Google Git
Sign in
chromium / chromium / src / sandbox / 14b7f281f3a7c5f435d45fa4d28d6d6977997a76
commit14b7f281f3a7c5f435d45fa4d28d6d6977997a76[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Mon May 16 18:33:46 2022
committerCopybara-Service <copybara-worker@google.com>Mon May 16 18:51:30 2022
tree236945d85192822321ec7bd3b643f9ec9fbe7340
parent8f570f23aca8346a825bcbaf3a7f2acbddcf47a8 [diff]
Fixes in preparation for the new protobuf

Updating protobuf itself is stuck on a static initializer mess, but in
the meantime, go ahead and land the fixes that can land early. They are:

- GetExampleProcessTypeDataset is just making a std::map. Use plain
  std::pair, rather than protobuf's MapPair.

- components/safe_browsing was assuming RepeatedField<T>'s iterators
  were pointers, but they aren't in newer protobuf. Avoid that
  assumption and use absl::optional to handle the optional iterator.

- google::protobuf::string -> std::string

- IWYU in seatbelt_exec.cc

- json_values_converter's #! line had switched to python3, but it was
  still running in python2 on Windows due to the .bat wrapper.

Bug: 1294200
Change-Id: Ia97f6431a79dbec8ae478b5a65e64c0eec0847ce
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3645498
Reviewed-by: Gabriel Marin <gmx@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: David Benjamin <davidben@chromium.org>
Reviewed-by: Daniel Rubery <drubery@chromium.org>
Reviewed-by: Yaron Friedman <yfriedman@chromium.org>
Reviewed-by: Peter Beverloo <peter@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1003849}
NOKEYCHECK=True
GitOrigin-RevId: 7f232bfc0374dda64ee14b926fa63a7d3a54f582
1 file changed
tree: 236945d85192822321ec7bd3b643f9ec9fbe7340
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. COMMON_METADATA
  7. constants.h
  8. DEPS
  9. DIR_METADATA
  10. features.cc
  11. features.gni
  12. features.h
  13. ipc.dict
  14. OWNERS
  15. README.md
  16. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.