/// <summary> /// Deserializes /// </summary> public static async Task <FileAccessAllowlist> DeserializeAsync( BuildXLReader reader, Task <PipExecutionContext> contextTask) { Contract.Requires(reader != null); Contract.Requires(contextTask != null); var context = await contextTask; if (context == null) { return(null); } var result = new FileAccessAllowlist(context); DeserializeCore(reader, result); var moduleAllowlistCount = reader.ReadInt32Compact(); for (int j = 0; j < moduleAllowlistCount; j++) { var moduleId = reader.ReadModuleId(); FileAccessAllowlist moduleAllowlist = new FileAccessAllowlist(result); DeserializeCore(reader, moduleAllowlist); result.m_moduleAllowlists.Add(moduleId, moduleAllowlist); } return(result); }
/// <inheritdoc /> public override FileAccessAllowlist.MatchType Matches(ReportedFileAccess reportedFileAccess, Process pip, PathTable pathTable) { Contract.Requires(pip != null); Contract.Requires(pathTable != null); // An access is allowlisted if: // * The tool was in the allowlist (implicit here by lookup from FileAccessAllowlist.Matches) AND // * the path filter matches (or is empty) return(FileAccessAllowlist.Match(FileAccessAllowlist.PathFilterMatches(PathRegex.Regex, reportedFileAccess, pathTable), AllowsCaching)); }
/// <summary> /// Construct a nested allowlist. /// </summary> private FileAccessAllowlist(FileAccessAllowlist parent) { Contract.Requires(parent != null); m_context = parent.m_context; m_valuePathEntries = new MultiValueDictionary <FullSymbol, ValuePathFileAccessAllowlistEntry>(); m_executablePathEntries = new MultiValueDictionary <AbsolutePath, ExecutablePathAllowlistEntry>(); m_counts = new ConcurrentDictionary <string, int>(); m_moduleAllowlists = null; m_parent = parent; }
/// <summary> /// Creates a context. All <see cref="Counters"/> are initially zero and will increase as accesses are reported. /// </summary> public FileAccessReportingContext(LoggingContext loggingContext, PipExecutionContext context, ISandboxConfiguration config, Process pip, bool reportAllowlistedAccesses, FileAccessAllowlist allowlist = null) { Contract.Requires(loggingContext != null); Contract.Requires(context != null); Contract.Requires(config != null); Contract.Requires(pip != null); m_loggingContext = loggingContext; m_context = context; m_config = config; m_pip = pip; m_reportAllowlistedAccesses = reportAllowlistedAccesses; m_fileAccessAllowlist = allowlist; }
private static void DeserializeCore(BuildXLReader reader, FileAccessAllowlist allowlist) { var valuePathEntryCount = reader.ReadInt32Compact(); for (int i = 0; i < valuePathEntryCount; i++) { allowlist.Add(ValuePathFileAccessAllowlistEntry.Deserialize(reader)); } var executablePathEntryCount = reader.ReadInt32Compact(); for (int i = 0; i < executablePathEntryCount; i++) { allowlist.Add(ExecutablePathAllowlistEntry.Deserialize(reader)); } }
private static void DeserializeCore(BuildXLReader reader, FileAccessAllowlist allowlist) { var valuePathEntryCount = reader.ReadInt32Compact(); for (int i = 0; i < valuePathEntryCount; i++) { allowlist.Add(ValuePathFileAccessAllowlistEntry.Deserialize(reader)); } // Execute this part twice, first time for m_executablePathEntries (Absolute Path) and a second time for m_executablePathAtomEntries (Path Atom) var executablePathEntryCount = reader.ReadInt32Compact(); for (int j = 0; j < executablePathEntryCount; j++) { allowlist.Add(ExecutablePathAllowlistEntry.Deserialize(reader)); } }
/// <summary> /// Constructs a new FileAccessallowlist from the root configuration. /// </summary> /// <remarks>Throws a BuildXLException on error.</remarks> public void Initialize(IRootModuleConfiguration rootConfiguration) { Contract.Assert(m_parent == null, "Only root allowlist can be initialized"); Initialize((IModuleConfiguration)rootConfiguration); foreach (var module in rootConfiguration.ModulePolicies.Values) { if ((module.FileAccessAllowList.Count == 0) && (module.CacheableFileAccessAllowList.Count == 0)) { continue; } var moduleAllowlist = new FileAccessAllowlist(this); moduleAllowlist.Initialize(module); m_moduleAllowlists.Add(module.ModuleId, moduleAllowlist); } }