chromium/src
0
Fork 0
Code Activity
Files
0f7c87b1d339c887f33fac1aebb730be6f14a466
src/sandbox
History
Emily Andrews 211dbf158c Update process_mitigations_unittest.cc to use base::NumberToWString 
Update process_mitigations_unittest.cc to use base::NumberToWString
instead of using std::to_wstring.

Bug: 40238152
Change-Id: I267baad0c5f34216ac1a5c41a93f3823e2fdd6e6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6000137
Reviewed-by: Alex Gough <ajgo@chromium.org>
Commit-Queue: Emily Andrews <emiled@microsoft.com>
Reviewed-by: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1379457}
2024-11-07 04:15:51 +00:00
..
linux
[self_freeze] Fix sandbox
2024-10-29 17:29:00 +00:00
mac
sandbox: use apropraite deps type for proto_library targets
2024-10-10 14:34:47 +00:00
policy
Fix use-of-uninitialized-value error by ChildProcessData on MSan tests
2024-10-23 21:43:11 +00:00
win
Update process_mitigations_unittest.cc to use base::NumberToWString
2024-11-07 04:15:51 +00:00
BUILD.gn
Change sandbox_ipc_fuzzer to build on Windows.
2023-02-08 00:03:18 +00:00
COMMON_METADATA
[buganizer] Migrate DIR_METADATA for printing/ and sandbox/
2024-02-03 00:40:34 +00:00
constants.h
Update copyright headers in skia/, services, sandbox/
2022-09-15 20:03:19 +00:00
DEPS
Move //services/service_manager/sandbox to //sandbox/policy.
2020-07-08 18:31:27 +00:00
DIR_METADATA
[dirmd] Use metadata mixins
2021-09-28 06:50:47 +00:00
features.cc
[Windows] Remove remaining sandbox Windows version checks.
2022-11-18 18:00:20 +00:00
features.gni
Update copyright headers in skia/, services, sandbox/
2022-09-15 20:03:19 +00:00
features.h
Fix header guard in miscellaneous directories
2024-05-29 01:14:54 +00:00
OWNERS
Remove rsesek@chromium.org from sandbox/OWNERS
2024-02-12 20:53:47 +00:00
README.md
Fix missing link in sandbox docs
2024-07-01 20:54:38 +00:00
sandbox_export.h
Update copyright headers in skia/, services, sandbox/
2022-09-15 20:03:19 +00:00

README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.