0c27605e43
This is a reland of commit 193134b93a
This change was originally reverted because it was breaking Google TTS.
The reason is because the chromiumos side had not been updated. This
change can be safely relanded (since we just started M119) as long as
the following change is also landed at the same time:
https://crrev.com/c/4826255
Original change's description:
> TTS: Modify TTS service to work with XNNPack (part 2)
>
> This change is the second half of fixing the TTS - XNNPack bug.
> This change does several things:
>
> 1. Calls GoogleTtsPreSandboxInit (added in an internal change),
> which explicitly initializes cpuinfo. This is done because cpuinfo
> is needed by some XNNPack code within libchrometts.so.
> 2. Gives the TTS service permission to call getcpu, which is used on
> arm64. Without this change, TTS doesn't work on arm64.
> 3. Removes the read permission to /proc/cpuinfo, which was initially
> added to address b:269146620 on x86_64. This was a temporary fix
> and is now unnecessary given the above two changes. See this design
> doc [1] for more details.
>
> [1] https://docs.google.com/document/d/1pU8hRzE0Z_eph-MeVYv_EWlbtrRhxXmHEwHbtPVoXhM/edit?usp=sharing
>
> (from fig client) # Run script to deploy Google TTS
> (from chrome-sdk) autoninja -C out_${SDK_BOARD}/Release chrome nacl_helper
> (from chrome-sdk) deploy_chrome --device=localhost:2224 --build-dir=out_${SDK_BOARD}/Release
> (on device) Turn on ChromeVox and ensure speech output.
>
> Bug: b:269146620,b:296458143
> Test: Manually on x86_64 and arm64.
> Change-Id: Ifc500da14a0f9207cac8e0fb177a8bbddc259489
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4503801
> Commit-Queue: Akihiro Ota <akihiroota@chromium.org>
> Reviewed-by: David Tseng <dtseng@chromium.org>
> Reviewed-by: Matthew Denton <mpdenton@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1190179}
Bug: b:269146620,b:296458143
Change-Id: I0d46474fd4579891949b90910bf33c38286529c5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4849990
Reviewed-by: David Tseng <dtseng@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Commit-Queue: Akihiro Ota <akihiroota@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1193746}
Sandbox Library
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/uses the Seatbelt sandbox. See the detailed design for more.linux/uses namespaces and Seccomp-BPF. See the detailed design for more.win/uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.
Built on top of the low-level sandboxing library is the
//sandbox/policy component, which provides concrete
policies and helper utilities for sandboxing specific Chromium processes and
services. The core sandbox library cannot depend on the policy component.