commit | ecc23777475e94f50d7cd1fca162f4cf6f28e3cd | [log] [tgz] |
---|---|---|
author | Alex St-Onge <alstonge@chromium.org> | Fri Sep 03 20:33:47 2021 |
committer | Copybara-Service <copybara-worker@google.com> | Fri Sep 03 20:51:11 2021 |
tree | 69107f211baec0e770558eced4fce833cf2c525f | |
parent | af622c76124113a6616fba72c51c34fbfa96c986 [diff] |
Move media foundation cdm store to user profile folder This change add support for clearing the CDM store folder used by the MediaFoundationCDM. It also changes the folder used by the CDM by moving it under the chrome profile directory. To allow the CDM process to write into this new folder we added a new capability to the MediaFoundationService process. Tested by watching protected content, observing that the CDM could write its files into the user profile and then clearing the browser data and verifying that the file were correctly deleted. Bug: 1115690 Change-Id: I047f04267ec219482d6564c77f621f9f97a549d9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3125894 Reviewed-by: Will Harris <wfh@chromium.org> Reviewed-by: Xiaohan Wang <xhwang@chromium.org> Reviewed-by: Joshua Bell <jsbell@chromium.org> Commit-Queue: Alex St-Onge <alstonge@chromium.org> Cr-Commit-Position: refs/heads/main@{#918231} NOKEYCHECK=True GitOrigin-RevId: 68b4aa997761749ba4a695fc436b446320d53fd8
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/
uses the Seatbelt sandbox. See the detailed design for more.linux/
uses namespaces and Seccomp-BPF. See the detailed design for more.win/
uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy
component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.