commit | 88278517be90e7034d083203d2a234319cea5d57 | [log] [tgz] |
---|---|---|
author | Keishi Hattori <keishi@chromium.org> | Sat Nov 27 09:25:52 2021 |
committer | Copybara-Service <copybara-worker@google.com> | Sat Nov 27 09:39:37 2021 |
tree | cf646a5b2108f9d561eeb4b4f09cb3f6a4e01e87 | |
parent | 0e78567b121532c454b7b5e482215aea50c31c77 [diff] |
Rewrite most `Foo* field_` pointer fields to `raw_ptr<Foo> field_`. DO NOT REVERT (unless absolutely necessary)! Report build breaks to keishi@(APAC)/glazunov@(EMEA)/sebmarchand@(NA) as soon as you see them. Fixes are expected to be trivial. This commit was generated automatically, by running the following script: tools/clang/rewrite_raw_ptr_fields/rewrite-multiple-platforms.sh on commit fe74bc434e5b7e92d13a328362fcb6df15d8847e For more information, see MiraclePtr One Pager [1], the PSA at chromium-dev@ [2], and the raw_ptr documentation in //base/memory/raw_ptr.md. FYI This CL does not enable MiraclePtr protection and we expect no behavior change from this. [1] https://docs.google.com/document/d/1pnnOAIz_DMWDI4oIOFoMAqLnf_MZ2GsrJNb_dbQ3ZBg/edit?usp=sharing [2] https://groups.google.com/a/chromium.org/g/chromium-dev/c/vAEeVifyf78/m/SkBUc6PhBAAJ Binary-Size: Increase of around 500kb was approved for MiraclePtr Include-Ci-Only-Tests: true No-Tree-Checks: true No-Presubmit: true Bug: 1272324, 1073933 Change-Id: I05c86a83bbb4b3f4b017f361dd7f4e7437697f69 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3305132 Commit-Queue: Keishi Hattori <keishi@chromium.org> Reviewed-by: Bartek Nowierski <bartekn@chromium.org> Owners-Override: Bartek Nowierski <bartekn@chromium.org> Cr-Commit-Position: refs/heads/main@{#945735} NOKEYCHECK=True GitOrigin-RevId: 0e45c020c43b1a9f6d2870ff7f92b30a2f03a458
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/
uses the Seatbelt sandbox. See the detailed design for more.linux/
uses namespaces and Seccomp-BPF. See the detailed design for more.win/
uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy
component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.