// Copyright 2014 The Bazel Authors. All rights reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package com.google.devtools.build.lib.sandbox; import static java.nio.charset.StandardCharsets.UTF_8; import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import com.google.devtools.build.lib.actions.ActionExecutionContext; import com.google.devtools.build.lib.actions.ActionStatusMessage; import com.google.devtools.build.lib.actions.ExecException; import com.google.devtools.build.lib.actions.ExecutionStrategy; import com.google.devtools.build.lib.actions.Executor; import com.google.devtools.build.lib.actions.Spawn; import com.google.devtools.build.lib.actions.SpawnActionContext; import com.google.devtools.build.lib.buildtool.BuildRequest; import com.google.devtools.build.lib.exec.SpawnInputExpander; import com.google.devtools.build.lib.runtime.CommandEnvironment; import com.google.devtools.build.lib.shell.Command; import com.google.devtools.build.lib.shell.CommandException; import com.google.devtools.build.lib.shell.CommandResult; import com.google.devtools.build.lib.standalone.StandaloneSpawnStrategy; import com.google.devtools.build.lib.vfs.FileSystem; import com.google.devtools.build.lib.vfs.FileSystemUtils; import com.google.devtools.build.lib.vfs.Path; import com.google.devtools.build.lib.vfs.PathFragment; import java.io.IOException; import java.util.HashSet; import java.util.Set; import java.util.concurrent.atomic.AtomicReference; /** Strategy that uses sandboxing to execute a process, for Darwin */ @ExecutionStrategy( name = {"sandboxed", "darwin-sandbox"}, contextType = SpawnActionContext.class ) public class DarwinSandboxedStrategy extends SandboxStrategy { private final Path execRoot; private final boolean sandboxDebug; private final boolean verboseFailures; private final String productName; private final SpawnInputExpander spawnInputExpander; /** * The set of directories that always should be writable, independent of the Spawn itself. * * <p>We cache this, because creating it involves executing {@code getconf}, which is expensive. */ private final ImmutableSet<Path> alwaysWritableDirs; private DarwinSandboxedStrategy( CommandEnvironment cmdEnv, BuildRequest buildRequest, Path sandboxBase, boolean verboseFailures, String productName, ImmutableSet<Path> alwaysWritableDirs) { super( cmdEnv, buildRequest, sandboxBase, verboseFailures, buildRequest.getOptions(SandboxOptions.class)); this.execRoot = cmdEnv.getExecRoot(); this.sandboxDebug = buildRequest.getOptions(SandboxOptions.class).sandboxDebug; this.verboseFailures = verboseFailures; this.productName = productName; this.alwaysWritableDirs = alwaysWritableDirs; this.spawnInputExpander = new SpawnInputExpander(false); } public static DarwinSandboxedStrategy create( CommandEnvironment cmdEnv, BuildRequest buildRequest, Path sandboxBase, boolean verboseFailures, String productName) throws IOException { return new DarwinSandboxedStrategy( cmdEnv, buildRequest, sandboxBase, verboseFailures, productName, getAlwaysWritableDirs(cmdEnv.getDirectories().getFileSystem())); } private static void addPathToSetIfExists(FileSystem fs, Set<Path> paths, String path) throws IOException { if (path != null) { addPathToSetIfExists(paths, fs.getPath(path)); } } private static void addPathToSetIfExists(Set<Path> paths, Path path) throws IOException { if (path.exists()) { paths.add(path.resolveSymbolicLinks()); } } private static ImmutableSet<Path> getAlwaysWritableDirs(FileSystem fs) throws IOException { HashSet<Path> writableDirs = new HashSet<>(); addPathToSetIfExists(fs, writableDirs, "/dev"); addPathToSetIfExists(fs, writableDirs, System.getenv("TMPDIR")); addPathToSetIfExists(fs, writableDirs, "/tmp"); addPathToSetIfExists(fs, writableDirs, "/private/tmp"); addPathToSetIfExists(fs, writableDirs, "/private/var/tmp"); // On macOS, in addition to what is specified in $TMPDIR, two other temporary directories may be // written to by processes. We have to get their location by calling "getconf". addPathToSetIfExists(fs, writableDirs, getConfStr("DARWIN_USER_TEMP_DIR")); addPathToSetIfExists(fs, writableDirs, getConfStr("DARWIN_USER_CACHE_DIR")); // ~/Library/Cache and ~/Library/Logs need to be writable (cf. issue #2231). Path homeDir = fs.getPath(System.getProperty("user.home")); addPathToSetIfExists(writableDirs, homeDir.getRelative("Library/Cache")); addPathToSetIfExists(writableDirs, homeDir.getRelative("Library/Logs")); // Certain Xcode tools expect to be able to write to this path. addPathToSetIfExists(writableDirs, homeDir.getRelative("Library/Developer")); return ImmutableSet.copyOf(writableDirs); } /** * Returns the value of a POSIX or X/Open system configuration variable. */ private static String getConfStr(String confVar) throws IOException { String[] commandArr = new String[2]; commandArr[0] = "/usr/bin/getconf"; commandArr[1] = confVar; Command cmd = new Command(commandArr); CommandResult res; try { res = cmd.execute(); } catch (CommandException e) { throw new IOException("getconf failed", e); } return new String(res.getStdout(), UTF_8).trim(); } @Override protected void actuallyExec( Spawn spawn, ActionExecutionContext actionExecutionContext, AtomicReference<Class<? extends SpawnActionContext>> writeOutputFiles) throws ExecException, InterruptedException, IOException { Executor executor = actionExecutionContext.getExecutor(); executor .getEventBus() .post(ActionStatusMessage.runningStrategy(spawn.getResourceOwner(), "darwin-sandbox")); SandboxHelpers.reportSubcommand(executor, spawn); // Each invocation of "exec" gets its own sandbox. Path sandboxPath = getSandboxRoot(); Path sandboxExecRoot = sandboxPath.getRelative("execroot").getRelative(execRoot.getBaseName()); ImmutableMap<String, String> spawnEnvironment = StandaloneSpawnStrategy.locallyDeterminedEnv(execRoot, productName, spawn.getEnvironment()); HashSet<Path> writableDirs = new HashSet<>(alwaysWritableDirs); ImmutableSet<Path> extraWritableDirs = getWritableDirs(sandboxExecRoot, spawnEnvironment); writableDirs.addAll(extraWritableDirs); SymlinkedExecRoot symlinkedExecRoot = new SymlinkedExecRoot(sandboxExecRoot); ImmutableSet<PathFragment> outputs = SandboxHelpers.getOutputFiles(spawn); symlinkedExecRoot.createFileSystem( SandboxHelpers.getInputFiles( spawnInputExpander, this.execRoot, spawn, actionExecutionContext), outputs, writableDirs); // This will add the resolved versions of the spawn-dependant writable paths (e.g. its execroot // or TEST_TMPDIR) to the set, now that they have been created by the SymlinkedExecRoot. for (Path extraWritableDir : extraWritableDirs) { addPathToSetIfExists(writableDirs, extraWritableDir); } DarwinSandboxRunner runner = new DarwinSandboxRunner( sandboxPath, sandboxExecRoot, writableDirs, getInaccessiblePaths(), verboseFailures); try { runSpawn( spawn, actionExecutionContext, spawnEnvironment, symlinkedExecRoot, outputs, runner, writeOutputFiles); } finally { if (!sandboxDebug) { try { FileSystemUtils.deleteTree(sandboxPath); } catch (IOException e) { // This usually means that the Spawn itself exited, but still has children running that // we couldn't wait for, which now block deletion of the sandbox directory. On Linux this // should never happen, as we use PID namespaces and where they are not available the // subreaper feature to make sure all children have been reliably killed before returning, // but on other OS this might not always work. The SandboxModule will try to delete them // again when the build is all done, at which point it hopefully works, so let's just go // on here. } } } } }