blob: b8bd1dabef5e54d3f9c81135c51c433306b2f730 [file] [log] [blame]
.. _sandbox-internals-index:
#################
Sandbox Internals
#################
The sandbox internals documentation describes implementation details for
Native Client sandboxing, which is also used by Portable Native
Client. These details can be useful to reimplement a sandbox, or to
write assembly code that follows sandboxing rules for Native Client
(Portable Native Client does not allow platform-specific assembly code).
As an implementation detail, the Native Client sandboxes described here
are currently used by Portable Native Client to execute code on the
corresponding machines in a safe manner. The portable bitcode contained
in a **pexe** is translated to a machine-specific **nexe** before
execution. This may change at a point in time: Portable Native Client
doesn't necessarily need these sandboxes to execute code on these
machines. Note that the Portable Native Client compiler itself is also
untrusted: it too runs in a Native Client sandbox described below.
Native Client has sandboxes for:
* :ref:`ARM 32-bit <arm-32-bit-sandbox>`.
* x86-32: the original design is described in `Native Client: A Sandbox
for Portable, Untrusted x86 Native Code
<http://research.google.com/pubs/archive/34913.pdf>`_, the current
design has changed slightly since then.
* :ref:`x86-64 <x86-64-sandbox>`.
* MIPS32, described in the `overview of Native Client for MIPS
<https://code.google.com/p/nativeclient/issues/attachmentText?id=2275&aid=22750018000&name=native-client-mips-0.4.txt>`_,
and `bug 2275
<https://code.google.com/p/nativeclient/issues/detail?id=2275>`_.