StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
64acef11c5
sandboxed-api/sandboxed_api/docs/howitworks.md
Christian Blichmann 177b969e8c
Sandboxed API OSS release. 
PiperOrigin-RevId: 238996664
Change-Id: I9646527e2be68ee0b6b371572b7aafe967102e57

Signed-off-by: Christian Blichmann <cblichmann@google.com>
2019-03-18 19:00:48 +01:00

1.1 KiB
Raw Blame History

How it works

Overview

The Sandboxed API project allows to run code of libraries in a sandboxed environment, isolated with the help of Sandbox2.

Our goal is to provide developers with tools to prepare such libraries for the sandboxing process, as well as necessary APIs to communicate (i.e. make function calls and receive results) with such library.

All calls to the sandboxed library are passed over our custom RPC implementation to a sandboxed process, and the results are passed back to the caller.

SAPI Diagram

The project also provides primitives for manual and automatic (based on custom pointer attributes) memory synchronization (arrays, structures) between the SAPI Libraries and the host code.

A high-level Transactions API provides monitoring of SAPI Libraries, and restarts them if they fail (e.g, due to security violations, crashes or resource exhaustion).

Getting startd

Read our Get Started page to set up your first Sandboxed API project.