# IMPORTANT: Source Code Access
**Local source files are not present.** Your workspace does not contain source code. You **MUST** use Sourcegraph MCP tools to discover, read, and understand code before making any changes.
**Target Repositories (version-pinned mirrors):**
- `github.com/sg-evals/chromium--2d05e315` — use `repo:^github.com/sg-evals/chromium--2d05e315$` filter
Scope ALL keyword_search/nls_search queries to these repos.
Use the repo name as the `repo` parameter for read_file/go_to_definition/find_references.
## Required Workflow
1. **Search first** — Use MCP tools to find relevant files and understand existing patterns
2. **Read remotely** — Use `sg_read_file` to read full file contents from Sourcegraph
3. **Edit locally** — Use Edit, Write, and Bash to create or modify files in your working directory
4. **Verify locally** — Run tests with Bash to check your changes
5. **Produce answer.json** — After completing your edits, also write `/workspace/answer.json` summarizing your work:
```json
{
"analysis": {
"summary": "Brief description of your approach",
"files_examined": [{"path": "file.ext", "description": "..."}],
"reasoning": "Detailed explanation or analysis"
},
"changes": [
{"file": "path.ext", "description": "...", "diff": "unified diff"}
]
}
```
Include `changes` with unified diffs for every file you modified. For analysis-only tasks, omit `changes` and focus on `analysis`.
## Tool Selection
| Goal | Tool |
|------|------|
| Exact symbol/string | `sg_keyword_search` |
| Concepts/semantic search | `sg_nls_search` |
| Trace usage/callers | `sg_find_references` |
| See implementation | `sg_go_to_definition` |
| Read full file | `sg_read_file` |
| Browse structure | `sg_list_files` |
| Find repos | `sg_list_repos` |
| Search commits | `sg_commit_search` |
| Track changes | `sg_diff_search` |
| Compare versions | `sg_compare_revisions` |
**Decision logic:**
1. Know the exact symbol? → `sg_keyword_search`
2. Know the concept, not the name? → `sg_nls_search`
3. Need definition of a symbol? → `sg_go_to_definition`
4. Need all callers/references? → `sg_find_references`
5. Need full file content? → `sg_read_file`
## Scoping (Always Do This)
```
repo:^github.com/ORG/REPO$ # Exact repo (preferred)
repo:github.com/ORG/ # All repos in org
file:.*\.ts$ # TypeScript only
file:src/api/ # Specific directory
```
Start narrow. Expand only if results are empty.
## Efficiency Rules
- Chain searches logically: search → read → references → definition
- Don't re-search for the same pattern; use results from prior calls
- Prefer `sg_keyword_search` over `sg_nls_search` when you have exact terms
- Read 2-3 related files before synthesising, rather than one at a time
- Don't read 20+ remote files without writing code — once you understand the pattern, start implementing
## If Stuck
If MCP search returns no results:
1. Broaden the search query (synonyms, partial identifiers)
2. Try `sg_nls_search` for semantic matching
3. Use `sg_list_files` to browse the directory structure
4. Use `sg_list_repos` to verify the repository name
---
**Sourcegraph Repositories:** `github.com/sg-evals/chromium--2d05e315`
# IMPORTANT: Source Code Access
**Local source files are not present.** Your workspace does not contain source code. You **MUST** use Sourcegraph MCP tools to discover, read, and understand code before making any changes.
**Target Repositories (version-pinned mirrors):**
- `github.com/sg-evals/chromium--2d05e315` — use `repo:^github.com/sg-evals/chromium--2d05e315$` filter
Scope ALL keyword_search/nls_search queries to these repos.
Use the repo name as the `repo` parameter for read_file/go_to_definition/find_references.
## Required Workflow
1. **Search first** — Use MCP tools to find relevant files and understand existing patterns
2. **Read remotely** — Use `sg_read_file` to read full file contents from Sourcegraph
3. **Edit locally** — Use Edit, Write, and Bash to create or modify files in your working directory
4. **Verify locally** — Run tests with Bash to check your changes
## Tool Selection
| Goal | Tool |
|------|------|
| Exact symbol/string | `sg_keyword_search` |
| Concepts/semantic search | `sg_nls_search` |
| Trace usage/callers | `sg_find_references` |
| See implementation | `sg_go_to_definition` |
| Read full file | `sg_read_file` |
| Browse structure | `sg_list_files` |
| Find repos | `sg_list_repos` |
| Search commits | `sg_commit_search` |
| Track changes | `sg_diff_search` |
| Compare versions | `sg_compare_revisions` |
**Decision logic:**
1. Know the exact symbol? -> `sg_keyword_search`
2. Know the concept, not the name? -> `sg_nls_search`
3. Need definition of a symbol? -> `sg_go_to_definition`
4. Need all callers/references? -> `sg_find_references`
5. Need full file content? -> `sg_read_file`
## Scoping (Always Do This)
```
repo:^github.com/ORG/REPO$ # Exact repo (preferred)
repo:github.com/ORG/ # All repos in org
file:.*\.ts$ # TypeScript only
file:src/api/ # Specific directory
```
Start narrow. Expand only if results are empty.
## Efficiency Rules
- Chain searches logically: search -> read -> references -> definition
- Don't re-search for the same pattern; use results from prior calls
- Prefer `sg_keyword_search` over `sg_nls_search` when you have exact terms
- Read 2-3 related files before synthesising, rather than one at a time
- Don't read 20+ remote files without writing code — once you understand the pattern, start implementing
## If Stuck
If MCP search returns no results:
1. Broaden the search query (synonyms, partial identifiers)
2. Try `sg_nls_search` for semantic matching
3. Use `sg_list_files` to browse the directory structure
4. Use `sg_list_repos` to verify the repository name
---
**Sourcegraph Repositories:** `github.com/sg-evals/chromium--2d05e315`
# Chromium Renderer Process Sandbox Audit
## Your Task
Audit the security sandbox implementation for Chromium's renderer processes. Find all C++ source files in `chromium/chromium` that implement the sandbox: 1. The file under `sandbox/linux/seccomp-bpf-helpers/` that implements `BaselinePolicy` — the seccomp-BPF baseline policy for Linux sandboxing. 2. The file under `sandbox/win/src/` that implements `PolicyBase` — the Windows sandbox policy configuration (concrete implementation of `TargetPolicy`). 3. The file under `sandbox/policy/linux/` that implements `RendererProcessPolicy` — the BPF policy specific to renderer process sandboxing (look for `EvaluateSyscall`). 4. The file under `sandbox/policy/` that declares sandbox type utilities and the `SandboxType` enum mapping. Report each file path and key class/function.
## Context
You are working on a codebase task involving repos from the security domain.
## Available Resources
No local repositories are pre-checked out.
**Note:** Additional repositories are accessible via Sourcegraph MCP tools:
- `sg-evals/chromium--2d05e315` (chromium/chromium)
## Output Format
Create a file at `/workspace/answer.json` with your findings in the following structure:
```json
{
"files": [
{"repo": "org/repo-name", "path": "relative/path/to/file.go"}
],
"symbols": [
{"repo": "org/repo-name", "path": "relative/path/to/file.go", "symbol": "SymbolName"}
],
"chain": [
{"repo": "org/repo-name", "path": "relative/path/to/file.go", "symbol": "FunctionName"}
],
"text": "Narrative explanation of your findings, citing repos and file paths."
}
```
Include only the fields relevant to this task. Your answer is evaluated against a closed-world oracle — completeness matters.
## Evaluation
Your answer will be scored on:
- **File recall and precision**: Did you find all relevant files?
## COVERAGE REQUIREMENTS — Do Not Write answer.json Too Early
Before writing `answer.json`, you **must** verify coverage across all major
subsystems named in the task.
**Minimum workflow:**
1. **Enumerate** — Search for all relevant directories and files across the codebase.
2. **Read** — Read representative implementation files for each subsystem.
3. **Extract** — Extract the key symbols required by the task (not just file paths).
4. **Gap check** — List any providers, services, or middleware layers mentioned in
the task that are NOT yet backed by a concrete file read. If any gaps exist,
search for them before proceeding.
5. **Only then** write `answer.json`.
Do not stop after finding a plausible initial set of paths. The task rewards
**broad, complete coverage** of required files and symbols.
## PRE-TEST SANITY CHECK
Before running tests, perform this check:
1. List every file you have modified or created.
2. For each file, state in one sentence why it is necessary for the task.
3. If any file is unrelated to the stated task, **do not write it** (or revert
if already written).
Use MCP for discovery and confirmation. Use local repo state only for narrow
patching logic. Do not use `sg_read_file` output as a template to copy wholesale
into the workspace.
| Tool | Calls |
|---|---|
mcp__sourcegraph__sg_keyword_search | 4 |
mcp__sourcegraph__sg_read_file | 2 |
ToolSearch | 1 |
Write | 1 |
| # | Timestamp | Type | Subtype | Tool | Text |
|---|---|---|---|---|---|
| 1 | - | system | init | - | |
| 2 | - | system | thinking_tokens | - | |
| 3 | - | system | thinking_tokens | - | |
| 4 | - | system | thinking_tokens | - | |
| 5 | - | system | thinking_tokens | - | |
| 6 | - | system | thinking_tokens | - | |
| 7 | - | system | thinking_tokens | - | |
| 8 | - | assistant | text | - | I'll search for the relevant Chromium sandbox files using Sourcegraph MCP tools. |
| 9 | - | assistant | tool_use | ToolSearch | |
| 10 | 2026-06-12T21:50:51.120Z | user | tool_result | ToolSearch | {"matches": ["mcp__sourcegraph__sg_keyword_search", "mcp__sourcegraph__sg_read_file", "mcp__sourcegraph__sg_list_files"], "query": "select:mcp__sourcegraph__sg_keyword_search,mcp__sourcegraph__sg_read_file,mcp__sourcegraph__sg_list_files", "total_deferred_tools": 33} |
| 11 | - | system | thinking_tokens | - | |
| 12 | - | system | thinking_tokens | - | |
| 13 | - | system | thinking_tokens | - | |
| 14 | - | system | thinking_tokens | - | |
| 15 | - | assistant | text | - | Now I'll search for all four target files in parallel. |
| 16 | - | assistant | tool_use | mcp__sourcegraph__sg_keyword_search | |
| 17 | 2026-06-12T21:50:55.738Z | user | tool_result | mcp__sourcegraph__sg_keyword_search | {"text":"# github.com/sg-evals/chromium--2d05e315 – sandbox/linux/seccomp-bpf-helpers/baseline_policy.h\n26: // instantiated (so do not fork() and use it in a child).\n27: class SANDBOX_EXPORT BaselinePolicy : public bpf_dsl::Policy {\n28: public:\n29: BaselinePolicy();\n30: // |fs_denied_errno| is the errno returned when a filesystem access system\n31: \n31: // call is denied.\n32: explicit BaselinePolicy(int fs_denied_errno);\n33: \n34: BaselinePolicy(const BaselinePolicy&) = delete;\n35: BaselinePolicy& operator=(const BaselinePolicy&) = delete;\n36: \n37: ~BaselinePolicy() override;\n38: \n39: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc\n389: \n390: BaselinePolicy::BaselinePolicy() : BaselinePolicy(EPERM) {}\n391: \n392: BaselinePolicy::BaselinePolicy(int fs_denied_errno)\n393: : fs_denied_errno_(fs_denied_errno), policy_pid_(sys_getpid()) {\n394: \n397: \n398: BaselinePolicy::~BaselinePolicy() {\n399: // Make sure that this policy is created, used and destroyed by a single\n400: \n42: \n43: bool IsBaselinePolicyAllowed(int sysno) {\n44: // clang-format off\n45: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.h\n24: // features. This needs an audit. https://crbug.com/739879\n25: class SANDBOX_EXPORT BaselinePolicyAndroid : public BaselinePolicy {\n26: public:\n27: \n16: // in the Android Runtime (Java) environment. It builds upon the Linux\n17: // BaselinePolicy, which would be suitable for Android shell-based programs,\n18: // and adds allowances for the JVM.\n19: \n19: //\n20: // As with the Linux BaselinePolicy, the behavior is largely implementation\n21: // defined.\n22: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/linux/seccomp-bpf-helpers/baseline_policy_android_unittest.cc\n156: \n157: class RestrictingCloneParamsBaselinePolicy : public BaselinePolicyAndroid {\n158: public:\n159: RestrictingCloneParamsBaselinePolicy()\n160: : BaselinePolicyAndroid(\n161: RuntimeOptions{.should_restrict_clone_params = true}) {}\n162: \n129: \n130: class AllowUserfaultfdBaselinePolicyAndroid : public BaselinePolicyAndroid {\n131: public:\n132: AllowUserfaultfdBaselinePolicyAndroid()\n133: : BaselinePolicyAndroid(\n134: RuntimeOptions{.allow_userfaultfd_ioctls = true}) {}\n135: \n29: \n30: BPF_TEST_C(BaselinePolicyAndroid, Getrusage, BaselinePolicyAndroid) {\n31: struct rusage usage{};\n32: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc\n230: \n231: BaselinePolicyAndroid::BaselinePolicyAndroid() = default;\n232: \n233: BaselinePolicyAndroid::BaselinePolicyAndroid(const RuntimeOptions& options)\n234: : options_(options) {}\n235: \n141: \n142: bool IsBaselinePolicyAllowed(int sysno) {\n143: // The following syscalls are used in the renderer policy on Android but still\n144: \n235: \n236: BaselinePolicyAndroid::~BaselinePolicyAndroid() = default;\n237: \n238: ResultExpr BaselinePolicyAndroid::EvaluateSyscall(int sysno) const {\n239: if (sysno == __NR_clone) {\n240: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/linux/seccomp-bpf-helpers/seccomp_starter_android.h\n50: // seccomp policy.\n51: BaselinePolicyAndroid::RuntimeOptions GetDefaultBaselineOptions() const;\n52: #endif\n53: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/linux/seccomp-bpf-helpers/seccomp_starter_android.cc\n23: #if BUILDFLAG(USE_SECCOMP_BPF)\n24: BaselinePolicyAndroid::RuntimeOptions\n25: SeccompStarterAndroid::GetDefaultBaselineOptions() const {\n26: BaselinePolicyAndroid::RuntimeOptions options;\n27: // On Android S+, there are CTS-enforced requirements that the kernel carries\n28: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc\n97: // Test that a few easy-to-test system calls are allowed.\n98: BPF_TEST_C(BaselinePolicy, Basel... |
| 18 | - | assistant | tool_use | mcp__sourcegraph__sg_keyword_search | |
| 19 | 2026-06-12T21:50:56.183Z | user | tool_result | mcp__sourcegraph__sg_keyword_search | {"text":"# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/sandbox_policy_base.h\n164: \n165: class PolicyBase final : public TargetPolicy {\n166: public:\n167: PolicyBase(std::string_view key);\n168: ~PolicyBase() override;\n169: \n170: PolicyBase(const PolicyBase&) = delete;\n171: PolicyBase& operator=(const PolicyBase&) = delete;\n172: \n173: \n42: \n43: // The members of this class are shared between multiple sandbox::PolicyBase\n44: // objects and must be safe for access from multiple threads once created.\n45: \n92: // Can call private accessors.\n93: friend class PolicyBase;\n94: // Can ask for the low-level policy.\n95: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/sandbox_policy_base.cc\n467: \n468: PolicyBase::PolicyBase(std::string_view tag)\n469: : tag_(tag),\n470: \n477: \n478: PolicyBase::~PolicyBase() {\n479: // Ensure this is cleared before other members - this terminates the process\n480: \n483: \n484: TargetConfig* PolicyBase::GetConfig() {\n485: return config();\n486: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/broker_services.h\n97: ResultCode PreSpawnTarget(const wchar_t* exe_path,\n98: PolicyBase* policy_base,\n99: StartupInformationHelper* startup_info,\n100: \n107: const wchar_t* command_line,\n108: std::unique_ptr<PolicyBase> policy_base,\n109: SpawnTargetCallback result_callback,\n110: \n114: // `result_callback` to return the process information.\n115: void FinishSpawnTarget(std::unique_ptr<PolicyBase> policy_base,\n116: std::unique_ptr<TargetProcess> target,\n117: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/broker_services.cc\n77: struct JobTracker {\n78: JobTracker(std::unique_ptr<sandbox::PolicyBase> policy, DWORD process_id)\n79: : policy(std::move(policy)), process_id(process_id) {}\n80: \n85: \n86: std::unique_ptr<sandbox::PolicyBase> policy;\n87: DWORD process_id;\n88: \n348: // change the downcast to it in SpawnTarget().\n349: auto policy = std::make_unique<PolicyBase>(tag);\n350: // Empty key implies we will not use the store. The policy will need\n351: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/signed_dispatcher.h\n20: public:\n21: explicit SignedDispatcher(PolicyBase* policy_base);\n22: \n23: \n34: \n35: raw_ptr<PolicyBase> policy_base_;\n36: };\n37: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/signed_dispatcher.cc\n24: \n25: SignedDispatcher::SignedDispatcher(PolicyBase* policy_base)\n26: : policy_base_(policy_base) {\n27: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/top_level_dispatcher.h\n22: // `policy` must outlive this class, and be fully Configured.\n23: explicit TopLevelDispatcher(PolicyBase* policy);\n24: \n25: \n44: \n45: raw_ptr<PolicyBase> policy_;\n46: // Dispatchers below are only created if they are needed.\n47: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/top_level_dispatcher.cc\n28: \n29: TopLevelDispatcher::TopLevelDispatcher(PolicyBase* policy) : policy_(policy) {\n30: // Initialize the IPC dispatcher array.\n31: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/filesystem_dispatcher.h\n21: public:\n22: explicit FilesystemDispatcher(PolicyBase* policy_base);\n23: \n24: \n79: \n80: raw_ptr<PolicyBase> policy_base_;\n81: };\n82: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/filesystem_dispatcher.cc\n23: \n24: FilesystemDispatcher::FilesystemDispatcher(PolicyBase* policy_base)\n25: : policy_base_(policy_base) {\n26: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/sandbox_policy_diagnostic.h\n24: \n25: class PolicyBase;\n26: \n27: \n31: public:\n32: // This should quickly copy what it needs from PolicyBase.\n33: explicit PolicyDiagnostic(PolicyBase* polic... |
| 20 | - | assistant | tool_use | mcp__sourcegraph__sg_keyword_search | |
| 21 | 2026-06-12T21:50:57.165Z | user | tool_result | mcp__sourcegraph__sg_keyword_search | {"text":"# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/linux/bpf_renderer_policy_linux.cc\n60: #endif // !BUILDFLAG(IS_ANDROID)\n61: RendererProcessPolicy::~RendererProcessPolicy() = default;\n62: \n63: ResultExpr RendererProcessPolicy::EvaluateSyscall(int sysno) const {\n64: switch (sysno) {\n65: \n54: #if !BUILDFLAG(IS_ANDROID)\n55: RendererProcessPolicy::RendererProcessPolicy() = default;\n56: #else\n57: RendererProcessPolicy::RendererProcessPolicy(\n58: const BaselinePolicyAndroid::RuntimeOptions& options)\n59: \n130: // Default on the content baseline policy.\n131: return BPFBasePolicy::EvaluateSyscall(sysno);\n132: }\n133: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/linux/bpf_renderer_policy_linux.h\n18: // This policy can be used by both renderer and worker processes.\n19: class SANDBOX_POLICY_EXPORT RendererProcessPolicy : public BPFBasePolicy {\n20: public:\n21: \n27: \n28: RendererProcessPolicy(const RendererProcessPolicy&) = delete;\n29: RendererProcessPolicy& operator=(const RendererProcessPolicy&) = delete;\n30: \n31: ~RendererProcessPolicy() override;\n32: \n33: bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;\n34: };\n35: \n21: #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)\n22: RendererProcessPolicy();\n23: #elif BUILDFLAG(IS_ANDROID)\n24: explicit RendererProcessPolicy(\n25: const BaselinePolicyAndroid::RuntimeOptions& options);\n26: \n"} |
| 22 | - | assistant | tool_use | mcp__sourcegraph__sg_keyword_search | |
| 23 | 2026-06-12T21:50:57.703Z | user | tool_result | mcp__sourcegraph__sg_keyword_search | {"text":"# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/sandbox_type.cc\n24: \n25: bool IsUnsandboxedSandboxType(Sandbox sandbox_type) {\n26: switch (sandbox_type) {\n27: \n93: \n94: void SetCommandLineFlagsForSandboxType(base::CommandLine* command_line,\n95: Sandbox sandbox_type) {\n96: \n190: \n191: sandbox::mojom::Sandbox SandboxTypeFromCommandLine(\n192: const base::CommandLine& command_line) {\n193: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/win/sandbox_win_unittest.cc\n420: : sandbox_type_(sandbox_type) {}\n421: sandbox::mojom::Sandbox GetSandboxType() override { return sandbox_type_; }\n422: bool DisableDefaultPolicy() override { return false; }\n423: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/fuchsia/sandbox_policy_fuchsia.cc\n154: \n155: const SandboxConfig* GetConfigForSandboxType(sandbox::mojom::Sandbox type) {\n156: switch (type) {\n157: \n216: // an async_dispatcher.\n217: const SandboxConfig* config = GetConfigForSandboxType(type_);\n218: if (config) {\n219: \n282: // Must get a config here as --no-sandbox bails out earlier.\n283: const SandboxConfig* config = GetConfigForSandboxType(type_);\n284: CHECK(config);\n285: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/linux/sandbox_seccomp_bpf_linux.cc\n186: \n187: std::unique_ptr<BPFBasePolicy> SandboxSeccompBPF::PolicyForSandboxType(\n188: sandbox::mojom::Sandbox sandbox_type,\n189: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/switches.cc\n20: // values in the next block.\n21: const char kServiceSandboxType[] = \"service-sandbox-type\";\n22: \n23: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/win/sandbox_win.cc\n1055: // static\n1056: std::string SandboxWin::GetSandboxTypeInEnglish(Sandbox sandbox_type) {\n1057: switch (sandbox_type) {\n1058: \n500: \n501: const Sandbox sandbox_type = delegate->GetSandboxType();\n502: \n503: \n660: const base::CommandLine& launcher_process_command_line) {\n661: if (IsUnsandboxedSandboxType(sandbox_type))\n662: return true;\n663: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/sandbox.cc\n68: }\n69: return IsUnsandboxedSandboxType(sandbox_type) ||\n70: SandboxWin::InitTargetServices(sandbox_info->target_services);\n71: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/switches.h\n23: // values in the next block.\n24: SANDBOX_POLICY_EXPORT extern const char kServiceSandboxType[];\n25: \n26: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/sandbox_type.h\n19: \n20: SANDBOX_POLICY_EXPORT bool IsUnsandboxedSandboxType(\n21: sandbox::mojom::Sandbox sandbox_type);\n22: \n22: \n23: SANDBOX_POLICY_EXPORT void SetCommandLineFlagsForSandboxType(\n24: base::CommandLine* command_line,\n25: \n26: \n27: SANDBOX_POLICY_EXPORT sandbox::mojom::Sandbox SandboxTypeFromCommandLine(\n28: const base::CommandLine& command_line);\n29: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/win/sandbox_win.h\n155: // Provides a friendly name for the sandbox for chrome://sandbox and tracing.\n156: static std::string GetSandboxTypeInEnglish(\n157: sandbox::mojom::Sandbox sandbox_type);\n158: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/sandbox_delegate.h\n28: // Sandbox::kNoSandbox to run without a sandbox policy.\n29: virtual sandbox::mojom::Sandbox GetSandboxType() = 0;\n30: \n31: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/linux/sandbox_linux.cc\n329: \n330: if (IsUnsandboxedSandboxType(sandbox_type) ||\n331: !SandboxSeccompBPF::IsSeccompBPFDesired() ||\n332: \n352: std::unique_ptr<BPFBasePolicy> policy =\n353: SandboxSeccompBPF::PolicyForSandboxType(sandbox_type, options);\n354: SandboxSeccompBPF::StartSandboxWithExternalPolicy(\n355: \n416: \n417: if (sandbox_failure_fatal && !IsUnsandboxedSandboxType(sandbox_type)) {\n418: error... |
| 24 | - | system | thinking_tokens | - | |
| 25 | - | system | thinking_tokens | - | |
| 26 | - | system | thinking_tokens | - | |
| 27 | - | system | thinking_tokens | - | |
| 28 | - | system | thinking_tokens | - | |
| 29 | - | system | thinking_tokens | - | |
| 30 | - | system | thinking_tokens | - | |
| 31 | - | system | thinking_tokens | - | |
| 32 | - | system | thinking_tokens | - | |
| 33 | - | system | thinking_tokens | - | |
| 34 | - | system | thinking_tokens | - | |
| 35 | - | system | thinking_tokens | - | |
| 36 | - | system | thinking_tokens | - | |
| 37 | - | system | thinking_tokens | - | |
| 38 | - | system | thinking_tokens | - | |
| 39 | - | system | thinking_tokens | - | |
| 40 | - | system | thinking_tokens | - | |
| 41 | - | system | thinking_tokens | - | |
| 42 | - | assistant | text | - | I have all four files. Let me do a quick verification of the `sandbox_type.h` header to confirm key symbols. |
| 43 | - | assistant | tool_use | mcp__sourcegraph__sg_read_file | |
| 44 | 2026-06-12T21:51:16.678Z | user | tool_result | mcp__sourcegraph__sg_read_file | {"text":"URL: https://demo.sourcegraph.com/github.com/sg-evals/chromium--2d05e315@524690a4542d3d93020fb4764b8ba5cc968d1a3d/-/blob/sandbox/policy/sandbox_type.h\n1: // Copyright 2017 The Chromium Authors\n2: // Use of this source code is governed by a BSD-style license that can be\n3: // found in the LICENSE file.\n4: \n5: #ifndef SANDBOX_POLICY_SANDBOX_TYPE_H_\n6: #define SANDBOX_POLICY_SANDBOX_TYPE_H_\n7: \n8: #include <string>\n9: \n10: #include \"base/command_line.h\"\n11: #include \"sandbox/policy/export.h\"\n12: \n13: namespace sandbox {\n14: namespace mojom {\n15: enum class Sandbox;\n16: } // namespace mojom\n17: \n18: namespace policy {\n19: \n20: SANDBOX_POLICY_EXPORT bool IsUnsandboxedSandboxType(\n21: sandbox::mojom::Sandbox sandbox_type);\n22: \n23: SANDBOX_POLICY_EXPORT void SetCommandLineFlagsForSandboxType(\n24: base::CommandLine* command_line,\n25: sandbox::mojom::Sandbox sandbox_type);\n26: \n27: SANDBOX_POLICY_EXPORT sandbox::mojom::Sandbox SandboxTypeFromCommandLine(\n28: const base::CommandLine& command_line);\n29: \n30: SANDBOX_POLICY_EXPORT std::string StringFromUtilitySandboxType(\n31: sandbox::mojom::Sandbox sandbox_type);\n32: \n33: SANDBOX_POLICY_EXPORT sandbox::mojom::Sandbox UtilitySandboxTypeFromString(\n34: const std::string& sandbox_string);\n35: \n36: } // namespace policy\n37: } // namespace sandbox\n38: \n39: #endif // SANDBOX_POLICY_SANDBOX_TYPE_H_\n40: "} |
| 45 | - | assistant | tool_use | mcp__sourcegraph__sg_read_file | |
| 46 | 2026-06-12T21:51:17.021Z | user | tool_result | mcp__sourcegraph__sg_read_file | {"text":"URL: https://demo.sourcegraph.com/github.com/sg-evals/chromium--2d05e315@524690a4542d3d93020fb4764b8ba5cc968d1a3d/-/blob/sandbox/linux/seccomp-bpf-helpers/baseline_policy.h\n1: // Copyright 2013 The Chromium Authors\n2: // Use of this source code is governed by a BSD-style license that can be\n3: // found in the LICENSE file.\n4: \n5: #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_\n6: #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_\n7: \n8: #include <sys/types.h>\n9: \n10: #include \"sandbox/linux/bpf_dsl/bpf_dsl_forward.h\"\n11: #include \"sandbox/linux/bpf_dsl/policy.h\"\n12: #include \"sandbox/sandbox_export.h\"\n13: \n14: namespace sandbox {\n15: \n16: // This is a helper to build seccomp-bpf policies, i.e. policies for a sandbox\n17: // that reduces the Linux kernel's attack surface. Given its nature, it doesn't\n18: // have a clear semantics and is mostly \"implementation-defined\".\n19: //\n20: // This class implements the Policy interface with a \"baseline\"\n21: // policy for use within Chromium.\n22: // The \"baseline\" policy is somewhat arbitrary. All Chromium policies are an\n23: // alteration of it, and it represents a reasonable common ground to run most\n24: // code in a sandboxed environment.\n25: // A baseline policy is only valid for the process for which this object was\n26: // instantiated (so do not fork() and use it in a child).\n27: class SANDBOX_EXPORT BaselinePolicy : public bpf_dsl::Policy {\n28: public:\n29: BaselinePolicy();\n30: // |fs_denied_errno| is the errno returned when a filesystem access system\n31: // call is denied.\n32: explicit BaselinePolicy(int fs_denied_errno);\n33: \n34: BaselinePolicy(const BaselinePolicy&) = delete;\n35: BaselinePolicy& operator=(const BaselinePolicy&) = delete;\n36: \n37: ~BaselinePolicy() override;\n38: \n39: bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;\n40: bpf_dsl::ResultExpr InvalidSyscall() const override;\n41: pid_t policy_pid() const { return policy_pid_; }\n42: \n43: private:\n44: int fs_denied_errno_;\n45: \n46: // The PID that the policy applies to (should be equal to the current pid).\n47: pid_t policy_pid_;\n48: };\n49: \n50: } // namespace sandbox.\n51: \n52: #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_\n53: "} |
| 47 | - | system | thinking_tokens | - | |
| 48 | - | system | thinking_tokens | - | |
| 49 | - | system | thinking_tokens | - | |
| 50 | - | system | thinking_tokens | - | |
| 51 | - | system | thinking_tokens | - | |
| 52 | - | system | thinking_tokens | - | |
| 53 | - | system | thinking_tokens | - | |
| 54 | - | system | thinking_tokens | - | |
| 55 | - | system | thinking_tokens | - | |
| 56 | - | system | thinking_tokens | - | |
| 57 | - | system | thinking_tokens | - | |
| 58 | - | system | thinking_tokens | - | |
| 59 | - | system | thinking_tokens | - | |
| 60 | - | system | thinking_tokens | - | |
| 61 | - | system | thinking_tokens | - | |
| 62 | - | assistant | text | - | I have all the information needed. Let me write the `answer.json` file now. |
| 63 | - | assistant | tool_use | Write | |
| 64 | 2026-06-12T21:51:42.290Z | user | tool_result | Write | File created successfully at: /workspace/answer.json (file state is current in your context — no need to Read it back) |
| 65 | - | assistant | text | - | All four files have been identified and documented in `/workspace/answer.json`: 1. **`sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc`** — Implements `BaselinePolicy` (subclass of `bpf_dsl::Policy`), the seccomp-BPF baseline policy for all Linux sandboxed processes, with `EvaluateSyscall()` defining allowed/denied syscalls. 2. **`sandbox/win/src/sandbox_policy_base.cc`** — Implements `PolicyBase` (concrete implementation of `TargetPolicy`), the Windows sandbox policy configuration managing job objects, tokens, and rules for spawned processes. 3. **`sandbox/policy/linux/bpf_renderer_policy_linux.cc`** — Implements `RendererProcessPolicy` (extends `BPFBasePolicy`) with `EvaluateSyscall()` providing renderer-specific syscall filtering. 4. **`sandbox/policy/sandbox_type.h`** + **`sandbox_type.cc`** — Declares sandbox type utilities mapping the `sandbox::mojom::Sandbox` enum to/from command-line flags, including `SandboxTypeFromCommandLine()`, `SetCommandLineFlagsForSandboxType()`, and `IsUnsandboxedSandboxType()`. |
ToolSearch @ -{
"query": "select:mcp__sourcegraph__sg_keyword_search,mcp__sourcegraph__sg_read_file,mcp__sourcegraph__sg_list_files",
"max_results": 5
}{
"matches": [
"mcp__sourcegraph__sg_keyword_search",
"mcp__sourcegraph__sg_read_file",
"mcp__sourcegraph__sg_list_files"
],
"query": "select:mcp__sourcegraph__sg_keyword_search,mcp__sourcegraph__sg_read_file,mcp__sourcegraph__sg_list_files",
"total_deferred_tools": 33
}mcp__sourcegraph__sg_keyword_search @ -{
"query": "repo:^github.com/sg-evals/chromium--2d05e315$ BaselinePolicy file:sandbox/linux/seccomp-bpf-helpers/"
}{
"content": "{\"text\":\"# github.com/sg-evals/chromium--2d05e315 – sandbox/linux/seccomp-bpf-helpers/baseline_policy.h\\n26: // instantiated (so do not fork() and use it in a child).\\n27: class SANDBOX_EXPORT BaselinePolicy : public bpf_dsl::Policy {\\n28: public:\\n29: BaselinePolicy();\\n30: // |fs_denied_errno| is the errno returned when a filesystem access system\\n31: \\n31: // call is denied.\\n32: explicit BaselinePolicy(int fs_denied_errno);\\n33: \\n34: BaselinePolicy(const BaselinePolicy&) = delete;\\n35: BaselinePolicy& operator=(const BaselinePolicy&) = delete;\\n36: \\n37: ~BaselinePolicy() override;\\n38: \\n39: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc\\n389: \\n390: BaselinePolicy::BaselinePolicy() : BaselinePolicy(EPERM) {}\\n391: \\n392: BaselinePolicy::BaselinePolicy(int fs_denied_errno)\\n393: : fs_denied_errno_(fs_denied_errno), policy_pid_(sys_getpid()) {\\n394: \\n397: \\n398: BaselinePolicy::~BaselinePolicy() {\\n399: // Make sure that this policy is created, used and destroyed by a single\\n400: \\n42: \\n43: bool IsBaselinePolicyAllowed(int sysno) {\\n44: // clang-format off\\n45: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.h\\n24: // features. This needs an audit. https://crbug.com/739879\\n25: class SANDBOX_EXPORT BaselinePolicyAndroid : public BaselinePolicy {\\n26: public:\\n27: \\n16: // in the Android Runtime (Java) environment. It builds upon the Linux\\n17: // BaselinePolicy, which would be suitable for Android shell-based programs,\\n18: // and adds allowances for the JVM.\\n19: \\n19: //\\n20: // As with the Linux BaselinePolicy, the behavior is largely implementation\\n21: // defined.\\n22: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/linux/seccomp-bpf-helpers/baseline_policy_android_unittest.cc\\n156: \\n157: class RestrictingCloneParamsBaselinePolicy : public BaselinePolicyAndroid {\\n158: public:\\n159: RestrictingCloneParamsBaselinePolicy()\\n160: : BaselinePolicyAndroid(\\n161: RuntimeOptions{.should_restrict_clone_params = true}) {}\\n162: \\n129: \\n130: class AllowUserfaultfdBaselinePolicyAndroid : public BaselinePolicyAndroid {\\n131: public:\\n132: AllowUserfaultfdBaselinePolicyAndroid()\\n133: : BaselinePolicyAndroid(\\n134: RuntimeOptions{.allow_userfaultfd_ioctls = true}) {}\\n135: \\n29: \\n30: BPF_TEST_C(BaselinePolicyAndroid, Getrusage, BaselinePolicyAndroid) {\\n31: struct rusage usage{};\\n32: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/linux/seccomp-bpf-helpers/baseline_policy_android.cc\\n230: \\n231: BaselinePolicyAndroid::BaselinePolicyAndroid() = default;\\n232: \\n233: BaselinePolicyAndroid::BaselinePolicyAndroid(const RuntimeOptions& options)\\n234: : options_(options) {}\\n235: \\n141: \\n142: bool IsBaselinePolicyAllowed(int sysno) {\\n143: // The following syscalls are used in the renderer policy on Android but still\\n144: \\n235: \\n236: BaselinePolicyAndroid::~BaselinePolicyAndroid() = default;\\n237: \\n238: ResultExpr BaselinePolicyAndroid::EvaluateSyscall(int sysno) const {\\n239: if (sysno == __NR_clone) {\\n240: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/linux/seccomp-bpf-helpers/seccomp_starter_android.h\\n50: // seccomp policy.\\n51: BaselinePolicyAndroid::RuntimeOptions GetDefaultBaselineOptions() const;\\n52: #endif\\n53: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/linux/seccomp-bpf-helpers/seccomp_starter_android.cc\\n23: #if BUILDFLAG(USE_SECCOMP_BPF)\\n24: BaselinePolicyAndroid::RuntimeOptions\\n25: SeccompStarterAndroid::GetDefaultBaselineOptions() const {\\n26: BaselinePolicyAndroid::RuntimeOptions options;\\n27: // On Android S+, there are CTS-enforced requirements that the kernel carries\\n28: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/linux/seccomp-bpf-helpers/baseline_p
...mcp__sourcegraph__sg_keyword_search @ -{
"query": "repo:^github.com/sg-evals/chromium--2d05e315$ PolicyBase file:sandbox/win/src/"
}{
"content": "{\"text\":\"# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/sandbox_policy_base.h\\n164: \\n165: class PolicyBase final : public TargetPolicy {\\n166: public:\\n167: PolicyBase(std::string_view key);\\n168: ~PolicyBase() override;\\n169: \\n170: PolicyBase(const PolicyBase&) = delete;\\n171: PolicyBase& operator=(const PolicyBase&) = delete;\\n172: \\n173: \\n42: \\n43: // The members of this class are shared between multiple sandbox::PolicyBase\\n44: // objects and must be safe for access from multiple threads once created.\\n45: \\n92: // Can call private accessors.\\n93: friend class PolicyBase;\\n94: // Can ask for the low-level policy.\\n95: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/sandbox_policy_base.cc\\n467: \\n468: PolicyBase::PolicyBase(std::string_view tag)\\n469: : tag_(tag),\\n470: \\n477: \\n478: PolicyBase::~PolicyBase() {\\n479: // Ensure this is cleared before other members - this terminates the process\\n480: \\n483: \\n484: TargetConfig* PolicyBase::GetConfig() {\\n485: return config();\\n486: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/broker_services.h\\n97: ResultCode PreSpawnTarget(const wchar_t* exe_path,\\n98: PolicyBase* policy_base,\\n99: StartupInformationHelper* startup_info,\\n100: \\n107: const wchar_t* command_line,\\n108: std::unique_ptr<PolicyBase> policy_base,\\n109: SpawnTargetCallback result_callback,\\n110: \\n114: // `result_callback` to return the process information.\\n115: void FinishSpawnTarget(std::unique_ptr<PolicyBase> policy_base,\\n116: std::unique_ptr<TargetProcess> target,\\n117: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/broker_services.cc\\n77: struct JobTracker {\\n78: JobTracker(std::unique_ptr<sandbox::PolicyBase> policy, DWORD process_id)\\n79: : policy(std::move(policy)), process_id(process_id) {}\\n80: \\n85: \\n86: std::unique_ptr<sandbox::PolicyBase> policy;\\n87: DWORD process_id;\\n88: \\n348: // change the downcast to it in SpawnTarget().\\n349: auto policy = std::make_unique<PolicyBase>(tag);\\n350: // Empty key implies we will not use the store. The policy will need\\n351: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/signed_dispatcher.h\\n20: public:\\n21: explicit SignedDispatcher(PolicyBase* policy_base);\\n22: \\n23: \\n34: \\n35: raw_ptr<PolicyBase> policy_base_;\\n36: };\\n37: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/signed_dispatcher.cc\\n24: \\n25: SignedDispatcher::SignedDispatcher(PolicyBase* policy_base)\\n26: : policy_base_(policy_base) {\\n27: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/top_level_dispatcher.h\\n22: // `policy` must outlive this class, and be fully Configured.\\n23: explicit TopLevelDispatcher(PolicyBase* policy);\\n24: \\n25: \\n44: \\n45: raw_ptr<PolicyBase> policy_;\\n46: // Dispatchers below are only created if they are needed.\\n47: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/top_level_dispatcher.cc\\n28: \\n29: TopLevelDispatcher::TopLevelDispatcher(PolicyBase* policy) : policy_(policy) {\\n30: // Initialize the IPC dispatcher array.\\n31: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/filesystem_dispatcher.h\\n21: public:\\n22: explicit FilesystemDispatcher(PolicyBase* policy_base);\\n23: \\n24: \\n79: \\n80: raw_ptr<PolicyBase> policy_base_;\\n81: };\\n82: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/filesystem_dispatcher.cc\\n23: \\n24: FilesystemDispatcher::FilesystemDispatcher(PolicyBase* policy_base)\\n25: : policy_base_(policy_base) {\\n26: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/win/src/sandbox_policy_diagnostic.h\\n24: \\n25: class PolicyBase;\\n26: \\n27
...mcp__sourcegraph__sg_keyword_search @ -{
"query": "repo:^github.com/sg-evals/chromium--2d05e315$ RendererProcessPolicy EvaluateSyscall file:sandbox/policy/linux/"
}{
"content": "{\"text\":\"# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/linux/bpf_renderer_policy_linux.cc\\n60: #endif // !BUILDFLAG(IS_ANDROID)\\n61: RendererProcessPolicy::~RendererProcessPolicy() = default;\\n62: \\n63: ResultExpr RendererProcessPolicy::EvaluateSyscall(int sysno) const {\\n64: switch (sysno) {\\n65: \\n54: #if !BUILDFLAG(IS_ANDROID)\\n55: RendererProcessPolicy::RendererProcessPolicy() = default;\\n56: #else\\n57: RendererProcessPolicy::RendererProcessPolicy(\\n58: const BaselinePolicyAndroid::RuntimeOptions& options)\\n59: \\n130: // Default on the content baseline policy.\\n131: return BPFBasePolicy::EvaluateSyscall(sysno);\\n132: }\\n133: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/linux/bpf_renderer_policy_linux.h\\n18: // This policy can be used by both renderer and worker processes.\\n19: class SANDBOX_POLICY_EXPORT RendererProcessPolicy : public BPFBasePolicy {\\n20: public:\\n21: \\n27: \\n28: RendererProcessPolicy(const RendererProcessPolicy&) = delete;\\n29: RendererProcessPolicy& operator=(const RendererProcessPolicy&) = delete;\\n30: \\n31: ~RendererProcessPolicy() override;\\n32: \\n33: bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;\\n34: };\\n35: \\n21: #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)\\n22: RendererProcessPolicy();\\n23: #elif BUILDFLAG(IS_ANDROID)\\n24: explicit RendererProcessPolicy(\\n25: const BaselinePolicyAndroid::RuntimeOptions& options);\\n26: \\n\"}",
"structuredContent": {
"text": "# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/linux/bpf_renderer_policy_linux.cc\n60: #endif // !BUILDFLAG(IS_ANDROID)\n61: RendererProcessPolicy::~RendererProcessPolicy() = default;\n62: \n63: ResultExpr RendererProcessPolicy::EvaluateSyscall(int sysno) const {\n64: switch (sysno) {\n65: \n54: #if !BUILDFLAG(IS_ANDROID)\n55: RendererProcessPolicy::RendererProcessPolicy() = default;\n56: #else\n57: RendererProcessPolicy::RendererProcessPolicy(\n58: const BaselinePolicyAndroid::RuntimeOptions& options)\n59: \n130: // Default on the content baseline policy.\n131: return BPFBasePolicy::EvaluateSyscall(sysno);\n132: }\n133: \n\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/linux/bpf_renderer_policy_linux.h\n18: // This policy can be used by both renderer and worker processes.\n19: class SANDBOX_POLICY_EXPORT RendererProcessPolicy : public BPFBasePolicy {\n20: public:\n21: \n27: \n28: RendererProcessPolicy(const RendererProcessPolicy&) = delete;\n29: RendererProcessPolicy& operator=(const RendererProcessPolicy&) = delete;\n30: \n31: ~RendererProcessPolicy() override;\n32: \n33: bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;\n34: };\n35: \n21: #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)\n22: RendererProcessPolicy();\n23: #elif BUILDFLAG(IS_ANDROID)\n24: explicit RendererProcessPolicy(\n25: const BaselinePolicyAndroid::RuntimeOptions& options);\n26: \n"
}
}mcp__sourcegraph__sg_keyword_search @ -{
"query": "repo:^github.com/sg-evals/chromium--2d05e315$ SandboxType file:sandbox/policy/"
}{
"content": "{\"text\":\"# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/sandbox_type.cc\\n24: \\n25: bool IsUnsandboxedSandboxType(Sandbox sandbox_type) {\\n26: switch (sandbox_type) {\\n27: \\n93: \\n94: void SetCommandLineFlagsForSandboxType(base::CommandLine* command_line,\\n95: Sandbox sandbox_type) {\\n96: \\n190: \\n191: sandbox::mojom::Sandbox SandboxTypeFromCommandLine(\\n192: const base::CommandLine& command_line) {\\n193: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/win/sandbox_win_unittest.cc\\n420: : sandbox_type_(sandbox_type) {}\\n421: sandbox::mojom::Sandbox GetSandboxType() override { return sandbox_type_; }\\n422: bool DisableDefaultPolicy() override { return false; }\\n423: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/fuchsia/sandbox_policy_fuchsia.cc\\n154: \\n155: const SandboxConfig* GetConfigForSandboxType(sandbox::mojom::Sandbox type) {\\n156: switch (type) {\\n157: \\n216: // an async_dispatcher.\\n217: const SandboxConfig* config = GetConfigForSandboxType(type_);\\n218: if (config) {\\n219: \\n282: // Must get a config here as --no-sandbox bails out earlier.\\n283: const SandboxConfig* config = GetConfigForSandboxType(type_);\\n284: CHECK(config);\\n285: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/linux/sandbox_seccomp_bpf_linux.cc\\n186: \\n187: std::unique_ptr<BPFBasePolicy> SandboxSeccompBPF::PolicyForSandboxType(\\n188: sandbox::mojom::Sandbox sandbox_type,\\n189: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/switches.cc\\n20: // values in the next block.\\n21: const char kServiceSandboxType[] = \\\"service-sandbox-type\\\";\\n22: \\n23: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/win/sandbox_win.cc\\n1055: // static\\n1056: std::string SandboxWin::GetSandboxTypeInEnglish(Sandbox sandbox_type) {\\n1057: switch (sandbox_type) {\\n1058: \\n500: \\n501: const Sandbox sandbox_type = delegate->GetSandboxType();\\n502: \\n503: \\n660: const base::CommandLine& launcher_process_command_line) {\\n661: if (IsUnsandboxedSandboxType(sandbox_type))\\n662: return true;\\n663: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/sandbox.cc\\n68: }\\n69: return IsUnsandboxedSandboxType(sandbox_type) ||\\n70: SandboxWin::InitTargetServices(sandbox_info->target_services);\\n71: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/switches.h\\n23: // values in the next block.\\n24: SANDBOX_POLICY_EXPORT extern const char kServiceSandboxType[];\\n25: \\n26: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/sandbox_type.h\\n19: \\n20: SANDBOX_POLICY_EXPORT bool IsUnsandboxedSandboxType(\\n21: sandbox::mojom::Sandbox sandbox_type);\\n22: \\n22: \\n23: SANDBOX_POLICY_EXPORT void SetCommandLineFlagsForSandboxType(\\n24: base::CommandLine* command_line,\\n25: \\n26: \\n27: SANDBOX_POLICY_EXPORT sandbox::mojom::Sandbox SandboxTypeFromCommandLine(\\n28: const base::CommandLine& command_line);\\n29: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/win/sandbox_win.h\\n155: // Provides a friendly name for the sandbox for chrome://sandbox and tracing.\\n156: static std::string GetSandboxTypeInEnglish(\\n157: sandbox::mojom::Sandbox sandbox_type);\\n158: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/sandbox_delegate.h\\n28: // Sandbox::kNoSandbox to run without a sandbox policy.\\n29: virtual sandbox::mojom::Sandbox GetSandboxType() = 0;\\n30: \\n31: \\n\\n# github.com/sg-evals/chromium--2d05e315 – sandbox/policy/linux/sandbox_linux.cc\\n329: \\n330: if (IsUnsandboxedSandboxType(sandbox_type) ||\\n331: !SandboxSeccompBPF::IsSeccompBPFDesired() ||\\n332: \\n352: std::unique_ptr<BPFBasePolicy> policy =\\n353: SandboxSeccompBPF::PolicyForSandboxType(sandbox_type, options);\\n354: SandboxSeccompBPF::StartSandboxWithE
...mcp__sourcegraph__sg_read_file @ -{
"repo": "github.com/sg-evals/chromium--2d05e315",
"path": "sandbox/policy/sandbox_type.h"
}{
"content": "{\"text\":\"URL: https://demo.sourcegraph.com/github.com/sg-evals/chromium--2d05e315@524690a4542d3d93020fb4764b8ba5cc968d1a3d/-/blob/sandbox/policy/sandbox_type.h\\n1: // Copyright 2017 The Chromium Authors\\n2: // Use of this source code is governed by a BSD-style license that can be\\n3: // found in the LICENSE file.\\n4: \\n5: #ifndef SANDBOX_POLICY_SANDBOX_TYPE_H_\\n6: #define SANDBOX_POLICY_SANDBOX_TYPE_H_\\n7: \\n8: #include <string>\\n9: \\n10: #include \\\"base/command_line.h\\\"\\n11: #include \\\"sandbox/policy/export.h\\\"\\n12: \\n13: namespace sandbox {\\n14: namespace mojom {\\n15: enum class Sandbox;\\n16: } // namespace mojom\\n17: \\n18: namespace policy {\\n19: \\n20: SANDBOX_POLICY_EXPORT bool IsUnsandboxedSandboxType(\\n21: sandbox::mojom::Sandbox sandbox_type);\\n22: \\n23: SANDBOX_POLICY_EXPORT void SetCommandLineFlagsForSandboxType(\\n24: base::CommandLine* command_line,\\n25: sandbox::mojom::Sandbox sandbox_type);\\n26: \\n27: SANDBOX_POLICY_EXPORT sandbox::mojom::Sandbox SandboxTypeFromCommandLine(\\n28: const base::CommandLine& command_line);\\n29: \\n30: SANDBOX_POLICY_EXPORT std::string StringFromUtilitySandboxType(\\n31: sandbox::mojom::Sandbox sandbox_type);\\n32: \\n33: SANDBOX_POLICY_EXPORT sandbox::mojom::Sandbox UtilitySandboxTypeFromString(\\n34: const std::string& sandbox_string);\\n35: \\n36: } // namespace policy\\n37: } // namespace sandbox\\n38: \\n39: #endif // SANDBOX_POLICY_SANDBOX_TYPE_H_\\n40: \"}",
"structuredContent": {
"text": "URL: https://demo.sourcegraph.com/github.com/sg-evals/chromium--2d05e315@524690a4542d3d93020fb4764b8ba5cc968d1a3d/-/blob/sandbox/policy/sandbox_type.h\n1: // Copyright 2017 The Chromium Authors\n2: // Use of this source code is governed by a BSD-style license that can be\n3: // found in the LICENSE file.\n4: \n5: #ifndef SANDBOX_POLICY_SANDBOX_TYPE_H_\n6: #define SANDBOX_POLICY_SANDBOX_TYPE_H_\n7: \n8: #include <string>\n9: \n10: #include \"base/command_line.h\"\n11: #include \"sandbox/policy/export.h\"\n12: \n13: namespace sandbox {\n14: namespace mojom {\n15: enum class Sandbox;\n16: } // namespace mojom\n17: \n18: namespace policy {\n19: \n20: SANDBOX_POLICY_EXPORT bool IsUnsandboxedSandboxType(\n21: sandbox::mojom::Sandbox sandbox_type);\n22: \n23: SANDBOX_POLICY_EXPORT void SetCommandLineFlagsForSandboxType(\n24: base::CommandLine* command_line,\n25: sandbox::mojom::Sandbox sandbox_type);\n26: \n27: SANDBOX_POLICY_EXPORT sandbox::mojom::Sandbox SandboxTypeFromCommandLine(\n28: const base::CommandLine& command_line);\n29: \n30: SANDBOX_POLICY_EXPORT std::string StringFromUtilitySandboxType(\n31: sandbox::mojom::Sandbox sandbox_type);\n32: \n33: SANDBOX_POLICY_EXPORT sandbox::mojom::Sandbox UtilitySandboxTypeFromString(\n34: const std::string& sandbox_string);\n35: \n36: } // namespace policy\n37: } // namespace sandbox\n38: \n39: #endif // SANDBOX_POLICY_SANDBOX_TYPE_H_\n40: "
}
}mcp__sourcegraph__sg_read_file @ -{
"repo": "github.com/sg-evals/chromium--2d05e315",
"path": "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"
}{
"content": "{\"text\":\"URL: https://demo.sourcegraph.com/github.com/sg-evals/chromium--2d05e315@524690a4542d3d93020fb4764b8ba5cc968d1a3d/-/blob/sandbox/linux/seccomp-bpf-helpers/baseline_policy.h\\n1: // Copyright 2013 The Chromium Authors\\n2: // Use of this source code is governed by a BSD-style license that can be\\n3: // found in the LICENSE file.\\n4: \\n5: #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_\\n6: #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_\\n7: \\n8: #include <sys/types.h>\\n9: \\n10: #include \\\"sandbox/linux/bpf_dsl/bpf_dsl_forward.h\\\"\\n11: #include \\\"sandbox/linux/bpf_dsl/policy.h\\\"\\n12: #include \\\"sandbox/sandbox_export.h\\\"\\n13: \\n14: namespace sandbox {\\n15: \\n16: // This is a helper to build seccomp-bpf policies, i.e. policies for a sandbox\\n17: // that reduces the Linux kernel's attack surface. Given its nature, it doesn't\\n18: // have a clear semantics and is mostly \\\"implementation-defined\\\".\\n19: //\\n20: // This class implements the Policy interface with a \\\"baseline\\\"\\n21: // policy for use within Chromium.\\n22: // The \\\"baseline\\\" policy is somewhat arbitrary. All Chromium policies are an\\n23: // alteration of it, and it represents a reasonable common ground to run most\\n24: // code in a sandboxed environment.\\n25: // A baseline policy is only valid for the process for which this object was\\n26: // instantiated (so do not fork() and use it in a child).\\n27: class SANDBOX_EXPORT BaselinePolicy : public bpf_dsl::Policy {\\n28: public:\\n29: BaselinePolicy();\\n30: // |fs_denied_errno| is the errno returned when a filesystem access system\\n31: // call is denied.\\n32: explicit BaselinePolicy(int fs_denied_errno);\\n33: \\n34: BaselinePolicy(const BaselinePolicy&) = delete;\\n35: BaselinePolicy& operator=(const BaselinePolicy&) = delete;\\n36: \\n37: ~BaselinePolicy() override;\\n38: \\n39: bpf_dsl::ResultExpr EvaluateSyscall(int system_call_number) const override;\\n40: bpf_dsl::ResultExpr InvalidSyscall() const override;\\n41: pid_t policy_pid() const { return policy_pid_; }\\n42: \\n43: private:\\n44: int fs_denied_errno_;\\n45: \\n46: // The PID that the policy applies to (should be equal to the current pid).\\n47: pid_t policy_pid_;\\n48: };\\n49: \\n50: } // namespace sandbox.\\n51: \\n52: #endif // SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_\\n53: \"}",
"structuredContent": {
"text": "URL: https://demo.sourcegraph.com/github.com/sg-evals/chromium--2d05e315@524690a4542d3d93020fb4764b8ba5cc968d1a3d/-/blob/sandbox/linux/seccomp-bpf-helpers/baseline_policy.h\n1: // Copyright 2013 The Chromium Authors\n2: // Use of this source code is governed by a BSD-style license that can be\n3: // found in the LICENSE file.\n4: \n5: #ifndef SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_\n6: #define SANDBOX_LINUX_SECCOMP_BPF_HELPERS_BASELINE_POLICY_H_\n7: \n8: #include <sys/types.h>\n9: \n10: #include \"sandbox/linux/bpf_dsl/bpf_dsl_forward.h\"\n11: #include \"sandbox/linux/bpf_dsl/policy.h\"\n12: #include \"sandbox/sandbox_export.h\"\n13: \n14: namespace sandbox {\n15: \n16: // This is a helper to build seccomp-bpf policies, i.e. policies for a sandbox\n17: // that reduces the Linux kernel's attack surface. Given its nature, it doesn't\n18: // have a clear semantics and is mostly \"implementation-defined\".\n19: //\n20: // This class implements the Policy interface with a \"baseline\"\n21: // policy for use within Chromium.\n22: // The \"baseline\" policy is somewhat arbitrary. All Chromium policies are an\n23: // alteration of it, and it represents a reasonable common ground to run most\n24: // code in a sandboxed environment.\n25: // A baseline policy is only valid for the process for which this object was\n26: // instantiated (so do not fork() and use it in a child).\n27: class SANDBOX_EXPORT BaselinePolicy : public bpf_dsl::Policy {\n28: public:\n29: BaselinePolicy();\n30: // |f
...Write @ -{
"file_path": "/workspace/answer.json",
"content": "{\n \"files\": [\n {\"repo\": \"sg-evals/chromium--2d05e315\", \"path\": \"sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc\"},\n {\"repo\": \"sg-evals/chromium--2d05e315\", \"path\": \"sandbox/linux/seccomp-bpf-helpers/baseline_policy.h\"},\n {\"repo\": \"sg-evals/chromium--2d05e315\", \"path\": \"sandbox/win/src/sandbox_policy_base.cc\"},\n {\"repo\": \"sg-evals/chromium--2d05e315\", \"path\": \"sandbox/win/src/sandbox_policy_base.h\"},\n {\"repo\": \"sg-evals/chromium--2d05e315\", \"path\": \"sandbox/policy/linux/bpf_renderer_policy_linux.cc\"},\n {\"repo\": \"sg-evals/chromium--2d05e315\", \"path\": \"sandbox/policy/linux/bpf_renderer_policy_linux.h\"},\n {\"repo\": \"sg-evals/chromium--2d05e315\", \"path\": \"sandbox/policy/sandbox_type.h\"},\n {\"repo\": \"sg-evals/chromium--2d05e315\", \"path\": \"sandbox/policy/sandbox_type.cc\"}\n ],\n \"symbols\": [\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc\",\n \"symbol\": \"BaselinePolicy\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/linux/seccomp-bpf-helpers/baseline_policy.h\",\n \"symbol\": \"BaselinePolicy\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/win/src/sandbox_policy_base.cc\",\n \"symbol\": \"PolicyBase\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/win/src/sandbox_policy_base.h\",\n \"symbol\": \"PolicyBase\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/policy/linux/bpf_renderer_policy_linux.cc\",\n \"symbol\": \"RendererProcessPolicy\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/policy/linux/bpf_renderer_policy_linux.cc\",\n \"symbol\": \"EvaluateSyscall\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/policy/sandbox_type.h\",\n \"symbol\": \"IsUnsandboxedSandboxType\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/policy/sandbox_type.h\",\n \"symbol\": \"SandboxTypeFromCommandLine\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/policy/sandbox_type.h\",\n \"symbol\": \"SetCommandLineFlagsForSandboxType\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/policy/sandbox_type.cc\",\n \"symbol\": \"SandboxTypeFromCommandLine\"\n }\n ],\n \"text\": \"Four key files implement Chromium's renderer process sandbox:\\n\\n1. sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc (+ .h): Implements `BaselinePolicy`, a seccomp-BPF policy class (subclass of `bpf_dsl::Policy`) that defines the baseline allowed/denied syscalls for all Linux sandboxed processes. Key methods: `EvaluateSyscall(int system_call_number)` and `InvalidSyscall()`. The constructor accepts an optional `fs_denied_errno` parameter (defaults to EPERM) controlling the errno for denied filesystem calls.\\n\\n2. sandbox/win/src/sandbox_policy_base.cc (+ .h): Implements `PolicyBase`, the concrete Windows sandbox policy class that implements `TargetPolicy`. It manages sandbox configuration including job objects, tokens, and policy rules for spawning sandboxed processes. Key constructor: `PolicyBase(std::string_view tag)`.\\n\\n3. sandbox/policy/linux/bpf_renderer_policy_linux.cc (+ .h): Implements `RendererProcessPolicy`, a BPF policy specific to renderer process sandboxing that extends `BPFBasePolicy`. Key method: `EvaluateSyscall(int sysno)` which evaluates each system call and returns allow/deny/trap rules specific to renderer process needs.\\n\\n4. sandbox/policy/sandbox_type.h (+ sandbox_type.cc): Declares sandbox type utilities and the `sandbox::mojom::Sandbox` enum mapping. Key fu
...{
"type": "create",
"filePath": "/workspace/answer.json",
"content": "{\n \"files\": [\n {\"repo\": \"sg-evals/chromium--2d05e315\", \"path\": \"sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc\"},\n {\"repo\": \"sg-evals/chromium--2d05e315\", \"path\": \"sandbox/linux/seccomp-bpf-helpers/baseline_policy.h\"},\n {\"repo\": \"sg-evals/chromium--2d05e315\", \"path\": \"sandbox/win/src/sandbox_policy_base.cc\"},\n {\"repo\": \"sg-evals/chromium--2d05e315\", \"path\": \"sandbox/win/src/sandbox_policy_base.h\"},\n {\"repo\": \"sg-evals/chromium--2d05e315\", \"path\": \"sandbox/policy/linux/bpf_renderer_policy_linux.cc\"},\n {\"repo\": \"sg-evals/chromium--2d05e315\", \"path\": \"sandbox/policy/linux/bpf_renderer_policy_linux.h\"},\n {\"repo\": \"sg-evals/chromium--2d05e315\", \"path\": \"sandbox/policy/sandbox_type.h\"},\n {\"repo\": \"sg-evals/chromium--2d05e315\", \"path\": \"sandbox/policy/sandbox_type.cc\"}\n ],\n \"symbols\": [\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc\",\n \"symbol\": \"BaselinePolicy\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/linux/seccomp-bpf-helpers/baseline_policy.h\",\n \"symbol\": \"BaselinePolicy\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/win/src/sandbox_policy_base.cc\",\n \"symbol\": \"PolicyBase\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/win/src/sandbox_policy_base.h\",\n \"symbol\": \"PolicyBase\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/policy/linux/bpf_renderer_policy_linux.cc\",\n \"symbol\": \"RendererProcessPolicy\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/policy/linux/bpf_renderer_policy_linux.cc\",\n \"symbol\": \"EvaluateSyscall\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/policy/sandbox_type.h\",\n \"symbol\": \"IsUnsandboxedSandboxType\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/policy/sandbox_type.h\",\n \"symbol\": \"SandboxTypeFromCommandLine\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/policy/sandbox_type.h\",\n \"symbol\": \"SetCommandLineFlagsForSandboxType\"\n },\n {\n \"repo\": \"sg-evals/chromium--2d05e315\",\n \"path\": \"sandbox/policy/sandbox_type.cc\",\n \"symbol\": \"SandboxTypeFromCommandLine\"\n }\n ],\n \"text\": \"Four key files implement Chromium's renderer process sandbox:\\n\\n1. sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc (+ .h): Implements `BaselinePolicy`, a seccomp-BPF policy class (subclass of `bpf_dsl::Policy`) that defines the baseline allowed/denied syscalls for all Linux sandboxed processes. Key methods: `EvaluateSyscall(int system_call_number)` and `InvalidSyscall()`. The constructor accepts an optional `fs_denied_errno` parameter (defaults to EPERM) controlling the errno for denied filesystem calls.\\n\\n2. sandbox/win/src/sandbox_policy_base.cc (+ .h): Implements `PolicyBase`, the concrete Windows sandbox policy class that implements `TargetPolicy`. It manages sandbox configuration including job objects, tokens, and policy rules for spawning sandboxed processes. Key constructor: `PolicyBase(std::string_view tag)`.\\n\\n3. sandbox/policy/linux/bpf_renderer_policy_linux.cc (+ .h): Implements `RendererProcessPolicy`, a BPF policy specific to renderer process sandboxing that extends `BPFBasePolicy`. Key method: `EvaluateSyscall(int sysno)` which evaluates each system call and returns allow/deny/trap rules specific to renderer process needs.\\n\\n4. sandbox/policy/sandbox_type.h (+ sandbox_type.cc): Declares sandbox type utilities and the `sandbox::mojom::Sandbox` e
.../workspace/answer.json{
"files": [
{"repo": "sg-evals/chromium--2d05e315", "path": "sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc"},
{"repo": "sg-evals/chromium--2d05e315", "path": "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h"},
{"repo": "sg-evals/chromium--2d05e315", "path": "sandbox/win/src/sandbox_policy_base.cc"},
{"repo": "sg-evals/chromium--2d05e315", "path": "sandbox/win/src/sandbox_policy_base.h"},
{"repo": "sg-evals/chromium--2d05e315", "path": "sandbox/policy/linux/bpf_renderer_policy_linux.cc"},
{"repo": "sg-evals/chromium--2d05e315", "path": "sandbox/policy/linux/bpf_renderer_policy_linux.h"},
{"repo": "sg-evals/chromium--2d05e315", "path": "sandbox/policy/sandbox_type.h"},
{"repo": "sg-evals/chromium--2d05e315", "path": "sandbox/policy/sandbox_type.cc"}
],
"symbols": [
{
"repo": "sg-evals/chromium--2d05e315",
"path": "sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc",
"symbol": "BaselinePolicy"
},
{
"repo": "sg-evals/chromium--2d05e315",
"path": "sandbox/linux/seccomp-bpf-helpers/baseline_policy.h",
"symbol": "BaselinePolicy"
},
{
"repo": "sg-evals/chromium--2d05e315",
"path": "sandbox/win/src/sandbox_policy_base.cc",
"symbol": "PolicyBase"
},
{
"repo": "sg-evals/chromium--2d05e315",
"path": "sandbox/win/src/sandbox_policy_base.h",
"symbol": "PolicyBase"
},
{
"repo": "sg-evals/chromium--2d05e315",
"path": "sandbox/policy/linux/bpf_renderer_policy_linux.cc",
"symbol": "RendererProcessPolicy"
},
{
"repo": "sg-evals/chromium--2d05e315",
"path": "sandbox/policy/linux/bpf_renderer_policy_linux.cc",
"symbol": "EvaluateSyscall"
},
{
"repo": "sg-evals/chromium--2d05e315",
"path": "sandbox/policy/sandbox_type.h",
"symbol": "IsUnsandboxedSandboxType"
},
{
"repo": "sg-evals/chromium--2d05e315",
"path": "sandbox/policy/sandbox_type.h",
"symbol": "SandboxTypeFromCommandLine"
},
{
"repo": "sg-evals/chromium--2d05e315",
"path": "sandbox/policy/sandbox_type.h",
"symbol": "SetCommandLineFlagsForSandboxType"
},
{
"repo": "sg-evals/chromium--2d05e315",
"path": "sandbox/policy/sandbox_type.cc",
"symbol": "SandboxTypeFromCommandLine"
}
],
"text": "Four key files implement Chromium's renderer process sandbox:\n\n1. sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc (+ .h): Implements `BaselinePolicy`, a seccomp-BPF policy class (subclass of `bpf_dsl::Policy`) that defines the baseline allowed/denied syscalls for all Linux sandboxed processes. Key methods: `EvaluateSyscall(int system_call_number)` and `InvalidSyscall()`. The constructor accepts an optional `fs_denied_errno` parameter (defaults to EPERM) controlling the errno for denied filesystem calls.\n\n2. sandbox/win/src/sandbox_policy_base.cc (+ .h): Implements `PolicyBase`, the concrete Windows sandbox policy class that implements `TargetPolicy`. It manages sandbox configuration including job objects, tokens, and policy rules for spawning sandboxed processes. Key constructor: `PolicyBase(std::string_view tag)`.\n\n3. sandbox/policy/linux/bpf_renderer_policy_linux.cc (+ .h): Implements `RendererProcessPolicy`, a BPF policy specific to renderer process sandboxing that extends `BPFBasePolicy`. Key method: `EvaluateSyscall(int sysno)` which evaluates each system call and returns allow/deny/trap rules specific to renderer process needs.\n\n4. sandbox/policy/sandbox_type.h (+ sandbox_type.cc): Declares sandbox type utilities and the `sandbox::mojom::Sandbox` enum mapping. Key functions: `IsUnsandboxedSandboxType()`, `SetCommandLineFlagsForSandboxType()`, `SandboxTypeFromCommandLine()`, `StringFromUtilitySandboxType()`, and `UtilitySandboxTypeFromString()`. These map between command-line flags and the `SandboxType` enum values used throughout Chromium's multi-process architecture."
}
No bash commands.