/// <summary> /// For an unexpected <see cref="ObservedFileAccess"/> (which is actually an aggregation of <see cref="ReportedFileAccess"/>es to /// a single path), reports each constituent access and computes an aggregate whitelist match type (the least permissive of any /// individual access). /// </summary> public FileAccessWhitelist.MatchType MatchAndReportUnexpectedObservedFileAccess(ObservedFileAccess unexpectedObservedFileAccess) { var aggregateMatch = FileAccessWhitelist.MatchType.MatchesAndCacheable; foreach (ReportedFileAccess reportedAccess in unexpectedObservedFileAccess.Accesses) { FileAccessWhitelist.MatchType thisMatch = MatchAndReportUnexpectedFileAccess(reportedAccess); switch (thisMatch) { case FileAccessWhitelist.MatchType.NoMatch: aggregateMatch = FileAccessWhitelist.MatchType.NoMatch; break; case FileAccessWhitelist.MatchType.MatchesButNotCacheable: if (aggregateMatch == FileAccessWhitelist.MatchType.MatchesAndCacheable) { aggregateMatch = FileAccessWhitelist.MatchType.MatchesButNotCacheable; } break; default: Contract.Assert(thisMatch == FileAccessWhitelist.MatchType.MatchesAndCacheable); break; } } return(aggregateMatch); }
/// <summary> /// Reports an access that - ignoring whitelisting - was unexpected. This can be due to a manifest-side or BuildXL-side denial decision. /// </summary> private FileAccessWhitelist.MatchType MatchAndReportUnexpectedFileAccess(ReportedFileAccess unexpectedFileAccess) { if (m_fileAccessWhitelist != null && m_fileAccessWhitelist.HasEntries) { Contract.Assert( m_config.FailUnexpectedFileAccesses == false, "Having a file-access whitelist requires that Detours failure injection is off."); FileAccessWhitelist.MatchType matchType = m_fileAccessWhitelist.Matches(m_loggingContext, unexpectedFileAccess, m_pip); switch (matchType) { case FileAccessWhitelist.MatchType.NoMatch: AddUnexpectedFileAccessNotWhitelisted(unexpectedFileAccess); ReportUnexpectedFileAccessNotWhitelisted(unexpectedFileAccess); break; case FileAccessWhitelist.MatchType.MatchesButNotCacheable: AddUnexpectedFileAccessWhitelisted(unexpectedFileAccess); m_numWhitelistedButNotCacheableFileAccessViolations++; ReportWhitelistedFileAccessNonCacheable(unexpectedFileAccess); break; case FileAccessWhitelist.MatchType.MatchesAndCacheable: AddUnexpectedFileAccessWhitelisted(unexpectedFileAccess); m_numWhitelistedAndCacheableFileAccessViolations++; ReportWhitelistedFileAccessCacheable(unexpectedFileAccess); break; default: throw Contract.AssertFailure("Unknown whitelist-match type."); } return(matchType); } else { AddUnexpectedFileAccessNotWhitelisted(unexpectedFileAccess); ReportUnexpectedFileAccessNotWhitelisted(unexpectedFileAccess); return(FileAccessWhitelist.MatchType.NoMatch); } }