Google Git
Sign in
chromium / chromium / src / 37c8838526c8b6d7ce9ec69737b1207134725eed
commit37c8838526c8b6d7ce9ec69737b1207134725eed[log] [tgz]
authorWill Harris <wfh@chromium.org>Mon Jul 14 19:36:23 2025
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Mon Jul 14 19:36:23 2025
tree05c9d326ae13944a73caab97e3022a2e8b98081f
parent4ba54a9a9c78fb96d840b01cb42fb357726c6ec6 [diff]
[Win] Detect pre-IPC crashes in sandboxed utility processes

This CL adds capability to detect early crashes in a utility processes.

An event is created and passed to the utility process via the sandbox
delegate data. This is available very early in process lifetime.

The event is then signalled by the utility process and the handle closed
to ensure it cannot be tampered with for the remainder of the process
lifetime.

The utility process host checks if the event is signalled in the case of
a crash and uses this to determine how far into bootstrap of the process
the crash was.

This allows other code to determine whether a crash is something that
might be attacker induced, or a crash happening early in startup before
any mojo services start servicing requests or any untrusted data is
consumed by the utility process.

This is exposed in two places: the `UtilityProcessHost::Client` now
passes the crash type in `OnProcessCrashed`, and the
`ServiceProcessHost::Observer` attaches whether or not the crash was a
pre-IPC crash in the `ServiceProcessInfo` passed to
`OnServiceProcessCrashed`.

This will allow, in future CLs, dynamic sandbox behavior to try and
improve the stability of the network service sandbox.

Tests are added at both of these two layers to verify the behavior.

BUG=430635192

Change-Id: I602ea40007d5cc4c2133c01114e5fe74fa2a5ce5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6727996
Commit-Queue: Will Harris <wfh@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1486496}
16 files changed
tree: 05c9d326ae13944a73caab97e3022a2e8b98081f
  1. .github/
  2. agents/
  3. android_webview/
  4. apps/
  5. ash/
  6. base/
  7. build/
  8. build_overrides/
  9. buildtools/
  10. cc/
  11. chrome/
  12. chromecast/
  13. chromeos/
  14. codelabs/
  15. components/
  16. content/
  17. crypto/
  18. dbus/
  19. device/
  20. docs/
  21. extensions/
  22. fuchsia_web/
  23. gin/
  24. google_apis/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. media/
  31. mojo/
  32. net/
  33. pdf/
  34. ppapi/
  35. printing/
  36. remoting/
  37. rlz/
  38. sandbox/
  39. services/
  40. skia/
  41. sql/
  42. storage/
  43. styleguide/
  44. testing/
  45. third_party/
  46. tools/
  47. ui/
  48. url/
  49. webkit/
  50. clank
  51. internal
  52. ios_internal
  53. signing_keys
  54. v8
  55. .clang-format
  56. .clang-tidy
  57. .clangd
  58. .cursorignore
  59. .git-blame-ignore-revs
  60. .gitallowed
  61. .gitattributes
  62. .gitignore
  63. .gitmodules
  64. .gn
  65. .mailmap
  66. .rustfmt.toml
  67. .vpython3
  68. .yapfignore
  69. ATL_OWNERS
  70. AUTHORS
  71. BUILD.gn
  72. CODE_OF_CONDUCT.md
  73. codereview.settings
  74. CPPLINT.cfg
  75. CRYPTO_OWNERS
  76. DEPS
  77. DIR_METADATA
  78. LICENSE
  79. LICENSE.chromium_os
  80. OWNERS
  81. PRESUBMIT.py
  82. PRESUBMIT_test.py
  83. PRESUBMIT_test_mocks.py
  84. README.md
  85. SECURITY_OWNERS
  86. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure.

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.