Sandbox blocks output to default plugin output directory when it's under <pkgdir>/.build

abertelrud · abertelrud · commit 16e9075786e9 · 2022-04-18T13:33:30.000-07:00
The sandbox rules introduced in #3996 made the entire package directory read-only, but that isn't appropriate when `.build` is inside the package directory. This change turns the stateless Sandbox enum into a SandboxProfile struct that can be configured and passed around well before being applied, and it makes the configuration more flexible in several regards: - there is a list of path rules allowing a mixed order of `allow` and `deny` rules - the choice of allowing writing to temporary directories is independent of anything other choice - the defaults are built into the initializer rather than a separate `strictness` parameter — this means that they can be queried once the SandboxProfile has been created and are expressed in terms of the choices available to all sandbox profiles. Having the sandbox profile be a struct that generates the platform specifics as needed also provides a place with which to associate any cached/compiled representation for profiles that are largely static. As cleanup, this commit also removes the pre-SwiftPM 5.3 specialities which were specific to running the package manifest in an interpreter rather than compiling and executing it. This functionality is no longer relevant since it isn't possible to run any manifest in the interpreter. In this commit, the call sites have been adjusted so that they use the modified SandboxProfile API, but still construct the profiles on-the-fly as before. A future change could make them instead be configured at an early point and then applied later when the sandboxed process is actually launched. Another future change could add the sandbox profile to Process as a property so that there is no API assumption that applying a sandbox necessarily involves just modifying the command line. rdar://87417780
diff --git a/Sources/Basics/CMakeLists.txt b/Sources/Basics/CMakeLists.txt
@@ -1,6 +1,6 @@
 # This source file is part of the Swift open source project
 #
-# Copyright (c) 2014 - 2021 Apple Inc. and the Swift project authors
+# Copyright (c) 2014 - 2022 Apple Inc. and the Swift project authors
 # Licensed under Apache License v2.0 with Runtime Library Exception
 #
 # See http://swift.org/LICENSE.txt for license information
@@ -24,7 +24,7 @@ add_library(Basics
   JSONDecoder+Extensions.swift
   Netrc.swift
   Observability.swift
-  Sandbox.swift
+  SandboxProfile.swift
   String+Extensions.swift
   Triple+Extensions.swift
   SwiftVersion.swift
diff --git a/Sources/Basics/SandboxProfile.swift b/Sources/Basics/SandboxProfile.swift
@@ -0,0 +1,124 @@
+/*
+ This source file is part of the Swift.org open source project
+
+ Copyright (c) 2021 - 2022 Apple Inc. and the Swift project authors
+ Licensed under Apache License v2.0 with Runtime Library Exception
+
+ See http://swift.org/LICENSE.txt for license information
+ See http://swift.org/CONTRIBUTORS.txt for Swift project authors
+ */
+
+import Foundation
+import TSCBasic
+import TSCUtility
+
+/// A sandbox profile representing the desired restrictions. The implementation can vary between platforms.
+public struct SandboxProfile {
+    /// Whether to allow outbound and inbound network access.
+    public var allowNetwork: Bool
+
+    /// Whether to allow writing to system-defined temporary directories. Overridden by any rules in `pathRules`.
+    public var allowWritingToTemporaryDirectories: Bool
+
+    /// An ordered list of path rules, where the last rule to cover a particular path "wins". These will be resolved
+    /// to absolute paths at the time the profile is applied. They are applied after any of the implicit directories
+    /// referenced by other sandbox profile settings.
+    public var pathRules: [PathWritabilityRule]
+
+    /// Represents a readonly/writable rule for a path and everything under it.
+    public enum PathWritabilityRule: Equatable {
+        case readonly(AbsolutePath)
+        case writable(AbsolutePath)
+    }
+
+    /// Configures a SandboxProfile for blocking network access and writing to the file system except to specifically
+    /// permitted locations.
+    public init(
+        allowNetwork: Bool = false,
+        allowWritingToTemporaryDirectories: Bool = false,
+        pathRules: [PathWritabilityRule] = []
+    ) {
+        self.allowNetwork = allowNetwork
+        self.allowWritingToTemporaryDirectories = allowWritingToTemporaryDirectories
+        self.pathRules = pathRules
+    }
+}
+
+extension SandboxProfile {
+    /// Applies the sandbox profile to the given command line (if the platform supports it), and returns the modified
+    /// command line. On platforms that don't support sandboxing, the unmodified command line is returned.
+    public func apply(to command: [String]) -> [String] {
+        #if os(macOS)
+        return ["/usr/bin/sandbox-exec", "-p", self.generateMacOSSandboxProfileString()] + command
+        #else
+        // rdar://40235432, rdar://75636874 tracks implementing sandboxes for other platforms.
+        return command
+        #endif
+    }
+}
+
+// MARK: - macOS
+
+#if os(macOS)
+fileprivate extension SandboxProfile {
+    /// Private function that generates a Darwin sandbox profile suitable for passing to `sandbox-exec(1)`.
+    func generateMacOSSandboxProfileString() -> String {
+        var contents = "(version 1)\n"
+
+        // Deny everything by default.
+        contents += "(deny default)\n"
+
+        // Import the system sandbox profile.
+        contents += "(import \"system.sb\")\n"
+
+        // Allow reading any file that isn't protected by TCC or permissions (ideally we'd only allow a specific set
+        // of readable locations, and can maybe tighten this in the future).
+        contents += "(allow file-read*)\n"
+
+        // Allow operations on subprocesses.
+        contents += "(allow process*)\n"
+
+        // Optionally allow network access (inbound and outbound).
+        if allowNetwork {
+            contents += "(system-network)\n"
+            contents += "(allow network*)\n"
+        }
+
+        // Optionally allow writing to the platform-specific temporary directories.
+        if allowWritingToTemporaryDirectories {
+            contents += "(allow file-write*\n"
+            for path in temporaryDirectories {
+                contents += "    (subpath \(resolveSymlinksAndQuotePath(path)))\n"
+            }
+            contents += ")\n"
+        }
+
+        // Apply customized rules for specific file system locations. Everything is readonly by default, so we just
+        // either allow or deny writing, in order. Later rules have precedence over earlier rules.
+        for rule in pathRules {
+            switch rule {
+            case .readonly(let path):
+                contents += "(deny file-write* (subpath \(resolveSymlinksAndQuotePath(path))))\n"
+            case .writable(let path):
+                contents += "(allow file-write* (subpath \(resolveSymlinksAndQuotePath(path))))\n"
+            }
+        }
+        
+        return contents
+    }
+
+    /// Private helper function that returns the temporary directories on macOS.
+    var temporaryDirectories: [AbsolutePath] {
+        return [AbsolutePath("/tmp"), AbsolutePath(NSTemporaryDirectory())]
+    }
+
+    /// Private helper function that resolves an AbsolutePath and returns it as a string quoted for use as a subpath
+    /// in a .sb sandbox profile.
+    func resolveSymlinksAndQuotePath(_ path: AbsolutePath) -> String {
+        return "\"" + resolveSymlinks(path).pathString
+            .replacingOccurrences(of: "\\", with: "\\\\")
+            .replacingOccurrences(of: "\"", with: "\\\"")
+            + "\""
+    }
+}
+#endif
diff --git a/Sources/Build/BuildOperation.swift b/Sources/Build/BuildOperation.swift
@@ -452,7 +452,8 @@ public final class BuildOperation: PackageStructureDelegate, SPMBuildCore.BuildS
                 // TODO: We need to also use any working directory, but that support isn't yet available on all platforms at a lower level.
                 var commandLine = [command.configuration.executable.pathString] + command.configuration.arguments
                 if !self.disableSandboxForPluginCommands {
-                    commandLine = Sandbox.apply(command: commandLine, strictness: .writableTemporaryDirectory, writableDirectories: [pluginResult.pluginOutputDirectory])
+                    let sandboxProfile = SandboxProfile(allowWritingToTemporaryDirectories: true, pathRules: [.writable(pluginResult.pluginOutputDirectory)])
+                    commandLine = sandboxProfile.apply(to: commandLine)
                 }
                 let processResult = try Process.popen(arguments: commandLine, environment: command.configuration.environment)
                 let output = try processResult.utf8Output() + processResult.utf8stderrOutput()
diff --git a/Sources/Build/LLBuildManifestBuilder.swift b/Sources/Build/LLBuildManifestBuilder.swift
@@ -620,7 +620,8 @@ extension LLBuildManifestBuilder {
                 let displayName = command.configuration.displayName ?? execPath.basename
                 var commandLine = [execPath.pathString] + command.configuration.arguments
                 if !self.disableSandboxForPluginCommands {
-                    commandLine = Sandbox.apply(command: commandLine, strictness: .writableTemporaryDirectory, writableDirectories: [result.pluginOutputDirectory])
+                    let sandboxProfile = SandboxProfile(allowWritingToTemporaryDirectories: true, pathRules: [.writable(result.pluginOutputDirectory)])
+                    commandLine = sandboxProfile.apply(to: commandLine)
                 }
                 manifest.addShellCmd(
                     name: displayName + "-" + ByteString(encodingAsUTF8: uniquedName).sha256Checksum,
diff --git a/Sources/PackageLoading/ManifestLoader.swift b/Sources/PackageLoading/ManifestLoader.swift
@@ -828,8 +828,8 @@ public final class ManifestLoader: ManifestLoaderProtocol {
                         // We only allow the permissions which are absolutely necessary.
                         if self.isManifestSandboxEnabled {
                             let cacheDirectories = [self.databaseCacheDir, moduleCachePath].compactMap{ $0 }
-                            let strictness: Sandbox.Strictness = toolsVersion < .v5_3 ? .manifest_pre_53 : .default
-                            cmd = Sandbox.apply(command: cmd, strictness: strictness, writableDirectories: cacheDirectories)
+        let sandboxProfile = SandboxProfile(pathRules: cacheDirectories.map{ .writable($0) })
+cmd = sandboxProfile.apply(to: cmd)
                         }
 
                         // Run the compiled manifest.
diff --git a/Sources/Workspace/DefaultPluginScriptRunner.swift b/Sources/Workspace/DefaultPluginScriptRunner.swift
@@ -393,7 +393,10 @@ public struct DefaultPluginScriptRunner: PluginScriptRunner, Cancellable {
 
         // Optionally wrap the command in a sandbox, which places some limits on what it can do. In particular, it blocks network access and restricts the paths to which the plugin can make file system changes. It does allow writing to temporary directories.
         if self.enableSandbox {
-            command = Sandbox.apply(command: command, strictness: .writableTemporaryDirectory, writableDirectories: writableDirectories + [self.cacheDir], readOnlyDirectories: readOnlyDirectories)
+            let sandboxProfile = SandboxProfile(allowWritingToTemporaryDirectories: true, pathRules:
+                readOnlyDirectories.map{ .readonly($0) } +
+                writableDirectories.map{ .writable($0) } + [.writable(self.cacheDir)])
+            command = sandboxProfile.apply(to: command)
         }
 
         // Create and configure a Process. We set the working directory to the cache directory, so that relative paths end up there.
diff --git a/Tests/BasicsTests/SandboxTests.swift b/Tests/BasicsTests/SandboxTests.swift
@@ -10,25 +10,36 @@
 //
 //===----------------------------------------------------------------------===//
 
-@testable import Basics
+import Basics
 import SPMTestSupport
 import TSCBasic
 import XCTest
 
 final class SandboxTest: XCTestCase {
+
+    func testDefaults() throws {
+        let sandboxProfile = SandboxProfile()
+        XCTAssertEqual(sandboxProfile.allowNetwork, false)
+        XCTAssertEqual(sandboxProfile.allowWritingToTemporaryDirectories, false)
+        XCTAssertEqual(sandboxProfile.pathRules, [])
+    }
+
     func testSandboxOnAllPlatforms() throws {
         try withTemporaryDirectory { path in
-            let command = Sandbox.apply(command: ["echo", "0"], strictness: .default, writableDirectories: [])
+            let command = SandboxProfile().apply(to:
+                ["echo", "0"])
             XCTAssertNoThrow(try Process.checkNonZeroExit(arguments: command))
         }
     }
 
     func testNetworkNotAllowed() throws {
         #if !os(macOS)
-        try XCTSkipIf(true, "test is only supported on macOS")
+        try XCTSkipIf(true, "sandboxing is only supported on macOS")
         #endif
 
-        let command = Sandbox.apply(command: ["ping", "-t", "1", "localhost"], strictness: .default, writableDirectories: [])
+        /// Check that network access isn't allowed by default.
+        let command = SandboxProfile().apply(to:
+            ["ping", "-t", "1", "localhost"])
 
         XCTAssertThrowsError(try Process.checkNonZeroExit(arguments: command)) { error in
             guard case ProcessResult.Error.nonZeroExit(let result) = error else {
@@ -40,22 +51,24 @@ final class SandboxTest: XCTestCase {
 
     func testWritableAllowed() throws {
         #if !os(macOS)
-        try XCTSkipIf(true, "test is only supported on macOS")
+        try XCTSkipIf(true, "sandboxing is only supported on macOS")
         #endif
 
         try withTemporaryDirectory { path in
-            let command = Sandbox.apply(command: ["touch", path.appending(component: UUID().uuidString).pathString], strictness: .default, writableDirectories: [path])
+            let command = SandboxProfile(pathRules: [.writable(path)]).apply(to:
+                ["touch", path.appending(component: UUID().uuidString).pathString])
             XCTAssertNoThrow(try Process.checkNonZeroExit(arguments: command))
         }
     }
 
     func testWritableNotAllowed() throws {
         #if !os(macOS)
-        try XCTSkipIf(true, "test is only supported on macOS")
+        try XCTSkipIf(true, "sandboxing is only supported on macOS")
         #endif
 
         try withTemporaryDirectory { path in
-            let command = Sandbox.apply(command: ["touch", path.appending(component: UUID().uuidString).pathString], strictness: .default, writableDirectories: [])
+            let command = SandboxProfile().apply(to:
+                ["touch", path.appending(component: UUID().uuidString).pathString])
             XCTAssertThrowsError(try Process.checkNonZeroExit(arguments: command)) { error in
                 guard case ProcessResult.Error.nonZeroExit(let result) = error else {
                     return XCTFail("invalid error \(error)")
@@ -67,14 +80,15 @@ final class SandboxTest: XCTestCase {
 
     func testRemoveNotAllowed() throws {
         #if !os(macOS)
-        try XCTSkipIf(true, "test is only supported on macOS")
+        try XCTSkipIf(true, "sandboxing is only supported on macOS")
         #endif
 
         try withTemporaryDirectory { path in
             let file = path.appending(component: UUID().uuidString)
             XCTAssertNoThrow(try Process.checkNonZeroExit(arguments: ["touch", file.pathString]))
 
-            let command = Sandbox.apply(command: ["rm", file.pathString], strictness: .default, writableDirectories: [])
+            let command = SandboxProfile().apply(to:
+                ["rm", file.pathString])
             XCTAssertThrowsError(try Process.checkNonZeroExit(arguments: command)) { error in
                 guard case ProcessResult.Error.nonZeroExit(let result) = error else {
                     return XCTFail("invalid error \(error)")
@@ -87,47 +101,51 @@ final class SandboxTest: XCTestCase {
     // FIXME: rdar://75707545 this should not be allowed outside very specific read locations
     func testReadAllowed() throws {
         #if !os(macOS)
-        try XCTSkipIf(true, "test is only supported on macOS")
+        try XCTSkipIf(true, "sandboxing is only supported on macOS")
         #endif
 
         try withTemporaryDirectory { path in
             let file = path.appending(component: UUID().uuidString)
             XCTAssertNoThrow(try Process.checkNonZeroExit(arguments: ["touch", file.pathString]))
 
-            let command = Sandbox.apply(command: ["cat", file.pathString], strictness: .default, writableDirectories: [])
+            let command = SandboxProfile().apply(to:
+                ["cat", file.pathString])
             XCTAssertNoThrow(try Process.checkNonZeroExit(arguments: command))
         }
     }
 
     // FIXME: rdar://75707545 this should not be allowed outside very specific programs
     func testExecuteAllowed() throws {
         #if !os(macOS)
-        try XCTSkipIf(true, "test is only supported on macOS")
+        try XCTSkipIf(true, "sandboxing is only supported on macOS")
         #endif
 
         try withTemporaryDirectory { path in
-            let file = path.appending(component: UUID().uuidString)
-            XCTAssertNoThrow(try Process.checkNonZeroExit(arguments: ["touch", file.pathString]))
-            XCTAssertNoThrow(try Process.checkNonZeroExit(arguments: ["chmod", "+x", file.pathString]))
+            let scriptFile = path.appending(component: UUID().uuidString)
+            XCTAssertNoThrow(try Process.checkNonZeroExit(arguments: ["touch", scriptFile.pathString]))
+            XCTAssertNoThrow(try Process.checkNonZeroExit(arguments: ["chmod", "+x", scriptFile.pathString]))
 
-            let command = Sandbox.apply(command: [file.pathString], strictness: .default, writableDirectories: [])
+            let command = SandboxProfile().apply(to:
+                [scriptFile.pathString])
             XCTAssertNoThrow(try Process.checkNonZeroExit(arguments: command))
         }
     }
 
     func testWritingToTemporaryDirectoryAllowed() throws {
         #if !os(macOS)
-        try XCTSkipIf(true, "test is only supported on macOS")
+        try XCTSkipIf(true, "sandboxing is only supported on macOS")
         #endif
 
         // Try writing to the per-user temporary directory, which is under /var/folders/.../TemporaryItems.
         let tmpFile1 = NSTemporaryDirectory() + "/" + UUID().uuidString
-        let command1 = Sandbox.apply(command: ["touch", tmpFile1], strictness: .writableTemporaryDirectory)
+        let command1 = SandboxProfile(allowWritingToTemporaryDirectories: true).apply(to:
+            ["touch", tmpFile1])
         XCTAssertNoThrow(try Process.checkNonZeroExit(arguments: command1))
         try? FileManager.default.removeItem(atPath: tmpFile1)
 
         let tmpFile2 = "/tmp" + "/" + UUID().uuidString
-        let command2 = Sandbox.apply(command: ["touch", tmpFile2], strictness: .writableTemporaryDirectory)
+        let command2 = SandboxProfile(allowWritingToTemporaryDirectories: true).apply(to:
+            ["touch", tmpFile2])
         XCTAssertNoThrow(try Process.checkNonZeroExit(arguments: command2))
         try? FileManager.default.removeItem(atPath: tmpFile2)
     }
diff --git a/Tests/CommandsTests/PackageToolTests.swift b/Tests/CommandsTests/PackageToolTests.swift
