chromium/src
0
Fork 0
Code Activity
Files
313b327dae0a3c31dc3d84dd93de677a7000c020
src/sandbox
History
Matthew Denton e1cc7c7310 Linux sandbox: Add UserNotify to bpf dsl 
...to support the SECCOMP_RET_USER_NOTIF return code for seccomp bpf
programs.

Bug: 1117351
Change-Id: I55dfcb4169a4b434cb5cc8894534e1d1e0e7782e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2407035
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#811156}
2020-09-28 08:55:29 +00:00
..
linux
Linux sandbox: Add UserNotify to bpf dsl
2020-09-28 08:55:29 +00:00
mac
mac: Disable CoreServices _CSCheckFix.
2020-09-10 18:38:32 +00:00
policy
Linux sandbox: Add BrokerType and ForkSignalBasedBroker()
2020-09-22 20:45:30 +00:00
win
Fix UAF and reenable test
2020-09-24 15:34:47 +00:00
BUILD.gn
Rewrite is_linux flag for sandbox, servicse, ski and testing directories.
2020-07-30 19:27:03 +00:00
constants.h
DEPS
Move //services/service_manager/sandbox to //sandbox/policy.
2020-07-08 18:31:27 +00:00
features.gni
Rewrite is_linux flag for sandbox, servicse, ski and testing directories.
2020-07-30 19:27:03 +00:00
ipc.dict
OWNERS
README.md
Move //services/service_manager/sandbox to //sandbox/policy.
2020-07-08 18:31:27 +00:00
sandbox_export.h

README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.