commit | ccf35a364971497ea0db808cb8a1d82fcab2d817 | [log] [tgz] |
---|---|---|
author | James Forshaw <forshaw@chromium.org> | Fri Dec 03 21:30:23 2021 |
committer | Copybara-Service <copybara-worker@google.com> | Fri Dec 03 22:11:45 2021 |
tree | d83f2ee60f3a311f28e2f583d1e40fae69a10489 | |
parent | 6737d2706f403d89456ec9962d9e0e6defa50592 [diff] |
[Windows] Remove unused USER_NON_ADMIN sandbox level. This CL removes the unused USER_NON_ADMIN sandbox level. This is the only restricted token level which doesn't contain any restricted SIDs. This has caused us issues with AppLocker in the past so removing it should prevent people using it instead of USER_RESTRICTED_NON_ADMIN which is equivalent and will work with AppLocker. Bug: 1270309 Change-Id: Iffefc404e1f76be6f58e2ac33224dee3ff16a24f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3314064 Commit-Queue: James Forshaw <forshaw@chromium.org> Reviewed-by: Will Harris <wfh@chromium.org> Cr-Commit-Position: refs/heads/main@{#948168} NOKEYCHECK=True GitOrigin-RevId: 6192b78b98f0d5a56939a8b84f9311d8d4a7d227
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/
uses the Seatbelt sandbox. See the detailed design for more.linux/
uses namespaces and Seccomp-BPF. See the detailed design for more.win/
uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy
component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.