c->parameter, true) > 0;
d1bddcec LP	339	}
	340
	341	static int condition_test_path_is_symbolic_link(Condition *c) {
	342	assert(c);
	343	assert(c->parameter);
	344	assert(c->type == CONDITION_PATH_IS_SYMBOLIC_LINK);
	345
a4705396	346	return is_symlink(c->parameter) > 0;
d1bddcec LP	347	}
	348
	349	static int condition_test_path_is_mount_point(Condition *c) {
	350	assert(c);
	351	assert(c->parameter);
	352	assert(c->type == CONDITION_PATH_IS_MOUNT_POINT);
	353
a4705396	354	return path_is_mount_point(c->parameter, true) > 0;
d1bddcec LP	355	}
	356
	357	static int condition_test_path_is_read_write(Condition *c) {
	358	assert(c);
	359	assert(c->parameter);
	360	assert(c->type == CONDITION_PATH_IS_READ_WRITE);
	361
a4705396	362	return path_is_read_only_fs(c->parameter) <= 0;
d1bddcec LP	363	}
	364
	365	static int condition_test_directory_not_empty(Condition *c) {
	366	int r;
	367
	368	assert(c);
	369	assert(c->parameter);
	370	assert(c->type == CONDITION_DIRECTORY_NOT_EMPTY);
	371
	372	r = dir_is_empty(c->parameter);
a4705396	373	return r <= 0 && r != -ENOENT;
d1bddcec LP	374	}
	375
	376	static int condition_test_file_not_empty(Condition *c) {
	377	struct stat st;
	378
	379	assert(c);
	380	assert(c->parameter);
	381	assert(c->type == CONDITION_FILE_NOT_EMPTY);
	382
	383	return (stat(c->parameter, &st) >= 0 &&
	384	S_ISREG(st.st_mode) &&
a4705396	385	st.st_size > 0);
d1bddcec LP	386	}
	387
	388	static int condition_test_file_is_executable(Condition *c) {
	389	struct stat st;
	390
	391	assert(c);
	392	assert(c->parameter);
	393	assert(c->type == CONDITION_FILE_IS_EXECUTABLE);
	394
	395	return (stat(c->parameter, &st) >= 0 &&
	396	S_ISREG(st.st_mode) &&
a4705396	397	(st.st_mode & 0111));
d1bddcec LP	398	}
	399
	400	static int condition_test_null(Condition *c) {
	401	assert(c);
d1bddcec LP	402	assert(c->type == CONDITION_NULL);
	403
	404	/* Note that during parsing we already evaluate the string and
	405	* store it in c->negate */
a4705396	406	return true;
d1bddcec LP	407	}
	408
	409	int condition_test(Condition *c) {
	410
	411	static int (const condition_tests[_CONDITION_TYPE_MAX])(Condition c) = {
	412	[CONDITION_PATH_EXISTS] = condition_test_path_exists,
	413	[CONDITION_PATH_EXISTS_GLOB] = condition_test_path_exists_glob,
	414	[CONDITION_PATH_IS_DIRECTORY] = condition_test_path_is_directory,
	415	[CONDITION_PATH_IS_SYMBOLIC_LINK] = condition_test_path_is_symbolic_link,
	416	[CONDITION_PATH_IS_MOUNT_POINT] = condition_test_path_is_mount_point,
	417	[CONDITION_PATH_IS_READ_WRITE] = condition_test_path_is_read_write,
	418	[CONDITION_DIRECTORY_NOT_EMPTY] = condition_test_directory_not_empty,
	419	[CONDITION_FILE_NOT_EMPTY] = condition_test_file_not_empty,
	420	[CONDITION_FILE_IS_EXECUTABLE] = condition_test_file_is_executable,
	421	[CONDITION_KERNEL_COMMAND_LINE] = condition_test_kernel_command_line,
	422	[CONDITION_VIRTUALIZATION] = condition_test_virtualization,
	423	[CONDITION_SECURITY] = condition_test_security,
	424	[CONDITION_CAPABILITY] = condition_test_capability,
	425	[CONDITION_HOST] = condition_test_host,
	426	[CONDITION_AC_POWER] = condition_test_ac_power,
	427	[CONDITION_ARCHITECTURE] = condition_test_architecture,
	428	[CONDITION_NEEDS_UPDATE] = condition_test_needs_update,
	429	[CONDITION_FIRST_BOOT] = condition_test_first_boot,
	430	[CONDITION_NULL] = condition_test_null,
	431	};
cc50ef13 LP	432
cc50ef13 LP	433	int r, b;
d1bddcec LP	434
	435	assert(c);
	436	assert(c->type >= 0);
	437	assert(c->type < _CONDITION_TYPE_MAX);
	438
a4705396	439	r = condition_tests[c->type](c);
cc50ef13 LP	440	if (r < 0) {
cc50ef13 LP	441	c->result = CONDITION_ERROR;
a4705396	442	return r;
cc50ef13	443	}
a4705396	444
cc50ef13 LP	445	b = (r > 0) == !c->negate;
	446	c->result = b ? CONDITION_SUCCEEDED : CONDITION_FAILED;
	447	return b;
d1bddcec LP	448	}
d1bddcec LP	449
b77c08e0 TG	450	void condition_dump(Condition c, FILE f, const char *prefix) {
	451	assert(c);
	452	assert(f);
	453
	454	if (!prefix)
	455	prefix = "";
	456
	457	fprintf(f,
	458	"%s\t%s: %s%s%s %s\n",
	459	prefix,
	460	condition_type_to_string(c->type),
	461	c->trigger ? "\|" : "",
	462	c->negate ? "!" : "",
	463	c->parameter,
cc50ef13	464	condition_result_to_string(c->result));
b77c08e0 TG	465	}
	466
	467	void condition_dump_list(Condition first, FILE f, const char *prefix) {
	468	Condition *c;
	469
	470	LIST_FOREACH(conditions, c, first)
	471	condition_dump(c, f, prefix);
	472	}
	473
	474	static const char* const condition_type_table[_CONDITION_TYPE_MAX] = {
	475	[CONDITION_PATH_EXISTS] = "ConditionPathExists",
	476	[CONDITION_PATH_EXISTS_GLOB] = "ConditionPathExistsGlob",
	477	[CONDITION_PATH_IS_DIRECTORY] = "ConditionPathIsDirectory",
	478	[CONDITION_PATH_IS_SYMBOLIC_LINK] = "ConditionPathIsSymbolicLink",
	479	[CONDITION_PATH_IS_MOUNT_POINT] = "ConditionPathIsMountPoint",
	480	[CONDITION_PATH_IS_READ_WRITE] = "ConditionPathIsReadWrite",
	481	[CONDITION_DIRECTORY_NOT_EMPTY] = "ConditionDirectoryNotEmpty",
	482	[CONDITION_FILE_NOT_EMPTY] = "ConditionFileNotEmpty",
	483	[CONDITION_FILE_IS_EXECUTABLE] = "ConditionFileIsExecutable",
	484	[CONDITION_KERNEL_COMMAND_LINE] = "ConditionKernelCommandLine",
	485	[CONDITION_VIRTUALIZATION] = "ConditionVirtualization",
	486	[CONDITION_SECURITY] = "ConditionSecurity",
	487	[CONDITION_CAPABILITY] = "ConditionCapability",
	488	[CONDITION_HOST] = "ConditionHost",
	489	[CONDITION_AC_POWER] = "ConditionACPower",
099524d7	490	[CONDITION_ARCHITECTURE] = "ConditionArchitecture",
a55654d5	491	[CONDITION_NEEDS_UPDATE] = "ConditionNeedsUpdate",
e2680723	492	[CONDITION_FIRST_BOOT] = "ConditionFirstBoot",
b77c08e0 TG	493	[CONDITION_NULL] = "ConditionNull"
	494	};
	495
	496	DEFINE_STRING_TABLE_LOOKUP(condition_type, ConditionType);
cc50ef13 LP	497
	498	static const char* const condition_result_table[_CONDITION_RESULT_MAX] = {
	499	[CONDITION_UNTESTED] = "untested",
	500	[CONDITION_SUCCEEDED] = "succeeded",
	501	[CONDITION_FAILED] = "failed",
	502	[CONDITION_ERROR] = "error",
	503	};
	504
	505	DEFINE_STRING_TABLE_LOOKUP(condition_result, ConditionResult);