C-WCOW: PspDriver and hostdata changes in SecurityPolicy pkg

MahatiC · MahatiC · commit 83a71d4050af · 2025-12-11T13:46:10.000Z
Signed-off-by: Mahati Chamarthy &lt;mahati.chamarthy@gmail.com&gt;
diff --git a/cmd/gcs-sidecar/main.go b/cmd/gcs-sidecar/main.go
@@ -15,7 +15,6 @@ import (
 	"github.com/Microsoft/hcsshim/internal/gcs/prot"
 	shimlog "github.com/Microsoft/hcsshim/internal/log"
 	"github.com/Microsoft/hcsshim/internal/oc"
-	"github.com/Microsoft/hcsshim/internal/pspdriver"
 	"github.com/Microsoft/hcsshim/pkg/securitypolicy"
 	"github.com/sirupsen/logrus"
 	"go.opencensus.io/trace"
@@ -217,7 +216,7 @@ func main() {
 		return
 	}
 
-	if err := pspdriver.StartPSPDriver(ctx); err != nil {
+	if err := securitypolicy.StartPSPDriver(ctx); err != nil {
 		// When error happens, pspdriver.GetPspDriverError() returns true.
 		// In that case, gcs-sidecar should keep the initial "deny" policy
 		// and reject all requests from the host.
diff --git a/internal/gcs-sidecar/handlers.go b/internal/gcs-sidecar/handlers.go
@@ -88,9 +88,6 @@ func (b *Bridge) createContainer(req *request) (err error) {
 			return fmt.Errorf("CreateContainer operation is denied by policy: %w", err)
 		}
 
-		if err := b.hostState.SetupSecurityContextDir(ctx, &spec); err != nil {
-			return err
-		}
 		commandLine := len(spec.Process.Args) > 0
 		c := &Container{
 			id:              containerID,
@@ -549,9 +546,12 @@ func (b *Bridge) modifySettings(req *request) (err error) {
 		case guestresource.ResourceTypeSecurityPolicy:
 			securityPolicyRequest := modifyGuestSettingsRequest.Settings.(*guestresource.ConfidentialOptions)
 			log.G(ctx).Tracef("WCOWConfidentialOptions: { %v}", securityPolicyRequest)
-			err := b.hostState.SetWCOWConfidentialUVMOptions(req.ctx, securityPolicyRequest)
+			err := b.hostState.securityOptions.SetConfidentialOptions(ctx,
+				securityPolicyRequest.EnforcerType,
+				securityPolicyRequest.EncodedSecurityPolicy,
+				securityPolicyRequest.EncodedUVMReference)
 			if err != nil {
-				return errors.Wrap(err, "error creating enforcer")
+				return errors.Wrap(err, "Failed to set Confidentia UVM Options")
 			}
 			// Send response back to shim
 			resp := &prot.ResponseBase{
diff --git a/internal/gcs-sidecar/host.go b/internal/gcs-sidecar/host.go
@@ -6,19 +6,14 @@ package bridge
 import (
 	"context"
 	"io"
-	"os"
-	"path/filepath"
 	"sync"
 
 	"github.com/Microsoft/hcsshim/internal/bridgeutils/gcserr"
 	hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
 	"github.com/Microsoft/hcsshim/internal/log"
 	"github.com/Microsoft/hcsshim/internal/logfields"
-	"github.com/Microsoft/hcsshim/internal/protocol/guestresource"
-	"github.com/Microsoft/hcsshim/internal/pspdriver"
 	"github.com/Microsoft/hcsshim/pkg/securitypolicy"
-	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"github.com/pkg/errors"
+	oci "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
 )
 
@@ -30,7 +25,7 @@ type Host struct {
 
 type Container struct {
 	id              string
-	spec            specs.Spec
+	spec            oci.Spec
 	processesMutex  sync.Mutex
 	processes       map[uint32]*containerProcess
 	commandLine     bool
@@ -59,34 +54,6 @@ func NewHost(initialEnforcer securitypolicy.SecurityPolicyEnforcer, logWriter io
 	}
 }
 
-func (h *Host) SetWCOWConfidentialUVMOptions(ctx context.Context, securityPolicyRequest *guestresource.ConfidentialOptions) error {
-	if err := pspdriver.GetPspDriverError(); err != nil {
-		// For this case gcs-sidecar will keep initial deny policy.
-		return errors.Wrapf(err, "an error occurred while using PSP driver")
-	}
-
-	// Fetch report and validate host_data
-	hostData, err := securitypolicy.NewSecurityPolicyDigest(securityPolicyRequest.EncodedSecurityPolicy)
-	if err != nil {
-		return err
-	}
-
-	if err := pspdriver.ValidateHostData(ctx, hostData[:]); err != nil {
-		// For this case gcs-sidecar will keep initial deny policy.
-		return err
-	}
-
-	if err := h.securityOptions.SetConfidentialOptions(ctx,
-		securityPolicyRequest.EnforcerType,
-		securityPolicyRequest.EncodedSecurityPolicy,
-		securityPolicyRequest.EncodedUVMReference,
-	); err != nil {
-		return errors.Wrapf(err, "SetWCOWConfidentialUVMOptions failed to set security options")
-	}
-
-	return nil
-}
-
 func (h *Host) AddContainer(ctx context.Context, id string, c *Container) error {
 	h.containersMutex.Lock()
 	defer h.containersMutex.Unlock()
diff --git a/internal/guest/runtime/hcsv2/hostdata.go b/internal/guest/runtime/hcsv2/hostdata.go
diff --git a/internal/guest/runtime/hcsv2/uvm.go b/internal/guest/runtime/hcsv2/uvm.go
@@ -112,37 +112,14 @@ func NewHost(rtime runtime.Runtime, vsock transport.Transport, initialEnforcer s
 	}
 }
 
-// SetConfidentialUVMOptions takes guestresource.ConfidentialOptions
-// to set up our internal data structures we use to store and enforce
-// security policy. The options can contain security policy enforcer type,
-// encoded security policy and signed UVM reference information The security
-// policy and uvm reference information can be further presented to workload
-// containers for validation and attestation purposes.
-func (h *Host) SetConfidentialUVMOptions(ctx context.Context, r *guestresource.ConfidentialOptions) error {
-	hostData, err := securitypolicy.NewSecurityPolicyDigest(r.EncodedSecurityPolicy)
-	if err != nil {
-		return err
-	}
-
-	if err := validateHostData(hostData[:]); err != nil {
-		return err
-	}
-
-	if err := h.securityOptions.SetConfidentialOptions(ctx,
-		r.EnforcerType,
-		r.EncodedSecurityPolicy,
-		r.EncodedUVMReference,
-	); err != nil {
-		return errors.Wrapf(err, "SetWCOWConfidentialUVMOptions failed to set security options")
-	}
-
-	return nil
-}
-
 func (h *Host) SecurityPolicyEnforcer() securitypolicy.SecurityPolicyEnforcer {
 	return h.securityOptions.PolicyEnforcer
 }
 
+func (h *Host) SecurityOptions() *securitypolicy.SecurityOptions {
+	return h.securityOptions
+}
+
 func (h *Host) Transport() transport.Transport {
 	return h.vsock
 }
@@ -696,7 +673,10 @@ func (h *Host) modifyHostSettings(ctx context.Context, containerID string, req *
 		if !ok {
 			return errors.New("the request's settings are not of type ConfidentialOptions")
 		}
-		return h.SetConfidentialUVMOptions(ctx, r)
+		return h.securityOptions.SetConfidentialOptions(ctx,
+			r.EnforcerType,
+			r.EncodedSecurityPolicy,
+			r.EncodedUVMReference)
 	case guestresource.ResourceTypePolicyFragment:
 		r, ok := req.Settings.(*guestresource.SecurityPolicyFragment)
 		if !ok {
diff --git a/pkg/securitypolicy/pspdriver.go b/pkg/securitypolicy/pspdriver.go
@@ -1,7 +1,7 @@
 //go:build windows
 // +build windows
 
-package pspdriver
+package securitypolicy
 
 import (
 	"bytes"
@@ -217,7 +217,7 @@ func GetPspDriverError() error {
 }
 
 // IsSNPMode() returns true if it's in SNP mode.
-func IsSNPMode(ctx context.Context) (bool, error) {
+func IsSNPMode() (bool, error) {
 
 	if pspDriverError != nil {
 		return false, pspDriverError
@@ -249,7 +249,7 @@ func IsSNPMode(ctx context.Context) (bool, error) {
 }
 
 // FetchRawSNPReport returns attestation report bytes.
-func FetchRawSNPReport(ctx context.Context, reportData []byte) ([]byte, error) {
+func FetchRawSNPReport(reportData []byte) ([]byte, error) {
 	if pspDriverError != nil {
 		return nil, pspDriverError
 	}
@@ -291,8 +291,8 @@ func FetchRawSNPReport(ctx context.Context, reportData []byte) ([]byte, error) {
 }
 
 // FetchParsedSNPReport parses raw attestation response into proper structs.
-func FetchParsedSNPReport(ctx context.Context, reportData []byte) (Report, error) {
-	rawBytes, err := FetchRawSNPReport(ctx, reportData)
+func FetchParsedSNPReport(reportData []byte) (Report, error) {
+	rawBytes, err := FetchRawSNPReport(reportData)
 	if err != nil {
 		return Report{}, err
 	}
@@ -305,19 +305,18 @@ func FetchParsedSNPReport(ctx context.Context, reportData []byte) (Report, error
 	return r.report(), nil
 }
 
-// TODO: Based on internal\guest\runtime\hcsv2\hostdata.go and it's duplicated.
 // ValidateHostData fetches SNP report (if applicable) and validates `hostData` against
 // HostData set at UVM launch.
-func ValidateHostData(ctx context.Context, hostData []byte) error {
+func ValidateHostDataPSP(hostData []byte) error {
 	// If the UVM is not SNP, then don't try to fetch an SNP report.
-	isSnpMode, err := IsSNPMode(ctx)
+	isSnpMode, err := IsSNPMode()
 	if err != nil {
 		return err
 	}
 	if !isSnpMode {
 		return nil
 	}
-	report, err := FetchParsedSNPReport(ctx, nil)
+	report, err := FetchParsedSNPReport(nil)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/securitypolicy/securitypolicy_linux.go b/pkg/securitypolicy/securitypolicy_linux.go
@@ -4,12 +4,14 @@
 package securitypolicy
 
 import (
+	"bytes"
 	"fmt"
 	"os"
 	"path/filepath"
 	"strconv"
 
 	specInternal "github.com/Microsoft/hcsshim/internal/guest/spec"
+	"github.com/Microsoft/hcsshim/pkg/amdsevsnp"
 	"github.com/moby/sys/user"
 	oci "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
@@ -18,6 +20,28 @@ import (
 //nolint:unused
 const osType = "linux"
 
+// validateHostData fetches SNP report (if applicable) and validates `hostData` against
+// HostData set at UVM launch.
+func validateHostData(hostData []byte) error {
+	// If the UVM is not SNP, then don't try to fetch an SNP report.
+	if !amdsevsnp.IsSNP() {
+		return nil
+	}
+	report, err := amdsevsnp.FetchParsedSNPReport(nil)
+	if err != nil {
+		return err
+	}
+
+	if !bytes.Equal(hostData, report.HostData) {
+		return fmt.Errorf(
+			"security policy digest %q doesn't match HostData provided at launch %q",
+			hostData,
+			report.HostData,
+		)
+	}
+	return nil
+}
+
 func ExtendPolicyWithNetworkingMounts(sandboxID string, enforcer SecurityPolicyEnforcer, spec *oci.Spec) error {
 	roSpec := &oci.Spec{
 		Root: spec.Root,
diff --git a/pkg/securitypolicy/securitypolicy_options.go b/pkg/securitypolicy/securitypolicy_options.go
@@ -39,13 +39,29 @@ func NewSecurityOptions(enforcer SecurityPolicyEnforcer, enforcerSet bool, uvmRe
 	}
 }
 
+// SetConfidentialOptions takes guestresource.ConfidentialOptions
+// to set up our internal data structures we use to store and enforce
+// security policy. The options can contain security policy enforcer type,
+// encoded security policy and signed UVM reference information The security
+// policy and uvm reference information can be further presented to workload
+// containers for validation and attestation purposes.
 func (s *SecurityOptions) SetConfidentialOptions(ctx context.Context, enforcerType string, encodedSecurityPolicy string, encodedUVMReference string) error {
 	s.policyMutex.Lock()
 	defer s.policyMutex.Unlock()
 
 	if s.PolicyEnforcerSet {
 		return errors.New("security policy has already been set")
 	}
+
+	hostData, err := NewSecurityPolicyDigest(encodedSecurityPolicy)
+	if err != nil {
+		return err
+	}
+
+	if err := validateHostData(hostData[:]); err != nil {
+		return err
+	}
+
 	// This limit ensures messages are below the character truncation limit that
 	// can be imposed by an orchestrator
 	maxErrorMessageLength := 3 * 1024
diff --git a/pkg/securitypolicy/securitypolicy_windows.go b/pkg/securitypolicy/securitypolicy_windows.go
@@ -3,11 +3,29 @@
 
 package securitypolicy
 
-import oci "github.com/opencontainers/runtime-spec/specs-go"
+import (
+	oci "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+)
 
 //nolint:unused
 const osType = "windows"
 
+// validateHostData fetches SNP report (if applicable) and validates `hostData` against
+// HostData set at UVM launch.
+func validateHostData(hostData []byte) error {
+	if err := GetPspDriverError(); err != nil {
+		// For this case gcs-sidecar will keep initial deny policy.
+		return errors.Wrapf(err, "an error occurred while using PSP driver")
+	}
+
+	if err := ValidateHostDataPSP(hostData[:]); err != nil {
+		// For this case gcs-sidecar will keep initial deny policy.
+		return err
+	}
+	return nil
+}
+
 // SandboxMountsDir returns sandbox mounts directory inside UVM/host.
 func SandboxMountsDir(sandboxID string) string {
 	return ""
diff --git a/test/gcs/main_test.go b/test/gcs/main_test.go
@@ -22,7 +22,6 @@ import (
 	"github.com/Microsoft/hcsshim/internal/guest/transport"
 	"github.com/Microsoft/hcsshim/internal/guestpath"
 	"github.com/Microsoft/hcsshim/internal/oc"
-	"github.com/Microsoft/hcsshim/internal/protocol/guestresource"
 	"github.com/Microsoft/hcsshim/pkg/securitypolicy"
 
 	"github.com/Microsoft/hcsshim/test/internal/util"
@@ -167,9 +166,9 @@ func getHost(_ context.Context, tb testing.TB, rt runtime.Runtime) *hcsv2.Host {
 
 func getHostErr(rt runtime.Runtime, tp transport.Transport) (*hcsv2.Host, error) {
 	h := hcsv2.NewHost(rt, tp, &securitypolicy.OpenDoorSecurityPolicyEnforcer{}, os.Stdout)
-	if err := h.SetConfidentialUVMOptions(
+	if err := h.SecurityOptions().SetConfidentialOptions(
 		context.Background(),
-		&guestresource.ConfidentialOptions{},
+		"", "", "",
 	); err != nil {
 		return nil, fmt.Errorf("could not set host security policy: %w", err)
 	}
