The Chromium Projects

Search this site

Except as otherwise noted, the content of this page is licensed under a Creative Commons Attribution 2.5 license, and examples are licensed under the BSD License.
Native Client‎ > ‎4: Reference‎ > ‎

Native Client Glossary

Contents

  1. 1 inner sandbox
  2. 2 Native Client sandbox
  3. 3 outer sandbox
  4. 4 service runtime
  5. 5 trusted code
  6. 6 untrusted code

inner sandbox

See Native Client sandbox.

Native Client sandbox

The ISA-specific, OS-portable sandbox used by Native Client, created via an agreement between a code generator and the Native Client validator. It creates a domain of reduced privilege within the process that also contains the Native Client service runtime.

outer sandbox

The redundant, OS-dependent sandbox that isolates a Native Client module at the process boundary.

service runtime

The trusted infrastructure that implements the analog of a system-call interface for a Native Client module in terms of native local operating system facilities.

trusted code

Conceptually, all the native code that runs outside of the Native Client sandbox. Includes the web browser, Webkit, the JavaScript implementation, and the Native Client service runtime. Trust is relative; although the trusted code runs outside of the Native Client sandbox, it might be running inside another sandbox, such as the Chrome sandbox, so we aren't necessarily ready to give away the store.

untrusted code

Code that runs inside the Native Client sandbox. Conceptually, JavaScript is also untrusted; it runs inside the JavaScript "sandbox".

Comments