Merged PR 785475: Resolve ptrace sandbox reports dfa in Ubuntu 22.04 on readlink

Untrack /user/local/include and /usr/x86_64-linux-gnu by default Report Checker::Lookup for absent path in readlink Fix a small bug when pathname is empty, we added extra slash at the end of the path Related work items: #2137346
2024-05-21 18:01:24 +00:00 · 2024-05-21 18:01:24 +00:00 · 0c6c081ef9
--- a/Public/Src/Engine/UnitTests/Processes/InterposeSandboxProcessTest.cs
+++ b/Public/Src/Engine/UnitTests/Processes/InterposeSandboxProcessTest.cs
@ -100,6 +100,26 @@ namespace Test.BuildXL.Processes
            XAssert.AreEqual(1, accesses.Where(a => a.Path == realPath3).Count());
        }
        [Fact]
        public void CallBoostReadlinkAbsentPathTests()
        {
            var fileStorage = new TempFileStorage(canGetFileNames: true);
            var absentFilePath = Path.Combine(fileStorage.RootDirectory, "absentFile.o");
            // This test calls readlink(absentFilePath)
            var result = RunTest("readlink_absent_path", fileStorage);
            XAssert.IsNotNull(result.FileAccesses);
            // There should be only one absent file access
            var absentPathAccesses = result.FileAccesses!.Where(a => a.IsNonexistent);
            XAssert.AreEqual(1, absentPathAccesses.Count());
            // readlink on absent path is reported backed as probe
            var absentFileAccess = absentPathAccesses.Single();
            XAssert.AreEqual(absentFilePath, absentFileAccess.GetPath(Context.PathTable));
            XAssert.AreEqual(RequestedAccess.Probe, absentFileAccess.RequestedAccess);
        }
        [Fact]
        public void CallBoostObserverUtilitiesTests()
        {
--- a/Public/Src/Pips/Dll/Graph/PipGraph.UnixDefaults.cs
+++ b/Public/Src/Pips/Dll/Graph/PipGraph.UnixDefaults.cs
@ -121,6 +121,8 @@ namespace BuildXL.Pips.Graph
                        UnixPaths.LibLinuxGnu,
                        UnixPaths.Lib64,
                        UnixPaths.Run,
                        UnixPaths.UsrLocalInclude,
                        UnixPaths.UsrLinuxGnu,
                    }
                    .Concat(IfMacOs(
                        MacPaths.AppleInternal,
--- a/Public/Src/Sandbox/Linux/UnitTests/BuildXL.Sandbox.Linux.UnitTests.dsc
+++ b/Public/Src/Sandbox/Linux/UnitTests/BuildXL.Sandbox.Linux.UnitTests.dsc
@ -32,6 +32,10 @@ namespace UnitTests
            exeName: a`observer_utilities_test`,
            sourceFiles: [ f`observer_utilities_test.cpp`, f`${sandboxSrcDirectory.path}/observer_utilities.cpp` ],
            includeDirectories: [ sandboxSrcDirectory ]
        },
        {
            exeName: a`readlink_absent_path`,
            sourceFiles:[f`readlink_absent_path.cpp`]
        }
    ];
--- a/Public/Src/Sandbox/Linux/UnitTests/readlink_absent_path.cpp
+++ b/Public/Src/Sandbox/Linux/UnitTests/readlink_absent_path.cpp
@ -0,0 +1,34 @@
 // Copyright (c) Microsoft. All rights reserved.
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 #define BOOST_TEST_MODULE LinuxSandboxTest
 #define _DO_NOT_EXPORT
 #include <boost/test/included/unit_test.hpp>
 #include <limits.h>
 #include <string.h>
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 using namespace std;
 BOOST_AUTO_TEST_SUITE(ReadlinkAbsentPath)
 BOOST_AUTO_TEST_CASE(TestReadlinkAbsentPath)
 {
    // Create a absent file path under current working directory
    char cwd[PATH_MAX] = { 0 };
    char *res = getcwd(cwd, PATH_MAX);   
    string newPath(res);
    newPath.append("/absentFile.o");
    // Call readlink on this absent file path
    char buf[PATH_MAX] = { 0 };
    auto read = readlink(newPath.c_str(), buf, PATH_MAX);
    // readlink return -1 on absent path and error number is ENOENT
    BOOST_CHECK(read == -1);
    BOOST_CHECK_EQUAL(errno, ENOENT);
 }
 BOOST_AUTO_TEST_SUITE_END()
--- a/Public/Src/Sandbox/Linux/bxl_observer.cpp
+++ b/Public/Src/Sandbox/Linux/bxl_observer.cpp
@ -1129,8 +1129,11 @@ void BxlObserver::relative_to_absolute(const char *pathname, int dirfd, int asso
            _fatal("['%s'] Could not get path for fd %d with path '%s'; errno: %d", systemcall, dirfd, pathname, errno);
        }
-        fullpath[len] = '/';
+        if (pathname[0] != '\0')
-        strcpy(fullpath + len + 1, pathname);
+        {
            fullpath[len] = '/';
            strcpy(fullpath + len + 1, pathname);
        }
    }
    else
    {
--- a/Public/Src/Sandbox/MacOs/Interop/Sandbox/Handlers/IOHandler.cpp
+++ b/Public/Src/Sandbox/MacOs/Interop/Sandbox/Handlers/IOHandler.cpp
@ -127,7 +127,15 @@ AccessCheckResult IOHandler::HandleUnlink(const IOEvent &event, AccessReport &ac
 AccessCheckResult IOHandler::HandleReadlink(const IOEvent &event, AccessReport &accessToReport)
 {
-    return CheckAndCreateReport(kOpMacReadlink, event.GetEventPath(SRC_PATH), Checkers::CheckRead, event.GetPid(), false, event.GetError(), accessToReport);
+    bool isDir = S_ISDIR(event.GetMode());
    if (!event.EventPathExists())
    {
        return CheckAndCreateReport(kOpMacLookup, event.GetEventPath(SRC_PATH), Checkers::CheckLookup, event.GetPid(), isDir, event.GetError(), accessToReport);
    }
    else
    {
        return CheckAndCreateReport(kOpMacReadlink, event.GetEventPath(SRC_PATH), Checkers::CheckRead, event.GetPid(), isDir, event.GetError(), accessToReport);
    }
 }
 AccessCheckResult IOHandler::HandleRename(const IOEvent &event, AccessReport &sourceAccessToReport, AccessReport &destinationAccessToReport)
--- a/Public/Src/Utilities/Utilities.Core/Interop/MacOS/IO.cs
+++ b/Public/Src/Utilities/Utilities.Core/Interop/MacOS/IO.cs
@ -492,6 +492,8 @@ namespace BuildXL.Interop.Unix
        public const string UsrStandalone   = "/usr/standalone";
        public const string UsrSbin         = "/usr/sbin";
        public const string Var             = "/var";
        public const string UsrLocalInclude = "/usr/local/include";
        public const string UsrLinuxGnu     = "/usr/x86_64-linux-gnu";
    }
    public static class MacPaths