
BUG=None R=laforge@chromium.org,binji@chromium.org,sbc@chromium.org,rockot@chromium.org Review-Url: https://codereview.chromium.org/2875303003 Cr-Commit-Position: refs/heads/master@{#475662}
39 lines
2.3 KiB
HTML
39 lines
2.3 KiB
HTML
{{+bindTo:partials.standard_nacl_article}}
|
|
|
|
<b><font color="#cc0000">
|
|
NOTE:
|
|
Deprecation of the technologies described here has been announced
|
|
for platforms other than ChromeOS.<br/>
|
|
Please visit our
|
|
<a href="/native-client/migration">migration guide</a>
|
|
for details.
|
|
</font></b>
|
|
<hr/><section id="sandbox-internals">
|
|
<h1 id="sandbox-internals">Sandbox Internals</h1>
|
|
<p>The sandbox internals documentation describes implementation details for
|
|
Native Client sandboxing, which is also used by Portable Native
|
|
Client. These details can be useful to reimplement a sandbox, or to
|
|
write assembly code that follows sandboxing rules for Native Client
|
|
(Portable Native Client does not allow platform-specific assembly code).</p>
|
|
<p>As an implementation detail, the Native Client sandboxes described here
|
|
are currently used by Portable Native Client to execute code on the
|
|
corresponding machines in a safe manner. The portable bitcode contained
|
|
in a <strong>pexe</strong> is translated to a machine-specific <strong>nexe</strong> before
|
|
execution. This may change at a point in time: Portable Native Client
|
|
doesn’t necessarily need these sandboxes to execute code on these
|
|
machines. Note that the Portable Native Client compiler itself is also
|
|
untrusted: it too runs in a Native Client sandbox described below.</p>
|
|
<p>Native Client has sandboxes for:</p>
|
|
<ul class="small-gap">
|
|
<li><a class="reference internal" href="/native-client/reference/sandbox_internals/arm-32-bit-sandbox.html#arm-32-bit-sandbox"><em>ARM 32-bit</em></a>.</li>
|
|
<li>x86-32: the original design is described in <a class="reference external" href="http://research.google.com/pubs/archive/34913.pdf">Native Client: A Sandbox
|
|
for Portable, Untrusted x86 Native Code</a>, the current
|
|
design has changed slightly since then.</li>
|
|
<li><a class="reference internal" href="/native-client/reference/sandbox_internals/x86-64-sandbox.html#x86-64-sandbox"><em>x86-64</em></a>.</li>
|
|
<li>MIPS32, described in the <a class="reference external" href="https://code.google.com/p/nativeclient/issues/attachmentText?id=2275&aid=22750018000&name=native-client-mips-0.4.txt">overview of Native Client for MIPS</a>,
|
|
and <a class="reference external" href="https://code.google.com/p/nativeclient/issues/detail?id=2275">bug 2275</a>.</li>
|
|
</ul>
|
|
</section>
|
|
|
|
{{/partials.standard_nacl_article}}
|