/// <summary>
/// For an unexpected <see cref="ObservedFileAccess"/> (which is actually an aggregation of <see cref="ReportedFileAccess"/>es to
/// a single path), reports each constituent access and computes an aggregate whitelist match type (the least permissive of any
/// individual access).
/// </summary>
public FileAccessWhitelist.MatchType MatchAndReportUnexpectedObservedFileAccess(ObservedFileAccess unexpectedObservedFileAccess)
{
var aggregateMatch = FileAccessWhitelist.MatchType.MatchesAndCacheable;
foreach (ReportedFileAccess reportedAccess in unexpectedObservedFileAccess.Accesses)
{
FileAccessWhitelist.MatchType thisMatch = MatchAndReportUnexpectedFileAccess(reportedAccess);
switch (thisMatch)
{
case FileAccessWhitelist.MatchType.NoMatch:
aggregateMatch = FileAccessWhitelist.MatchType.NoMatch;
break;
case FileAccessWhitelist.MatchType.MatchesButNotCacheable:
if (aggregateMatch == FileAccessWhitelist.MatchType.MatchesAndCacheable)
{
aggregateMatch = FileAccessWhitelist.MatchType.MatchesButNotCacheable;
}
break;
default:
Contract.Assert(thisMatch == FileAccessWhitelist.MatchType.MatchesAndCacheable);
break;
}
}
return(aggregateMatch);
}
/// <summary>
/// Reports an access that - ignoring whitelisting - was unexpected. This can be due to a manifest-side or BuildXL-side denial decision.
/// </summary>
private FileAccessWhitelist.MatchType MatchAndReportUnexpectedFileAccess(ReportedFileAccess unexpectedFileAccess)
{
if (m_fileAccessWhitelist != null && m_fileAccessWhitelist.HasEntries)
{
Contract.Assert(
m_config.FailUnexpectedFileAccesses == false,
"Having a file-access whitelist requires that Detours failure injection is off.");
FileAccessWhitelist.MatchType matchType = m_fileAccessWhitelist.Matches(m_loggingContext, unexpectedFileAccess, m_pip);
switch (matchType)
{
case FileAccessWhitelist.MatchType.NoMatch:
AddUnexpectedFileAccessNotWhitelisted(unexpectedFileAccess);
ReportUnexpectedFileAccessNotWhitelisted(unexpectedFileAccess);
break;
case FileAccessWhitelist.MatchType.MatchesButNotCacheable:
AddUnexpectedFileAccessWhitelisted(unexpectedFileAccess);
m_numWhitelistedButNotCacheableFileAccessViolations++;
ReportWhitelistedFileAccessNonCacheable(unexpectedFileAccess);
break;
case FileAccessWhitelist.MatchType.MatchesAndCacheable:
AddUnexpectedFileAccessWhitelisted(unexpectedFileAccess);
m_numWhitelistedAndCacheableFileAccessViolations++;
ReportWhitelistedFileAccessCacheable(unexpectedFileAccess);
break;
default:
throw Contract.AssertFailure("Unknown whitelist-match type.");
}
return(matchType);
}
else
{
AddUnexpectedFileAccessNotWhitelisted(unexpectedFileAccess);
ReportUnexpectedFileAccessNotWhitelisted(unexpectedFileAccess);
return(FileAccessWhitelist.MatchType.NoMatch);
}
}
