To my understanding, sandbox is a place with very restricted resource access right for untrusted code to run in. It is an idea introduced in
Java 1.0. But to protection domains, it grouped certain resources or classes in the pc to form a domain, if downloaded and untrusted needs to accept the class mentioned in that area, they need to be verified by the policy. If they have not granted the rights they cannot use those resources.
If I have made any mistake, please correct me.