commit | 186b551457647d82c27f2798aeb1ea2e21040721 | [log] [tgz] |
---|---|---|
author | Kush Sinha <sinhak@chromium.org> | Thu Dec 16 11:00:34 2021 |
committer | Copybara-Service <copybara-worker@google.com> | Thu Dec 16 11:13:10 2021 |
tree | 540afc53df902617d6fa0ebbb8b86702379b5947 | |
parent | 8fe941e22d75425f0cab115ec4b1c0a8a58410ed [diff] |
[Sheriff] Revert "Add launch failure notifications to BrowserChildProcessObserver" This reverts commit 893230151e96c29a556395cc3c3d44cced6ee600. Reason for revert: "browser_tests" failing on builder "Linux ChromiumOS MSan Tests" Original change's description: > Add launch failure notifications to BrowserChildProcessObserver > > Also, fix a bug where the Windows sandbox would return SBOX_ALL_OK > even if base::LaunchProcess failed, and launch_result was not > being set for elevated processes. > > Add reporting of GetLastError on Windows in the > ChildProcessTerminationInfo for failed launches. > > Also, clean up some switch statements to remove default cases. > > BUG=1280005 > > Change-Id: I1001fc950b8456b78ef1a9a985ca07cf288e8a04 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3340072 > Reviewed-by: John Abd-El-Malek <jam@chromium.org> > Commit-Queue: Will Harris <wfh@chromium.org> > Cr-Commit-Position: refs/heads/main@{#952182} Bug: 1280005, 1280541 Change-Id: I368d0c89ca6911cb4145bcec13edf2ad8bd4d829 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3344787 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: Kush Sinha <sinhak@chromium.org> Reviewed-by: Aya Elsayed <ayaelattar@chromium.org> Commit-Queue: Kush Sinha <sinhak@chromium.org> Owners-Override: Kush Sinha <sinhak@chromium.org> Cr-Commit-Position: refs/heads/main@{#952303} NOKEYCHECK=True GitOrigin-RevId: d26f685ff476354d0c637c8b325e3f04fb8a9ebe
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/
uses the Seatbelt sandbox. See the detailed design for more.linux/
uses namespaces and Seccomp-BPF. See the detailed design for more.win/
uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy
component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.