schema: 1

bugzilla:
  product: "Core"
  component: "Security: Process Sandboxing"

origin:
  name: Chromium sandbox
  description: Chromium sandbox and supporting base code.

  url: https://chromium.googlesource.com/chromium/src/

  release: 0085b3faa4477bd52f03aeb1ee1097fa54a1bd55 (Fri May 01 21:43:25 2020).
  revision: 0085b3faa4477bd52f03aeb1ee1097fa54a1bd55

  license: BSD-3-Clause

vendoring:
  url: https://chromium.googlesource.com/chromium/src/
  source-hosting: googlesource
  flavor: individual-files
  tracking: commit

  individual-files-default-upstream: ""
  individual-files-default-destination: "{vendor_dir}/"
  individual-files-list:
    - base/at_exit.cc
    - base/at_exit.h
    - base/atomic_ref_count.h
    - base/atomic_sequence_num.h
    - base/atomicops.h
    - base/atomicops_internals_portable.h
    - base/atomicops_internals_x86_msvc.h
    - base/base_export.h
    - base/base_paths.h
    - base/base_paths_win.h
    - base/base_switches.cc
    - base/base_switches.h
    - base/bind.h
    - base/bind_helpers.h
    - base/bind_internal.h
    - base/bit_cast.h
    - base/bits.h
    - base/callback.h
    - base/callback_forward.h
    - base/callback_internal.cc
    - base/callback_internal.h
    - base/compiler_specific.h
    - base/containers/adapters.h
    - base/containers/buffer_iterator.h
    - base/containers/checked_iterators.h
    - base/containers/circular_deque.h
    - base/containers/span.h
    - base/containers/stack.h
    - base/containers/util.h
    - base/containers/vector_buffer.h
    - base/cpu.cc
    - base/cpu.h
    - base/debug/alias.cc
    - base/debug/alias.h
    - base/debug/crash_logging.h
    - base/debug/debugger.h
    - base/debug/leak_annotations.h
    - base/debug/profiler.cc
    - base/debug/profiler.h
    - base/environment.cc
    - base/environment.h
    - base/file_descriptor_posix.h
    - base/files/file_path.h
    - base/files/file_path_constants.cc
    - base/format_macros.h
    - base/guid.h
    - base/hash/hash.cc
    - base/hash/hash.h
    - base/immediate_crash.h
    - base/lazy_instance.h
    - base/lazy_instance_helpers.cc
    - base/lazy_instance_helpers.h
    - base/location.cc
    - base/location.h
    - base/logging.h
    - base/macros.h
    - base/memory/aligned_memory.h
    - base/memory/free_deleter.h
    - base/memory/platform_shared_memory_region.cc
    - base/memory/platform_shared_memory_region.h
    - base/memory/platform_shared_memory_region_win.cc
    - base/memory/ptr_util.h
    - base/memory/raw_scoped_refptr_mismatch_checker.h
    - base/memory/ref_counted.cc
    - base/memory/ref_counted.h
    - base/memory/scoped_refptr.h
    - base/memory/shared_memory_mapping.cc
    - base/memory/shared_memory_mapping.h
    - base/memory/singleton.h
    - base/memory/unsafe_shared_memory_region.cc
    - base/memory/unsafe_shared_memory_region.h
    - base/memory/weak_ptr.h
    - base/no_destructor.h
    - base/numerics/checked_math.h
    - base/numerics/checked_math_impl.h
    - base/numerics/clamped_math.h
    - base/numerics/clamped_math_impl.h
    - base/numerics/safe_conversions.h
    - base/numerics/safe_conversions_arm_impl.h
    - base/numerics/safe_conversions_impl.h
    - base/numerics/safe_math.h
    - base/numerics/safe_math_arm_impl.h
    - base/numerics/safe_math_clang_gcc_impl.h
    - base/numerics/safe_math_shared_impl.h
    - base/optional.h
    - base/os_compat_android.h
    - base/path_service.h
    - base/posix/can_lower_nice_to.cc
    - base/posix/can_lower_nice_to.h
    - base/posix/eintr_wrapper.h
    - base/posix/safe_strerror.cc
    - base/posix/safe_strerror.h
    - base/process/environment_internal.cc
    - base/process/environment_internal.h
    - base/process/kill.h
    - base/process/memory.h
    - base/process/process.h
    - base/process/process_handle.h
    - base/process/process_handle_win.cc
    - base/rand_util.h
    - base/rand_util_win.cc
    - base/scoped_clear_last_error.h
    - base/scoped_clear_last_error_win.cc
    - base/sequence_checker.h
    - base/sequence_checker_impl.h
    - base/sequence_token.h
    - base/sequenced_task_runner.h
    - base/sequenced_task_runner_helpers.h
    - base/single_thread_task_runner.h
    - base/stl_util.h
    - base/strings/char_traits.h
    - base/strings/nullable_string16.cc
    - base/strings/nullable_string16.h
    - base/strings/safe_sprintf.cc
    - base/strings/safe_sprintf.h
    - base/strings/safe_sprintf_unittest.cc
    - base/strings/string16.cc
    - base/strings/string16.h
    - base/strings/string_number_conversions.cc
    - base/strings/string_number_conversions.h
    - base/strings/string_piece.cc
    - base/strings/string_piece.h
    - base/strings/string_piece_forward.h
    - base/strings/string_split.cc
    - base/strings/string_split.h
    - base/strings/string_util.cc
    - base/strings/string_util.h
    - base/strings/string_util_constants.cc
    - base/strings/string_util_posix.h
    - base/strings/string_util_win.h
    - base/strings/stringprintf.cc
    - base/strings/stringprintf.h
    - base/strings/utf_string_conversion_utils.cc
    - base/strings/utf_string_conversion_utils.h
    - base/strings/utf_string_conversions.cc
    - base/strings/utf_string_conversions.h
    - base/synchronization/atomic_flag.h
    - base/synchronization/condition_variable.h
    - base/synchronization/condition_variable_posix.cc
    - base/synchronization/lock.cc
    - base/synchronization/lock.h
    - base/synchronization/lock_impl.h
    - base/synchronization/lock_impl_posix.cc
    - base/synchronization/lock_impl_win.cc
    - base/synchronization/waitable_event.h
    - base/synchronization/waitable_event_posix.cc
    - base/task_runner.h
    - base/template_util.h
    - base/third_party/cityhash/city.cc
    - base/third_party/cityhash/city.h
    - base/third_party/cityhash/COPYING
    - base/third_party/dynamic_annotations/dynamic_annotations.h
    - base/third_party/dynamic_annotations/LICENSE
    - base/third_party/icu/icu_utf.cc
    - base/third_party/icu/icu_utf.h
    - base/third_party/icu/LICENSE
    - base/third_party/superfasthash/LICENSE
    - base/third_party/superfasthash/README.chromium
    - base/third_party/superfasthash/superfasthash.c
    - base/third_party/valgrind/LICENSE
    - base/third_party/valgrind/valgrind.h
    - base/thread_annotations.h
    - base/threading/platform_thread.cc
    - base/threading/platform_thread.h
    - base/threading/platform_thread_internal_posix.cc
    - base/threading/platform_thread_internal_posix.h
    - base/threading/platform_thread_posix.cc
    - base/threading/platform_thread_win.cc
    - base/threading/platform_thread_win.h
    - base/threading/thread_checker_impl.h
    - base/threading/thread_collision_warner.cc
    - base/threading/thread_collision_warner.h
    - base/threading/thread_id_name_manager.cc
    - base/threading/thread_id_name_manager.h
    - base/threading/thread_local.h
    - base/threading/thread_local_internal.h
    - base/threading/thread_local_storage.cc
    - base/threading/thread_local_storage.h
    - base/threading/thread_local_storage_posix.cc
    - base/threading/thread_local_storage_win.cc
    - base/threading/thread_restrictions.cc
    - base/threading/thread_restrictions.h
    - base/time/time.cc
    - base/time/time.h
    - base/time/time_exploded_posix.cc
    - base/time/time_now_posix.cc
    - base/time/time_override.h
    - base/time/time_win.cc
    - base/time/time_win_features.cc
    - base/time/time_win_features.h
    - base/token.cc
    - base/token.h
    - base/tuple.h
    - base/unguessable_token.cc
    - base/unguessable_token.h
    - base/version.cc
    - base/version.h
    - base/win/current_module.h
    - base/win/pe_image.cc
    - base/win/pe_image.h
    - base/win/scoped_handle.cc
    - base/win/scoped_handle.h
    - base/win/scoped_handle_verifier.cc
    - base/win/scoped_handle_verifier.h
    - base/win/scoped_process_information.cc
    - base/win/scoped_process_information.h
    - base/win/startup_information.cc
    - base/win/startup_information.h
    - base/win/static_constants.cc
    - base/win/static_constants.h
    - base/win/windows_types.h
    - base/win/windows_version.cc
    - base/win/windows_version.h
    - build/build_config.h
    - build/buildflag.h
    - LICENSE
    - sandbox/linux/bpf_dsl/bpf_dsl.cc
    - sandbox/linux/bpf_dsl/bpf_dsl.h
    - sandbox/linux/bpf_dsl/bpf_dsl_forward.h
    - sandbox/linux/bpf_dsl/bpf_dsl_impl.h
    - sandbox/linux/bpf_dsl/codegen.cc
    - sandbox/linux/bpf_dsl/codegen.h
    - sandbox/linux/bpf_dsl/cons.h
    - sandbox/linux/bpf_dsl/dump_bpf.cc
    - sandbox/linux/bpf_dsl/dump_bpf.h
    - sandbox/linux/bpf_dsl/errorcode.h
    - sandbox/linux/bpf_dsl/linux_syscall_ranges.h
    - sandbox/linux/bpf_dsl/policy.cc
    - sandbox/linux/bpf_dsl/policy.h
    - sandbox/linux/bpf_dsl/policy_compiler.cc
    - sandbox/linux/bpf_dsl/policy_compiler.h
    - sandbox/linux/bpf_dsl/seccomp_macros.h
    - sandbox/linux/bpf_dsl/syscall_set.cc
    - sandbox/linux/bpf_dsl/syscall_set.h
    - sandbox/linux/bpf_dsl/trap_registry.h
    - sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h
    - sandbox/linux/seccomp-bpf/bpf_tests.h
    - sandbox/linux/seccomp-bpf/bpf_tests_unittest.cc
    - sandbox/linux/seccomp-bpf/die.cc
    - sandbox/linux/seccomp-bpf/die.h
    - sandbox/linux/seccomp-bpf/sandbox_bpf.cc
    - sandbox/linux/seccomp-bpf/sandbox_bpf.h
    - sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc
    - sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h
    - sandbox/linux/seccomp-bpf/syscall.cc
    - sandbox/linux/seccomp-bpf/syscall.h
    - sandbox/linux/seccomp-bpf/syscall_unittest.cc
    - sandbox/linux/seccomp-bpf/trap.cc
    - sandbox/linux/seccomp-bpf/trap.h
    - sandbox/linux/services/syscall_wrappers.cc
    - sandbox/linux/services/syscall_wrappers.h
    - sandbox/linux/system_headers/arm64_linux_syscalls.h
    - sandbox/linux/system_headers/arm_linux_syscalls.h
    - sandbox/linux/system_headers/arm_linux_ucontext.h
    - sandbox/linux/system_headers/capability.h
    - sandbox/linux/system_headers/i386_linux_ucontext.h
    - sandbox/linux/system_headers/linux_filter.h
    - sandbox/linux/system_headers/linux_futex.h
    - sandbox/linux/system_headers/linux_seccomp.h
    - sandbox/linux/system_headers/linux_signal.h
    - sandbox/linux/system_headers/linux_syscalls.h
    - sandbox/linux/system_headers/linux_ucontext.h
    - sandbox/linux/system_headers/x86_32_linux_syscalls.h
    - sandbox/linux/system_headers/x86_64_linux_syscalls.h
    - sandbox/sandbox_export.h
    - sandbox/win/src/acl.cc
    - sandbox/win/src/acl.h
    - sandbox/win/src/app_container_profile.h
    - sandbox/win/src/app_container_profile_base.cc
    - sandbox/win/src/app_container_profile_base.h
    - sandbox/win/src/app_container_test.cc
    - sandbox/win/src/broker_services.cc
    - sandbox/win/src/broker_services.h
    - sandbox/win/src/crosscall_client.h
    - sandbox/win/src/crosscall_params.h
    - sandbox/win/src/crosscall_server.cc
    - sandbox/win/src/crosscall_server.h
    - sandbox/win/src/eat_resolver.cc
    - sandbox/win/src/eat_resolver.h
    - sandbox/win/src/file_policy_test.cc
    - sandbox/win/src/filesystem_dispatcher.cc
    - sandbox/win/src/filesystem_dispatcher.h
    - sandbox/win/src/filesystem_interception.cc
    - sandbox/win/src/filesystem_interception.h
    - sandbox/win/src/filesystem_policy.cc
    - sandbox/win/src/filesystem_policy.h
    - sandbox/win/src/handle_closer.cc
    - sandbox/win/src/handle_closer.h
    - sandbox/win/src/handle_closer_agent.cc
    - sandbox/win/src/handle_closer_agent.h
    - sandbox/win/src/handle_closer_test.cc
    - sandbox/win/src/handle_inheritance_test.cc
    - sandbox/win/src/heap_helper.cc
    - sandbox/win/src/heap_helper.h
    - sandbox/win/src/integrity_level_test.cc
    - sandbox/win/src/interception.cc
    - sandbox/win/src/interception.h
    - sandbox/win/src/interception_agent.cc
    - sandbox/win/src/interception_agent.h
    - sandbox/win/src/interception_internal.h
    - sandbox/win/src/interception_unittest.cc
    - sandbox/win/src/interceptors.h
    - sandbox/win/src/interceptors_64.cc
    - sandbox/win/src/interceptors_64.h
    - sandbox/win/src/internal_types.h
    - sandbox/win/src/ipc_args.cc
    - sandbox/win/src/ipc_args.h
    - sandbox/win/src/ipc_ping_test.cc
    - sandbox/win/src/ipc_tags.h
    - sandbox/win/src/ipc_unittest.cc
    - sandbox/win/src/job.cc
    - sandbox/win/src/job.h
    - sandbox/win/src/job_unittest.cc
    - sandbox/win/src/named_pipe_dispatcher.cc
    - sandbox/win/src/named_pipe_dispatcher.h
    - sandbox/win/src/named_pipe_interception.cc
    - sandbox/win/src/named_pipe_interception.h
    - sandbox/win/src/named_pipe_policy.cc
    - sandbox/win/src/named_pipe_policy.h
    - sandbox/win/src/named_pipe_policy_test.cc
    - sandbox/win/src/nt_internals.h
    - sandbox/win/src/policy_broker.cc
    - sandbox/win/src/policy_broker.h
    - sandbox/win/src/policy_engine_opcodes.cc
    - sandbox/win/src/policy_engine_opcodes.h
    - sandbox/win/src/policy_engine_params.h
    - sandbox/win/src/policy_engine_processor.cc
    - sandbox/win/src/policy_engine_processor.h
    - sandbox/win/src/policy_engine_unittest.cc
    - sandbox/win/src/policy_low_level.cc
    - sandbox/win/src/policy_low_level.h
    - sandbox/win/src/policy_low_level_unittest.cc
    - sandbox/win/src/policy_opcodes_unittest.cc
    - sandbox/win/src/policy_params.h
    - sandbox/win/src/policy_target.cc
    - sandbox/win/src/policy_target.h
    - sandbox/win/src/policy_target_test.cc
    - sandbox/win/src/process_mitigations.cc
    - sandbox/win/src/process_mitigations.h
    - sandbox/win/src/process_mitigations_win32k_dispatcher.cc
    - sandbox/win/src/process_mitigations_win32k_dispatcher.h
    - sandbox/win/src/process_mitigations_win32k_interception.cc
    - sandbox/win/src/process_mitigations_win32k_interception.h
    - sandbox/win/src/process_mitigations_win32k_policy.cc
    - sandbox/win/src/process_mitigations_win32k_policy.h
    - sandbox/win/src/process_policy_test.cc
    - sandbox/win/src/process_thread_dispatcher.cc
    - sandbox/win/src/process_thread_dispatcher.h
    - sandbox/win/src/process_thread_interception.cc
    - sandbox/win/src/process_thread_interception.h
    - sandbox/win/src/process_thread_policy.cc
    - sandbox/win/src/process_thread_policy.h
    - sandbox/win/src/registry_dispatcher.cc
    - sandbox/win/src/registry_dispatcher.h
    - sandbox/win/src/registry_interception.cc
    - sandbox/win/src/registry_interception.h
    - sandbox/win/src/registry_policy.cc
    - sandbox/win/src/registry_policy.h
    - sandbox/win/src/registry_policy_test.cc
    - sandbox/win/src/resolver.cc
    - sandbox/win/src/resolver.h
    - sandbox/win/src/resolver_32.cc
    - sandbox/win/src/resolver_64.cc
    - sandbox/win/src/restricted_token.cc
    - sandbox/win/src/restricted_token.h
    - sandbox/win/src/restricted_token_unittest.cc
    - sandbox/win/src/restricted_token_utils.cc
    - sandbox/win/src/restricted_token_utils.h
    - sandbox/win/src/sandbox.cc
    - sandbox/win/src/sandbox.h
    - sandbox/win/src/sandbox.vcproj
    - sandbox/win/src/sandbox_factory.h
    - sandbox/win/src/sandbox_globals.cc
    - sandbox/win/src/sandbox_nt_types.h
    - sandbox/win/src/sandbox_nt_util.cc
    - sandbox/win/src/sandbox_nt_util.h
    - sandbox/win/src/sandbox_policy.h
    - sandbox/win/src/sandbox_policy_base.cc
    - sandbox/win/src/sandbox_policy_base.h
    - sandbox/win/src/sandbox_rand.cc
    - sandbox/win/src/sandbox_rand.h
    - sandbox/win/src/sandbox_types.h
    - sandbox/win/src/sandbox_utils.cc
    - sandbox/win/src/sandbox_utils.h
    - sandbox/win/src/security_capabilities.cc
    - sandbox/win/src/security_capabilities.h
    - sandbox/win/src/security_level.h
    - sandbox/win/src/service_resolver.cc
    - sandbox/win/src/service_resolver.h
    - sandbox/win/src/service_resolver_32.cc
    - sandbox/win/src/service_resolver_64.cc
    - sandbox/win/src/service_resolver_unittest.cc
    - sandbox/win/src/sharedmem_ipc_client.cc
    - sandbox/win/src/sharedmem_ipc_client.h
    - sandbox/win/src/sharedmem_ipc_server.cc
    - sandbox/win/src/sharedmem_ipc_server.h
    - sandbox/win/src/sid.cc
    - sandbox/win/src/sid.h
    - sandbox/win/src/sid_unittest.cc
    - sandbox/win/src/signed_dispatcher.cc
    - sandbox/win/src/signed_dispatcher.h
    - sandbox/win/src/signed_interception.cc
    - sandbox/win/src/signed_interception.h
    - sandbox/win/src/signed_policy.cc
    - sandbox/win/src/signed_policy.h
    - sandbox/win/src/sync_dispatcher.cc
    - sandbox/win/src/sync_dispatcher.h
    - sandbox/win/src/sync_interception.cc
    - sandbox/win/src/sync_interception.h
    - sandbox/win/src/sync_policy.cc
    - sandbox/win/src/sync_policy.h
    - sandbox/win/src/sync_policy_test.cc
    - sandbox/win/src/sync_policy_test.h
    - sandbox/win/src/target_interceptions.cc
    - sandbox/win/src/target_interceptions.h
    - sandbox/win/src/target_process.cc
    - sandbox/win/src/target_process.h
    - sandbox/win/src/target_services.cc
    - sandbox/win/src/target_services.h
    - sandbox/win/src/threadpool_unittest.cc
    - sandbox/win/src/top_level_dispatcher.cc
    - sandbox/win/src/top_level_dispatcher.h
    - sandbox/win/src/unload_dll_test.cc
    - sandbox/win/src/win2k_threadpool.cc
    - sandbox/win/src/win2k_threadpool.h
    - sandbox/win/src/win_utils.cc
    - sandbox/win/src/win_utils.h
    - sandbox/win/src/win_utils_unittest.cc
    - sandbox/win/src/window.cc
    - sandbox/win/src/window.h

  # Apply patches that are taken from upstream first as these will not be
  # needed at some point, so we want subsequent patches to work after the
  # upstream fix.
  patches:
    - ../chromium-shim/patches/upstream/*.patch
    - ../chromium-shim/patches/*.patch