commit | 29d7c1a932218866944b1fa2588cf022f4883ddc | [log] [tgz] |
---|---|---|
author | James Forshaw <forshaw@chromium.org> | Thu Jan 13 22:14:10 2022 |
committer | Copybara-Service <copybara-worker@google.com> | Thu Jan 13 22:26:54 2022 |
tree | b46d5357f119013857efd14d19764bd3a6cb3812 | |
parent | be85f6761a9c08e4ae2590b82bf5371174daa29f [diff] |
[Windows] Expose NTDLL imports through GetNtExports function. This CL changes how sandbox code accesses the NTDLL imports via the g_nt global. By exposing it through a function the structure can be initialized so that code can be shared between the browser and sandboxed processes. Bug: 1270309 Change-Id: I6ba4e274bd88276b468a87120db5095171f63ffc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3379192 Reviewed-by: Alex Gough <ajgo@chromium.org> Commit-Queue: James Forshaw <forshaw@chromium.org> Cr-Commit-Position: refs/heads/main@{#958862} NOKEYCHECK=True GitOrigin-RevId: a4d972f578f5cf802cd0bcea4fa8fbd433765ac2
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/
uses the Seatbelt sandbox. See the detailed design for more.linux/
uses namespaces and Seccomp-BPF. See the detailed design for more.win/
uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy
component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.