Google Git
Sign in
chromium / chromium / src / sandbox / ecc23777475e94f50d7cd1fca162f4cf6f28e3cd
commitecc23777475e94f50d7cd1fca162f4cf6f28e3cd[log] [tgz]
authorAlex St-Onge <alstonge@chromium.org>Fri Sep 03 20:33:47 2021
committerCopybara-Service <copybara-worker@google.com>Fri Sep 03 20:51:11 2021
tree69107f211baec0e770558eced4fce833cf2c525f
parentaf622c76124113a6616fba72c51c34fbfa96c986 [diff]
Move media foundation cdm store to user profile folder

This change add support for clearing the CDM store folder used by
the MediaFoundationCDM. It also changes the folder used by the CDM
by moving it under the chrome profile directory.

To allow the CDM process to write into this new folder we added
a new capability to the MediaFoundationService process.

Tested by watching protected content, observing that the CDM
could write its files into the user profile and then clearing the
browser data and verifying that the file were correctly deleted.

Bug: 1115690
Change-Id: I047f04267ec219482d6564c77f621f9f97a549d9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3125894
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Xiaohan Wang <xhwang@chromium.org>
Reviewed-by: Joshua Bell <jsbell@chromium.org>
Commit-Queue: Alex St-Onge <alstonge@chromium.org>
Cr-Commit-Position: refs/heads/main@{#918231}
NOKEYCHECK=True
GitOrigin-RevId: 68b4aa997761749ba4a695fc436b446320d53fd8
4 files changed
tree: 69107f211baec0e770558eced4fce833cf2c525f
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. constants.h
  7. DEPS
  8. DIR_METADATA
  9. features.gni
  10. ipc.dict
  11. OWNERS
  12. README.md
  13. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.