src/main/java/com/google/devtools/build/lib/sandbox/SandboxActionContextProvider.java - bazel - Git at Google

 // Copyright 2015 The Bazel Authors. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //    http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package com.google.devtools.build.lib.sandbox;

 import com.google.common.base.Splitter;
 import com.google.common.collect.ImmutableList;
 import com.google.devtools.build.lib.actions.ActionContext;
 import com.google.devtools.build.lib.actions.ExecException;
 import com.google.devtools.build.lib.actions.ResourceManager;
 import com.google.devtools.build.lib.actions.Spawn;
 import com.google.devtools.build.lib.actions.SpawnResult;
 import com.google.devtools.build.lib.actions.Spawns;
 import com.google.devtools.build.lib.exec.ActionContextProvider;
 import com.google.devtools.build.lib.exec.SpawnRunner;
 import com.google.devtools.build.lib.exec.apple.XcodeLocalEnvProvider;
 import com.google.devtools.build.lib.exec.local.LocalEnvProvider;
 import com.google.devtools.build.lib.exec.local.LocalExecutionOptions;
 import com.google.devtools.build.lib.exec.local.LocalSpawnRunner;
 import com.google.devtools.build.lib.exec.local.PosixLocalEnvProvider;
 import com.google.devtools.build.lib.runtime.CommandEnvironment;
 import com.google.devtools.build.lib.util.OS;
 import com.google.devtools.build.lib.vfs.FileSystem;
 import com.google.devtools.build.lib.vfs.Path;
 import com.google.devtools.common.options.OptionsProvider;
 import java.io.File;
 import java.io.IOException;
 import java.time.Duration;
 import java.util.Optional;
 import javax.annotation.Nullable;

 /**
  * Provides the sandboxed spawn strategy.
  */
 final class SandboxActionContextProvider extends ActionContextProvider {
   private final ImmutableList<ActionContext> contexts;

   private SandboxActionContextProvider(ImmutableList<ActionContext> contexts) {
     this.contexts = contexts;
   }

   public static SandboxActionContextProvider create(CommandEnvironment cmdEnv, Path sandboxBase,
       @Nullable SandboxfsProcess process)
       throws IOException {
     ImmutableList.Builder<ActionContext> contexts = ImmutableList.builder();

     OptionsProvider options = cmdEnv.getOptions();
     Duration timeoutKillDelay =
         Duration.ofSeconds(
             options.getOptions(LocalExecutionOptions.class).localSigkillGraceSeconds);

     // This works on most platforms, but isn't the best choice, so we put it first and let later
     // platform-specific sandboxing strategies become the default.
     if (ProcessWrapperSandboxedSpawnRunner.isSupported(cmdEnv)) {
       SpawnRunner spawnRunner =
           withFallback(
               cmdEnv,
               new ProcessWrapperSandboxedSpawnRunner(
                   cmdEnv, sandboxBase, cmdEnv.getRuntime().getProductName(), timeoutKillDelay));
       contexts.add(new ProcessWrapperSandboxedStrategy(cmdEnv.getExecRoot(), spawnRunner));
     }

     // This strategy uses Docker to execute spawns. It should work on all platforms that support
     // Docker.
     getPathToDockerClient(cmdEnv)
         .ifPresent(
             dockerClient -> {
               if (DockerSandboxedSpawnRunner.isSupported(cmdEnv, dockerClient)) {
                 String defaultImage = options.getOptions(SandboxOptions.class).dockerImage;
                 boolean useCustomizedImages =
                     options.getOptions(SandboxOptions.class).dockerUseCustomizedImages;
                 SpawnRunner spawnRunner =
                     withFallback(
                         cmdEnv,
                         new DockerSandboxedSpawnRunner(
                             cmdEnv,
                             dockerClient,
                             sandboxBase,
                             defaultImage,
                             timeoutKillDelay,
                             useCustomizedImages));
                 contexts.add(new DockerSandboxedStrategy(cmdEnv.getExecRoot(), spawnRunner));
               }
             });

     // This is the preferred sandboxing strategy on Linux.
     if (LinuxSandboxedSpawnRunner.isSupported(cmdEnv)) {
       SpawnRunner spawnRunner =
           withFallback(
               cmdEnv,
               LinuxSandboxedStrategy.create(cmdEnv, sandboxBase, timeoutKillDelay, process));
       contexts.add(new LinuxSandboxedStrategy(cmdEnv.getExecRoot(), spawnRunner));
     }

     // This is the preferred sandboxing strategy on macOS.
     if (DarwinSandboxedSpawnRunner.isSupported(cmdEnv)) {
       SpawnRunner spawnRunner =
           withFallback(
               cmdEnv,
               new DarwinSandboxedSpawnRunner(cmdEnv, sandboxBase, timeoutKillDelay, process));
       contexts.add(new DarwinSandboxedStrategy(cmdEnv.getExecRoot(), spawnRunner));
     }

     return new SandboxActionContextProvider(contexts.build());
   }

   private static Optional<Path> getPathToDockerClient(CommandEnvironment cmdEnv) {
     String path = cmdEnv.getClientEnv().getOrDefault("PATH", "");

     Splitter pathSplitter =
         Splitter.on(OS.getCurrent() == OS.WINDOWS ? ';' : ':').trimResults().omitEmptyStrings();

     FileSystem fs = cmdEnv.getRuntime().getFileSystem();

     for (String pathElement : pathSplitter.split(path)) {
       // Sometimes the PATH contains the non-absolute entry "." - this resolves it against the
       // current working directory.
       pathElement = new File(pathElement).getAbsolutePath();
       try {
         for (Path dentry : fs.getPath(pathElement).getDirectoryEntries()) {
           if (dentry.getBaseName().replace(".exe", "").equals("docker")) {
             return Optional.of(dentry);
           }
         }
       } catch (IOException e) {
         continue;
       }
     }

     return Optional.empty();
   }

   private static SpawnRunner withFallback(CommandEnvironment env, SpawnRunner sandboxSpawnRunner) {
     return new SandboxFallbackSpawnRunner(sandboxSpawnRunner,  createFallbackRunner(env));
   }

   private static SpawnRunner createFallbackRunner(CommandEnvironment env) {
     LocalExecutionOptions localExecutionOptions =
         env.getOptions().getOptions(LocalExecutionOptions.class);
     LocalEnvProvider localEnvProvider =
         OS.getCurrent() == OS.DARWIN
             ? new XcodeLocalEnvProvider(env.getClientEnv())
             : new PosixLocalEnvProvider(env.getClientEnv());
     return
         new LocalSpawnRunner(
             env.getExecRoot(),
             localExecutionOptions,
             ResourceManager.instance(),
             localEnvProvider);
   }

   @Override
   public Iterable<? extends ActionContext> getActionContexts() {
     return contexts;
   }

   private static final class SandboxFallbackSpawnRunner implements SpawnRunner {
     private final SpawnRunner sandboxSpawnRunner;
     private final SpawnRunner fallbackSpawnRunner;

     SandboxFallbackSpawnRunner(SpawnRunner sandboxSpawnRunner, SpawnRunner fallbackSpawnRunner) {
       this.sandboxSpawnRunner = sandboxSpawnRunner;
       this.fallbackSpawnRunner = fallbackSpawnRunner;
     }

     @Override
     public String getName() {
       return "sandbox-fallback";
     }

     @Override
     public SpawnResult exec(Spawn spawn, SpawnExecutionContext context)
         throws InterruptedException, IOException, ExecException {
       if (!Spawns.mayBeSandboxed(spawn)) {
         return fallbackSpawnRunner.exec(spawn, context);
       } else {
         return sandboxSpawnRunner.exec(spawn, context);
       }
     }
   }
 }
	// Copyright 2015 The Bazel Authors. All rights reserved.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package com.google.devtools.build.lib.sandbox;

	import com.google.common.base.Splitter;
	import com.google.common.collect.ImmutableList;
	import com.google.devtools.build.lib.actions.ActionContext;
	import com.google.devtools.build.lib.actions.ExecException;
	import com.google.devtools.build.lib.actions.ResourceManager;
	import com.google.devtools.build.lib.actions.Spawn;
	import com.google.devtools.build.lib.actions.SpawnResult;
	import com.google.devtools.build.lib.actions.Spawns;
	import com.google.devtools.build.lib.exec.ActionContextProvider;
	import com.google.devtools.build.lib.exec.SpawnRunner;
	import com.google.devtools.build.lib.exec.apple.XcodeLocalEnvProvider;
	import com.google.devtools.build.lib.exec.local.LocalEnvProvider;
	import com.google.devtools.build.lib.exec.local.LocalExecutionOptions;
	import com.google.devtools.build.lib.exec.local.LocalSpawnRunner;
	import com.google.devtools.build.lib.exec.local.PosixLocalEnvProvider;
	import com.google.devtools.build.lib.runtime.CommandEnvironment;
	import com.google.devtools.build.lib.util.OS;
	import com.google.devtools.build.lib.vfs.FileSystem;
	import com.google.devtools.build.lib.vfs.Path;
	import com.google.devtools.common.options.OptionsProvider;
	import java.io.File;
	import java.io.IOException;
	import java.time.Duration;
	import java.util.Optional;
	import javax.annotation.Nullable;

	/**
	* Provides the sandboxed spawn strategy.
	*/
	final class SandboxActionContextProvider extends ActionContextProvider {
	private final ImmutableList<ActionContext> contexts;

	private SandboxActionContextProvider(ImmutableList<ActionContext> contexts) {
	this.contexts = contexts;
	}

	public static SandboxActionContextProvider create(CommandEnvironment cmdEnv, Path sandboxBase,
	@Nullable SandboxfsProcess process)
	throws IOException {
	ImmutableList.Builder<ActionContext> contexts = ImmutableList.builder();

	OptionsProvider options = cmdEnv.getOptions();
	Duration timeoutKillDelay =
	Duration.ofSeconds(
	options.getOptions(LocalExecutionOptions.class).localSigkillGraceSeconds);

	// This works on most platforms, but isn't the best choice, so we put it first and let later
	// platform-specific sandboxing strategies become the default.
	if (ProcessWrapperSandboxedSpawnRunner.isSupported(cmdEnv)) {
	SpawnRunner spawnRunner =
	withFallback(
	cmdEnv,
	new ProcessWrapperSandboxedSpawnRunner(
	cmdEnv, sandboxBase, cmdEnv.getRuntime().getProductName(), timeoutKillDelay));
	contexts.add(new ProcessWrapperSandboxedStrategy(cmdEnv.getExecRoot(), spawnRunner));
	}

	// This strategy uses Docker to execute spawns. It should work on all platforms that support
	// Docker.
	getPathToDockerClient(cmdEnv)
	.ifPresent(
	dockerClient -> {
	if (DockerSandboxedSpawnRunner.isSupported(cmdEnv, dockerClient)) {
	String defaultImage = options.getOptions(SandboxOptions.class).dockerImage;
	boolean useCustomizedImages =
	options.getOptions(SandboxOptions.class).dockerUseCustomizedImages;
	SpawnRunner spawnRunner =
	withFallback(
	cmdEnv,
	new DockerSandboxedSpawnRunner(
	cmdEnv,
	dockerClient,
	sandboxBase,
	defaultImage,
	timeoutKillDelay,
	useCustomizedImages));
	contexts.add(new DockerSandboxedStrategy(cmdEnv.getExecRoot(), spawnRunner));
	}
	});

	// This is the preferred sandboxing strategy on Linux.
	if (LinuxSandboxedSpawnRunner.isSupported(cmdEnv)) {
	SpawnRunner spawnRunner =
	withFallback(
	cmdEnv,
	LinuxSandboxedStrategy.create(cmdEnv, sandboxBase, timeoutKillDelay, process));
	contexts.add(new LinuxSandboxedStrategy(cmdEnv.getExecRoot(), spawnRunner));
	}

	// This is the preferred sandboxing strategy on macOS.
	if (DarwinSandboxedSpawnRunner.isSupported(cmdEnv)) {
	SpawnRunner spawnRunner =
	withFallback(
	cmdEnv,
	new DarwinSandboxedSpawnRunner(cmdEnv, sandboxBase, timeoutKillDelay, process));
	contexts.add(new DarwinSandboxedStrategy(cmdEnv.getExecRoot(), spawnRunner));
	}

	return new SandboxActionContextProvider(contexts.build());
	}

	private static Optional<Path> getPathToDockerClient(CommandEnvironment cmdEnv) {
	String path = cmdEnv.getClientEnv().getOrDefault("PATH", "");

	Splitter pathSplitter =
	Splitter.on(OS.getCurrent() == OS.WINDOWS ? ';' : ':').trimResults().omitEmptyStrings();

	FileSystem fs = cmdEnv.getRuntime().getFileSystem();

	for (String pathElement : pathSplitter.split(path)) {
	// Sometimes the PATH contains the non-absolute entry "." - this resolves it against the
	// current working directory.
	pathElement = new File(pathElement).getAbsolutePath();
	try {
	for (Path dentry : fs.getPath(pathElement).getDirectoryEntries()) {
	if (dentry.getBaseName().replace(".exe", "").equals("docker")) {
	return Optional.of(dentry);
	}
	}
	} catch (IOException e) {
	continue;
	}
	}

	return Optional.empty();
	}

	private static SpawnRunner withFallback(CommandEnvironment env, SpawnRunner sandboxSpawnRunner) {
	return new SandboxFallbackSpawnRunner(sandboxSpawnRunner, createFallbackRunner(env));
	}

	private static SpawnRunner createFallbackRunner(CommandEnvironment env) {
	LocalExecutionOptions localExecutionOptions =
	env.getOptions().getOptions(LocalExecutionOptions.class);
	LocalEnvProvider localEnvProvider =
	OS.getCurrent() == OS.DARWIN
	? new XcodeLocalEnvProvider(env.getClientEnv())
	: new PosixLocalEnvProvider(env.getClientEnv());
	return
	new LocalSpawnRunner(
	env.getExecRoot(),
	localExecutionOptions,
	ResourceManager.instance(),
	localEnvProvider);
	}

	@Override
	public Iterable<? extends ActionContext> getActionContexts() {
	return contexts;
	}

	private static final class SandboxFallbackSpawnRunner implements SpawnRunner {
	private final SpawnRunner sandboxSpawnRunner;
	private final SpawnRunner fallbackSpawnRunner;

	SandboxFallbackSpawnRunner(SpawnRunner sandboxSpawnRunner, SpawnRunner fallbackSpawnRunner) {
	this.sandboxSpawnRunner = sandboxSpawnRunner;
	this.fallbackSpawnRunner = fallbackSpawnRunner;
	}

	@Override
	public String getName() {
	return "sandbox-fallback";
	}

	@Override
	public SpawnResult exec(Spawn spawn, SpawnExecutionContext context)
	throws InterruptedException, IOException, ExecException {
	if (!Spawns.mayBeSandboxed(spawn)) {
	return fallbackSpawnRunner.exec(spawn, context);
	} else {
	return sandboxSpawnRunner.exec(spawn, context);
	}
	}
	}
	}