// combineSnippets combines security snippets collected from all the interfaces
// affecting a given snap into a content map applicable to EnsureDirState.
func (b *Backend) combineSnippets(snapInfo *snap.Info, snippets map[string][][]byte) (result [][]byte, err error) {
var snapSnippets = make(map[string][]byte)
// We put all snippets from apps and hooks in the following part in a
// map to reach a deduplicated set of snippets we can then write out
// in a per snap udev rules file.
for _, appInfo := range snapInfo.Apps {
securityTag := appInfo.SecurityTag()
appSnippets := snippets[securityTag]
if len(appSnippets) == 0 {
continue
}
for _, snippet := range appSnippets {
snapSnippets[string(snippet)] = snippet
}
}
for _, hookInfo := range snapInfo.Hooks {
securityTag := hookInfo.SecurityTag()
hookSnippets := snippets[securityTag]
if len(hookSnippets) == 0 {
continue
}
for _, snippet := range hookSnippets {
snapSnippets[string(snippet)] = snippet
}
}
nonePrefix := snap.NoneSecurityTag(snapInfo.Name(), "")
for securityTag, slotSnippets := range snippets {
if !strings.HasPrefix(securityTag, nonePrefix) {
continue
}
for _, snippet := range slotSnippets {
snapSnippets[string(snippet)] = snippet
}
}
var combinedSnippets [][]byte
for _, snippet := range snapSnippets {
combinedSnippets = append(combinedSnippets, snippet)
}
return combinedSnippets, nil
}
func addSnippet(snapName, uniqueName string, apps map[string]*snap.AppInfo, hooks map[string]*snap.HookInfo, snippets map[string][][]byte, snippet []byte) {
if len(snippet) == 0 {
return
}
for appName := range apps {
securityTag := snap.AppSecurityTag(snapName, appName)
snippets[securityTag] = append(snippets[securityTag], snippet)
}
for hookName := range hooks {
securityTag := snap.HookSecurityTag(snapName, hookName)
snippets[securityTag] = append(snippets[securityTag], snippet)
}
if len(apps) == 0 && len(hooks) == 0 {
securityTag := snap.NoneSecurityTag(snapName, uniqueName)
snippets[securityTag] = append(snippets[securityTag], snippet)
}
}
