CWCOW: Implement security policy

Signed-off-by: Mahati Chamarthy <mchamarthy@microsoft.com>

Author: MahatiC

internal/gcs-sidecar/bridge.go

@@ -32,6 +32,9 @@ import (
 
 type Bridge struct {
 	mu        sync.Mutex
+	pendingMu sync.Mutex
+	pending   map[sequenceID]*prot.ContainerExecuteProcessResponse
+
 	hostState *Host
 	// List of handlers for handling different rpc message requests.
 	rpcHandlerList map[prot.RPCProc]HandlerFunc
@@ -77,6 +80,7 @@ type request struct {
 func NewBridge(shimConn io.ReadWriteCloser, inboxGCSConn io.ReadWriteCloser, initialEnforcer securitypolicy.SecurityPolicyEnforcer) *Bridge {
 	hostState := NewHost(initialEnforcer)
 	return &Bridge{
+		pending:        make(map[sequenceID]*prot.ContainerExecuteProcessResponse),
 		rpcHandlerList: make(map[prot.RPCProc]HandlerFunc),
 		hostState:      hostState,
 		shimConn:       shimConn,
@@ -378,6 +382,23 @@ func (b *Bridge) ListenAndServeShimRequests() error {
 				logrus.Error(recverr)
 				break
 			}
+			// If this is a ContainerExecuteProcessResponse, notify
+			const MsgExecuteProcessResponse prot.MsgType = prot.MsgTypeResponse | prot.MsgType(prot.RPCExecuteProcess)
+
+			if header.Type == MsgExecuteProcessResponse {
+				logrus.Tracef("Printing after inbox exec resp")
+				var procResp prot.ContainerExecuteProcessResponse
+				if err := json.Unmarshal(message, &procResp); err != nil {
+					logrus.Tracef("unmarshal failed")
+				}
+
+				b.pendingMu.Lock()
+				if _, exists := b.pending[header.ID]; exists {
+					logrus.Tracef("Header ID in pending exists")
+					b.pending[header.ID] = &procResp
+				}
+				b.pendingMu.Unlock()
+			}
 
 			// Forward to shim
 			resp := bridgeResponse{