Google Git
Sign in
chromium / chromium / src / sandbox / 186b551457647d82c27f2798aeb1ea2e21040721
commit186b551457647d82c27f2798aeb1ea2e21040721[log] [tgz]
authorKush Sinha <sinhak@chromium.org>Thu Dec 16 11:00:34 2021
committerCopybara-Service <copybara-worker@google.com>Thu Dec 16 11:13:10 2021
tree540afc53df902617d6fa0ebbb8b86702379b5947
parent8fe941e22d75425f0cab115ec4b1c0a8a58410ed [diff]
[Sheriff] Revert "Add launch failure notifications to BrowserChildProcessObserver"

This reverts commit 893230151e96c29a556395cc3c3d44cced6ee600.

Reason for revert: "browser_tests" failing on builder "Linux ChromiumOS MSan Tests"

Original change's description:
> Add launch failure notifications to BrowserChildProcessObserver
>
> Also, fix a bug where the Windows sandbox would return SBOX_ALL_OK
> even if base::LaunchProcess failed, and launch_result was not
> being set for elevated processes.
>
> Add reporting of GetLastError on Windows in the
> ChildProcessTerminationInfo for failed launches.
>
> Also, clean up some switch statements to remove default cases.
>
> BUG=1280005
>
> Change-Id: I1001fc950b8456b78ef1a9a985ca07cf288e8a04
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3340072
> Reviewed-by: John Abd-El-Malek <jam@chromium.org>
> Commit-Queue: Will Harris <wfh@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#952182}

Bug: 1280005, 1280541
Change-Id: I368d0c89ca6911cb4145bcec13edf2ad8bd4d829
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3344787
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Kush Sinha <sinhak@chromium.org>
Reviewed-by: Aya Elsayed <ayaelattar@chromium.org>
Commit-Queue: Kush Sinha <sinhak@chromium.org>
Owners-Override: Kush Sinha <sinhak@chromium.org>
Cr-Commit-Position: refs/heads/main@{#952303}
NOKEYCHECK=True
GitOrigin-RevId: d26f685ff476354d0c637c8b325e3f04fb8a9ebe
2 files changed
tree: 540afc53df902617d6fa0ebbb8b86702379b5947
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. COMMON_METADATA
  7. constants.h
  8. DEPS
  9. DIR_METADATA
  10. features.gni
  11. ipc.dict
  12. OWNERS
  13. README.md
  14. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.