chromium/src
0
Fork 0
Code Activity
Files
75db2f5b51ec61f03919bb3d16fd001996f05b00
src/sandbox
History
Anand Ravi 9d185cd68f [base] Enable priority inheritance mutexes on Android 
This commit adds support for priority inheritance mutexes on all Linux
platforms but enables it only on Android at build time. The feature is
enabled only on kernel versions >= 6.1 and is further gated behind a
feature flag to monitor its effect prior to full enablement.

Currently, the background priority worker threads feature is purely a
function of if priority inheritance locks are supported. But in order to
gather field data on the effects of running worker threads at background
priority once priority inheritance mutexes are enabled, the two features
need to be decoupled. Thus, the enablement of background priority worker
threads is gated behind a separate feature flag.

Bug: 384902323
Change-Id: I2a59549aaedfb27127f241103ab05a7f95d8c631
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6299348
Commit-Queue: Anand Ravi <anandrv@google.com>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Benoit Lize <lizeb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1438818}
2025-03-27 09:41:52 -07:00
..
linux
[base] Enable priority inheritance mutexes on Android
2025-03-27 09:41:52 -07:00
mac
Mark libc calls UNSAFE_TODO in non-base/
2025-03-17 18:12:42 -07:00
policy
Mark libc calls UNSAFE_TODO in non-base/
2025-03-17 18:12:42 -07:00
win
Suppress next batch of unsafe libc call warnings
2025-03-24 16:43:41 -07:00
BUILD.gn
COMMON_METADATA
constants.h
DEPS
DIR_METADATA
features.cc
features.gni
features.h
OWNERS
README.md
sandbox_export.h

README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.