Google Git
Sign in
chromium / chromium / src / sandbox / ccf35a364971497ea0db808cb8a1d82fcab2d817
commitccf35a364971497ea0db808cb8a1d82fcab2d817[log] [tgz]
authorJames Forshaw <forshaw@chromium.org>Fri Dec 03 21:30:23 2021
committerCopybara-Service <copybara-worker@google.com>Fri Dec 03 22:11:45 2021
treed83f2ee60f3a311f28e2f583d1e40fae69a10489
parent6737d2706f403d89456ec9962d9e0e6defa50592 [diff]
[Windows] Remove unused USER_NON_ADMIN sandbox level.

This CL removes the unused USER_NON_ADMIN sandbox level. This is the
only restricted token level which doesn't contain any restricted SIDs.
This has caused us issues with AppLocker in the past so removing it
should prevent people using it instead of USER_RESTRICTED_NON_ADMIN
which is equivalent and will work with AppLocker.

Bug: 1270309
Change-Id: Iffefc404e1f76be6f58e2ac33224dee3ff16a24f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3314064
Commit-Queue: James Forshaw <forshaw@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#948168}
NOKEYCHECK=True
GitOrigin-RevId: 6192b78b98f0d5a56939a8b84f9311d8d4a7d227
5 files changed
tree: d83f2ee60f3a311f28e2f583d1e40fae69a10489
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. COMMON_METADATA
  7. constants.h
  8. DEPS
  9. DIR_METADATA
  10. features.gni
  11. ipc.dict
  12. OWNERS
  13. README.md
  14. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.