Google Git
Sign in
chromium / chromium / src / sandbox / 4d393972dc20aa5886f34424a40cf101edbd87d3
commit4d393972dc20aa5886f34424a40cf101edbd87d3[log] [tgz]
authorkrishna dheeraj Pannala <kpannala@microsoft.com>Tue Dec 02 21:01:27 2025
committerCopybara-Service <copybara-worker@google.com>Tue Dec 02 21:08:25 2025
tree36cf44f7ba67c3c9afc9801fdc698f8b9491b42e
parent11ff5368478ff9856ad11135241da544a5f95f11 [diff]
[Mac] Add sandbox profile and mojom for System Proxy Resolver

This CL adds the foundation for Mac system proxy resolution in a
utility process, similar to Windows implementation. It includes:

  - MacProxyResolutionStatus enum for error handling
  - No behavior change in this part: service is not registered,
    and PAC/network permissions are gated off by default
  - Security owners for IPC interface

No functional changes yet - implementation follows in subsequent CLs.

Change-Id: I43203560b7f61ceff0b2335386951775787f0bc5
Bug: 442313607
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6904119
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Alex Gough <ajgo@chromium.org>
Commit-Queue: krishna dheeraj Pannala <kpannala@microsoft.com>
Reviewed-by: Kenichi Ishibashi <bashi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1553044}
NOKEYCHECK=True
GitOrigin-RevId: c6bc05aa1a3bbf351951277801d3ae6f5ca7d938
5 files changed
tree: 36cf44f7ba67c3c9afc9801fdc698f8b9491b42e
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. COMMON_METADATA
  7. constants.h
  8. DEPS
  9. DIR_METADATA
  10. features.cc
  11. features.gni
  12. features.h
  13. OWNERS
  14. README.md
  15. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.