Google Git
Sign in
chromium / chromium / src / sandbox / 8ac5fe17802e48e4e9479d5935655a14fa6852ec
commit8ac5fe17802e48e4e9479d5935655a14fa6852ec[log] [tgz]
authorJames Forshaw <forshaw@chromium.org>Fri Oct 03 09:02:23 2025
committerCopybara-Service <copybara-worker@google.com>Fri Oct 03 09:09:07 2025
tree0b8a247fc41e3d3b3fc3e0d8258f9e09b9f16477
parent07eaf08784b103b3ce566c6806d19e196def795e [diff]
Revert "[Windows] Add a sandbox string class for low-level heap allocations." This reverts commit 2f89ea6c9429d9544f4bc9a0aba2940b0b235e9c. Reason for revert: Crash during image file interception. Original change's description: > [Windows] Add a sandbox string class for low-level heap allocations. > > This CL adds a class to represent a low-level heap allocated string. > In addition the class is then used in various NT utility functions > which return strings with corresponding changes to the call sites for > those utilities. > > Bug: 447171244 > Change-Id: Iaaa714707b4476582b34aa12a4e99522ec1a9a41 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7000096 > Reviewed-by: Alex Gough <ajgo@chromium.org> > Commit-Queue: James Forshaw <forshaw@chromium.org> > Cr-Commit-Position: refs/heads/main@{#1524571} Bug: 447171244 No-Presubmit: true No-Tree-Checks: true No-Try: true Change-Id: Ibadc37ebf602b7563e2835aea33c6cf48f9562f0 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7003015 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: James Forshaw <forshaw@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/main@{#1524670} NOKEYCHECK=True GitOrigin-RevId: bc1c4d6934fc43c44c7c7d60de2ef7728b4508a0
11 files changed
tree: 0b8a247fc41e3d3b3fc3e0d8258f9e09b9f16477
  1. linux/
  2. mac/
  3. policy/
  4. win/
  5. BUILD.gn
  6. COMMON_METADATA
  7. constants.h
  8. DEPS
  9. DIR_METADATA
  10. features.cc
  11. features.gni
  12. features.h
  13. OWNERS
  14. README.md
  15. sandbox_export.h
README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.