#!/bin/sh
# udev callout (should live in /lib/udev) to allow a snap to access a device node
set -e
# debugging
#exec >>/tmp/snappy-app-dev.log
#exec 2>&1
#set -x
# end debugging

ACTION="$1"
APPNAME="$2"
DEVPATH="$3"
MAJMIN="$4"
[ -n "$APPNAME" ] || { echo "no app name given" >&2; exit 1; }
[ -n "$DEVPATH" ] || { echo "no devpath given" >&2; exit 1; }
[ -n "$MAJMIN" ] || { echo "no major/minor given" >&2; exit 0; }

app_dev_cgroup="/sys/fs/cgroup/devices/snappy.$APPNAME"

# check if it's a block or char dev
if [ "${DEVPATH#*/block/}" != "$DEVPATH" ]; then
    type="b"
else
    type="c"
fi

acl="$type $MAJMIN rwm"
case "$ACTION" in
    add|change)
        echo "$acl" > "$app_dev_cgroup/devices.allow"
        ;;
    remove)
        echo "$acl" > "$app_dev_cgroup/devices.deny"
        ;;
    *)
        echo "ERROR: unknown action $ACTION" >&2
        exit 1 ;;
esac
