]> git.ipfire.org Git - thirdparty/systemd.git/blobdiff - src/udev/udev-rules.c
projects / thirdparty / systemd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
udev: use the usual set of load paths for udev rules
[thirdparty/systemd.git] / src / udev / udev-rules.c
diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
index c8f068b0b771af8c37e69124ed76613bebebaa3f..a38853df005df0cd57aaae55e08b8ccce409809a 100644 (file)
--- a/src/udev/udev-rules.c
+++ b/src/udev/udev-rules.c
@@ -15,6 +15,7 @@
 
 #include "alloc-util.h"
 #include "conf-files.h"
+#include "def.h"
 #include "device-private.h"
 #include "device-util.h"
 #include "dirent-util.h"
@@ -41,6 +42,7 @@
 #include "util.h"
 
 #define PREALLOC_TOKEN          2048
+#define RULES_DIRS (const char* const*) CONF_PATHS_STRV("udev/rules.d")
 
 struct uid_gid {
         unsigned name_off;
@@ -50,14 +52,7 @@ struct uid_gid {
         };
 };
 
-static const char* const rules_dirs[] = {
-        "/etc/udev/rules.d",
-        "/run/udev/rules.d",
-        UDEVLIBEXECDIR "/rules.d",
-        NULL
-};
-
-struct udev_rules {
+struct UdevRules {
         usec_t dirs_ts_usec;
         ResolveNameTiming resolve_name_timing;
 
@@ -78,11 +73,11 @@ struct udev_rules {
         unsigned gids_max;
 };
 
-static char *rules_str(struct udev_rules *rules, unsigned off) {
+static char *rules_str(UdevRules *rules, unsigned off) {
         return rules->strbuf->buf + off;
 }
 
-static unsigned rules_add_string(struct udev_rules *rules, const char *s) {
+static unsigned rules_add_string(UdevRules *rules, const char *s) {
         return strbuf_add_string(rules->strbuf, s, strlen(s));
 }
 
@@ -203,7 +198,7 @@ struct token {
                         union {
                                 unsigned attr_off;
                                 unsigned rule_goto;
-                                mode_t  mode;
+                                mode_t mode;
                                 uid_t uid;
                                 gid_t gid;
                                 int devlink_prio;
@@ -216,7 +211,7 @@ struct token {
 
 #define MAX_TK                64
 struct rule_tmp {
-        struct udev_rules *rules;
+        UdevRules *rules;
         struct token rule;
         struct token token[MAX_TK];
         unsigned token_cur;
@@ -234,7 +229,7 @@ static const char *operation_str(enum operation_type type) {
                 [OP_REMOVE] =           "remove",
                 [OP_ASSIGN] =           "assign",
                 [OP_ASSIGN_FINAL] =     "assign-final",
-}        ;
+        };
 
         return operation_strs[type];
 }
@@ -318,7 +313,7 @@ static const char *token_str(enum token_type type) {
         return token_strs[type];
 }
 
-static void dump_token(struct udev_rules *rules, struct token *token) {
+static void dump_token(UdevRules *rules, struct token *token) {
         enum token_type type = token->type;
         enum operation_type op = token->key.op;
         enum string_glob_type glob = token->key.glob;
@@ -429,7 +424,7 @@ static void dump_token(struct udev_rules *rules, struct token *token) {
         }
 }
 
-static void dump_rules(struct udev_rules *rules) {
+static void dump_rules(UdevRules *rules) {
         unsigned i;
 
         log_debug("Dumping %u (%zu bytes) tokens, %zu (%zu bytes) strings",
@@ -441,11 +436,11 @@ static void dump_rules(struct udev_rules *rules) {
                 dump_token(rules, &rules->tokens[i]);
 }
 #else
-static inline void dump_token(struct udev_rules *rules, struct token *token) {}
-static inline void dump_rules(struct udev_rules *rules) {}
+static void dump_token(UdevRules *rules, struct token *token) {}
+static void dump_rules(UdevRules *rules) {}
 #endif /* ENABLE_DEBUG_UDEV */
 
-static int add_token(struct udev_rules *rules, struct token *token) {
+static int add_token(UdevRules *rules, struct token *token) {
         /* grow buffer if needed */
         if (rules->token_cur+1 >= rules->token_max) {
                 struct token *tokens;
@@ -458,7 +453,7 @@ static int add_token(struct udev_rules *rules, struct token *token) {
 
                 tokens = reallocarray(rules->tokens, rules->token_max + add, sizeof(struct token));
                 if (!tokens)
-                        return -1;
+                        return -ENOMEM;
                 rules->tokens = tokens;
                 rules->token_max += add;
         }
@@ -474,7 +469,7 @@ static void log_unknown_owner(sd_device *dev, int error, const char *entity, con
                 log_device_error_errno(dev, error, "Failed to resolve %s '%s': %m", entity, owner);
 }
 
-static uid_t add_uid(struct udev_rules *rules, const char *owner) {
+static uid_t add_uid(UdevRules *rules, const char *owner) {
         unsigned i;
         uid_t uid = 0;
         unsigned off;
@@ -483,10 +478,8 @@ static uid_t add_uid(struct udev_rules *rules, const char *owner) {
         /* lookup, if we know it already */
         for (i = 0; i < rules->uids_cur; i++) {
                 off = rules->uids[i].name_off;
-                if (streq(rules_str(rules, off), owner)) {
-                        uid = rules->uids[i].uid;
-                        return uid;
-                }
+                if (streq(rules_str(rules, off), owner))
+                        return rules->uids[i].uid;
         }
         r = get_user_creds(&owner, &uid, NULL, NULL, NULL, USER_CREDS_ALLOW_MISSING);
         if (r < 0)
@@ -517,7 +510,7 @@ static uid_t add_uid(struct udev_rules *rules, const char *owner) {
         return uid;
 }
 
-static gid_t add_gid(struct udev_rules *rules, const char *group) {
+static gid_t add_gid(UdevRules *rules, const char *group) {
         unsigned i;
         gid_t gid = 0;
         unsigned off;
@@ -526,10 +519,8 @@ static gid_t add_gid(struct udev_rules *rules, const char *group) {
         /* lookup, if we know it already */
         for (i = 0; i < rules->gids_cur; i++) {
                 off = rules->gids[i].name_off;
-                if (streq(rules_str(rules, off), group)) {
-                        gid = rules->gids[i].gid;
-                        return gid;
-                }
+                if (streq(rules_str(rules, off), group))
+                        return rules->gids[i].gid;
         }
         r = get_group_creds(&group, &gid, USER_CREDS_ALLOW_MISSING);
         if (r < 0)
@@ -640,16 +631,18 @@ static int import_file_into_properties(sd_device *dev, const char *filename) {
         return 0;
 }
 
-static int import_program_into_properties(struct udev_event *event,
+static int import_program_into_properties(UdevEvent *event,
                                           usec_t timeout_usec,
                                           const char *program) {
         char result[UTIL_LINE_SIZE];
         char *line;
-        int err;
+        int r;
 
-        err = udev_event_spawn(event, timeout_usec, true, program, result, sizeof(result));
-        if (err < 0)
-                return err;
+        r = udev_event_spawn(event, timeout_usec, false, program, result, sizeof result);
+        if (r < 0)
+                return r;
+        if (r > 0)
+                return -EIO;
 
         line = result;
         while (line) {
@@ -718,7 +711,7 @@ static int get_key(char **line, char **key, enum operation_type *op, char **valu
 
         linepos = *line;
         if (!linepos || linepos[0] == '\0')
-                return -1;
+                return -EINVAL;
 
         /* skip whitespace */
         while (isspace(linepos[0]) || linepos[0] == ',')
@@ -726,13 +719,13 @@ static int get_key(char **line, char **key, enum operation_type *op, char **valu
 
         /* get the key */
         if (linepos[0] == '\0')
-                return -1;
+                return -EINVAL;
         *key = linepos;
 
         for (;;) {
                 linepos++;
                 if (linepos[0] == '\0')
-                        return -1;
+                        return -EINVAL;
                 if (isspace(linepos[0]))
                         break;
                 if (linepos[0] == '=')
@@ -749,7 +742,7 @@ static int get_key(char **line, char **key, enum operation_type *op, char **valu
         while (isspace(linepos[0]))
                 linepos++;
         if (linepos[0] == '\0')
-                return -1;
+                return -EINVAL;
 
         /* get operation type */
         if (linepos[0] == '=' && linepos[1] == '=') {
@@ -771,7 +764,7 @@ static int get_key(char **line, char **key, enum operation_type *op, char **valu
                 *op = OP_ASSIGN_FINAL;
                 linepos += 2;
         } else
-                return -1;
+                return -EINVAL;
 
         /* terminate key */
         temp[0] = '\0';
@@ -780,13 +773,13 @@ static int get_key(char **line, char **key, enum operation_type *op, char **valu
         while (isspace(linepos[0]))
                 linepos++;
         if (linepos[0] == '\0')
-                return -1;
+                return -EINVAL;
 
         /* get the value */
         if (linepos[0] == '"')
                 linepos++;
         else
-                return -1;
+                return -EINVAL;
         *value = linepos;
 
         /* terminate */
@@ -796,7 +789,7 @@ static int get_key(char **line, char **key, enum operation_type *op, char **valu
                         break;
 
                 if (linepos[i] == '\0')
-                        return -1;
+                        return -EINVAL;
 
                 /* double quotes can be escaped */
                 if (linepos[i] == '\\')
@@ -831,13 +824,15 @@ static const char *get_key_attribute(char *str) {
         return NULL;
 }
 
-static void rule_add_key(struct rule_tmp *rule_tmp, enum token_type type,
-                         enum operation_type op,
-                         const char *value, const void *data) {
+static int rule_add_key(struct rule_tmp *rule_tmp, enum token_type type,
+                        enum operation_type op,
+                        const char *value, const void *data) {
         struct token *token = rule_tmp->token + rule_tmp->token_cur;
         const char *attr = NULL;
 
-        assert(rule_tmp->token_cur < ELEMENTSOF(rule_tmp->token));
+        if (rule_tmp->token_cur >= ELEMENTSOF(rule_tmp->token))
+                return -E2BIG;
+
         memzero(token, sizeof(struct token));
 
         switch (type) {
@@ -968,12 +963,15 @@ static void rule_add_key(struct rule_tmp *rule_tmp, enum token_type type,
         token->key.type = type;
         token->key.op = op;
         rule_tmp->token_cur++;
+
+        return 0;
 }
 
-static int sort_token(struct udev_rules *rules, struct rule_tmp *rule_tmp) {
+static int sort_token(UdevRules *rules, struct rule_tmp *rule_tmp) {
         unsigned i;
         unsigned start = 0;
         unsigned end = rule_tmp->token_cur;
+        int r;
 
         for (i = 0; i < rule_tmp->token_cur; i++) {
                 enum token_type next_val = TK_UNSET;
@@ -991,8 +989,9 @@ static int sort_token(struct udev_rules *rules, struct rule_tmp *rule_tmp) {
                 }
 
                 /* add token and mark done */
-                if (add_token(rules, &rule_tmp->token[next_idx]) != 0)
-                        return -1;
+                r = add_token(rules, &rule_tmp->token[next_idx]);
+                if (r < 0)
+                        return r;
                 rule_tmp->token[next_idx].type = TK_UNSET;
 
                 /* shrink range */
@@ -1009,8 +1008,9 @@ static int sort_token(struct udev_rules *rules, struct rule_tmp *rule_tmp) {
 #define LOG_RULE_WARNING(fmt, ...) LOG_RULE_FULL(LOG_WARNING, fmt, ##__VA_ARGS__)
 #define LOG_RULE_DEBUG(fmt, ...) LOG_RULE_FULL(LOG_DEBUG, fmt, ##__VA_ARGS__)
 #define LOG_AND_RETURN(fmt, ...) { LOG_RULE_ERROR(fmt, __VA_ARGS__); return; }
+#define LOG_AND_RETURN_ADD_KEY LOG_AND_RETURN("Temporary rule array too small, aborting event processing with %u items", rule_tmp.token_cur);
 
-static void add_rule(struct udev_rules *rules, char *line,
+static void add_rule(UdevRules *rules, char *line,
                      const char *filename, unsigned filename_off, unsigned lineno) {
         char *linepos;
         const char *attr;
@@ -1018,6 +1018,7 @@ static void add_rule(struct udev_rules *rules, char *line,
                 .rules = rules,
                 .rule.type = TK_RULE,
         };
+        int r;
 
         /* the offset in the rule is limited to unsigned short */
         if (filename_off < USHRT_MAX)
@@ -1030,7 +1031,7 @@ static void add_rule(struct udev_rules *rules, char *line,
                 char *value;
                 enum operation_type op;
 
-                if (get_key(&linepos, &key, &op, &value) != 0) {
+                if (get_key(&linepos, &key, &op, &value) < 0) {
                         /* Avoid erroring on trailing whitespace. This is probably rare
                          * so save the work for the error case instead of always trying
                          * to strip the trailing whitespace with strstrip(). */
@@ -1051,26 +1052,26 @@ static void add_rule(struct udev_rules *rules, char *line,
                         break;
                 }
 
-                if (rule_tmp.token_cur >= ELEMENTSOF(rule_tmp.token))
-                        LOG_AND_RETURN("Temporary rule array too small, aborting event processing with %u items", rule_tmp.token_cur);
-
                 if (streq(key, "ACTION")) {
                         if (op > OP_MATCH_MAX)
                                 LOG_AND_RETURN("Invalid %s operation", key);
 
-                        rule_add_key(&rule_tmp, TK_M_ACTION, op, value, NULL);
+                        if (rule_add_key(&rule_tmp, TK_M_ACTION, op, value, NULL) < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (streq(key, "DEVPATH")) {
                         if (op > OP_MATCH_MAX)
                                 LOG_AND_RETURN("Invalid %s operation", key);
 
-                        rule_add_key(&rule_tmp, TK_M_DEVPATH, op, value, NULL);
+                        if (rule_add_key(&rule_tmp, TK_M_DEVPATH, op, value, NULL) < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (streq(key, "KERNEL")) {
                         if (op > OP_MATCH_MAX)
                                 LOG_AND_RETURN("Invalid %s operation", key);
 
-                        rule_add_key(&rule_tmp, TK_M_KERNEL, op, value, NULL);
+                        if (rule_add_key(&rule_tmp, TK_M_KERNEL, op, value, NULL) < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (streq(key, "SUBSYSTEM")) {
                         if (op > OP_MATCH_MAX)
@@ -1081,15 +1082,18 @@ static void add_rule(struct udev_rules *rules, char *line,
                                 if (!streq(value, "subsystem"))
                                         LOG_RULE_WARNING("'%s' must be specified as 'subsystem'; please fix", value);
 
-                                rule_add_key(&rule_tmp, TK_M_SUBSYSTEM, op, "subsystem|class|bus", NULL);
+                                r = rule_add_key(&rule_tmp, TK_M_SUBSYSTEM, op, "subsystem|class|bus", NULL);
                         } else
-                                rule_add_key(&rule_tmp, TK_M_SUBSYSTEM, op, value, NULL);
+                                r = rule_add_key(&rule_tmp, TK_M_SUBSYSTEM, op, value, NULL);
+                        if (r < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (streq(key, "DRIVER")) {
                         if (op > OP_MATCH_MAX)
                                 LOG_AND_RETURN("Invalid %s operation", key);
 
-                        rule_add_key(&rule_tmp, TK_M_DRIVER, op, value, NULL);
+                        if (rule_add_key(&rule_tmp, TK_M_DRIVER, op, value, NULL) < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (startswith(key, "ATTR{")) {
                         attr = get_key_attribute(key + STRLEN("ATTR"));
@@ -1100,9 +1104,11 @@ static void add_rule(struct udev_rules *rules, char *line,
                                 LOG_AND_RETURN("Invalid %s operation", "ATTR");
 
                         if (op < OP_MATCH_MAX)
-                                rule_add_key(&rule_tmp, TK_M_ATTR, op, value, attr);
+                                r = rule_add_key(&rule_tmp, TK_M_ATTR, op, value, attr);
                         else
-                                rule_add_key(&rule_tmp, TK_A_ATTR, op, value, attr);
+                                r = rule_add_key(&rule_tmp, TK_A_ATTR, op, value, attr);
+                        if (r < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (startswith(key, "SYSCTL{")) {
                         attr = get_key_attribute(key + STRLEN("SYSCTL"));
@@ -1113,9 +1119,11 @@ static void add_rule(struct udev_rules *rules, char *line,
                                 LOG_AND_RETURN("Invalid %s operation", "ATTR");
 
                         if (op < OP_MATCH_MAX)
-                                rule_add_key(&rule_tmp, TK_M_SYSCTL, op, value, attr);
+                                r = rule_add_key(&rule_tmp, TK_M_SYSCTL, op, value, attr);
                         else
-                                rule_add_key(&rule_tmp, TK_A_SYSCTL, op, value, attr);
+                                r = rule_add_key(&rule_tmp, TK_A_SYSCTL, op, value, attr);
+                        if (r < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (startswith(key, "SECLABEL{")) {
                         attr = get_key_attribute(key + STRLEN("SECLABEL"));
@@ -1125,25 +1133,29 @@ static void add_rule(struct udev_rules *rules, char *line,
                         if (op == OP_REMOVE)
                                 LOG_AND_RETURN("Invalid %s operation", "SECLABEL");
 
-                        rule_add_key(&rule_tmp, TK_A_SECLABEL, op, value, attr);
+                        if (rule_add_key(&rule_tmp, TK_A_SECLABEL, op, value, attr) < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (streq(key, "KERNELS")) {
                         if (op > OP_MATCH_MAX)
                                 LOG_AND_RETURN("Invalid %s operation", key);
 
-                        rule_add_key(&rule_tmp, TK_M_KERNELS, op, value, NULL);
+                        if (rule_add_key(&rule_tmp, TK_M_KERNELS, op, value, NULL) < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (streq(key, "SUBSYSTEMS")) {
                         if (op > OP_MATCH_MAX)
                                 LOG_AND_RETURN("Invalid %s operation", key);
 
-                        rule_add_key(&rule_tmp, TK_M_SUBSYSTEMS, op, value, NULL);
+                        if (rule_add_key(&rule_tmp, TK_M_SUBSYSTEMS, op, value, NULL) < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (streq(key, "DRIVERS")) {
                         if (op > OP_MATCH_MAX)
                                 LOG_AND_RETURN("Invalid %s operation", key);
 
-                        rule_add_key(&rule_tmp, TK_M_DRIVERS, op, value, NULL);
+                        if (rule_add_key(&rule_tmp, TK_M_DRIVERS, op, value, NULL) < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (startswith(key, "ATTRS{")) {
                         if (op > OP_MATCH_MAX)
@@ -1157,13 +1169,15 @@ static void add_rule(struct udev_rules *rules, char *line,
                                 LOG_RULE_WARNING("'device' link may not be available in future kernels; please fix");
                         if (strstr(attr, "../"))
                                 LOG_RULE_WARNING("Direct reference to parent sysfs directory, may break in future kernels; please fix");
-                        rule_add_key(&rule_tmp, TK_M_ATTRS, op, value, attr);
+                        if (rule_add_key(&rule_tmp, TK_M_ATTRS, op, value, attr) < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (streq(key, "TAGS")) {
                         if (op > OP_MATCH_MAX)
                                 LOG_AND_RETURN("Invalid %s operation", key);
 
-                        rule_add_key(&rule_tmp, TK_M_TAGS, op, value, NULL);
+                        if (rule_add_key(&rule_tmp, TK_M_TAGS, op, value, NULL) < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (startswith(key, "ENV{")) {
                         attr = get_key_attribute(key + STRLEN("ENV"));
@@ -1174,7 +1188,7 @@ static void add_rule(struct udev_rules *rules, char *line,
                                 LOG_AND_RETURN("Invalid %s operation", "ENV");
 
                         if (op < OP_MATCH_MAX)
-                                rule_add_key(&rule_tmp, TK_M_ENV, op, value, attr);
+                                r = rule_add_key(&rule_tmp, TK_M_ENV, op, value, attr);
                         else {
                                 if (STR_IN_SET(attr,
                                                "ACTION",
@@ -1190,26 +1204,32 @@ static void add_rule(struct udev_rules *rules, char *line,
                                                "TAGS"))
                                         LOG_AND_RETURN("Invalid ENV attribute, '%s' cannot be set", attr);
 
-                                rule_add_key(&rule_tmp, TK_A_ENV, op, value, attr);
+                                r = rule_add_key(&rule_tmp, TK_A_ENV, op, value, attr);
                         }
+                        if (r < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (streq(key, "TAG")) {
                         if (op < OP_MATCH_MAX)
-                                rule_add_key(&rule_tmp, TK_M_TAG, op, value, NULL);
+                                r = rule_add_key(&rule_tmp, TK_M_TAG, op, value, NULL);
                         else
-                                rule_add_key(&rule_tmp, TK_A_TAG, op, value, NULL);
+                                r = rule_add_key(&rule_tmp, TK_A_TAG, op, value, NULL);
+                        if (r < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (streq(key, "PROGRAM")) {
                         if (op == OP_REMOVE)
                                 LOG_AND_RETURN("Invalid %s operation", key);
 
-                        rule_add_key(&rule_tmp, TK_M_PROGRAM, op, value, NULL);
+                        if (rule_add_key(&rule_tmp, TK_M_PROGRAM, op, value, NULL) < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (streq(key, "RESULT")) {
                         if (op > OP_MATCH_MAX)
                                 LOG_AND_RETURN("Invalid %s operation", key);
 
-                        rule_add_key(&rule_tmp, TK_M_RESULT, op, value, NULL);
+                        if (rule_add_key(&rule_tmp, TK_M_RESULT, op, value, NULL) < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (startswith(key, "IMPORT")) {
                         attr = get_key_attribute(key + STRLEN("IMPORT"));
@@ -1227,28 +1247,34 @@ static void add_rule(struct udev_rules *rules, char *line,
 
                                         if (cmd >= 0) {
                                                 LOG_RULE_DEBUG("IMPORT found builtin '%s', replacing", value);
-                                                rule_add_key(&rule_tmp, TK_M_IMPORT_BUILTIN, op, value, &cmd);
+                                                if (rule_add_key(&rule_tmp, TK_M_IMPORT_BUILTIN, op, value, &cmd) < 0)
+                                                        LOG_AND_RETURN_ADD_KEY;
                                                 continue;
                                         }
                                 }
-                                rule_add_key(&rule_tmp, TK_M_IMPORT_PROG, op, value, NULL);
+                                r = rule_add_key(&rule_tmp, TK_M_IMPORT_PROG, op, value, NULL);
                         } else if (streq(attr, "builtin")) {
                                 const enum udev_builtin_cmd cmd = udev_builtin_lookup(value);
 
-                                if (cmd < 0)
-                                        LOG_RULE_WARNING("IMPORT{builtin} '%s' unknown", value);
-                                else
-                                        rule_add_key(&rule_tmp, TK_M_IMPORT_BUILTIN, op, value, &cmd);
+                                if (cmd < 0) {
+                                        LOG_RULE_WARNING("IMPORT{builtin} '%s' unknown, ignoring", value);
+                                        continue;
+                                } else
+                                        r = rule_add_key(&rule_tmp, TK_M_IMPORT_BUILTIN, op, value, &cmd);
                         } else if (streq(attr, "file"))
-                                rule_add_key(&rule_tmp, TK_M_IMPORT_FILE, op, value, NULL);
+                                r = rule_add_key(&rule_tmp, TK_M_IMPORT_FILE, op, value, NULL);
                         else if (streq(attr, "db"))
-                                rule_add_key(&rule_tmp, TK_M_IMPORT_DB, op, value, NULL);
+                                r = rule_add_key(&rule_tmp, TK_M_IMPORT_DB, op, value, NULL);
                         else if (streq(attr, "cmdline"))
-                                rule_add_key(&rule_tmp, TK_M_IMPORT_CMDLINE, op, value, NULL);
+                                r = rule_add_key(&rule_tmp, TK_M_IMPORT_CMDLINE, op, value, NULL);
                         else if (streq(attr, "parent"))
-                                rule_add_key(&rule_tmp, TK_M_IMPORT_PARENT, op, value, NULL);
-                        else
+                                r = rule_add_key(&rule_tmp, TK_M_IMPORT_PARENT, op, value, NULL);
+                        else {
                                 LOG_RULE_ERROR("Ignoring unknown %s{} type '%s'", "IMPORT", attr);
+                                continue;
+                        }
+                        if (r < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (startswith(key, "TEST")) {
                         mode_t mode = 0;
@@ -1259,9 +1285,11 @@ static void add_rule(struct udev_rules *rules, char *line,
                         attr = get_key_attribute(key + STRLEN("TEST"));
                         if (attr) {
                                 mode = strtol(attr, NULL, 8);
-                                rule_add_key(&rule_tmp, TK_M_TEST, op, value, &mode);
+                                r = rule_add_key(&rule_tmp, TK_M_TEST, op, value, &mode);
                         } else
-                                rule_add_key(&rule_tmp, TK_M_TEST, op, value, NULL);
+                                r = rule_add_key(&rule_tmp, TK_M_TEST, op, value, NULL);
+                        if (r < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (startswith(key, "RUN")) {
                         attr = get_key_attribute(key + STRLEN("RUN"));
@@ -1273,16 +1301,21 @@ static void add_rule(struct udev_rules *rules, char *line,
                         if (streq(attr, "builtin")) {
                                 const enum udev_builtin_cmd cmd = udev_builtin_lookup(value);
 
-                                if (cmd < 0)
-                                        LOG_RULE_ERROR("RUN{builtin}: '%s' unknown", value);
-                                else
-                                        rule_add_key(&rule_tmp, TK_A_RUN_BUILTIN, op, value, &cmd);
+                                if (cmd < 0) {
+                                        LOG_RULE_ERROR("RUN{builtin}: '%s' unknown, ignoring", value);
+                                        continue;
+                                } else
+                                        r = rule_add_key(&rule_tmp, TK_A_RUN_BUILTIN, op, value, &cmd);
                         } else if (streq(attr, "program")) {
                                 const enum udev_builtin_cmd cmd = _UDEV_BUILTIN_MAX;
 
-                                rule_add_key(&rule_tmp, TK_A_RUN_PROGRAM, op, value, &cmd);
-                        } else
+                                r = rule_add_key(&rule_tmp, TK_A_RUN_PROGRAM, op, value, &cmd);
+                        } else {
                                 LOG_RULE_ERROR("Ignoring unknown %s{} type '%s'", "RUN", attr);
+                                continue;
+                        }
+                        if (r < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (streq(key, "LABEL")) {
                         if (op == OP_REMOVE)
@@ -1294,14 +1327,15 @@ static void add_rule(struct udev_rules *rules, char *line,
                         if (op == OP_REMOVE)
                                 LOG_AND_RETURN("Invalid %s operation", key);
 
-                        rule_add_key(&rule_tmp, TK_A_GOTO, 0, value, NULL);
+                        if (rule_add_key(&rule_tmp, TK_A_GOTO, 0, value, NULL) < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                 } else if (startswith(key, "NAME")) {
                         if (op == OP_REMOVE)
                                 LOG_AND_RETURN("Invalid %s operation", key);
 
                         if (op < OP_MATCH_MAX)
-                                rule_add_key(&rule_tmp, TK_M_NAME, op, value, NULL);
+                                r = rule_add_key(&rule_tmp, TK_M_NAME, op, value, NULL);
                         else {
                                 if (streq(value, "%k")) {
                                         LOG_RULE_WARNING("NAME=\"%%k\" is ignored, because it breaks kernel supplied names; please remove");
@@ -1311,8 +1345,10 @@ static void add_rule(struct udev_rules *rules, char *line,
                                         LOG_RULE_DEBUG("NAME=\"\" is ignored, because udev will not delete any device nodes; please remove");
                                         continue;
                                 }
-                                rule_add_key(&rule_tmp, TK_A_NAME, op, value, NULL);
+                                r = rule_add_key(&rule_tmp, TK_A_NAME, op, value, NULL);
                         }
+                        if (r < 0)
+                                LOG_AND_RETURN_ADD_KEY;
                         rule_tmp.rule.rule.can_set_name = true;
 
                 } else if (streq(key, "SYMLINK")) {
@@ -1320,9 +1356,11 @@ static void add_rule(struct udev_rules *rules, char *line,
                                 LOG_AND_RETURN("Invalid %s operation", key);
 
                         if (op < OP_MATCH_MAX)
-                                rule_add_key(&rule_tmp, TK_M_DEVLINK, op, value, NULL);
+                                r = rule_add_key(&rule_tmp, TK_M_DEVLINK, op, value, NULL);
                         else
-                                rule_add_key(&rule_tmp, TK_A_DEVLINK, op, value, NULL);
+                                r = rule_add_key(&rule_tmp, TK_A_DEVLINK, op, value, NULL);
+                        if (r < 0)
+                                LOG_AND_RETURN_ADD_KEY;
                         rule_tmp.rule.rule.can_set_name = true;
 
                 } else if (streq(key, "OWNER")) {
@@ -1334,12 +1372,18 @@ static void add_rule(struct udev_rules *rules, char *line,
 
                         uid = strtoul(value, &endptr, 10);
                         if (endptr[0] == '\0')
-                                rule_add_key(&rule_tmp, TK_A_OWNER_ID, op, NULL, &uid);
+                                r = rule_add_key(&rule_tmp, TK_A_OWNER_ID, op, NULL, &uid);
                         else if (rules->resolve_name_timing == RESOLVE_NAME_EARLY && !strchr("$%", value[0])) {
                                 uid = add_uid(rules, value);
-                                rule_add_key(&rule_tmp, TK_A_OWNER_ID, op, NULL, &uid);
+                                r = rule_add_key(&rule_tmp, TK_A_OWNER_ID, op, NULL, &uid);
                         } else if (rules->resolve_name_timing != RESOLVE_NAME_NEVER)
-                                rule_add_key(&rule_tmp, TK_A_OWNER, op, value, NULL);
+                                r = rule_add_key(&rule_tmp, TK_A_OWNER, op, value, NULL);
+                        else {
+                                LOG_RULE_DEBUG("Resolving user name is disabled, ignoring %s=%s", key, value);
+                                continue;
+                        }
+                        if (r < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                         rule_tmp.rule.rule.can_set_name = true;
 
@@ -1352,12 +1396,18 @@ static void add_rule(struct udev_rules *rules, char *line,
 
                         gid = strtoul(value, &endptr, 10);
                         if (endptr[0] == '\0')
-                                rule_add_key(&rule_tmp, TK_A_GROUP_ID, op, NULL, &gid);
+                                r = rule_add_key(&rule_tmp, TK_A_GROUP_ID, op, NULL, &gid);
                         else if ((rules->resolve_name_timing == RESOLVE_NAME_EARLY) && !strchr("$%", value[0])) {
                                 gid = add_gid(rules, value);
-                                rule_add_key(&rule_tmp, TK_A_GROUP_ID, op, NULL, &gid);
+                                r = rule_add_key(&rule_tmp, TK_A_GROUP_ID, op, NULL, &gid);
                         } else if (rules->resolve_name_timing != RESOLVE_NAME_NEVER)
-                                rule_add_key(&rule_tmp, TK_A_GROUP, op, value, NULL);
+                                r = rule_add_key(&rule_tmp, TK_A_GROUP, op, value, NULL);
+                        else {
+                                LOG_RULE_DEBUG("Resolving group name is disabled, ignoring %s=%s", key, value);
+                                continue;
+                        }
+                        if (r < 0)
+                                LOG_AND_RETURN_ADD_KEY;
 
                         rule_tmp.rule.rule.can_set_name = true;
 
@@ -1370,9 +1420,12 @@ static void add_rule(struct udev_rules *rules, char *line,
 
                         mode = strtol(value, &endptr, 8);
                         if (endptr[0] == '\0')
-                                rule_add_key(&rule_tmp, TK_A_MODE_ID, op, NULL, &mode);
+                                r = rule_add_key(&rule_tmp, TK_A_MODE_ID, op, NULL, &mode);
                         else
-                                rule_add_key(&rule_tmp, TK_A_MODE, op, value, NULL);
+                                r = rule_add_key(&rule_tmp, TK_A_MODE, op, value, NULL);
+                        if (r < 0)
+                                LOG_AND_RETURN_ADD_KEY;
+
                         rule_tmp.rule.rule.can_set_name = true;
 
                 } else if (streq(key, "OPTIONS")) {
@@ -1385,37 +1438,48 @@ static void add_rule(struct udev_rules *rules, char *line,
                         if (pos) {
                                 int prio = atoi(pos + STRLEN("link_priority="));
 
-                                rule_add_key(&rule_tmp, TK_A_DEVLINK_PRIO, op, NULL, &prio);
+                                if (rule_add_key(&rule_tmp, TK_A_DEVLINK_PRIO, op, NULL, &prio) < 0)
+                                        LOG_AND_RETURN_ADD_KEY;
                         }
 
                         pos = strstr(value, "string_escape=");
                         if (pos) {
                                 pos += STRLEN("string_escape=");
                                 if (startswith(pos, "none"))
-                                        rule_add_key(&rule_tmp, TK_A_STRING_ESCAPE_NONE, op, NULL, NULL);
+                                        r = rule_add_key(&rule_tmp, TK_A_STRING_ESCAPE_NONE, op, NULL, NULL);
                                 else if (startswith(pos, "replace"))
-                                        rule_add_key(&rule_tmp, TK_A_STRING_ESCAPE_REPLACE, op, NULL, NULL);
+                                        r = rule_add_key(&rule_tmp, TK_A_STRING_ESCAPE_REPLACE, op, NULL, NULL);
+                                else {
+                                        LOG_RULE_ERROR("OPTIONS: unknown string_escape mode '%s', ignoring", pos);
+                                        r = 0;
+                                }
+                                if (r < 0)
+                                        LOG_AND_RETURN_ADD_KEY;
                         }
 
                         pos = strstr(value, "db_persist");
                         if (pos)
-                                rule_add_key(&rule_tmp, TK_A_DB_PERSIST, op, NULL, NULL);
+                                if (rule_add_key(&rule_tmp, TK_A_DB_PERSIST, op, NULL, NULL) < 0)
+                                        LOG_AND_RETURN_ADD_KEY;
 
                         pos = strstr(value, "nowatch");
                         if (pos) {
                                 static const int zero = 0;
-                                rule_add_key(&rule_tmp, TK_A_INOTIFY_WATCH, op, NULL, &zero);
+                                if (rule_add_key(&rule_tmp, TK_A_INOTIFY_WATCH, op, NULL, &zero) < 0)
+                                        LOG_AND_RETURN_ADD_KEY;
                         } else {
                                 static const int one = 1;
                                 pos = strstr(value, "watch");
                                 if (pos)
-                                        rule_add_key(&rule_tmp, TK_A_INOTIFY_WATCH, op, NULL, &one);
+                                        if (rule_add_key(&rule_tmp, TK_A_INOTIFY_WATCH, op, NULL, &one) < 0)
+                                                LOG_AND_RETURN_ADD_KEY;
                         }
 
                         pos = strstr(value, "static_node=");
                         if (pos) {
                                 pos += STRLEN("static_node=");
-                                rule_add_key(&rule_tmp, TK_A_STATIC_NODE, op, pos, NULL);
+                                if (rule_add_key(&rule_tmp, TK_A_STATIC_NODE, op, pos, NULL) < 0)
+                                        LOG_AND_RETURN_ADD_KEY;
                                 rule_tmp.rule.rule.has_static_node = true;
                         }
 
@@ -1425,11 +1489,11 @@ static void add_rule(struct udev_rules *rules, char *line,
 
         /* add rule token and sort tokens */
         rule_tmp.rule.rule.token_count = 1 + rule_tmp.token_cur;
-        if (add_token(rules, &rule_tmp.rule) != 0 || sort_token(rules, &rule_tmp) != 0)
+        if (add_token(rules, &rule_tmp.rule) < 0 || sort_token(rules, &rule_tmp) < 0)
                 LOG_RULE_ERROR("Failed to add rule token");
 }
 
-static int parse_file(struct udev_rules *rules, const char *filename) {
+static int parse_file(UdevRules *rules, const char *filename) {
         _cleanup_fclose_ FILE *f = NULL;
         unsigned first_token;
         unsigned filename_off;
@@ -1512,39 +1576,37 @@ static int parse_file(struct udev_rules *rules, const char *filename) {
         return 0;
 }
 
-struct udev_rules *udev_rules_new(ResolveNameTiming resolve_name_timing) {
-        struct udev_rules *rules;
-        struct token end_token;
-        char **files, **f;
+int udev_rules_new(UdevRules **ret_rules, ResolveNameTiming resolve_name_timing) {
+        _cleanup_(udev_rules_freep) UdevRules *rules = NULL;
+        _cleanup_strv_free_ char **files = NULL;
+        char **f;
         int r;
 
         assert(resolve_name_timing >= 0 && resolve_name_timing < _RESOLVE_NAME_TIMING_MAX);
 
-        rules = new(struct udev_rules, 1);
+        rules = new(UdevRules, 1);
         if (!rules)
-                return NULL;
+                return -ENOMEM;
 
-        *rules = (struct udev_rules) {
+        *rules = (UdevRules) {
                 .resolve_name_timing = resolve_name_timing,
         };
 
         /* init token array and string buffer */
         rules->tokens = malloc_multiply(PREALLOC_TOKEN, sizeof(struct token));
         if (!rules->tokens)
-                return udev_rules_free(rules);
+                return -ENOMEM;
         rules->token_max = PREALLOC_TOKEN;
 
         rules->strbuf = strbuf_new();
         if (!rules->strbuf)
-                return udev_rules_free(rules);
+                return -ENOMEM;
 
         udev_rules_check_timestamp(rules);
 
-        r = conf_files_list_strv(&files, ".rules", NULL, 0, rules_dirs);
-        if (r < 0) {
-                log_error_errno(r, "Failed to enumerate rules files: %m");
-                return udev_rules_free(rules);
-        }
+        r = conf_files_list_strv(&files, ".rules", NULL, 0, RULES_DIRS);
+        if (r < 0)
+                return log_error_errno(r, "Failed to enumerate rules files: %m");
 
         /*
          * The offset value in the rules strct is limited; add all
@@ -1556,10 +1618,7 @@ struct udev_rules *udev_rules_new(ResolveNameTiming resolve_name_timing) {
         STRV_FOREACH(f, files)
                 parse_file(rules, *f);
 
-        strv_free(files);
-
-        memzero(&end_token, sizeof(struct token));
-        end_token.type = TK_END;
+        struct token end_token = { .type = TK_END };
         add_token(rules, &end_token);
         log_debug("Rules contain %zu bytes tokens (%u * %zu bytes), %zu bytes strings",
                   rules->token_max * sizeof(struct token), rules->token_max, sizeof(struct token), rules->strbuf->len);
@@ -1579,10 +1638,11 @@ struct udev_rules *udev_rules_new(ResolveNameTiming resolve_name_timing) {
         rules->gids_max = 0;
 
         dump_rules(rules);
-        return rules;
+        *ret_rules = TAKE_PTR(rules);
+        return 0;
 }
 
-struct udev_rules *udev_rules_free(struct udev_rules *rules) {
+UdevRules *udev_rules_free(UdevRules *rules) {
         if (!rules)
                 return NULL;
         free(rules->tokens);
@@ -1592,14 +1652,14 @@ struct udev_rules *udev_rules_free(struct udev_rules *rules) {
         return mfree(rules);
 }
 
-bool udev_rules_check_timestamp(struct udev_rules *rules) {
+bool udev_rules_check_timestamp(UdevRules *rules) {
         if (!rules)
                 return false;
 
-        return paths_check_timestamp(rules_dirs, &rules->dirs_ts_usec, true);
+        return paths_check_timestamp(RULES_DIRS, &rules->dirs_ts_usec, true);
 }
 
-static int match_key(struct udev_rules *rules, struct token *token, const char *val) {
+static bool match_key(UdevRules *rules, struct token *token, const char *val) {
         char *key_value = rules_str(rules, token->key.value_off);
         char *pos;
         bool match = false;
@@ -1609,7 +1669,7 @@ static int match_key(struct udev_rules *rules, struct token *token, const char *
 
         switch (token->key.glob) {
         case GL_PLAIN:
-                match = (streq(key_value, val));
+                match = streq(key_value, val);
                 break;
         case GL_GLOB:
                 match = (fnmatch(key_value, val, 0) == 0);
@@ -1632,7 +1692,7 @@ static int match_key(struct udev_rules *rules, struct token *token, const char *
                                         if (match)
                                                 break;
                                 } else {
-                                        match = (streq(s, val));
+                                        match = streq(s, val);
                                         break;
                                 }
                                 s = &next[1];
@@ -1662,17 +1722,13 @@ static int match_key(struct udev_rules *rules, struct token *token, const char *
                 match = (val[0] != '\0');
                 break;
         case GL_UNSET:
-                return -1;
+                return false;
         }
 
-        if (match && (token->key.op == OP_MATCH))
-                return 0;
-        if (!match && (token->key.op == OP_NOMATCH))
-                return 0;
-        return -1;
+        return token->key.op == (match ? OP_MATCH : OP_NOMATCH);
 }
 
-static int match_attr(struct udev_rules *rules, sd_device *dev, struct udev_event *event, struct token *cur) {
+static bool match_attr(UdevRules *rules, sd_device *dev, UdevEvent *event, struct token *cur) {
         char nbuf[UTIL_NAME_SIZE], vbuf[UTIL_NAME_SIZE];
         const char *name, *value;
         size_t len;
@@ -1685,15 +1741,15 @@ static int match_attr(struct udev_rules *rules, sd_device *dev, struct udev_even
                 _fallthrough_;
         case SB_NONE:
                 if (sd_device_get_sysattr_value(dev, name, &value) < 0)
-                        return -1;
+                        return false;
                 break;
         case SB_SUBSYS:
-                if (util_resolve_subsys_kernel(name, vbuf, sizeof(vbuf), true) != 0)
-                        return -1;
+                if (util_resolve_subsys_kernel(name, vbuf, sizeof(vbuf), true) < 0)
+                        return false;
                 value = vbuf;
                 break;
         default:
-                return -1;
+                return false;
         }
 
         /* remove trailing whitespace, if not asked to match for it */
@@ -1724,8 +1780,8 @@ enum escape_type {
 };
 
 int udev_rules_apply_to_event(
-                struct udev_rules *rules,
-                struct udev_event *event,
+                UdevRules *rules,
+                UdevEvent *event,
                 usec_t timeout_usec,
                 Hashmap *properties_list) {
         sd_device *dev = event->dev;
@@ -1761,19 +1817,19 @@ int udev_rules_apply_to_event(
                         esc = ESCAPE_UNSET;
                         break;
                 case TK_M_ACTION:
-                        if (match_key(rules, cur, action) != 0)
+                        if (!match_key(rules, cur, action))
                                 goto nomatch;
                         break;
                 case TK_M_DEVPATH:
                         if (sd_device_get_devpath(dev, &val) < 0)
                                 goto nomatch;
-                        if (match_key(rules, cur, val) != 0)
+                        if (!match_key(rules, cur, val))
                                 goto nomatch;
                         break;
                 case TK_M_KERNEL:
                         if (sd_device_get_sysname(dev, &val) < 0)
                                 goto nomatch;
-                        if (match_key(rules, cur, val) != 0)
+                        if (!match_key(rules, cur, val))
                                 goto nomatch;
                         break;
                 case TK_M_DEVLINK: {
@@ -1781,7 +1837,7 @@ int udev_rules_apply_to_event(
                         bool match = false;
 
                         FOREACH_DEVICE_DEVLINK(dev, devlink)
-                                if (match_key(rules, cur, devlink + STRLEN("/dev/")) == 0) {
+                                if (match_key(rules, cur, devlink + STRLEN("/dev/"))) {
                                         match = true;
                                         break;
                                 }
@@ -1791,7 +1847,7 @@ int udev_rules_apply_to_event(
                         break;
                 }
                 case TK_M_NAME:
-                        if (match_key(rules, cur, event->name) != 0)
+                        if (!match_key(rules, cur, event->name))
                                 goto nomatch;
                         break;
                 case TK_M_ENV: {
@@ -1805,7 +1861,7 @@ int udev_rules_apply_to_event(
                                         val = NULL;
                         }
 
-                        if (match_key(rules, cur, strempty(val)))
+                        if (!match_key(rules, cur, strempty(val)))
                                 goto nomatch;
                         break;
                 }
@@ -1827,17 +1883,17 @@ int udev_rules_apply_to_event(
                 case TK_M_SUBSYSTEM:
                         if (sd_device_get_subsystem(dev, &val) < 0)
                                 goto nomatch;
-                        if (match_key(rules, cur, val) != 0)
+                        if (!match_key(rules, cur, val))
                                 goto nomatch;
                         break;
                 case TK_M_DRIVER:
                         if (sd_device_get_driver(dev, &val) < 0)
                                 goto nomatch;
-                        if (match_key(rules, cur, val) != 0)
+                        if (!match_key(rules, cur, val))
                                 goto nomatch;
                         break;
                 case TK_M_ATTR:
-                        if (match_attr(rules, dev, event, cur) != 0)
+                        if (!match_attr(rules, dev, event, cur))
                                 goto nomatch;
                         break;
                 case TK_M_SYSCTL: {
@@ -1853,7 +1909,7 @@ int udev_rules_apply_to_event(
                         len = strlen(value);
                         while (len > 0 && isspace(value[--len]))
                                 value[len] = '\0';
-                        if (match_key(rules, cur, value) != 0)
+                        if (!match_key(rules, cur, value))
                                 goto nomatch;
                         break;
                 }
@@ -1881,23 +1937,23 @@ int udev_rules_apply_to_event(
                                         case TK_M_KERNELS:
                                                 if (sd_device_get_sysname(event->dev_parent, &val) < 0)
                                                         goto try_parent;
-                                                if (match_key(rules, key, val) != 0)
+                                                if (!match_key(rules, key, val))
                                                         goto try_parent;
                                                 break;
                                         case TK_M_SUBSYSTEMS:
                                                 if (sd_device_get_subsystem(event->dev_parent, &val) < 0)
                                                         goto try_parent;
-                                                if (match_key(rules, key, val) != 0)
+                                                if (!match_key(rules, key, val))
                                                         goto try_parent;
                                                 break;
                                         case TK_M_DRIVERS:
                                                 if (sd_device_get_driver(event->dev_parent, &val) < 0)
                                                         goto try_parent;
-                                                if (match_key(rules, key, val) != 0)
+                                                if (!match_key(rules, key, val))
                                                         goto try_parent;
                                                 break;
                                         case TK_M_ATTRS:
-                                                if (match_attr(rules, event->dev_parent, event, key) != 0)
+                                                if (!match_attr(rules, event->dev_parent, event, key))
                                                         goto try_parent;
                                                 break;
                                         case TK_M_TAGS: {
@@ -1931,7 +1987,7 @@ int udev_rules_apply_to_event(
                         int match;
 
                         udev_event_apply_format(event, rules_str(rules, cur->key.value_off), filename, sizeof(filename), false);
-                        if (util_resolve_subsys_kernel(filename, filename, sizeof(filename), false) != 0) {
+                        if (util_resolve_subsys_kernel(filename, filename, sizeof(filename), false) < 0) {
                                 if (filename[0] != '/') {
                                         char tmp[UTIL_PATH_SIZE];
 
@@ -1963,7 +2019,7 @@ int udev_rules_apply_to_event(
                                          rules_str(rules, rule->rule.filename_off),
                                          rule->rule.filename_line);
 
-                        if (udev_event_spawn(event, timeout_usec, true, program, result, sizeof(result)) < 0) {
+                        if (udev_event_spawn(event, timeout_usec, true, program, result, sizeof(result)) != 0) {
                                 if (cur->key.op != OP_NOMATCH)
                                         goto nomatch;
                         } else {
@@ -1985,7 +2041,7 @@ int udev_rules_apply_to_event(
                         char import[UTIL_PATH_SIZE];
 
                         udev_event_apply_format(event, rules_str(rules, cur->key.value_off), import, sizeof(import), false);
-                        if (import_file_into_properties(dev, import) != 0)
+                        if (import_file_into_properties(dev, import) < 0)
                                 if (cur->key.op != OP_NOMATCH)
                                         goto nomatch;
                         break;
@@ -1999,7 +2055,7 @@ int udev_rules_apply_to_event(
                                          rules_str(rules, rule->rule.filename_off),
                                          rule->rule.filename_line);
 
-                        if (import_program_into_properties(event, timeout_usec, import) != 0)
+                        if (import_program_into_properties(event, timeout_usec, import) < 0)
                                 if (cur->key.op != OP_NOMATCH)
                                         goto nomatch;
                         break;
@@ -2079,13 +2135,13 @@ int udev_rules_apply_to_event(
                         char import[UTIL_PATH_SIZE];
 
                         udev_event_apply_format(event, rules_str(rules, cur->key.value_off), import, sizeof(import), false);
-                        if (import_parent_into_properties(dev, import) != 0)
+                        if (import_parent_into_properties(dev, import) < 0)
                                 if (cur->key.op != OP_NOMATCH)
                                         goto nomatch;
                         break;
                 }
                 case TK_M_RESULT:
-                        if (match_key(rules, cur, event->program_result) != 0)
+                        if (!match_key(rules, cur, event->program_result))
                                 goto nomatch;
                         break;
                 case TK_A_STRING_ESCAPE_NONE:
@@ -2233,13 +2289,12 @@ int udev_rules_apply_to_event(
                         r = hashmap_put(event->seclabel_list, name, label);
                         if (r < 0)
                                 return log_oom();
-
-                        name = label = NULL;
-
                         log_device_debug(dev, "SECLABEL{%s}='%s' %s:%u",
                                          name, label,
                                          rules_str(rules, rule->rule.filename_off),
                                          rule->rule.filename_line);
+                        name = label = NULL;
+
                         break;
                 }
                 case TK_A_ENV: {
@@ -2374,7 +2429,7 @@ int udev_rules_apply_to_event(
                         const char *key_name;
 
                         key_name = rules_str(rules, cur->key.attr_off);
-                        if (util_resolve_subsys_kernel(key_name, attr, sizeof(attr), false) != 0 &&
+                        if (util_resolve_subsys_kernel(key_name, attr, sizeof(attr), false) < 0 &&
                             sd_device_get_syspath(dev, &val) >= 0)
                                 strscpyl(attr, sizeof(attr), val, "/", key_name, NULL);
                         attr_subst_subdir(attr, sizeof(attr));
@@ -2407,12 +2462,8 @@ int udev_rules_apply_to_event(
                 case TK_A_RUN_PROGRAM: {
                         _cleanup_free_ char *cmd = NULL;
 
-                        if (IN_SET(cur->key.op, OP_ASSIGN, OP_ASSIGN_FINAL)) {
-                                void *p;
-
-                                while ((p = hashmap_steal_first_key(event->run_list)))
-                                        free(p);
-                        }
+                        if (IN_SET(cur->key.op, OP_ASSIGN, OP_ASSIGN_FINAL))
+                                hashmap_clear_free_key(event->run_list);
 
                         r = hashmap_ensure_allocated(&event->run_list, NULL);
                         if (r < 0)
@@ -2460,7 +2511,7 @@ int udev_rules_apply_to_event(
         return 0;
 }
 
-int udev_rules_apply_static_dev_perms(struct udev_rules *rules) {
+int udev_rules_apply_static_dev_perms(UdevRules *rules) {
         struct token *cur;
         struct token *rule;
         uid_t uid = 0;
@@ -2519,7 +2570,7 @@ int udev_rules_apply_static_dev_perms(struct udev_rules *rules) {
                                 goto next;
 
                         strscpyl(device_node, sizeof(device_node), "/dev/", rules_str(rules, cur->key.value_off), NULL);
-                        if (stat(device_node, &stats) != 0)
+                        if (stat(device_node, &stats) < 0)
                                 break;
                         if (!S_ISBLK(stats.st_mode) && !S_ISCHR(stats.st_mode))
                                 break;
Unnamed repository; edit this file 'description' to name the repository.