(List
  (Com {[LIT_CHARS .]} {[LIT_CHARS /lib/apparmor/functions]})
  (Com {[LIT_CHARS .]} {[LIT_CHARS /lib/lsb/init-functions]})
  (FunctionDef usage []
    (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Usage: "][VarSub 0][LIT_CHARS " {start|stop|restart|reload|force-reload|status|recache}"]]})
  )
  (AndOr OP_OR_IF
    (Com {[LIT_CHARS test]} {[LIT_CHARS -x]} {[VarSub PARSER]})
    (Com {[LIT_CHARS exit]} {[LIT_CHARS 0]})
  )
  (AndOr OP_OR_IF
    (Com {[LIT_CHARS test]} {[LIT_CHARS -d]} {[LIT_CHARS /sys/module/apparmor]})
    (Com {[LIT_CHARS exit]} {[LIT_CHARS 0]})
  )
  (FunctionDef securityfs []
    (List
      (If
        (Com {[LIT_OTHER "["]} {[LIT_OTHER "!"]} {[LIT_CHARS -d]} {[DQ [VarSub AA_SFS]]} {[LIT_OTHER "]"]})
        (If
          (Pipeline
            (Com {[LIT_CHARS cut]} {[LIT_CHARS -d] [DQ [LIT_CHARS " "]]} {[LIT_CHARS -f2] [LIT_COMMA ","] [LIT_CHARS 3]} {[LIT_CHARS /proc/mounts]})
            (Com {[LIT_CHARS grep]} {[LIT_CHARS -q]} {[DQ [LIT_CHARS "^"][VarSub SECURITYFS][LIT_CHARS " securityfs"]] [SQ <LIT_CHARS "$">]})
          )
          (List
            (Com {[LIT_CHARS log_action_msg]} {[DQ [LIT_CHARS "AppArmor not available as kernel LSM."]]})
            (Com {[LIT_CHARS log_end_msg]} {[LIT_CHARS 1]})
            (Com {[LIT_CHARS exit]} {[LIT_CHARS 1]})
          )
          (ElseTrue)
          (List
            (Com {[LIT_CHARS log_action_begin_msg]} {[DQ [LIT_CHARS "Mounting securityfs on "][VarSub SECURITYFS]]})
            (If
              (Pipeline!
                (Com {[LIT_CHARS mount]} {[LIT_CHARS -t]} {[LIT_CHARS securityfs]} {[LIT_CHARS none]} {[DQ [VarSub SECURITYFS]]})
              )
              (List
                (Com {[LIT_CHARS log_action_end_msg]} {[LIT_CHARS 1]})
                (Com {[LIT_CHARS log_end_msg]} {[LIT_CHARS 1]})
                (Com {[LIT_CHARS exit]} {[LIT_CHARS 1]})
              )
            )
          )
        )
      )
      (If
        (Com {[LIT_OTHER "["]} {[LIT_OTHER "!"]} {[LIT_CHARS -w]} {[DQ [VarSub AA_SFS]] [LIT_CHARS /.load]} {[LIT_OTHER "]"]})
        (List
          (Com {[LIT_CHARS log_action_msg]} {[DQ [LIT_CHARS "Insufficient privileges to change profiles."]]})
          (Com {[LIT_CHARS log_end_msg]} {[LIT_CHARS 1]})
          (Com {[LIT_CHARS exit]} {[LIT_CHARS 1]})
        )
      )
    )
  )
  (If
    (Com {[LIT_OTHER "["]} {[DQ [VarSub 1]]} {[LIT_OTHER "="]} {[DQ [LIT_CHARS recache]]} {[LIT_OTHER "]"]})
    (List
      (Com {[LIT_CHARS log_daemon_msg]} {[DQ [LIT_CHARS "Recaching AppArmor profiles"]]})
      (Com {[LIT_CHARS recache_profiles]})
      (= scope=<EAssignScope.GLOBAL 1> flags=0 words=[] bindings=[('rc', {[VarSub ?]})])
      (Com {[LIT_CHARS log_end_msg]} {[DQ [VarSub rc]]})
      (Com {[LIT_CHARS exit]} {[VarSub rc]})
    )
  )
  (AndOr OP_AND_IF
    (Com {[LIT_CHARS test]} {[LIT_CHARS -d]} {[LIT_CHARS /rofs/etc/apparmor.d]})
    (Com {[LIT_CHARS exit]} {[LIT_CHARS 0]})
  )
  (= scope=<EAssignScope.GLOBAL 1> flags=0 words=[] bindings=[('rc', {[LIT_CHARS 255]})])
  (Case to_match={[DQ [VarSub 1]]}, pat_word_list=[[{[LIT_CHARS start]}], [{[LIT_CHARS stop]}], [{[LIT_CHARS teardown]}], [{[LIT_CHARS restart]}, {[LIT_CHARS reload]}, {[LIT_CHARS force-reload]}], [{[LIT_CHARS status]}], [{[LIT_OTHER "*"]}]]
    (List
      (If
        (AndOr OP_AND_IF
          (Com {[LIT_OTHER "["]} {[LIT_CHARS -x]} {[LIT_CHARS /bin/running-in-container]} {[LIT_OTHER "]"]})
          (Com {[LIT_CHARS /bin/running-in-container]})
        )
        (List
          (Com {[LIT_CHARS log_daemon_msg]} {[DQ [LIT_CHARS "Not starting AppArmor in container"]]})
          (Com {[LIT_CHARS log_end_msg]} {[LIT_CHARS 0]})
          (Com {[LIT_CHARS exit]} {[LIT_CHARS 0]})
        )
      )
      (Com {[LIT_CHARS log_daemon_msg]} {[DQ [LIT_CHARS "Starting AppArmor profiles"]]})
      (Com {[LIT_CHARS securityfs]})
      (Com {[LIT_CHARS load_configured_profiles]})
      (= scope=<EAssignScope.GLOBAL 1> flags=0 words=[] bindings=[('rc', {[VarSub ?]})])
      (Com {[LIT_CHARS log_end_msg]} {[DQ [VarSub rc]]})
    )
    (List
      (Com {[LIT_CHARS log_daemon_msg]} {[DQ [LIT_CHARS "Clearing AppArmor profiles cache"]]})
      (Com {[LIT_CHARS clear_cache]})
      (= scope=<EAssignScope.GLOBAL 1> flags=0 words=[] bindings=[('rc', {[VarSub ?]})])
      (Com {[LIT_CHARS log_end_msg]} {[DQ [VarSub rc]]})
      (Com {[LIT_CHARS cat]}
        <
        (DescriptorRedirectNode target={[LIT_CHARS 2]} <REDIR_GREATAND ">&"> 1),
        (HereDocRedirectNode here_end='EOM' do_expansion=True body_word={[DQ [LIT_CHARS "All profile caches have been cleared, but no profiles have been unloaded.\n"][LIT_CHARS "Unloading profiles will leave already running processes permanently\n"][LIT_CHARS "unconfined, which can lead to unexpected situations.\n"][LIT_CHARS "\n"][LIT_CHARS "To set a process to complain mode, use the command line tool\n"][LIT_CHARS "'aa-complain'. To really tear down all profiles, run the init script\n"][LIT_CHARS "with the 'teardown' option."][RIGHT_D_QUOTE "\""][LIT_CHARS "\n"]]} <REDIR_DLESS "<<"> 0),
        >
      )
    )
    (List
      (If
        (AndOr OP_AND_IF
          (Com {[LIT_OTHER "["]} {[LIT_CHARS -x]} {[LIT_CHARS /bin/running-in-container]} {[LIT_OTHER "]"]})
          (Com {[LIT_CHARS /bin/running-in-container]})
        )
        (List
          (Com {[LIT_CHARS log_daemon_msg]} {[DQ [LIT_CHARS "Not tearing down AppArmor in container"]]})
          (Com {[LIT_CHARS log_end_msg]} {[LIT_CHARS 0]})
          (Com {[LIT_CHARS exit]} {[LIT_CHARS 0]})
        )
      )
      (Com {[LIT_CHARS log_daemon_msg]} {[DQ [LIT_CHARS "Unloading AppArmor profiles"]]})
      (Com {[LIT_CHARS securityfs]})
      (Pipeline
        (Com {[LIT_CHARS running_profile_names]})
        (While
          (Com {[LIT_CHARS read]} {[LIT_CHARS profile]})
          (If
            (Pipeline!
              (Com {[LIT_CHARS unload_profile]} {[DQ [VarSub profile]]})
            )
            (List
              (Com {[LIT_CHARS log_end_msg]} {[LIT_CHARS 1]})
              (Com {[LIT_CHARS exit]} {[LIT_CHARS 1]})
            )
          )
        )
      )
      (= scope=<EAssignScope.GLOBAL 1> flags=0 words=[] bindings=[('rc', {[LIT_CHARS 0]})])
      (Com {[LIT_CHARS log_end_msg]} {[VarSub rc]})
    )
    (List
      (If
        (AndOr OP_AND_IF
          (Com {[LIT_OTHER "["]} {[LIT_CHARS -x]} {[LIT_CHARS /bin/running-in-container]} {[LIT_OTHER "]"]})
          (Com {[LIT_CHARS /bin/running-in-container]})
        )
        (List
          (Com {[LIT_CHARS log_daemon_msg]} {[DQ [LIT_CHARS "Not reloading AppArmor in container"]]})
          (Com {[LIT_CHARS log_end_msg]} {[LIT_CHARS 0]})
          (Com {[LIT_CHARS exit]} {[LIT_CHARS 0]})
        )
      )
      (Com {[LIT_CHARS log_daemon_msg]} {[DQ [LIT_CHARS "Reloading AppArmor profiles"]]})
      (Com {[LIT_CHARS securityfs]})
      (Com {[LIT_CHARS clear_cache]})
      (Com {[LIT_CHARS load_configured_profiles]})
      (= scope=<EAssignScope.GLOBAL 1> flags=0 words=[] bindings=[('rc', {[VarSub ?]})])
      (= scope=<EAssignScope.GLOBAL 1> flags=0 words=[] bindings=[('aa_configured', {[ComSub (Com {[LIT_CHARS mktemp]} {[LIT_CHARS -t]} {[LIT_CHARS aa-XXXXXX]})]})])
      (AndOr OP_OR_IF
        (Com {[LIT_CHARS configured_profile_names]}
          <
          (FilenameRedirectNode filename={[DQ [VarSub aa_configured]]} <REDIR_GREAT ">"> 1),
          >
        )
        (Com {[LIT_CHARS exit]} {[LIT_CHARS 1]})
      )
      (= scope=<EAssignScope.GLOBAL 1> flags=0 words=[] bindings=[('aa_loaded', {[ComSub (Com {[LIT_CHARS mktemp]} {[LIT_CHARS -t]} {[LIT_CHARS aa-XXXXXX]})]})])
      (AndOr OP_OR_IF
        (Com {[LIT_CHARS running_profile_names]}
          <
          (FilenameRedirectNode filename={[DQ [VarSub aa_loaded]]} <REDIR_GREAT ">"> 1),
          >
        )
        (Com {[LIT_CHARS exit]} {[LIT_CHARS 1]})
      )
      (Pipeline
        (Com {[LIT_CHARS comm]} {[LIT_CHARS -2]} {[LIT_CHARS -3]} {[DQ [VarSub aa_loaded]]} {[DQ [VarSub aa_configured]]}
                more_env=[('LC_COLLATE', {[LIT_CHARS C]})]
        )
        (While
          (Com {[LIT_CHARS read]} {[LIT_CHARS profile]})
          (Com {[LIT_CHARS unload_profile]} {[DQ [VarSub profile]]})
        )
      )
      (Com {[LIT_CHARS rm]} {[LIT_CHARS -f]} {[DQ [VarSub aa_configured]]} {[DQ [VarSub aa_loaded]]})
      (Com {[LIT_CHARS log_end_msg]} {[DQ [VarSub rc]]})
    )
    (List
      (Com {[LIT_CHARS securityfs]})
      (If
        (Com {[LIT_OTHER "["]} {[LIT_CHARS -x]} {[LIT_CHARS /usr/sbin/aa-status]} {[LIT_OTHER "]"]})
        (Com {[LIT_CHARS aa-status]} {[LIT_CHARS --verbose]})
        (ElseTrue)
        (Com {[LIT_CHARS cat]} {[DQ [VarSub AA_SFS]] [LIT_CHARS /profiles]})
      )
      (= scope=<EAssignScope.GLOBAL 1> flags=0 words=[] bindings=[('rc', {[VarSub ?]})])
    )
    (List
      (Com {[LIT_CHARS usage]})
      (= scope=<EAssignScope.GLOBAL 1> flags=0 words=[] bindings=[('rc', {[LIT_CHARS 1]})])
    )
  )
  (Com {[LIT_CHARS exit]} {[VarSub rc]})
)