win: Add bootstrap[c].exe for sandbox integration (see #3824)

Replace cef_sandbox.lib usage with bootstrap executables.
See the SandboxSetup Wiki page for details.

include/cef_sandbox_win.h

@@ -37,6 +37,10 @@
 
 #if defined(OS_WIN)
 
+#if !defined(GENERATING_CEF_API_HASH)
+#include <windows.h>
+#endif
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -49,13 +53,34 @@ extern "C" {
 /// http://www.chromium.org/developers/design-documents/sandbox for complete
 /// details.
 ///
-/// To enable the sandbox on Windows the following requirements must be met:
-/// 1. Use the same executable for the browser process and all sub-processes.
-/// 2. Link the executable with the cef_sandbox static library.
-/// 3. Call the cef_sandbox_info_create() function from within the executable
-///    (not from a separate DLL) and pass the resulting pointer into both the
-///    CefExecuteProcess() and CefInitialize() functions via the
-///    |windows_sandbox_info| parameter.
+/// To enable the sandbox on Windows the same executable must be used for all
+/// processes (browser process and sub-processes). This executable must link the
+/// cef_sandbox static library and initialize the sandbox by calling
+/// cef_sandbox_info_create. The resulting |sandbox_info| value must then be
+/// passed to CefExecuteProcess and CefInitialize.
+///
+/// Beginning with M138 the cef_sandbox static library can only be linked with
+/// applications built as part of the CEF/Chromium build. This is due to
+/// unavoidable dependencies on Chromium's bundled Clang/LLVM/libc++ toolchain.
+/// Client applications therefore have 3 options for sandbox integration:
+///
+/// 1. Build the client application (or a custom bootstrap executable) as part
+///    of the CEF/Chromium build using Chromium's bundled Clang/LLVM/libc++
+///    toolchain. For details of this option see
+///    https://bitbucket.org/chromiumembedded/cef/wiki/SandboxSetup.md
+/// 2. Build the client application as a DLL using any toolchain and run using
+///    the provided bootstrap.exe or bootstrapc.exe. The DLL implements
+///    RunWinMain or RunConsoleMain respectively and gets passed the
+///    |sandbox_info| parameter which it then forwards to CefExecuteProcess
+///    and CefInitialize. The provided bootstrap executables can optionally be
+///    renamed or modified [1] to meet client branding needs.
+/// 3. Build the client application as an executable using any toolchain with
+///    the sandbox disabled. Pass nullptr as the |sandbox_info| parameter to
+///    CefExecuteProcess and CefInitialize.
+///
+/// [1] Embedded executable resources such as icons and file properties can be
+///     modified using Visual Studio or Resource Hacker tools. Be sure to code
+///     sign all binaries after modification and before distribution to users.
 ///
 
 ///
@@ -88,6 +113,37 @@ class CefScopedSandboxInfo {
 };
 #endif  // __cplusplus
 
+#if defined(CEF_BUILD_BOOTSTRAP)
+#define CEF_BOOTSTRAP_EXPORT __declspec(dllimport)
+#else
+#define CEF_BOOTSTRAP_EXPORT __declspec(dllexport)
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+///
+/// Entry point to be implemented by client DLLs using bootstrap.exe for
+/// windows (/SUBSYSTEM:WINDOWS) applications.
+///
+CEF_BOOTSTRAP_EXPORT int RunWinMain(HINSTANCE hInstance,
+                                    LPTSTR lpCmdLine,
+                                    int nCmdShow,
+                                    void* sandbox_info);
+
+///
+/// Entry point to be implemented by client DLLs using bootstrapc.exe for
+/// console (/SUBSYSTEM:CONSOLE) applications.
+///
+CEF_BOOTSTRAP_EXPORT int RunConsoleMain(int argc,
+                                        char* argv[],
+                                        void* sandbox_info);
+
+#ifdef __cplusplus
+}
+#endif
+
 #endif  // defined(OS_WIN)
 
 #endif  // CEF_INCLUDE_CEF_SANDBOX_WIN_H_