/// <summary>
/// Deserializes
/// </summary>
public static async Task <FileAccessAllowlist> DeserializeAsync(
BuildXLReader reader,
Task <PipExecutionContext> contextTask)
{
Contract.Requires(reader != null);
Contract.Requires(contextTask != null);
var context = await contextTask;
if (context == null)
{
return(null);
}
var result = new FileAccessAllowlist(context);
DeserializeCore(reader, result);
var moduleAllowlistCount = reader.ReadInt32Compact();
for (int j = 0; j < moduleAllowlistCount; j++)
{
var moduleId = reader.ReadModuleId();
FileAccessAllowlist moduleAllowlist = new FileAccessAllowlist(result);
DeserializeCore(reader, moduleAllowlist);
result.m_moduleAllowlists.Add(moduleId, moduleAllowlist);
}
return(result);
}
/// <inheritdoc />
public override FileAccessAllowlist.MatchType Matches(ReportedFileAccess reportedFileAccess, Process pip, PathTable pathTable)
{
Contract.Requires(pip != null);
Contract.Requires(pathTable != null);
// An access is allowlisted if:
// * The tool was in the allowlist (implicit here by lookup from FileAccessAllowlist.Matches) AND
// * the path filter matches (or is empty)
return(FileAccessAllowlist.Match(FileAccessAllowlist.PathFilterMatches(PathRegex.Regex, reportedFileAccess, pathTable), AllowsCaching));
}
/// <summary>
/// Construct a nested allowlist.
/// </summary>
private FileAccessAllowlist(FileAccessAllowlist parent)
{
Contract.Requires(parent != null);
m_context = parent.m_context;
m_valuePathEntries = new MultiValueDictionary <FullSymbol, ValuePathFileAccessAllowlistEntry>();
m_executablePathEntries = new MultiValueDictionary <AbsolutePath, ExecutablePathAllowlistEntry>();
m_counts = new ConcurrentDictionary <string, int>();
m_moduleAllowlists = null;
m_parent = parent;
}
/// <summary>
/// Creates a context. All <see cref="Counters"/> are initially zero and will increase as accesses are reported.
/// </summary>
public FileAccessReportingContext(LoggingContext loggingContext, PipExecutionContext context, ISandboxConfiguration config, Process pip, bool reportAllowlistedAccesses, FileAccessAllowlist allowlist = null)
{
Contract.Requires(loggingContext != null);
Contract.Requires(context != null);
Contract.Requires(config != null);
Contract.Requires(pip != null);
m_loggingContext = loggingContext;
m_context = context;
m_config = config;
m_pip = pip;
m_reportAllowlistedAccesses = reportAllowlistedAccesses;
m_fileAccessAllowlist = allowlist;
}
private static void DeserializeCore(BuildXLReader reader, FileAccessAllowlist allowlist)
{
var valuePathEntryCount = reader.ReadInt32Compact();
for (int i = 0; i < valuePathEntryCount; i++)
{
allowlist.Add(ValuePathFileAccessAllowlistEntry.Deserialize(reader));
}
var executablePathEntryCount = reader.ReadInt32Compact();
for (int i = 0; i < executablePathEntryCount; i++)
{
allowlist.Add(ExecutablePathAllowlistEntry.Deserialize(reader));
}
}
private static void DeserializeCore(BuildXLReader reader, FileAccessAllowlist allowlist)
{
var valuePathEntryCount = reader.ReadInt32Compact();
for (int i = 0; i < valuePathEntryCount; i++)
{
allowlist.Add(ValuePathFileAccessAllowlistEntry.Deserialize(reader));
}
// Execute this part twice, first time for m_executablePathEntries (Absolute Path) and a second time for m_executablePathAtomEntries (Path Atom)
var executablePathEntryCount = reader.ReadInt32Compact();
for (int j = 0; j < executablePathEntryCount; j++)
{
allowlist.Add(ExecutablePathAllowlistEntry.Deserialize(reader));
}
}
/// <summary>
/// Constructs a new FileAccessallowlist from the root configuration.
/// </summary>
/// <remarks>Throws a BuildXLException on error.</remarks>
public void Initialize(IRootModuleConfiguration rootConfiguration)
{
Contract.Assert(m_parent == null, "Only root allowlist can be initialized");
Initialize((IModuleConfiguration)rootConfiguration);
foreach (var module in rootConfiguration.ModulePolicies.Values)
{
if ((module.FileAccessAllowList.Count == 0) &&
(module.CacheableFileAccessAllowList.Count == 0))
{
continue;
}
var moduleAllowlist = new FileAccessAllowlist(this);
moduleAllowlist.Initialize(module);
m_moduleAllowlists.Add(module.ModuleId, moduleAllowlist);
}
}
