commit | 28fc0e1f56e0f320367b4b68540e0b49a9b09364 | [log] [tgz] |
---|---|---|
author | Robert Sesek <rsesek@chromium.org> | Tue Jun 07 19:02:55 2022 |
committer | Copybara-Service <copybara-worker@google.com> | Tue Jun 07 19:23:46 2022 |
tree | 0d077892e84b03559b81a6f08309b0bc7ed774ec | |
parent | 25566a1220510061de97ec4c94591719e86b0060 [diff] |
mac: Add crash keys in content::ChildThreadImpl::IOThreadState::GetTaskPort The browser process collects the Mach task port of its child processes in order to monitor resource usage metrics and to manipulate the tasks using Mach APIs. Starting in macOS 12.3, task ports can sometimes become immovable, resulting in an EXC_GUARD crash when they are sent over mach_msg(). This CL adds crash keys to help identify a set of signals that can be used to determine if task ports are immovable and may result in crashes. In the future, these signals can be used to avoid requesting task ports from child processes. Bug: 1291789 Change-Id: Id13963a32ae6865efa3a4e32ac603f2a2bd7ae55 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3689036 Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: Robert Sesek <rsesek@chromium.org> Reviewed-by: Mark Mentovai <mark@chromium.org> Cr-Commit-Position: refs/heads/main@{#1011592} NOKEYCHECK=True GitOrigin-RevId: 24d736b1ddb94988bd11740ec0cd117851e579aa
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/
uses the Seatbelt sandbox. See the detailed design for more.linux/
uses namespaces and Seccomp-BPF. See the detailed design for more.win/
uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy
component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.