Google Git
Sign in
chromium / chromium / src / sandbox / af622c76124113a6616fba72c51c34fbfa96c986
commitaf622c76124113a6616fba72c51c34fbfa96c986[log] [tgz]
authorAdrian Ratiu <adrian.ratiu@collabora.corp-partner.google.com>Sat Aug 28 23:19:24 2021
committerCopybara-Service <copybara-worker@google.com>Sat Aug 28 23:30:33 2021
treee5120bb0a4c63d735a216acdbb9e29d5a39e4cc4
parent19e5b97d6e8100245387890a5d13cf1382348bc4 [diff]
Linux sandbox: handle faccessat2 syscall

Starting with Linux v5.8 a new syscall named faccessat2 was
added to correctly implement the POSIX specified faccessat
by properly handling new a fourth "flags" argument which was
missing in the original faccessat in turn causing bugs in
glibc which tried to "emulate" it.

Starting with glibc 2.33, the new faccessat2 syscall is used
so we need to handle it in the sandbox.

BUG=b:187795855

Change-Id: I98117e6726a58b3a60a8b6490afc6a749b8b27b9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3114287
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Commit-Queue: Adrian Ratiu <adrian.ratiu@collabora.corp-partner.google.com>
Auto-Submit: Adrian Ratiu <adrian.ratiu@collabora.corp-partner.google.com>
Cr-Commit-Position: refs/heads/main@{#916258}
NOKEYCHECK=True
GitOrigin-RevId: 909ea95ed035c9e971636cdc1aa3d011db8072eb
6 files changed
tree: e5120bb0a4c63d735a216acdbb9e29d5a39e4cc4
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. constants.h
  7. DEPS
  8. DIR_METADATA
  9. features.gni
  10. ipc.dict
  11. OWNERS
  12. README.md
  13. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.