mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
177b969e8c
PiperOrigin-RevId: 238996664 Change-Id: I9646527e2be68ee0b6b371572b7aafe967102e57 Signed-off-by: Christian Blichmann <cblichmann@google.com>
30 lines
1.1 KiB
Markdown
30 lines
1.1 KiB
Markdown
# How it works
|
|
|
|
## Overview
|
|
|
|
The Sandboxed API project allows to run code of libraries in a sandboxed
|
|
environment, isolated with the help of [Sandbox2](../sandbox2/README.md).
|
|
|
|
Our goal is to provide developers with tools to prepare such libraries for the
|
|
sandboxing process, as well as necessary APIs to communicate (i.e. make function
|
|
calls and receive results) with such library.
|
|
|
|
All calls to the sandboxed library are passed over our custom RPC implementation
|
|
to a sandboxed process, and the results are passed back to the caller.
|
|
|
|
|
|
|
|
The project also provides [primitives](variables.md) for manual and
|
|
automatic (based on custom pointer attributes) memory synchronization (arrays,
|
|
structures) between the SAPI Libraries and the host code.
|
|
|
|
A [high-level Transactions API](transactions.md) provides monitoring of SAPI
|
|
Libraries, and restarts them if they fail (e.g, due to security violations,
|
|
crashes or resource exhaustion).
|
|
|
|
|
|
## Getting startd
|
|
|
|
Read our [Get Started](getting-started.md) page to set up your first Sandboxed
|
|
API project.
|