Google Git
Sign in
chromium / chromium / src / sandbox / d314bc0d018a0f7f79805ea28e4dd8e22091c2e5
commitd314bc0d018a0f7f79805ea28e4dd8e22091c2e5[log] [tgz]
authorJames Forshaw <forshaw@chromium.org>Fri Nov 19 23:43:12 2021
committerCopybara-Service <copybara-worker@google.com>Fri Nov 19 23:56:32 2021
tree76521884b0a7e3325a74b6f51685fd5aeb1c4aa6
parent07874d89a4a7b40f43cca398398121c8af28fc68 [diff]
Reland: [Windows] Remove various uses of the windows.h header.

This relands the patch after fixing the libfuzzer issue.

Original change's description:
> This CL removes some uses of the windows.h header in the sandbox and
> replaces them with windows_types.h or base code. This also includes
> some general clean up such as removing naked memory allocations.
>
> Bug: 1270309
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3289994
> Reviewed-by: Will Harris <wfh@chromium.org>
> Commit-Queue: James Forshaw <forshaw@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#943376}

Change-Id: Ia8f8faa4968a75d567fc2c6258be4a962c256db3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3293771
Reviewed-by: Will Harris <wfh@chromium.org>
Commit-Queue: James Forshaw <forshaw@chromium.org>
Cr-Commit-Position: refs/heads/main@{#943737}
NOKEYCHECK=True
GitOrigin-RevId: f928125cf0b9015e14cb0d8021e7c75a5cf20ad5
24 files changed
tree: 76521884b0a7e3325a74b6f51685fd5aeb1c4aa6
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. COMMON_METADATA
  7. constants.h
  8. DEPS
  9. DIR_METADATA
  10. features.gni
  11. ipc.dict
  12. OWNERS
  13. README.md
  14. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.