chromium/src
0
Fork 0
Code Activity
Files
8e95d93cdaf39e9390a1c2ce84796505972d7ce3
src/sandbox
History
Robert Sesek 32484a26b6 mac: Remove some sandbox debug cruft accidentally left in gpu.sb 
Change-Id: I6b7e7ab259f28b80e05e62569e9b66003438468d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5018140
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1225146}
2023-11-15 21:13:18 +00:00
..
linux
Rename {absl => std}::optional in minor top-level dirs
2023-11-10 09:46:54 +00:00
mac
Rename {absl => std}::optional in minor top-level dirs
2023-11-10 09:46:54 +00:00
policy
mac: Remove some sandbox debug cruft accidentally left in gpu.sb
2023-11-15 21:13:18 +00:00
win
Remove AllowNamedPipes rule from sandbox
2023-11-13 18:06:03 +00:00
BUILD.gn
COMMON_METADATA
constants.h
DEPS
DIR_METADATA
features.cc
features.gni
features.h
OWNERS
README.md
sandbox_export.h

README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.