commit | 12c5b827027c0047163b728d9ce9bb38def185ed | [log] [tgz] |
---|---|---|
author | James Forshaw <forshaw@chromium.org> | Tue Nov 30 01:23:38 2021 |
committer | Copybara-Service <copybara-worker@google.com> | Tue Nov 30 01:40:55 2021 |
tree | 72c259c5bff611eba236ecf70365bae08bcf9912 | |
parent | fce26e75d4dd9eb7afb1159586dcb5776d23df00 [diff] |
[Windows] Add an AccessToken class to base/win. This CL adds an AccessToken class to base/win to query properties of a Windows access token. This is to remove the repeated use of the GetTokenInformation API as well as removing requirements for including the Windows headers. Bug: 1270309 Change-Id: Ic49fee5faa7e3f3d61994de1d38ec2921de3ea4c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3301649 Reviewed-by: Will Harris <wfh@chromium.org> Commit-Queue: James Forshaw <forshaw@chromium.org> Cr-Commit-Position: refs/heads/main@{#946260} NOKEYCHECK=True GitOrigin-RevId: 158c5fad3ef830e95f1eedb702878697e4dd0154
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/
uses the Seatbelt sandbox. See the detailed design for more.linux/
uses namespaces and Seccomp-BPF. See the detailed design for more.win/
uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy
component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.