Sandbox Internals

The sandbox internals documentation describes implementation details for Native Client sandboxing, which is also used by Portable Native Client. These details can be useful to reimplement a sandbox, or to write assembly code that follows sandboxing rules for Native Client (Portable Native Client does not allow platform-specific assembly code).

As an implementation detail, the Native Client sandboxes described here are currently used by Portable Native Client to execute code on the corresponding machines in a safe manner. The portable bitcode contained in a pexe is translated to a machine-specific nexe before execution. This may change at a point in time: Portable Native Client doesn’t necessarily need these sandboxes to execute code on these machines. Note that the Portable Native Client compiler itself is also untrusted: it too runs in a Native Client sandbox described below.

Native Client has sandboxes for: