Google Git
Sign in
chromium / chromium / src / sandbox / 28fc0e1f56e0f320367b4b68540e0b49a9b09364
commit28fc0e1f56e0f320367b4b68540e0b49a9b09364[log] [tgz]
authorRobert Sesek <rsesek@chromium.org>Tue Jun 07 19:02:55 2022
committerCopybara-Service <copybara-worker@google.com>Tue Jun 07 19:23:46 2022
tree0d077892e84b03559b81a6f08309b0bc7ed774ec
parent25566a1220510061de97ec4c94591719e86b0060 [diff]
mac: Add crash keys in content::ChildThreadImpl::IOThreadState::GetTaskPort

The browser process collects the Mach task port of its child processes
in order to monitor resource usage metrics and to manipulate the tasks
using Mach APIs. Starting in macOS 12.3, task ports can sometimes become
immovable, resulting in an EXC_GUARD crash when they are sent over
mach_msg().

This CL adds crash keys to help identify a set of signals that can be
used to determine if task ports are immovable and may result in crashes.
In the future, these signals can be used to avoid requesting task ports
from child processes.

Bug: 1291789
Change-Id: Id13963a32ae6865efa3a4e32ac603f2a2bd7ae55
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3689036
Reviewed-by: Avi Drissman <avi@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1011592}
NOKEYCHECK=True
GitOrigin-RevId: 24d736b1ddb94988bd11740ec0cd117851e579aa
1 file changed
tree: 0d077892e84b03559b81a6f08309b0bc7ed774ec
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. COMMON_METADATA
  7. constants.h
  8. DEPS
  9. DIR_METADATA
  10. features.cc
  11. features.gni
  12. features.h
  13. ipc.dict
  14. OWNERS
  15. README.md
  16. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.