// combineSnippets combines security snippets collected from all the interfaces // affecting a given snap into a content map applicable to EnsureDirState. func (b *Backend) combineSnippets(snapInfo *snap.Info, snippets map[string][][]byte) (result [][]byte, err error) { var snapSnippets = make(map[string][]byte) // We put all snippets from apps and hooks in the following part in a // map to reach a deduplicated set of snippets we can then write out // in a per snap udev rules file. for _, appInfo := range snapInfo.Apps { securityTag := appInfo.SecurityTag() appSnippets := snippets[securityTag] if len(appSnippets) == 0 { continue } for _, snippet := range appSnippets { snapSnippets[string(snippet)] = snippet } } for _, hookInfo := range snapInfo.Hooks { securityTag := hookInfo.SecurityTag() hookSnippets := snippets[securityTag] if len(hookSnippets) == 0 { continue } for _, snippet := range hookSnippets { snapSnippets[string(snippet)] = snippet } } nonePrefix := snap.NoneSecurityTag(snapInfo.Name(), "") for securityTag, slotSnippets := range snippets { if !strings.HasPrefix(securityTag, nonePrefix) { continue } for _, snippet := range slotSnippets { snapSnippets[string(snippet)] = snippet } } var combinedSnippets [][]byte for _, snippet := range snapSnippets { combinedSnippets = append(combinedSnippets, snippet) } return combinedSnippets, nil }
func addSnippet(snapName, uniqueName string, apps map[string]*snap.AppInfo, hooks map[string]*snap.HookInfo, snippets map[string][][]byte, snippet []byte) { if len(snippet) == 0 { return } for appName := range apps { securityTag := snap.AppSecurityTag(snapName, appName) snippets[securityTag] = append(snippets[securityTag], snippet) } for hookName := range hooks { securityTag := snap.HookSecurityTag(snapName, hookName) snippets[securityTag] = append(snippets[securityTag], snippet) } if len(apps) == 0 && len(hooks) == 0 { securityTag := snap.NoneSecurityTag(snapName, uniqueName) snippets[securityTag] = append(snippets[securityTag], snippet) } }