Google Git
Sign in
chromium / chromium / src / sandbox / a1518eea599608369b3b0cc56a54b854534ab79a
commita1518eea599608369b3b0cc56a54b854534ab79a[log] [tgz]
authorSumaid Syed <ssyed@igalia.com>Tue Aug 10 05:50:06 2021
committerCopybara-Service <copybara-worker@google.com>Tue Aug 10 06:03:58 2021
tree4ccd7421029fa0d7d2f980971ea2f41ae9915fa8
parent2e940ae6decd20bd52ce0220370cb5b29e4102e4 [diff]
Fix header guards in various dirs

Generated mechanically as follows:

git ls-files '*.h' | grep -E '^(sandbox|services|skia|testing|ui|url)/' |\
grep -v third_party |\
parallel --xargs cpplint.py --filter=-,+build/header_guard -- 2>&1 |\
grep build/header | tools/apply_cpplint_header_guard.py

Bug: 1200694
Change-Id: Ifdae80663b18c885777e82231a3fce259ec120f4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3029526
Reviewed-by: Dirk Pranke <dpranke@google.com>
Reviewed-by: Chris Palmer <palmer@chromium.org>
Reviewed-by: Stephen White <senorblanco@chromium.org>
Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: Henrique Ferreiro <hferreiro@igalia.com>
Commit-Queue: Sumaid <ssyed@igalia.com>
Cr-Commit-Position: refs/heads/master@{#910172}
NOKEYCHECK=True
GitOrigin-RevId: c2fdda4a367045787ab70dfaeab6bef4ec9d72cd
1 file changed
tree: 4ccd7421029fa0d7d2f980971ea2f41ae9915fa8
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. constants.h
  7. DEPS
  8. DIR_METADATA
  9. features.gni
  10. ipc.dict
  11. OWNERS
  12. README.md
  13. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.