Google Git
Sign in
chromium / chromium / src / sandbox / 0a0e8a982ed3771e08fc7088b3ffd8fcfa594144
commit0a0e8a982ed3771e08fc7088b3ffd8fcfa594144[log] [tgz]
authorWill Harris <wfh@chromium.org>Fri Aug 06 17:31:20 2021
committerCopybara-Service <copybara-worker@google.com>Fri Aug 06 17:46:24 2021
treedaf50e32f0957eb727594e1545a8404c26a0a5ed
parent736e43200db6b14d6d78fa18b6dc44d8f06a4a85 [diff]
Allow socket creation to be delegated from sandbox target to broker.

This is needed to allow connections to loopback from within
an App Container on Windows. See
https://docs.microsoft.com/en-us/windows/iot-core/develop-your-app/loopback

Only overlapped sockets are supported by the broker, as these
are the only ones used by Chromium.

Add tests to verify this works for both UDP and TCP sockets. Since
this code can't depend on net/ a very simple UDP server is used
for testing.

BUG=841001

Change-Id: I794bdadb779b456c5dba97d01d3e646b793ad265
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3069722
Reviewed-by: Alex Gough <ajgo@chromium.org>
Reviewed-by: Daniel Rubery <drubery@chromium.org>
Commit-Queue: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#909354}
NOKEYCHECK=True
GitOrigin-RevId: 0394e042facd365087746734f65211702b78ad6d
15 files changed
tree: daf50e32f0957eb727594e1545a8404c26a0a5ed
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. constants.h
  7. DEPS
  8. DIR_METADATA
  9. features.gni
  10. ipc.dict
  11. OWNERS
  12. README.md
  13. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.