src/main/java/com/google/devtools/build/lib/sandbox/SandboxRunner.java

// Copyright 2016 The Bazel Authors. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package com.google.devtools.build.lib.sandbox;

import com.google.devtools.build.lib.actions.ExecException;
import com.google.devtools.build.lib.actions.UserExecException;
import com.google.devtools.build.lib.shell.AbnormalTerminationException;
import com.google.devtools.build.lib.shell.Command;
import com.google.devtools.build.lib.shell.CommandException;
import com.google.devtools.build.lib.shell.KillableObserver;
import com.google.devtools.build.lib.shell.TerminationStatus;
import com.google.devtools.build.lib.util.CommandFailureUtils;
import com.google.devtools.build.lib.util.io.OutErr;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.Map;

/** A common interface of all sandbox runners, no matter which platform they're working on. */
abstract class SandboxRunner {

  private static final String SANDBOX_DEBUG_SUGGESTION =
      "\n\nUse --sandbox_debug to see verbose messages from the sandbox";

  private final boolean verboseFailures;

  SandboxRunner(boolean verboseFailures) {
    this.verboseFailures = verboseFailures;
  }

  /**
   * Runs the command specified via {@code arguments} and {@code env} inside the sandbox.
   *
   * @param arguments - arguments of spawn to run inside the sandbox.
   * @param environment - environment variables to pass to the spawn.
   * @param outErr - error output to capture sandbox's and command's stderr.
   * @param timeout - after how many seconds should the process be killed.
   * @param allowNetwork - whether networking should be allowed for the process.
   * @param sandboxDebug - whether debugging message should be printed.
   * @param useFakeHostname - whether the hostname should be set to 'localhost' inside the sandbox.
   */
  void run(
      List<String> arguments,
      Map<String, String> environment,
      OutErr outErr,
      int timeout,
      boolean allowNetwork,
      boolean sandboxDebug,
      boolean useFakeHostname)
      throws ExecException {
    Command cmd;
    try {
      cmd = getCommand(arguments, environment, timeout, allowNetwork, useFakeHostname);
    } catch (IOException e) {
      throw new UserExecException("I/O error during sandboxed execution", e);
    }

    TerminationStatus status = null;
    try {
      cmd.execute(
          /* stdin */ new byte[] {},
          getCommandObserver(timeout),
          outErr.getOutputStream(),
          outErr.getErrorStream(),
          /* killSubprocessOnInterrupt */ true);
    } catch (CommandException e) {
      boolean timedOut = false;
      if (e instanceof AbnormalTerminationException) {
        status = ((AbnormalTerminationException) e).getResult().getTerminationStatus();
        timedOut = !status.exited() && (status.getTerminatingSignal() == getSignalOnTimeout());
      }
      String statusMessage = status + " [sandboxed]";
      if (!verboseFailures) {
        // simplest error message
        throw new UserExecException(statusMessage, e, timedOut);
      }
      List<String> commandList;
      if (!sandboxDebug) {
        commandList = arguments;
      } else {
        commandList = Arrays.asList(cmd.getCommandLineElements());
      }
      String commandFailureMessage =
          CommandFailureUtils.describeCommandFailure(
              true,
              commandList,
              environment,
              null)
          + (sandboxDebug ? "" : SANDBOX_DEBUG_SUGGESTION);
      throw new UserExecException(commandFailureMessage, e, timedOut);
    }
  }

  /**
   * Returns the {@link Command} that the {@link #run} method will execute inside the sandbox.
   *
   * @param arguments - arguments of spawn to run inside the sandbox.
   * @param environment - environment variables to pass to the spawn.
   * @param timeout - after how many seconds should the process be killed.
   * @param allowNetwork - whether networking should be allowed for the process.
   * @param useFakeHostname - whether the hostname should be set to 'localhost' inside the sandbox.
   */
  protected abstract Command getCommand(
      List<String> arguments,
      Map<String, String> environment,
      int timeout,
      boolean allowNetwork,
      boolean useFakeHostname)
      throws IOException;

  /**
   * Returns a {@link KillableObserver} that the {@link #run} method will use when executing the
   * command returned by {@link #getCommand}.
   */
  protected KillableObserver getCommandObserver(int timeout) {
    return Command.NO_OBSERVER;
  }

  /**
   * Returns the signal code that the command returned by {@link #getCommand} exits with in case of
   * a timeout.
   */
  protected int getSignalOnTimeout() {
    return 14; /* SIGALRM */
  }
}