Google Git
Sign in
chromium / chromium / src / sandbox / bcd054640db354f9e6e11782b587789c3efd641a
commitbcd054640db354f9e6e11782b587789c3efd641a[log] [tgz]
authorAndres Calderon Jaramillo <andrescj@chromium.org>Thu Dec 09 03:32:26 2021
committerCopybara-Service <copybara-worker@google.com>Thu Dec 09 03:54:43 2021
tree96f09f6df83c12ab9afb0d8c65cb8d3de70527e6
parent4897fdd01bad6c604466f1b6ef36ffef62aa004d [diff]
Create a sandbox type for hardware video decoding.

This CL adds the kHardwareVideoDecoding sandbox type that's intended to
be used to protect utility processes that perform hardware video decode
acceleration on behalf of an untrusted client.

For now, this new type translates to the GPU process sandbox policy.
However, in the future, we will create our own tighter policy.

The pre-sandbox hook is adapted from GpuProcessPreSandboxHook() [1] and
ContentSandboxHelper::PreSandboxStartup() [2].

[1] https://source.chromium.org/chromium/chromium/src/+/main:content/gpu/gpu_sandbox_hook_linux.cc;l=546;drc=6a5249030cf1ae0f4ed3c460d8c338beba3677bd
[2] https://source.chromium.org/chromium/chromium/src/+/main:content/gpu/gpu_main.cc;l=144;drc=fbeeb1c228427bcc94d22747210309b99f88c0b1

Bug: b:195769334
Test: None
Change-Id: If021109095d83f553a8ae1419d542e586708483e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3280671
Reviewed-by: Alex Gough <ajgo@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Dan Sanders <sandersd@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Miguel Casas-Sanchez <mcasas@chromium.org>
Commit-Queue: Andres Calderon Jaramillo <andrescj@chromium.org>
Cr-Commit-Position: refs/heads/main@{#949917}
NOKEYCHECK=True
GitOrigin-RevId: da864bcdb78ea25acc9365c9222fc1a9d57f5eaf
5 files changed
tree: 96f09f6df83c12ab9afb0d8c65cb8d3de70527e6
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. COMMON_METADATA
  7. constants.h
  8. DEPS
  9. DIR_METADATA
  10. features.gni
  11. ipc.dict
  12. OWNERS
  13. README.md
  14. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.