native_client_sdk/doc_generated/reference/sandbox_internals/index.html - chromium/src - Git at Google

 {{+bindTo:partials.standard_nacl_article}}

 <b><font color="#cc0000">
 NOTE:
 Deprecation of the technologies described here has been announced
 for platforms other than ChromeOS.<br/>
 Please visit our
 <a href="/native-client/migration">migration guide</a>
 for details.
 </font></b>
 <hr/><section id="sandbox-internals">
 <h1 id="sandbox-internals">Sandbox Internals</h1>
 <p>The sandbox internals documentation describes implementation details for
 Native Client sandboxing, which is also used by Portable Native
 Client. These details can be useful to reimplement a sandbox, or to
 write assembly code that follows sandboxing rules for Native Client
 (Portable Native Client does not allow platform-specific assembly code).</p>
 <p>As an implementation detail, the Native Client sandboxes described here
 are currently used by Portable Native Client to execute code on the
 corresponding machines in a safe manner. The portable bitcode contained
 in a <strong>pexe</strong> is translated to a machine-specific <strong>nexe</strong> before
 execution. This may change at a point in time: Portable Native Client
 doesn&#8217;t necessarily need these sandboxes to execute code on these
 machines. Note that the Portable Native Client compiler itself is also
 untrusted: it too runs in a Native Client sandbox described below.</p>
 <p>Native Client has sandboxes for:</p>
 <ul class="small-gap">
 <li><a class="reference internal" href="/native-client/reference/sandbox_internals/arm-32-bit-sandbox.html#arm-32-bit-sandbox"><em>ARM 32-bit</em></a>.</li>
 <li>x86-32: the original design is described in <a class="reference external" href="http://research.google.com/pubs/archive/34913.pdf">Native Client: A Sandbox
 for Portable, Untrusted x86 Native Code</a>, the current
 design has changed slightly since then.</li>
 <li><a class="reference internal" href="/native-client/reference/sandbox_internals/x86-64-sandbox.html#x86-64-sandbox"><em>x86-64</em></a>.</li>
 <li>MIPS32, described in the <a class="reference external" href="https://code.google.com/p/nativeclient/issues/attachmentText?id=2275&amp;aid=22750018000&amp;name=native-client-mips-0.4.txt">overview of Native Client for MIPS</a>,
 and <a class="reference external" href="https://code.google.com/p/nativeclient/issues/detail?id=2275">bug 2275</a>.</li>
 </ul>
 </section>

 {{/partials.standard_nacl_article}}
	{{+bindTo:partials.standard_nacl_article}}

	<b><font color="#cc0000">
	NOTE:
	Deprecation of the technologies described here has been announced
	for platforms other than ChromeOS.<br/>
	Please visit our
	<a href="/native-client/migration">migration guide</a>
	for details.
	</font></b>
	<hr/><section id="sandbox-internals">
	<h1 id="sandbox-internals">Sandbox Internals</h1>
	<p>The sandbox internals documentation describes implementation details for
	Native Client sandboxing, which is also used by Portable Native
	Client. These details can be useful to reimplement a sandbox, or to
	write assembly code that follows sandboxing rules for Native Client
	(Portable Native Client does not allow platform-specific assembly code).</p>
	<p>As an implementation detail, the Native Client sandboxes described here
	are currently used by Portable Native Client to execute code on the
	corresponding machines in a safe manner. The portable bitcode contained
	in a <strong>pexe</strong> is translated to a machine-specific <strong>nexe</strong> before
	execution. This may change at a point in time: Portable Native Client
	doesn’t necessarily need these sandboxes to execute code on these
	machines. Note that the Portable Native Client compiler itself is also
	untrusted: it too runs in a Native Client sandbox described below.</p>
	<p>Native Client has sandboxes for:</p>
	<ul class="small-gap">
	<li><a class="reference internal" href="/native-client/reference/sandbox_internals/arm-32-bit-sandbox.html#arm-32-bit-sandbox"><em>ARM 32-bit</em></a>.</li>
	<li>x86-32: the original design is described in <a class="reference external" href="http://research.google.com/pubs/archive/34913.pdf">Native Client: A Sandbox
	for Portable, Untrusted x86 Native Code</a>, the current
	design has changed slightly since then.</li>
	<li><a class="reference internal" href="/native-client/reference/sandbox_internals/x86-64-sandbox.html#x86-64-sandbox"><em>x86-64</em></a>.</li>
	<li>MIPS32, described in the <a class="reference external" href="https://code.google.com/p/nativeclient/issues/attachmentText?id=2275&aid=22750018000&name=native-client-mips-0.4.txt">overview of Native Client for MIPS</a>,
	and <a class="reference external" href="https://code.google.com/p/nativeclient/issues/detail?id=2275">bug 2275</a>.</li>
	</ul>
	</section>

	{{/partials.standard_nacl_article}}