Google Git
Sign in
chromium / chromium / src / sandbox / 88278517be90e7034d083203d2a234319cea5d57
commit88278517be90e7034d083203d2a234319cea5d57[log] [tgz]
authorKeishi Hattori <keishi@chromium.org>Sat Nov 27 09:25:52 2021
committerCopybara-Service <copybara-worker@google.com>Sat Nov 27 09:39:37 2021
treecf646a5b2108f9d561eeb4b4f09cb3f6a4e01e87
parent0e78567b121532c454b7b5e482215aea50c31c77 [diff]
Rewrite most `Foo* field_` pointer fields to `raw_ptr<Foo> field_`.

DO NOT REVERT (unless absolutely necessary)! Report build breaks to keishi@(APAC)/glazunov@(EMEA)/sebmarchand@(NA) as soon as you see them. Fixes are expected to be trivial.

This commit was generated automatically, by running the following script: tools/clang/rewrite_raw_ptr_fields/rewrite-multiple-platforms.sh on commit fe74bc434e5b7e92d13a328362fcb6df15d8847e

For more information, see MiraclePtr One Pager [1], the PSA at chromium-dev@ [2], and the raw_ptr documentation in //base/memory/raw_ptr.md.

FYI This CL does not enable MiraclePtr protection and we expect no behavior change from this.

[1] https://docs.google.com/document/d/1pnnOAIz_DMWDI4oIOFoMAqLnf_MZ2GsrJNb_dbQ3ZBg/edit?usp=sharing
[2] https://groups.google.com/a/chromium.org/g/chromium-dev/c/vAEeVifyf78/m/SkBUc6PhBAAJ

Binary-Size: Increase of around 500kb was approved for MiraclePtr
Include-Ci-Only-Tests: true
No-Tree-Checks: true
No-Presubmit: true
Bug: 1272324, 1073933
Change-Id: I05c86a83bbb4b3f4b017f361dd7f4e7437697f69
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3305132
Commit-Queue: Keishi Hattori <keishi@chromium.org>
Reviewed-by: Bartek Nowierski <bartekn@chromium.org>
Owners-Override: Bartek Nowierski <bartekn@chromium.org>
Cr-Commit-Position: refs/heads/main@{#945735}
NOKEYCHECK=True
GitOrigin-RevId: 0e45c020c43b1a9f6d2870ff7f92b30a2f03a458
40 files changed
tree: cf646a5b2108f9d561eeb4b4f09cb3f6a4e01e87
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. COMMON_METADATA
  7. constants.h
  8. DEPS
  9. DIR_METADATA
  10. features.gni
  11. ipc.dict
  12. OWNERS
  13. README.md
  14. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.