What Sandbox Do?

  Sandbox leverages the OS-provided security to allow code execution that cannot make persistent changes to the computer or access information that is confidential.

What the Sandbox's structure is?

  Sandbox operates at process-level granularity. Anything that needs to be sandboxed needs to live on a separate process.

  The minimal sandbox configuration has two processes: one that is a privileged controller known as the broker, and one or more sandboxed processes known as the target.

  

Broker

   Browser process(Chromium):

  1. Specify the policy for each target process
  2. Spawn the target processes
  3. Host the sandbox policy engine service
  4. Host the sandbox interception manager
  5. Host the sandbox IPC service (to the target processes)
  6. Perform the policy-allowed actions on behalf of the target process

Target

   Renderers process, hosts all the code that is going to run inside the sandbox:

  1. All code to be sandboxed
  2. The sandbox IPC client
  3. The sandbox policy engine client
  4. The sandbox interceptions

  Target process restrictions:

    • Forbid per-use system-wide changes using SystemParametersInfo(), which can be used to swap the mouse buttons or set the screen saver timeout
    • Forbid the creation or switch of Desktops
    • Forbid changes to the per-user display configuration such as resolution and primary display
    • No read or write to the clipboard
    • Forbid Windows message broadcasts
    • Forbid setting global Windows hooks (using SetWindowsHookEx())
    • Forbid access to the global atoms table
    • Forbid access to USER handles created outside the Job object
    • One active process limit (disallows creating child processes)

  Allowed resource access:

    • Read access to most files
    • Write access to %USER PROFILE%\AppData\LocalLow
    • Read access to most of the registry
    • Write access to HKEY_CURRENT_USER\Software\AppDataLow
    • Clipboard (copy and paste for certain formats)
    • Remote procedure call (RPC)
    • TCP/IP Sockets
    • Window messages exposed via ChangeWindowMessageFilter
    • Shared memory exposed via LI (low integrity) labels
    • COM interfaces with LI (low integrity) launch activation rights
    • Named pipes exposed via LI (low integrity) labels

refers:

https://chromium.googlesource.com/chromium/src/+/master/docs/design/sandbox.md

Chromium(Chrome) Sandbox Details的更多相关文章

  1. Chromium(Chrome) frame structure detail

    1. Chromium VS Chrome Chromium is an open-source Web browser project started by Google, to provide t ...

  2. Ubuntu 16.04下安装64位谷歌Chromium(Chrome)浏览器

    在命令行下输入: sudo add-apt-repository ppa:a-v-shkop/chromium sudo apt-get update sudo apt-get install chr ...

  3. docker chromium/chrome: error while loading shared libraries: libXcursor.so.2: cannot open shared object file: No such file or directory

    在运行 pyppeteer 的时候,因为依赖浏览器,出现上述情况. 解决办法: 一般我们在Linux下执行某些外部程序的时候可能会提示找不到共享库的错误.原因一般有两个, 一个是操作系统里确实没有包含 ...

  4. Chrome 红色和 Chromium蓝色 区别:logoChrome 红色和 Chromium蓝色;Chrome闭源和 Chromium开源;

    我们知道Chromium采用的BSD开源协议(Chromium首页.文档和下载),google chrome是闭源的("9.2 根据第 1.2 条规定,除非法律明确允许或要求,或经谷歌明确书 ...

  5. Chrome Is The New C Runtime

    出处:https://www.mobilespan.com/content/chrome-is-the-new-c-runtime Chrome Is The New C Runtime Date:  ...

  6. Web自动化之Headless Chrome开发工具库

    命令行运行Headless Chrome Chrome 安装(需要带梯子) 下载地址 几个版本的比较 Chromium 不是Chrome,但Chrome的内容基本来源于Chromium,这个是开源的版 ...

  7. chromium os系统编译与环境搭建

    官方网址:http://www.chromium.org/chromium-os chromium os是google自2009年开启的项目,是一款开源的电脑操作系统,用于开发chromium/chr ...

  8. Android chromium 1

    For Developers‎ > ‎Design Documents‎ > ‎ Java Resources on Android Overview Chrome for Android ...

  9. 从Chrome源码看audio/video流媒体实现二(转)

    第一篇主要介绍了Chrome加载音视频的缓冲控制机制和编解码基础,本篇将比较深入地介绍解码播放的过程.以Chromium 69版本做研究. 由于Chromium默认不能播放Mp4,所以需要需要改一下源 ...

随机推荐

  1. linux防火墙设置常用命令

    1.永久性生效,重启后不会复原 开启: chkconfig iptables on 关闭: chkconfig iptables off 2.即时生效,重启后复原 开启: service iptabl ...

  2. Java中语法与C/CPP的区别

    static不能在成员方法中定义,只能作为类变量定义.

  3. winedt102安装

    http://www.xue51.com/soft/3171.html 安装是安装上了,还是用不了,提示系统找不到文件什么的.最后还是安装winedt7. 注意要配置,miktex,这个东西.wine ...

  4. .net 程序 动态 控制IIS 站点域名绑定

    第一步:引用 导入 System.EnterpriseServices及System.DirectoryServices 两个引用 程序引用: using System.DirectoryServic ...

  5. shell脚本-2

    http://www.runoob.com/linux/linux-shell-variable.html 字符串可以用单引号,也可以用双引号,也可以不用引号.单双引号的区别跟PHP类似. 单引号字符 ...

  6. 在java中,异常抛出点后程序的执行情况

    1.在throw语句,即自定义的抛出异常语句后面的代码并不会执行,会提示错误,编译器并不可以正常编译. 2.若在一个条件语句中抛出一个异常,程序可以编译,但不会运行(dead code). 3.若在一 ...

  7. 如何使用 Pylint 来规范 Python 代码风格

    如何使用 Pylint 来规范 Python 代码风格 转载自https://www.ibm.com/developerworks/cn/linux/l-cn-pylint/   Pylint 是什么 ...

  8. Lucene架构

    先整体上看一下Lucene的架构设计图(见下图),先看上层应用,首先是信息采集的过程,文件系统.数据库.万维网以及手工输入的文件都可以作为信息采集的对象,也是要搜索的文档的来源,采集万维网上的信息一般 ...

  9. Restful levels&HATEOAS详解

    RESTful: Rest是一种软件架构风格.设计风格,而不是标准,只是提供了一组设计原则和约束条件.它主要用于客户端和服务器交互类的软件.基于这个风格设计的软件可以更简洁,更有层次,更易于实现缓存等 ...

  10. 对spring框架的理解

    spring框架的两大核心理念就是IOC和AOP,在面试的时候经常会被问到你对spring的理解.下面大致的说一下我对spring的理解. 一.IoC 1.1.什么是IoC 众所周知,IoC就是控制反 ...