/// <summary> /// Creates instance /// </summary> public SandboxedProcessInfo( PathTable pathTable, ISandboxedProcessFileStorage fileStorage, string fileName, FileAccessManifest fileAccessManifest, bool disableConHostSharing, ContainerConfiguration containerConfiguration, bool testRetries = false, LoggingContext loggingContext = null, IDetoursEventListener detoursEventListener = null, IKextConnection sandboxedKextConnection = null) { Contract.Requires(pathTable != null); Contract.Requires(fileStorage != null); Contract.Requires(fileName != null); PathTable = pathTable; FileAccessManifest = fileAccessManifest; FileStorage = fileStorage; FileName = fileName; DisableConHostSharing = disableConHostSharing; // This should be set for testing purposes only. TestRetries = testRetries; NestedProcessTerminationTimeout = DefaultNestedProcessTerminationTimeout; LoggingContext = loggingContext; DetoursEventListener = detoursEventListener; SandboxedKextConnection = sandboxedKextConnection; ContainerConfiguration = containerConfiguration; }
/// <summary> /// Creates instance for test /// </summary> public SandboxedProcessInfo( PathTable pathTable, ISandboxedProcessFileStorage fileStorage, string fileName, bool disableConHostSharing, bool testRetries = false, LoggingContext loggingContext = null, IDetoursEventListener detoursEventListener = null, IKextConnection sandboxedKextConnection = null, ContainerConfiguration containerConfiguration = null, FileAccessManifest fileAccessManifest = null) : this( pathTable, fileStorage, fileName, fileAccessManifest ?? new FileAccessManifest(pathTable), disableConHostSharing, containerConfiguration ?? ContainerConfiguration.DisabledIsolation, testRetries, loggingContext, detoursEventListener, sandboxedKextConnection) { Contract.Requires(pathTable != null); Contract.Requires(fileStorage != null); Contract.Requires(fileName != null); }
/// <nodoc /> public SandboxExecRunner(Options options) { m_options = options; s_crashCollector = OperatingSystemHelper.IsUnixOS ? new CrashCollectorMacOS(new[] { CrashType.SandboxExec, CrashType.Kernel }) : null; m_kextConnection = OperatingSystemHelper.IsUnixOS ? new KextConnection( new KextConnection.Config { FailureCallback = (int status, string description) => { m_kextConnection.Dispose(); throw new SystemException($"Received unrecoverable error from the sandbox (Code: {status.ToString("X")}, Description: {description}), please reload the extension and retry."); }, KextConfig = new Sandbox.KextConfig { ReportQueueSizeMB = m_options.ReportQueueSizeMB, EnableReportBatching = m_options.EnableReportBatching, #if PLATFORM_OSX EnableCatalinaDataPartitionFiltering = OperatingSystemHelper.IsMacOSCatalinaOrHigher #endif }, }) : null; }
/// <summary> /// Creates instance /// </summary> public SandboxedProcessInfo( ISandboxedProcessFileStorage fileStorage, string fileName, bool disableConHostSharing, bool testRetries = false, LoggingContext loggingContext = null, IDetoursEventListener detourseEventListener = null, IKextConnection sandboxedKextConnection = null) : this(new PathTable(), fileStorage, fileName, disableConHostSharing, testRetries, loggingContext, detourseEventListener, sandboxedKextConnection) { }
public PipQueueTestExecutionEnvironment(BuildXLContext context, IConfiguration configuration, PipTable pipTable, string tempDirectory, IKextConnection sandboxedKextConnection = null) { Contract.Requires(context != null); Contract.Requires(configuration != null); Context = context; LoggingContext = CreateLoggingContextForTest(); Configuration = configuration; FileContentTable = FileContentTable.CreateNew(); ContentFingerprinter = new PipContentFingerprinter( context.PathTable, artifact => State.FileContentManager.GetInputContent(artifact).FileContentInfo, ExtraFingerprintSalts.Default(), pathExpander: PathExpander); PipTable = pipTable; PipFragmentRenderer = this.CreatePipFragmentRenderer(); IpcProvider = IpcFactory.GetProvider(); var tracker = FileChangeTracker.CreateDisabledTracker(LoggingContext); Cache = InMemoryCacheFactory.Create(); LocalDiskContentStore = new LocalDiskContentStore(LoggingContext, context.PathTable, FileContentTable, tracker); m_sandboxedKextConnection = sandboxedKextConnection; m_expectedWrittenContent = new ConcurrentDictionary <FileArtifact, ContentHash>(); m_wellKnownFiles = new ConcurrentDictionary <FileArtifact, ContentHash>(); m_producers = new ConcurrentDictionary <FileArtifact, Pip>(); m_filesystemView = new TestPipGraphFilesystemView(Context.PathTable); var fileSystemView = new FileSystemView(Context.PathTable, m_filesystemView, LocalDiskContentStore); TempCleaner = new TestMoveDeleteCleaner(tempDirectory); State = new PipExecutionState( configuration, cache: new PipTwoPhaseCache(LoggingContext, Cache, context, PathExpander), unsafeConfiguration: configuration.Sandbox.UnsafeSandboxConfiguration, preserveOutputsSalt: ContentHashingUtilities.CreateRandom(), fileAccessWhitelist: FileAccessWhitelist, directoryMembershipFingerprinter: this, pathExpander: PathExpander, executionLog: null, fileSystemView: fileSystemView, fileContentManager: new FileContentManager(this, new NullOperationTracker()), directoryMembershipFinterprinterRuleSet: null); m_sealContentsById = new ConcurrentBigMap <DirectoryArtifact, int[]>(); ProcessInContainerManager = new ProcessInContainerManager(LoggingContext, context.PathTable); }
protected override bool InitSandboxedKextConnection(LoggingContext loggingContext, IKextConnection kextConnection = null) { if (SandboxingWithKextEnabled) { SandboxedKextConnection = kextConnection ?? XunitBuildXLTest.GetSandboxedKextConnection(); } return(false); }
/// <summary> /// Creates an execution environment for a single pip. To run pips incrementally, the <paramref name="fileContentTable"/> and <paramref name="pipCache"/> should be specified. /// </summary> public DummyPipExecutionEnvironment( LoggingContext loggingContext, PipExecutionContext context, IConfiguration config, FileContentTable fileContentTable = null, EngineCache pipCache = null, SemanticPathExpander semanticPathExpander = null, PipContentFingerprinter.PipDataLookup pipDataLookup = null, FileAccessWhitelist fileAccessWhitelist = null, bool allowUnspecifiedSealedDirectories = false, PipTable pipTable = null, IIpcProvider ipcProvider = null, IKextConnection sandboxedKextConnection = null) { Contract.Requires(context != null); Contract.Requires(config != null); LoggingContext = loggingContext; Context = context; // Ensure paths visible when debugging PathTable.DebugPathTable = Context.PathTable; Configuration = config; PipTable = pipTable; PathExpander = semanticPathExpander ?? SemanticPathExpander.Default; ContentFingerprinter = new PipContentFingerprinter( Context.PathTable, artifact => State.FileContentManager.GetInputContent(artifact).FileContentInfo, new ExtraFingerprintSalts(config, PipFingerprintingVersion.TwoPhaseV2, fingerprintSalt: null, searchPathToolsHash: null), pathExpander: PathExpander, pipDataLookup: pipDataLookup); PipFragmentRenderer = this.CreatePipFragmentRenderer(); IpcProvider = ipcProvider ?? IpcFactory.GetProvider(); FileContentTable = fileContentTable ?? FileContentTable.CreateNew(); Cache = pipCache; FileAccessWhitelist = fileAccessWhitelist; m_allowUnspecifiedSealedDirectories = allowUnspecifiedSealedDirectories; m_sandboxedKextConnection = sandboxedKextConnection; if (Cache == null) { Cache = InMemoryCacheFactory.Create(context); } var tracker = FileChangeTracker.CreateDisabledTracker(LoggingContext); LocalDiskContentStore = new LocalDiskContentStore(loggingContext, context.PathTable, FileContentTable, tracker); PipGraphView = new TestPipGraphFilesystemView(Context.PathTable); m_operationTracker = new OperationTracker(loggingContext); var fileSystemView = new FileSystemView(Context.PathTable, PipGraphView, LocalDiskContentStore); var preserveOutputsSalt = UnsafeOptions.PreserveOutputsNotUsed; if (config.Sandbox.UnsafeSandboxConfiguration.PreserveOutputs != PreserveOutputsMode.Disabled) { preserveOutputsSalt = ContentHashingUtilities.HashString(Guid.NewGuid().ToString()); } State = new PipExecutionState( config, cache: new PipTwoPhaseCache(loggingContext, Cache, context, PathExpander), fileAccessWhitelist: FileAccessWhitelist, directoryMembershipFingerprinter: this, pathExpander: PathExpander, executionLog: ExecutionLogRecorder, fileSystemView: fileSystemView, fileContentManager: GetFileContentManager(), directoryMembershipFinterprinterRuleSet: null, unsafeConfiguration: config.Sandbox.UnsafeSandboxConfiguration, preserveOutputsSalt: preserveOutputsSalt, serviceManager: new DummyServiceManager()); m_sealContentsById = new ConcurrentBigMap <DirectoryArtifact, int[]>(); ProcessInContainerManager = new ProcessInContainerManager(LoggingContext, context.PathTable); }
/// <summary> /// For unit tests only. /// </summary> public SandboxExecRunner(IKextConnection connection) { m_options = Options.Defaults; m_kextConnection = connection; }