Google Git
Sign in
chromium / chromium / src / sandbox / 4f649902013fdd85c9acbcd77e874cdefe5a4c6d
commit4f649902013fdd85c9acbcd77e874cdefe5a4c6d[log] [tgz]
authorBao-Duy Tran <tranbaoduy@chromium.org>Mon Aug 04 02:38:07 2025
committerCopybara-Service <copybara-worker@google.com>Mon Aug 04 02:43:21 2025
tree25cbae7956b3f73536d54ad953c1eba3355f9f50
parent8ab1f185a721b2fe5b684ce9a78bb80b1950feeb [diff]
Restrict prlimit64 syscall as getrlimit in CrOS IME Service sandbox.

A base lib used by CrOS IME shared lib (internal repo,
running in CrOS IME Service) started invoking getrlimit
syscall circa Dec 2024, which can manifest as prlimit64
that violates the current sandbox policy.

Bug: b:431094157
Change-Id: I7d2cdb91f9ae341d885686c79dee252ab639e401
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6810365
Reviewed-by: Darren Shen <shend@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Commit-Queue: Bao-Duy Tran <tranbaoduy@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1496108}
NOKEYCHECK=True
GitOrigin-RevId: 730d892e6900202fb47793903f33db12019f61da
1 file changed
tree: 25cbae7956b3f73536d54ad953c1eba3355f9f50
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. COMMON_METADATA
  7. constants.h
  8. DEPS
  9. DIR_METADATA
  10. features.cc
  11. features.gni
  12. features.h
  13. OWNERS
  14. README.md
  15. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.