diff --git a/cmake/cef_macros.cmake.in b/cmake/cef_macros.cmake.in index f357d06f6..ed8f5aa34 100644 --- a/cmake/cef_macros.cmake.in +++ b/cmake/cef_macros.cmake.in @@ -271,6 +271,17 @@ macro(ADD_WINDOWS_MANIFEST manifest_path target extension) ) endmacro() +# Set LPAC ACLs required for Windows sandbox support. +# See https://github.com/chromiumembedded/cef/issues/3791#issuecomment-2664128961 +macro(SET_LPAC_ACLS target) + add_custom_command( + TARGET ${target} + POST_BUILD + COMMAND "icacls" "${CEF_TARGET_OUT_DIR}" "/grant" "*S-1-15-2-2:(OI)(CI)(RX)" + COMMENT "Setting LPAC ACLs..." + ) +endmacro() + endif(OS_WINDOWS) diff --git a/tests/cefclient/CMakeLists.txt.in b/tests/cefclient/CMakeLists.txt.in index 45c1d688a..6c4e19382 100644 --- a/tests/cefclient/CMakeLists.txt.in +++ b/tests/cefclient/CMakeLists.txt.in @@ -317,4 +317,9 @@ if(OS_WINDOWS) # Copy CEF binary and resource files to the target output directory. COPY_FILES("${CEF_TARGET}" "${CEF_BINARY_FILES}" "${CEF_BINARY_DIR}" "${CEF_TARGET_OUT_DIR}") COPY_FILES("${CEF_TARGET}" "${CEF_RESOURCE_FILES}" "${CEF_RESOURCE_DIR}" "${CEF_TARGET_OUT_DIR}") + + if(USE_SANDBOX) + # Set LPAC ACLs required for Windows sandbox support. + SET_LPAC_ACLS("${CEF_TARGET}") + endif() endif() diff --git a/tests/cefsimple/CMakeLists.txt.in b/tests/cefsimple/CMakeLists.txt.in index 013b62b8d..234ec33fc 100644 --- a/tests/cefsimple/CMakeLists.txt.in +++ b/tests/cefsimple/CMakeLists.txt.in @@ -212,4 +212,9 @@ if(OS_WINDOWS) # Copy binary and resource files to the target output directory. COPY_FILES("${CEF_TARGET}" "${CEF_BINARY_FILES}" "${CEF_BINARY_DIR}" "${CEF_TARGET_OUT_DIR}") COPY_FILES("${CEF_TARGET}" "${CEF_RESOURCE_FILES}" "${CEF_RESOURCE_DIR}" "${CEF_TARGET_OUT_DIR}") + + if(USE_SANDBOX) + # Set LPAC ACLs required for Windows sandbox support. + SET_LPAC_ACLS("${CEF_TARGET}") + endif() endif() diff --git a/tests/ceftests/CMakeLists.txt.in b/tests/ceftests/CMakeLists.txt.in index 24d8920b1..8f1da7947 100644 --- a/tests/ceftests/CMakeLists.txt.in +++ b/tests/ceftests/CMakeLists.txt.in @@ -260,4 +260,9 @@ if(OS_WINDOWS) "resources/" ) COPY_RESOURCES("${CEF_TARGET}" "${UNITTESTS_DATA_RESOURCES_SRCS}" "${PREFIXES}" "${CMAKE_CURRENT_SOURCE_DIR}" "${CEF_TARGET_OUT_DIR}/ceftests_files") + + if(USE_SANDBOX) + # Set LPAC ACLs required for Windows sandbox support. + SET_LPAC_ACLS("${CEF_TARGET}") + endif() endif()