commit | a01b9564500797c27b316fe5b5c120d001ad9a2d | [log] [tgz] |
---|---|---|
author | Will Harris <wfh@chromium.org> | Sat Dec 18 09:21:31 2021 |
committer | Copybara-Service <copybara-worker@google.com> | Sat Dec 18 09:36:57 2021 |
tree | 83d3fe6fb053e8d46d8dcb0c72a04d6e6f39db3a | |
parent | 186b551457647d82c27f2798aeb1ea2e21040721 [diff] |
Reland "Add launch failure notifications to BrowserChildProcessObserver" This is a reland of 893230151e96c29a556395cc3c3d44cced6ee600 The previous version of this CL mistakenly removed a default case statement for an 'int' field, so an expected compile error was not generated but instead an early return was skipped. Original change's description: > Add launch failure notifications to BrowserChildProcessObserver > > Also, fix a bug where the Windows sandbox would return SBOX_ALL_OK > even if base::LaunchProcess failed, and launch_result was not > being set for elevated processes. > > Add reporting of GetLastError on Windows in the > ChildProcessTerminationInfo for failed launches. > > Also, clean up some switch statements to remove default cases. > > BUG=1280005 > > Change-Id: I1001fc950b8456b78ef1a9a985ca07cf288e8a04 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3340072 > Reviewed-by: John Abd-El-Malek <jam@chromium.org> > Commit-Queue: Will Harris <wfh@chromium.org> > Cr-Commit-Position: refs/heads/main@{#952182} Bug: 1280005, 1280541 Change-Id: I81f3354e9870a455644e77144a40c4acbdf14ebe Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3345720 Reviewed-by: John Abd-El-Malek <jam@chromium.org> Commit-Queue: Will Harris <wfh@chromium.org> Cr-Commit-Position: refs/heads/main@{#952667} NOKEYCHECK=True GitOrigin-RevId: df8fcb48c24c4ba2f3704c24a48c9c0bd76e779d
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/
uses the Seatbelt sandbox. See the detailed design for more.linux/
uses namespaces and Seccomp-BPF. See the detailed design for more.win/
uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy
component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.