C-WCOW: Enforce hashes on already mounted CIMs

Signed-off-by: Mahati Chamarthy <mahati.chamarthy@gmail.com>

Author: MahatiC

internal/gcs-sidecar/handlers.go

@@ -12,6 +12,8 @@ import (
 	"strings"
 	"time"
 
+	"regexp"
+
 	"github.com/Microsoft/hcsshim/hcn"
 	"github.com/Microsoft/hcsshim/internal/bridgeutils/commonutils"
 	"github.com/Microsoft/hcsshim/internal/fsformatter"
@@ -37,6 +39,8 @@ const (
 	UVMContainerID      = "00000000-0000-0000-0000-000000000000"
 )
 
+var volumeGUIDRe = regexp.MustCompile(`^\\\\\?\\Volume\{([0-9A-Fa-f\-]+)\}\\Files$`)
+
 // - Handler functions handle the incoming message requests. It
 // also enforces security policy for confidential cwcow containers.
 // - These handler functions may do some additional processing before
@@ -544,6 +548,14 @@ func (b *Bridge) lifecycleNotification(req *request) (err error) {
 	return nil
 }
 
+func volumeGUIDFromLayerPath(p string) (string, bool) {
+	m := volumeGUIDRe.FindStringSubmatch(p)
+	if len(m) != 2 {
+		return "", false
+	}
+	return m[1], true
+}
+
 func (b *Bridge) modifySettings(req *request) (err error) {
 	ctx, span := oc.StartSpan(req.ctx, "sidecar::modifySettings")
 	defer span.End()
@@ -676,6 +688,20 @@ func (b *Bridge) modifySettings(req *request) (err error) {
 				return errors.Wrap(err, "CIM mount is denied by policy")
 			}
 
+			// Volume GUID from request
+			volGUID := wcowBlockCimMounts.VolumeGUID.String()
+
+			// Cache hashes along with volGUID
+			b.hostState.blockCIMVolumeHashes[volGUID] = hashesToVerify
+
+			// Store the containerID (associated with volGUID) to mark that hashes are verified for this container
+			if _, ok := b.hostState.blockCIMVolumeContainers[volGUID]; !ok {
+				b.hostState.blockCIMVolumeContainers[volGUID] = make(map[string]struct{})
+			}
+			b.hostState.blockCIMVolumeContainers[volGUID][containerID] = struct{}{}
+
+			log.G(ctx).Tracef("Cached %d verified CIM layer hashes for volume %s (container %s)", len(hashesToVerify), volGUID, containerID)
+
 			if len(layerCIMs) > 1 {
 				_, err = cimfs.MountMergedVerifiedBlockCIMs(layerCIMs[0], layerCIMs[1:], wcowBlockCimMounts.MountFlags, wcowBlockCimMounts.VolumeGUID, layerDigests[0])
 				if err != nil {
@@ -710,6 +736,28 @@ func (b *Bridge) modifySettings(req *request) (err error) {
 			log.G(ctx).Tracef("CWCOWCombinedLayers:: ContainerID: %v, ContainerRootPath: %v, Layers: %v, ScratchPath: %v",
 				containerID, settings.CombinedLayers.ContainerRootPath, settings.CombinedLayers.Layers, settings.CombinedLayers.ScratchPath)
 
+			// The layers size is only one, this is just defensive checking
+			if len(settings.CombinedLayers.Layers) == 1 {
+				layerPath := settings.CombinedLayers.Layers[0].Path
+				if guidStr, ok := volumeGUIDFromLayerPath(layerPath); ok {
+					hashes, haveHashes := b.hostState.blockCIMVolumeHashes[guidStr]
+					if haveHashes {
+						// Only do this if it wasn't already enforced by the ResourceTypeWCOWBlockCims request
+						containers := b.hostState.blockCIMVolumeContainers[guidStr]
+						if _, seen := containers[containerID]; !seen {
+							// This is a container with CIMs already mounted (container with similar layers as an existing container). Call EnforceVerifiedCIMsPolicy on this new container
+							log.G(ctx).Tracef("Verified CIM hashes for reused mount volume %s (container %s)", guidStr, containerID)
+							if err := b.hostState.securityPolicyEnforcer.EnforceVerifiedCIMsPolicy(ctx, containerID, hashes); err != nil {
+								return fmt.Errorf("CIM mount is denied by policy for this container: %w", err)
+							}
+							containers[containerID] = struct{}{}
+						}
+					} else {
+						log.G(ctx).Debugf("No cached CIM hashes found for volume %s", guidStr)
+					}
+				}
+			}
+
 			//Since unencrypted scratch is not an option, always pass true
 			if err := b.hostState.securityPolicyEnforcer.EnforceScratchMountPolicy(ctx, settings.CombinedLayers.ContainerRootPath, true); err != nil {
 				return fmt.Errorf("scratch mounting denied by policy: %w", err)

internal/gcs-sidecar/host.go

@@ -32,6 +32,11 @@ type Host struct {
 	containersMutex sync.Mutex
 	containers      map[string]*Container
 
+	// mapping of volumeGUID to container layer hashes
+	blockCIMVolumeHashes map[string][]string
+	// mapping of volumeGUID to container IDs
+	blockCIMVolumeContainers map[string]map[string]struct{}
+
 	// state required for the security policy enforcement
 	policyMutex               sync.Mutex
 	securityPolicyEnforcer    securitypolicy.SecurityPolicyEnforcer
@@ -58,6 +63,8 @@ type containerProcess struct {
 func NewHost(initialEnforcer securitypolicy.SecurityPolicyEnforcer) *Host {
 	return &Host{
 		containers:                make(map[string]*Container),
+		blockCIMVolumeHashes:      make(map[string][]string),
+		blockCIMVolumeContainers:  make(map[string]map[string]struct{}),
 		securityPolicyEnforcer:    initialEnforcer,
 		securityPolicyEnforcerSet: false,
 	}

internal/regopolicyinterpreter/regopolicyinterpreter.go

@@ -585,6 +585,26 @@ func (r *RegoPolicyInterpreter) RawQuery(rule string, input map[string]interface
 	return resultSet, nil
 }
 
+// MetadataJSON returns the entire metadata object as a JSON string.
+// The returned JSON is a snapshot (deep-copied via marshal/unmarshal).
+func (r *RegoPolicyInterpreter) MetadataJSON() (string, error) {
+	r.dataAndModulesMutex.Lock()
+	defer r.dataAndModulesMutex.Unlock()
+
+	root, ok := r.data["metadata"].(regoMetadata)
+	if !ok {
+		return "", errors.New("incorrect interpreter state: invalid metadata object type")
+	}
+
+	// Deep copy to avoid callers modifying internal maps.
+	b, err := json.Marshal(root)
+	if err != nil {
+		return "", fmt.Errorf("unable to marshal metadata: %w", err)
+	}
+
+	return string(b), nil
+}
+
 // Query queries the policy with the given rule and input data and returns the result.
 func (r *RegoPolicyInterpreter) Query(rule string, input map[string]interface{}) (RegoQueryResult, error) {
 	// this mutex ensures no other threads modify the data and compiledModules fields during query execution

pkg/securitypolicy/framework.rego

@@ -1360,6 +1360,7 @@ env_rule_matches(rule) {
 }
 
 errors["missing required environment variable"] {
+    is_linux
     input.rule == "create_container"
 
     not container_started

pkg/securitypolicy/securitypolicyenforcer_rego.go

@@ -729,6 +729,13 @@ func (policy *regoEnforcer) EnforceCreateContainerPolicyV2(
 			"seccompProfileSHA256": opts.SeccompProfileSHA256,
 		}
 	case "windows":
+		// Dump full interpreter metadata for debugging diagnostics.
+		if mdJSON, err := policy.rego.MetadataJSON(); err == nil {
+			log.G(ctx).Debugf("Current policy metadata: %s", mdJSON)
+		} else {
+			log.G(ctx).WithError(err).Warn("failed to obtain policy metadata snapshot")
+		}
+
 		input = inputData{
 			"containerID": containerID,
 			"argList":     argList,
@@ -792,18 +799,6 @@ func appendMountData(mountData []interface{}, mounts []oci.Mount) []interface{}
 	return mountData
 }
 
-func appendMountDataWindows(mountData []interface{}, mounts []oci.Mount) []interface{} {
-	for _, mount := range mounts {
-		mountData = append(mountData, inputData{
-			"destination": mount.Destination,
-			"source":      mount.Source,
-			"options":     mount.Options,
-		})
-	}
-
-	return mountData
-}
-
 func (policy *regoEnforcer) ExtendDefaultMounts(mounts []oci.Mount) error {
 	policy.defaultMounts = append(policy.defaultMounts, mounts...)
 	defaultMounts := appendMountData([]interface{}{}, policy.defaultMounts)