登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 1

mysnapcore / mysnapd

forked from tupelo-shen / mysnapd 
代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
spec.go 4.34 KB
一键复制 编辑 原始数据 按行查看 历史
tupelo-shen 提交于 2022-11-08 09:25 . fix: interfaces commit
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135
// -*- Mode: Go; indent-tabs-mode: t -*-



/*

 * Copyright (C) 2016-2017 Canonical Ltd

 *

 * This program is free software: you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 3 as

 * published by the Free Software Foundation.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program.  If not, see <http://www.gnu.org/licenses/>.

 *

 */



package seccomp



import (

	"bytes"

	"sort"



	"gitee.com/mysnapcore/mysnapd/interfaces"

	"gitee.com/mysnapcore/mysnapd/snap"

)



// Specification keeps all the seccomp snippets.

type Specification struct {

	// Snippets are indexed by security tag.

	snippets     map[string][]string

	securityTags []string

}



// AddSnippet adds a new seccomp snippet.

func (spec *Specification) AddSnippet(snippet string) {

	if len(spec.securityTags) == 0 {

		return

	}

	if spec.snippets == nil {

		spec.snippets = make(map[string][]string)

	}

	for _, tag := range spec.securityTags {

		spec.snippets[tag] = append(spec.snippets[tag], snippet)

	}

}



// Snippets returns a deep copy of all the added snippets.

func (spec *Specification) Snippets() map[string][]string {

	result := make(map[string][]string, len(spec.snippets))

	for k, v := range spec.snippets {

		vCopy := make([]string, 0, len(v))

		vCopy = append(vCopy, v...)

		result[k] = vCopy

	}

	return result

}



// SnippetForTag returns a combined snippet for given security tag with individual snippets

// joined with newline character. Empty string is returned for non-existing security tag.

func (spec *Specification) SnippetForTag(tag string) string {

	var buffer bytes.Buffer

	sort.Strings(spec.snippets[tag])

	for _, snippet := range spec.snippets[tag] {

		buffer.WriteString(snippet)

		buffer.WriteRune('\n')

	}

	return buffer.String()

}



// SecurityTags returns a list of security tags which have a snippet.

func (spec *Specification) SecurityTags() []string {

	var tags []string

	for t := range spec.snippets {

		tags = append(tags, t)

	}

	sort.Strings(tags)

	return tags

}



// Implementation of methods required by interfaces.Specification



// AddConnectedPlug records seccomp-specific side-effects of having a connected plug.

func (spec *Specification) AddConnectedPlug(iface interfaces.Interface, plug *interfaces.ConnectedPlug, slot *interfaces.ConnectedSlot) error {

	type definer interface {

		SecCompConnectedPlug(spec *Specification, plug *interfaces.ConnectedPlug, slot *interfaces.ConnectedSlot) error

	}

	if iface, ok := iface.(definer); ok {

		spec.securityTags = plug.SecurityTags()

		defer func() { spec.securityTags = nil }()

		return iface.SecCompConnectedPlug(spec, plug, slot)

	}

	return nil

}



// AddConnectedSlot records seccomp-specific side-effects of having a connected slot.

func (spec *Specification) AddConnectedSlot(iface interfaces.Interface, plug *interfaces.ConnectedPlug, slot *interfaces.ConnectedSlot) error {

	type definer interface {

		SecCompConnectedSlot(spec *Specification, plug *interfaces.ConnectedPlug, slot *interfaces.ConnectedSlot) error

	}

	if iface, ok := iface.(definer); ok {

		spec.securityTags = slot.SecurityTags()

		defer func() { spec.securityTags = nil }()

		return iface.SecCompConnectedSlot(spec, plug, slot)

	}

	return nil

}



// AddPermanentPlug records seccomp-specific side-effects of having a plug.

func (spec *Specification) AddPermanentPlug(iface interfaces.Interface, plug *snap.PlugInfo) error {

	type definer interface {

		SecCompPermanentPlug(spec *Specification, plug *snap.PlugInfo) error

	}

	if iface, ok := iface.(definer); ok {

		spec.securityTags = plug.SecurityTags()

		defer func() { spec.securityTags = nil }()

		return iface.SecCompPermanentPlug(spec, plug)

	}

	return nil

}



// AddPermanentSlot records seccomp-specific side-effects of having a slot.

func (spec *Specification) AddPermanentSlot(iface interfaces.Interface, slot *snap.SlotInfo) error {

	type definer interface {

		SecCompPermanentSlot(spec *Specification, slot *snap.SlotInfo) error

	}

	if iface, ok := iface.(definer); ok {

		spec.securityTags = slot.SecurityTags()

		defer func() { spec.securityTags = nil }()

		return iface.SecCompPermanentSlot(spec, slot)

	}

	return nil

}
Go
1
https://gitee.com/mysnapcore/mysnapd.git
git@gitee.com:mysnapcore/mysnapd.git
mysnapcore
mysnapd
mysnapd
v0.1.0
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部
53164aa7 5694891 3bd8fe86 5694891