github.com/hugh712/snapd@v0.0.0-20200910133618-1a99902bd583/sandbox/apparmor/process.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2020 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package apparmor 21 22 import ( 23 "fmt" 24 "io/ioutil" 25 "os" 26 "path/filepath" 27 "strings" 28 ) 29 30 func labelFromPid(pid int) (string, error) { 31 procFile := filepath.Join(rootPath, fmt.Sprintf("proc/%v/attr/current", pid)) 32 contents, err := ioutil.ReadFile(procFile) 33 if os.IsNotExist(err) { 34 return "unconfined", nil 35 } else if err != nil { 36 return "", err 37 } 38 label := strings.TrimRight(string(contents), "\n") 39 // Trim off the mode 40 if strings.HasSuffix(label, ")") { 41 if pos := strings.LastIndex(label, " ("); pos != -1 { 42 label = label[:pos] 43 } 44 } 45 return label, nil 46 } 47 48 func decodeLabel(label string) (snap, app, hook string, err error) { 49 parts := strings.Split(label, ".") 50 if parts[0] != "snap" { 51 return "", "", "", fmt.Errorf("security label %q does not belong to a snap", label) 52 } 53 if len(parts) == 3 { 54 return parts[1], parts[2], "", nil 55 } 56 if len(parts) == 4 && parts[2] == "hook" { 57 return parts[1], "", parts[3], nil 58 } 59 return "", "", "", fmt.Errorf("unknown snap related security label %q", label) 60 } 61 62 func SnapAppFromPid(pid int) (snap, app, hook string, err error) { 63 label, err := labelFromPid(pid) 64 if err != nil { 65 return "", "", "", err 66 } 67 return decodeLabel(label) 68 }