Sandbox Internals
Deprecation of the technologies described here has been announced for platforms other than ChromeOS.
Please visit our migration guide for details.
The sandbox internals documentation describes implementation details for Native Client sandboxing, which is also used by Portable Native Client. These details can be useful to reimplement a sandbox, or to write assembly code that follows sandboxing rules for Native Client (Portable Native Client does not allow platform-specific assembly code).
As an implementation detail, the Native Client sandboxes described here are currently used by Portable Native Client to execute code on the corresponding machines in a safe manner. The portable bitcode contained in a pexe is translated to a machine-specific nexe before execution. This may change at a point in time: Portable Native Client doesn’t necessarily need these sandboxes to execute code on these machines. Note that the Portable Native Client compiler itself is also untrusted: it too runs in a Native Client sandbox described below.
Native Client has sandboxes for:
- ARM 32-bit.
- x86-32: the original design is described in Native Client: A Sandbox for Portable, Untrusted x86 Native Code, the current design has changed slightly since then.
- x86-64.
- MIPS32, described in the overview of Native Client for MIPS, and bug 2275.