commit | 14b7f281f3a7c5f435d45fa4d28d6d6977997a76 | [log] [tgz] |
---|---|---|
author | David Benjamin <davidben@chromium.org> | Mon May 16 18:33:46 2022 |
committer | Copybara-Service <copybara-worker@google.com> | Mon May 16 18:51:30 2022 |
tree | 236945d85192822321ec7bd3b643f9ec9fbe7340 | |
parent | 8f570f23aca8346a825bcbaf3a7f2acbddcf47a8 [diff] |
Fixes in preparation for the new protobuf Updating protobuf itself is stuck on a static initializer mess, but in the meantime, go ahead and land the fixes that can land early. They are: - GetExampleProcessTypeDataset is just making a std::map. Use plain std::pair, rather than protobuf's MapPair. - components/safe_browsing was assuming RepeatedField<T>'s iterators were pointers, but they aren't in newer protobuf. Avoid that assumption and use absl::optional to handle the optional iterator. - google::protobuf::string -> std::string - IWYU in seatbelt_exec.cc - json_values_converter's #! line had switched to python3, but it was still running in python2 on Windows due to the .bat wrapper. Bug: 1294200 Change-Id: Ia97f6431a79dbec8ae478b5a65e64c0eec0847ce Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3645498 Reviewed-by: Gabriel Marin <gmx@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org> Commit-Queue: David Benjamin <davidben@chromium.org> Reviewed-by: Daniel Rubery <drubery@chromium.org> Reviewed-by: Yaron Friedman <yfriedman@chromium.org> Reviewed-by: Peter Beverloo <peter@chromium.org> Cr-Commit-Position: refs/heads/main@{#1003849} NOKEYCHECK=True GitOrigin-RevId: 7f232bfc0374dda64ee14b926fa63a7d3a54f582
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/
uses the Seatbelt sandbox. See the detailed design for more.linux/
uses namespaces and Seccomp-BPF. See the detailed design for more.win/
uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy
component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.