peek_proc_reader/
security.rs

1// /proc/PID/attr/current — security label (AppArmor/SELinux/LSM).
2
3use std::fs;
4use std::path::Path;
5
6/// Read the security label for a process from `/proc/<pid>/attr/current`.
7///
8/// Returns `None` if the file is missing, unreadable, or empty. The raw label
9/// string is returned without interpretation.
10#[cfg(target_os = "linux")]
11pub fn read_label(pid: i32) -> Option<String> {
12    let path = Path::new("/proc")
13        .join(pid.to_string())
14        .join("attr")
15        .join("current");
16    let raw = fs::read_to_string(&path).ok()?;
17    let trimmed = raw.trim();
18    if trimmed.is_empty() {
19        None
20    } else {
21        Some(trimmed.to_string())
22    }
23}
24
25/// On non-Linux platforms we don't have /proc; return `None`.
26#[cfg(not(target_os = "linux"))]
27pub fn read_label(_pid: i32) -> Option<String> {
28    None
29}
30
31#[cfg(test)]
32mod tests {
33    #[test]
34    fn non_linux_stub_returns_none() {
35        #[cfg(not(target_os = "linux"))]
36        {
37            assert!(super::read_label(1).is_none());
38        }
39    }
40}
peek_proc_reader/security.rs

peek_proc_reader/
security.rs
