Google Git
Sign in
chromium / chromium / src / sandbox / 5a2de2787ecc049a48f37bc8f5f01d4181901216
commit5a2de2787ecc049a48f37bc8f5f01d4181901216[log] [tgz]
authorAlex Gough <ajgo@chromium.org>Fri Nov 12 05:16:57 2021
committerCopybara-Service <copybara-worker@google.com>Fri Nov 12 05:30:28 2021
tree81d4b4b83d53176b88be05f58885bdf27e554629
parent42995338f146eb3ab09c9f4e5fa7f3a5d66ca985 [diff]
Make kNoSandboxAndElevatedPrivileges only available to utilities

Sandbox::kNoSandboxAndElevatedPrivileges had its own command line
switch, now it is integrated with how utilities are launched. We only
used this sandbox type from utilities so this should work out ok.

Additionally we remove two places where the command line switch
is sniffed from outside //sandbox and force use of helpers instead.

Test expectations in sandbox_integration_tests are adjusted to account
for this.

Bug: 1269423
Change-Id: I410f814e03bc60a2a424a9bcb55bc55aed39005e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3276784
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Filip Gorski <fgorski@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#941072}
NOKEYCHECK=True
GitOrigin-RevId: 67a1869cc94e5998f73db1c2ea132cfec10fffd5
4 files changed
tree: 81d4b4b83d53176b88be05f58885bdf27e554629
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. COMMON_METADATA
  7. constants.h
  8. DEPS
  9. DIR_METADATA
  10. features.gni
  11. ipc.dict
  12. OWNERS
  13. README.md
  14. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.