The shouldDisableSandbox setting wasn't being passed along to build tool plugin commands

Not exactly sure when this failed, but the setting ended up not getting passed through in one of the refactorings a couple of weeks ago.  There wasn't a unit test covering it, so this commit adds one.

rdar://90955872

Author: abertelrud

Fixtures/Miscellaneous/Plugins/SandboxViolatingBuildToolPluginCommands/MyLibrary/Package.swift

@@ -0,0 +1,16 @@
+// swift-tools-version: 5.6
+import PackageDescription
+
+let package = Package(
+    name: "MyLibrary",
+    dependencies: [
+        .package(path: "../MyPlugin")
+    ],
+    targets: [
+        .target(
+            name: "MyLibrary",
+            plugins: [
+                .plugin(name: "PackageScribblerPlugin", package: "MyPlugin")
+            ])
+    ]
+)

Fixtures/Miscellaneous/Plugins/SandboxViolatingBuildToolPluginCommands/MyLibrary/Sources/MyLibrary/library.swift

@@ -0,0 +1,3 @@
+public func MyLibraryStruct() -> String {
+    return "This is \(foo)"
+}

Fixtures/Miscellaneous/Plugins/SandboxViolatingBuildToolPluginCommands/MyPlugin/Package.swift

@@ -0,0 +1,18 @@
+// swift-tools-version: 5.6
+import PackageDescription
+
+let package = Package(
+    name: "MyPlugin",
+    products: [
+        .plugin(
+            name: "PackageScribblerPlugin",
+            targets: ["PackageScribblerPlugin"]
+        ),
+    ],
+    targets: [
+        .plugin(
+            name: "PackageScribblerPlugin",
+            capability: .buildTool()
+        )
+    ]
+)

Fixtures/Miscellaneous/Plugins/SandboxViolatingBuildToolPluginCommands/MyPlugin/Plugins/PackageScribblerPlugin/plugin.swift

@@ -0,0 +1,18 @@
+import PackagePlugin
+import Foundation
+
+@main
+struct MyPlugin: BuildToolPlugin {
+
+    func createBuildCommands(context: PluginContext, target: Target) async throws -> [Command] {
+        let outputDir = target.directory.appending("generated")
+        try FileManager.default.createDirectory(atPath: outputDir.string, withIntermediateDirectories: true)
+        return [
+            .prebuildCommand(
+                displayName: "Creating Foo.swift in the target directory…",
+                executable: Path("/bin/bash"),
+                arguments: [ "-c", "echo 'let foo = \"\(target.name)\"' > '\(outputDir)/foo.swift'" ],
+                outputFilesDirectory: outputDir)
+        ]
+    }
+}

Sources/Commands/SwiftTool.swift

@@ -754,6 +754,7 @@ public class SwiftTool {
             packageGraphLoader: customPackageGraphLoader ?? graphLoader,
             pluginScriptRunner: self.getPluginScriptRunner(),
             pluginWorkDirectory: try self.getActiveWorkspace().location.pluginWorkingDirectory,
+            disableSandboxForPluginCommands: self.options.security.shouldDisableSandbox,
             outputStream: customOutputStream ?? self.outputStream,
             logLevel: customLogLevel ?? self.logLevel,
             fileSystem: self.fileSystem,

Tests/FunctionalTests/PluginTests.swift

@@ -855,4 +855,23 @@ class PluginTests: XCTestCase {
             XCTAssert(stdout.contains("type of snippet target: snippet"), "output:\n\(stderr)\n\(stdout)")
         }
     }
+
+    func testSandboxViolatingBuildToolPluginCommands() throws {
+        // Only run the test if the environment in which we're running actually supports Swift concurrency (which the plugin APIs require).
+        try XCTSkipIf(!UserToolchain.default.supportsSwiftConcurrency(), "skipping because test environment doesn't support concurrency")
+
+        // Check that the build fails with a sandbox violation by default.
+        try fixture(name: "Miscellaneous/Plugins/SandboxViolatingBuildToolPluginCommands") { path in
+            XCTAssertThrowsError(try executeSwiftBuild(path.appending(component: "MyLibrary"), configuration: .Debug)) { error in
+                XCTAssertMatch("\(error)", .contains("You don’t have permission to save the file “generated” in the folder “MyLibrary”."))
+            }
+        }
+
+        // Check that the build succeeds if we disable the sandbox.
+        try fixture(name: "Miscellaneous/Plugins/SandboxViolatingBuildToolPluginCommands") { path in
+            let (stdout, stderr) = try executeSwiftBuild(path.appending(component: "MyLibrary"), configuration: .Debug, extraArgs: ["--disable-sandbox"])
+            XCTAssert(stdout.contains("Compiling MyLibrary foo.swift"), "[STDOUT]\n\(stdout)\n[STDERR]\n\(stderr)\n")
+        }
+
+    }
 }