Google Git
Sign in
chromium / chromium / src / sandbox / a01b9564500797c27b316fe5b5c120d001ad9a2d
commita01b9564500797c27b316fe5b5c120d001ad9a2d[log] [tgz]
authorWill Harris <wfh@chromium.org>Sat Dec 18 09:21:31 2021
committerCopybara-Service <copybara-worker@google.com>Sat Dec 18 09:36:57 2021
tree83d3fe6fb053e8d46d8dcb0c72a04d6e6f39db3a
parent186b551457647d82c27f2798aeb1ea2e21040721 [diff]
Reland "Add launch failure notifications to BrowserChildProcessObserver"

This is a reland of 893230151e96c29a556395cc3c3d44cced6ee600

The previous version of this CL mistakenly removed a default
case statement for an 'int' field, so an expected compile error
was not generated but instead an early return was skipped.

Original change's description:
> Add launch failure notifications to BrowserChildProcessObserver
>
> Also, fix a bug where the Windows sandbox would return SBOX_ALL_OK
> even if base::LaunchProcess failed, and launch_result was not
> being set for elevated processes.
>
> Add reporting of GetLastError on Windows in the
> ChildProcessTerminationInfo for failed launches.
>
> Also, clean up some switch statements to remove default cases.
>
> BUG=1280005
>
> Change-Id: I1001fc950b8456b78ef1a9a985ca07cf288e8a04
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3340072
> Reviewed-by: John Abd-El-Malek <jam@chromium.org>
> Commit-Queue: Will Harris <wfh@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#952182}

Bug: 1280005, 1280541
Change-Id: I81f3354e9870a455644e77144a40c4acbdf14ebe
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3345720
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Commit-Queue: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#952667}
NOKEYCHECK=True
GitOrigin-RevId: df8fcb48c24c4ba2f3704c24a48c9c0bd76e779d
2 files changed
tree: 83d3fe6fb053e8d46d8dcb0c72a04d6e6f39db3a
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. COMMON_METADATA
  7. constants.h
  8. DEPS
  9. DIR_METADATA
  10. features.gni
  11. ipc.dict
  12. OWNERS
  13. README.md
  14. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.