commit | 5b32cf712925b6dc144a193682b26823e96d8ea5 | [log] [tgz] |
---|---|---|
author | Alex Gough <ajgo@chromium.org> | Fri Jan 28 05:57:27 2022 |
committer | Copybara-Service <copybara-worker@google.com> | Fri Jan 28 06:13:41 2022 |
tree | 3e9981683eb26e636c5adc1fd6854920ead0147c | |
parent | 72084d26227ba085428ee085747be0d2c178752e [diff] |
One process per policy in chrome://sandbox Policies now only apply to a single process so processIds can be processId. (There was only ever one pid in the list, now there can be only one.) No change to the main output on chrome://sandbox. Bug: 1270309 Change-Id: I6851c622c89699cfe14f55f21930c4d5787d4d87 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3419521 Reviewed-by: Will Harris <wfh@chromium.org> Commit-Queue: Alex Gough <ajgo@chromium.org> Cr-Commit-Position: refs/heads/main@{#964450} NOKEYCHECK=True GitOrigin-RevId: 23a41c068e35f33df1c3579a3b0b469d4458e6c1
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/
uses the Seatbelt sandbox. See the detailed design for more.linux/
uses namespaces and Seccomp-BPF. See the detailed design for more.win/
uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy
component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.