chromium/src
0
Fork 0
Code Activity
Files
a1b139e0d7ede2f258b2e668bd919efa6dcfdbf8
src/sandbox
History
Alex Gough 53fc1475f0 Reduce platform-like buildflags in sandbox code 
Sandbox code is difficult to follow if there are too many
conditional defines and it is ok for chromium to support
a sandbox type that it doesn't use in some configurations.

This CL makes two sandbox types (kPrintBackend and kScreenAI)
always be defined and supported on the platforms where they
are used (they are always used in official Chrome builds on
these platforms).

Both ENABLE_SCREEN_AI_SERVICE and ENABLE_OOP_PRINTING are
always enabled on linux, cros, mac and win.

Additionally some buildflags were tested where they were always
true, so those ifdefs are removed (e.g. in
utility_process_sandbox_browsertest.cc).

Bug: 41494527
Change-Id: Ief90cf997da5677b54e064abd7a45f6eaf3cfebe
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6015430
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Mark Rowe <markrowe@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1386974}
2024-11-22 19:31:13 +00:00
..
linux
Remove most remaining CHECK(false)s
2024-11-22 10:42:01 +00:00
mac
sandbox: use apropraite deps type for proto_library targets
2024-10-10 14:34:47 +00:00
policy
Reduce platform-like buildflags in sandbox code
2024-11-22 19:31:13 +00:00
win
Remove most remaining CHECK(false)s
2024-11-22 10:42:01 +00:00
BUILD.gn
COMMON_METADATA
constants.h
DEPS
DIR_METADATA
features.cc
features.gni
features.h
OWNERS
README.md
sandbox_export.h

README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.