// combineSnippets combines security snippets collected from all the interfaces // affecting a given snap into a de-duplicated list of kernel modules. func (b *Backend) combineSnippets(snapInfo *snap.Info, snippets map[string][][]byte) (content map[string]*osutil.FileState, modules []string, err error) { content = make(map[string]*osutil.FileState) for _, appInfo := range snapInfo.Apps { for _, snippet := range snippets[appInfo.SecurityTag()] { // split snippet by newline to get the list of modules for _, line := range bytes.Split(snippet, []byte{'\n'}) { l := bytes.TrimSpace(line) // ignore empty lines and comments if len(l) > 0 && l[0] != '#' { modules = append(modules, string(l)) } } } } sort.Strings(modules) modules = uniqueLines(modules) if len(modules) > 0 { var buffer bytes.Buffer buffer.WriteString("# This file is automatically generated.\n") for _, module := range modules { buffer.WriteString(module) buffer.WriteByte('\n') } content[fmt.Sprintf("%s.conf", snap.SecurityTag(snapInfo.Name()))] = &osutil.FileState{ Content: buffer.Bytes(), Mode: 0644, } } return content, modules, nil }
// snapRulesFileName returns the path of the snap udev rules file. func snapRulesFilePath(snapName string) string { rulesFileName := fmt.Sprintf("70-%s.rules", snap.SecurityTag(snapName)) return filepath.Join(dirs.SnapUdevRulesDir, rulesFileName) }