Common MSBuild sandboxing

[matkoch]

Hi everyone,

it's a while back that I've discovered BuildXL, and due to its sandboxing infrastructure, my initial thought was that this could be used as a common sandboxing approach when cloning third-party repositories without worrying about security too much (at least file access). I'm not entirely sure if that's the scope of the project. Back then I at least had to install some system component to make it work on macOS.

Could someone give some clarification and a few pointers?

[matkoch]

To be more clear, what I wish to provide is something like mybuild Test.csproj, and it will only allow file access to the NuGet package cache and the containing directory.

[Kr1sso]

Hey @matkoch,

first of all thank you for using and exploring BuildXL, it is much appreciated and please send any valuable feedback our way so we can improve the experience.

About your question: the most important thing to note is that the sandboxing techniques built into BuildXL were not designed with a general bulletproof security and rule enforcement concept in mind! We only implemented those features to be able to observe life-time and file accesses operations of process trees akin to the requirements of BuildXL.

That said, you could achieve what you're trying to do with the technology provided with BuildXL. The process execution code creates a FileAccessManifest that acts as a rule set for the sandbox. Those manifests are serialized, send to the sandbox and evaluated during process runtime (for Unix executions see SandboxedProcessUnix.cs).

On macOS, our implementation does not explicitly deny file accesses, merely uses the manifest to check what happened and flag a process execution as error after all observed file accesses have been retrieved by the build engine parent process. Some work would be required to actually abort / fail if things happen that are explicitly forbidden by the file access manifest on macOS (note that Detours - the Windows sandbox - also enforces rules).

A good point to start would be the SandboxExec (SandboxExec.dsc) tool we provide with the code base. Its a tool that wraps a processes and its command line (just like your mybuild) and executes it through the sandbox. After execution the tool outputs some statistics and a file with all observed file accesses. The tool itself runs on all three major platforms using the respective sandbox implementation. You would have to extend it to take an input (maybe a rule file from the command line you parse before hand), transform this input into a FileAccessManifest and send it to the execution engine through the SandboxedProcessInfo data. Once that has happened you would have to adjust the kernel extension sandbox code to also disallow file accesses that are not explicitly allowed by the manifest (for macOS at least).

Unfortunately Apple has deprecated kernel extensions with macOS Catalina and onward. The replacement technology is called EndpointSecurity (ES). This means that the kernel extension will stop working eventually and I wouldn't suggest taking a dependency on it. There is an ES implementation of the sandbox already (Public/Src/Sandbox/MacOs/Interop/Sandbox/EndpointSecuritySandbox.cpp) but its cumbersome to deploy and you need a signed binary for it to work on macOS machines with SIP enabled.

I hope those pointers help you get started. Have a great day!