/// <summary>
/// Creates instance
/// </summary>
public SandboxedProcessInfo(
PathTable pathTable,
ISandboxedProcessFileStorage fileStorage,
string fileName,
FileAccessManifest fileAccessManifest,
bool disableConHostSharing,
ContainerConfiguration containerConfiguration,
bool testRetries = false,
LoggingContext loggingContext = null,
IDetoursEventListener detoursEventListener = null,
IKextConnection sandboxedKextConnection = null)
{
Contract.Requires(pathTable != null);
Contract.Requires(fileStorage != null);
Contract.Requires(fileName != null);
PathTable = pathTable;
FileAccessManifest = fileAccessManifest;
FileStorage = fileStorage;
FileName = fileName;
DisableConHostSharing = disableConHostSharing;
// This should be set for testing purposes only.
TestRetries = testRetries;
NestedProcessTerminationTimeout = DefaultNestedProcessTerminationTimeout;
LoggingContext = loggingContext;
DetoursEventListener = detoursEventListener;
SandboxedKextConnection = sandboxedKextConnection;
ContainerConfiguration = containerConfiguration;
}
/// <summary>
/// Creates instance for test
/// </summary>
public SandboxedProcessInfo(
PathTable pathTable,
ISandboxedProcessFileStorage fileStorage,
string fileName,
bool disableConHostSharing,
bool testRetries = false,
LoggingContext loggingContext = null,
IDetoursEventListener detoursEventListener = null,
IKextConnection sandboxedKextConnection = null,
ContainerConfiguration containerConfiguration = null,
FileAccessManifest fileAccessManifest = null)
: this(
pathTable,
fileStorage,
fileName,
fileAccessManifest ?? new FileAccessManifest(pathTable),
disableConHostSharing,
containerConfiguration ?? ContainerConfiguration.DisabledIsolation,
testRetries,
loggingContext,
detoursEventListener,
sandboxedKextConnection)
{
Contract.Requires(pathTable != null);
Contract.Requires(fileStorage != null);
Contract.Requires(fileName != null);
}
/// <nodoc />
public SandboxExecRunner(Options options)
{
m_options = options;
s_crashCollector = OperatingSystemHelper.IsUnixOS ? new CrashCollectorMacOS(new[] { CrashType.SandboxExec, CrashType.Kernel }) : null;
m_kextConnection = OperatingSystemHelper.IsUnixOS
? new KextConnection(
new KextConnection.Config
{
FailureCallback = (int status, string description) =>
{
m_kextConnection.Dispose();
throw new SystemException($"Received unrecoverable error from the sandbox (Code: {status.ToString("X")}, Description: {description}), please reload the extension and retry.");
},
KextConfig = new Sandbox.KextConfig
{
ReportQueueSizeMB = m_options.ReportQueueSizeMB,
EnableReportBatching = m_options.EnableReportBatching,
#if PLATFORM_OSX
EnableCatalinaDataPartitionFiltering = OperatingSystemHelper.IsMacOSCatalinaOrHigher
#endif
},
})
: null;
}
/// <summary>
/// Creates instance
/// </summary>
public SandboxedProcessInfo(
ISandboxedProcessFileStorage fileStorage,
string fileName,
bool disableConHostSharing,
bool testRetries = false,
LoggingContext loggingContext = null,
IDetoursEventListener detourseEventListener = null,
IKextConnection sandboxedKextConnection = null)
: this(new PathTable(), fileStorage, fileName, disableConHostSharing, testRetries, loggingContext, detourseEventListener, sandboxedKextConnection)
{
}
public PipQueueTestExecutionEnvironment(BuildXLContext context, IConfiguration configuration, PipTable pipTable, string tempDirectory, IKextConnection sandboxedKextConnection = null)
{
Contract.Requires(context != null);
Contract.Requires(configuration != null);
Context = context;
LoggingContext = CreateLoggingContextForTest();
Configuration = configuration;
FileContentTable = FileContentTable.CreateNew();
ContentFingerprinter = new PipContentFingerprinter(
context.PathTable,
artifact => State.FileContentManager.GetInputContent(artifact).FileContentInfo,
ExtraFingerprintSalts.Default(),
pathExpander: PathExpander);
PipTable = pipTable;
PipFragmentRenderer = this.CreatePipFragmentRenderer();
IpcProvider = IpcFactory.GetProvider();
var tracker = FileChangeTracker.CreateDisabledTracker(LoggingContext);
Cache = InMemoryCacheFactory.Create();
LocalDiskContentStore = new LocalDiskContentStore(LoggingContext, context.PathTable, FileContentTable, tracker);
m_sandboxedKextConnection = sandboxedKextConnection;
m_expectedWrittenContent = new ConcurrentDictionary <FileArtifact, ContentHash>();
m_wellKnownFiles = new ConcurrentDictionary <FileArtifact, ContentHash>();
m_producers = new ConcurrentDictionary <FileArtifact, Pip>();
m_filesystemView = new TestPipGraphFilesystemView(Context.PathTable);
var fileSystemView = new FileSystemView(Context.PathTable, m_filesystemView, LocalDiskContentStore);
TempCleaner = new TestMoveDeleteCleaner(tempDirectory);
State = new PipExecutionState(
configuration,
cache: new PipTwoPhaseCache(LoggingContext, Cache, context, PathExpander),
unsafeConfiguration: configuration.Sandbox.UnsafeSandboxConfiguration,
preserveOutputsSalt: ContentHashingUtilities.CreateRandom(),
fileAccessWhitelist: FileAccessWhitelist,
directoryMembershipFingerprinter: this,
pathExpander: PathExpander,
executionLog: null,
fileSystemView: fileSystemView,
fileContentManager: new FileContentManager(this, new NullOperationTracker()),
directoryMembershipFinterprinterRuleSet: null);
m_sealContentsById = new ConcurrentBigMap <DirectoryArtifact, int[]>();
ProcessInContainerManager = new ProcessInContainerManager(LoggingContext, context.PathTable);
}
protected override bool InitSandboxedKextConnection(LoggingContext loggingContext, IKextConnection kextConnection = null)
{
if (SandboxingWithKextEnabled)
{
SandboxedKextConnection = kextConnection ?? XunitBuildXLTest.GetSandboxedKextConnection();
}
return(false);
}
/// <summary>
/// Creates an execution environment for a single pip. To run pips incrementally, the <paramref name="fileContentTable"/> and <paramref name="pipCache"/> should be specified.
/// </summary>
public DummyPipExecutionEnvironment(
LoggingContext loggingContext,
PipExecutionContext context,
IConfiguration config,
FileContentTable fileContentTable = null,
EngineCache pipCache = null,
SemanticPathExpander semanticPathExpander = null,
PipContentFingerprinter.PipDataLookup pipDataLookup = null,
FileAccessWhitelist fileAccessWhitelist = null,
bool allowUnspecifiedSealedDirectories = false,
PipTable pipTable = null,
IIpcProvider ipcProvider = null,
IKextConnection sandboxedKextConnection = null)
{
Contract.Requires(context != null);
Contract.Requires(config != null);
LoggingContext = loggingContext;
Context = context;
// Ensure paths visible when debugging
PathTable.DebugPathTable = Context.PathTable;
Configuration = config;
PipTable = pipTable;
PathExpander = semanticPathExpander ?? SemanticPathExpander.Default;
ContentFingerprinter = new PipContentFingerprinter(
Context.PathTable,
artifact => State.FileContentManager.GetInputContent(artifact).FileContentInfo,
new ExtraFingerprintSalts(config, PipFingerprintingVersion.TwoPhaseV2, fingerprintSalt: null, searchPathToolsHash: null),
pathExpander: PathExpander,
pipDataLookup: pipDataLookup);
PipFragmentRenderer = this.CreatePipFragmentRenderer();
IpcProvider = ipcProvider ?? IpcFactory.GetProvider();
FileContentTable = fileContentTable ?? FileContentTable.CreateNew();
Cache = pipCache;
FileAccessWhitelist = fileAccessWhitelist;
m_allowUnspecifiedSealedDirectories = allowUnspecifiedSealedDirectories;
m_sandboxedKextConnection = sandboxedKextConnection;
if (Cache == null)
{
Cache = InMemoryCacheFactory.Create(context);
}
var tracker = FileChangeTracker.CreateDisabledTracker(LoggingContext);
LocalDiskContentStore = new LocalDiskContentStore(loggingContext, context.PathTable, FileContentTable, tracker);
PipGraphView = new TestPipGraphFilesystemView(Context.PathTable);
m_operationTracker = new OperationTracker(loggingContext);
var fileSystemView = new FileSystemView(Context.PathTable, PipGraphView, LocalDiskContentStore);
var preserveOutputsSalt = UnsafeOptions.PreserveOutputsNotUsed;
if (config.Sandbox.UnsafeSandboxConfiguration.PreserveOutputs != PreserveOutputsMode.Disabled)
{
preserveOutputsSalt = ContentHashingUtilities.HashString(Guid.NewGuid().ToString());
}
State = new PipExecutionState(
config,
cache: new PipTwoPhaseCache(loggingContext, Cache, context, PathExpander),
fileAccessWhitelist: FileAccessWhitelist,
directoryMembershipFingerprinter: this,
pathExpander: PathExpander,
executionLog: ExecutionLogRecorder,
fileSystemView: fileSystemView,
fileContentManager: GetFileContentManager(),
directoryMembershipFinterprinterRuleSet: null,
unsafeConfiguration: config.Sandbox.UnsafeSandboxConfiguration,
preserveOutputsSalt: preserveOutputsSalt,
serviceManager: new DummyServiceManager());
m_sealContentsById = new ConcurrentBigMap <DirectoryArtifact, int[]>();
ProcessInContainerManager = new ProcessInContainerManager(LoggingContext, context.PathTable);
}
/// <summary>
/// For unit tests only.
/// </summary>
public SandboxExecRunner(IKextConnection connection)
{
m_options = Options.Defaults;
m_kextConnection = connection;
}
