The sandbox internals documentation describes implementation details for Native Client sandboxing, which is also used by Portable Native Client. These details can be useful to reimplement a sandbox, or to write assembly code that follows sandboxing rules for Native Client (Portable Native Client does not allow platform-specific assembly code).
As an implementation detail, the Native Client sandboxes described here are currently used by Portable Native Client to execute code on the corresponding machines in a safe manner. The portable bitcode contained in a pexe is translated to a machine-specific nexe before execution. This may change at a point in time: Portable Native Client doesn’t necessarily need these sandboxes to execute code on these machines. Note that the Portable Native Client compiler itself is also untrusted: it too runs in a Native Client sandbox described below.
Native Client has sandboxes for:
- ARM 32-bit.
- x86-32: the original design is described in Native Client: A Sandbox for Portable, Untrusted x86 Native Code, the current design has changed slightly since then.
- MIPS32, described in the overview of Native Client for MIPS, and bug 2275.