// combineSnippets combines security snippets collected from all the interfaces
// affecting a given snap into a de-duplicated list of kernel modules.
func (b *Backend) combineSnippets(snapInfo *snap.Info, snippets map[string][][]byte) (content map[string]*osutil.FileState, modules []string, err error) {
content = make(map[string]*osutil.FileState)
for _, appInfo := range snapInfo.Apps {
for _, snippet := range snippets[appInfo.SecurityTag()] {
// split snippet by newline to get the list of modules
for _, line := range bytes.Split(snippet, []byte{'\n'}) {
l := bytes.TrimSpace(line)
// ignore empty lines and comments
if len(l) > 0 && l[0] != '#' {
modules = append(modules, string(l))
}
}
}
}
sort.Strings(modules)
modules = uniqueLines(modules)
if len(modules) > 0 {
var buffer bytes.Buffer
buffer.WriteString("# This file is automatically generated.\n")
for _, module := range modules {
buffer.WriteString(module)
buffer.WriteByte('\n')
}
content[fmt.Sprintf("%s.conf", snap.SecurityTag(snapInfo.Name()))] = &osutil.FileState{
Content: buffer.Bytes(),
Mode: 0644,
}
}
return content, modules, nil
}
// snapRulesFileName returns the path of the snap udev rules file.
func snapRulesFilePath(snapName string) string {
rulesFileName := fmt.Sprintf("70-%s.rules", snap.SecurityTag(snapName))
return filepath.Join(dirs.SnapUdevRulesDir, rulesFileName)
}
