commit | 5bbb98ce5ab1587a6d2c20d3cf7b3a64694eb68e | [log] [tgz] |
---|---|---|
author | Yuly Novikov <ynovikov@chromium.org> | Sat Apr 02 21:34:58 2022 |
committer | Copybara-Service <copybara-worker@google.com> | Sat Apr 02 21:50:49 2022 |
tree | 94649800369e022e468a933f2d6c65e7970e0303 | |
parent | 6fc08af0f14cd3428b6bb3bbfeb5a22ff3f2b0bd [diff] |
New toolchain for Windows 10 20348 SDK This change updates the toolchain package used to build Chromium with the 10.0.20348.0 (2021-04) SDK. Packaging was done on a Windows Server 2019 VM, cleanly created for this purpose. Debuggers were kept at the previous 10.0.19041 version, due to crbug.com/1312060 The package was created by downloading the VS Professional 2019 installer from https://visualstudio.microsoft.com/downloads/ (free trial, not preview) and then running the installer like this: $ PATH_TO_INSTALLER.EXE ^ --add Microsoft.VisualStudio.Workload.NativeDesktop ^ --add Microsoft.VisualStudio.Component.VC.ATLMFC ^ --add Microsoft.VisualStudio.Component.VC.Tools.ARM64 ^ --add Microsoft.VisualStudio.Component.VC.MFC.ARM64 ^ --includeRecommended --passive Then the 10.0.20348.0 Windows 10 SDK was downloaded and installed from https://developer.microsoft.com/en-ca/windows/downloads/sdk-archive/ Then the packaging script was run like this: python3 depot_tools\win_toolchain\package_from_installed.py 2019 -w 10.0.20348.0 The final packaging step was to unzip the package, copy over the Debuggers directory from the previous 10.0.19041 toolchain, and then repackage the toolchain with: > python3 package_from_installed.py --repackage=<full-path-to-toolchain-dir> UWP and ARM64 support and Python 3 compatibility were previously added to package_from_installed.py. Older SDKs can no longer be used to build Chromium. The reason for updating the SDK is incompatibility between MSVC 19.29 and the previous 10.0.19041.0 SDK, affecting MSVC builds of ANGLE. Bug: 1292528, 1312060 Change-Id: I5dbda09cdd0a89d9fd0dd81b5b1ebdeae0671db1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3550827 Reviewed-by: Nico Weber <thakis@chromium.org> Reviewed-by: Bruce Dawson <brucedawson@chromium.org> Reviewed-by: Will Harris <wfh@chromium.org> Reviewed-by: Dale Curtis <dalecurtis@chromium.org> Reviewed-by: Maggie Chen <magchen@chromium.org> Reviewed-by: Mark Foltz <mfoltz@chromium.org> Commit-Queue: Yuly Novikov <ynovikov@chromium.org> Cr-Commit-Position: refs/heads/main@{#988269} NOKEYCHECK=True GitOrigin-RevId: 804d5a91d49d0ad79d3d5529e6ba2610225cfe55
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/
uses the Seatbelt sandbox. See the detailed design for more.linux/
uses namespaces and Seccomp-BPF. See the detailed design for more.win/
uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy
component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.