commit | 5a2de2787ecc049a48f37bc8f5f01d4181901216 | [log] [tgz] |
---|---|---|
author | Alex Gough <ajgo@chromium.org> | Fri Nov 12 05:16:57 2021 |
committer | Copybara-Service <copybara-worker@google.com> | Fri Nov 12 05:30:28 2021 |
tree | 81d4b4b83d53176b88be05f58885bdf27e554629 | |
parent | 42995338f146eb3ab09c9f4e5fa7f3a5d66ca985 [diff] |
Make kNoSandboxAndElevatedPrivileges only available to utilities Sandbox::kNoSandboxAndElevatedPrivileges had its own command line switch, now it is integrated with how utilities are launched. We only used this sandbox type from utilities so this should work out ok. Additionally we remove two places where the command line switch is sniffed from outside //sandbox and force use of helpers instead. Test expectations in sandbox_integration_tests are adjusted to account for this. Bug: 1269423 Change-Id: I410f814e03bc60a2a424a9bcb55bc55aed39005e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3276784 Reviewed-by: Will Harris <wfh@chromium.org> Reviewed-by: Filip Gorski <fgorski@chromium.org> Commit-Queue: Alex Gough <ajgo@chromium.org> Cr-Commit-Position: refs/heads/main@{#941072} NOKEYCHECK=True GitOrigin-RevId: 67a1869cc94e5998f73db1c2ea132cfec10fffd5
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/
uses the Seatbelt sandbox. See the detailed design for more.linux/
uses namespaces and Seccomp-BPF. See the detailed design for more.win/
uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy
component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.