| commit | e8bea6701699b41c641d0c68b86ce7182151e876 | [log] [tgz] |
|---|---|---|
| author | James Forshaw <forshaw@chromium.org> | Sat Oct 04 04:11:16 2025 |
| committer | Copybara-Service <copybara-worker@google.com> | Sat Oct 04 04:17:41 2025 |
| tree | f8ebbd464b3b9c06578475b2926eb5dc2db1d9ec | |
| parent | ce9e6737ac5d5c98dba7fb57f067e27655e47e24 [diff] |
[Windows] Remove named interceptions from sandbox. This CL removes support for named interception in the sandbox patching code. These types of interceptions are not used in the code base and just adds additional code and complexity. Bug: 447171244 Change-Id: Ibc7d25a05869157fdaa7ed03fa8053251c597000 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7007409 Reviewed-by: Will Harris <wfh@chromium.org> Commit-Queue: James Forshaw <forshaw@chromium.org> Cr-Commit-Position: refs/heads/main@{#1525145} NOKEYCHECK=True GitOrigin-RevId: 8d10291c974652d2b71e53f6dab776a72fc66aa4
This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.
Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:
mac/ uses the Seatbelt sandbox. See the detailed design for more.linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.