Enforce cache_path requirements for NetworkService (see issue #2622).

This change adds a new CefSettings.root_cache_path value that must be either
equal to or a parent directory of all CefSettings.cache_path and
CefRequestContextSettings.cache_path values. The sandbox may block read/write
access from the NetworkService to directories that do not meet this requirement.

To test: Run cefclient with a combination of the following flags:

--cache-path=c:\temp\cache
  Cache data should be persisted to the specified directory.

--request-context-per-browser
  A separate numbered cache directory should be created underneath the
  cache-path directory for each new browser instance.

--enable-network-service --disable-extensions
  Same tests, but with NetworkService enabled.

Known issues:
- When NetworkService is enabled a C:\temp\cache\cache\Cache directory is
  created (should be C:\temp\cache\Cache).

include/cef_api_hash.h

@@ -34,7 +34,7 @@
 // implementations. See the translator.README.txt file in the tools directory
 // for more information.
 //
-// $hash=fcc19532b6143e9c445fcde9947260b1c93a5e68$
+// $hash=3a0c73e396fa3857e28d388def4fbd3029f22572$
 //
 
 #ifndef CEF_INCLUDE_API_HASH_H_
@@ -47,13 +47,13 @@
 // way that may cause binary incompatibility with other builds. The universal
 // hash value will change if any platform is affected whereas the platform hash
 // values will change only if that particular platform is affected.
-#define CEF_API_HASH_UNIVERSAL "114e74f2c52d90fbb3fe6b3855dba9e544e40e85"
+#define CEF_API_HASH_UNIVERSAL "270f0270e88d272207bd83c60e36ceb45f4b690c"
 #if defined(OS_WIN)
-#define CEF_API_HASH_PLATFORM "25d0b5c8337691e2bcc21148686e4eacbe1255a6"
+#define CEF_API_HASH_PLATFORM "66d5f7568c90b1fcf60c4b8278b2465e94044426"
 #elif defined(OS_MACOSX)
-#define CEF_API_HASH_PLATFORM "905d65b97689874873222e99869c8c5a361bbdb7"
+#define CEF_API_HASH_PLATFORM "2eaac3385943011ba69f8c02ff81fcc779fa1d39"
 #elif defined(OS_LINUX)
-#define CEF_API_HASH_PLATFORM "ef345d85855d8d5c34de2fb26d25397c5e0e3534"
+#define CEF_API_HASH_PLATFORM "32502dcfde9333af005bae482dec534ce2e26d67"
 #endif
 
 #ifdef __cplusplus

include/internal/cef_types.h

@@ -219,15 +219,27 @@ typedef struct _cef_settings_t {
   int command_line_args_disabled;
 
   ///
-  // The location where cache data will be stored on disk. If empty then
-  // browsers will be created in "incognito mode" where in-memory caches are
-  // used for storage and no data is persisted to disk. HTML5 databases such as
-  // localStorage will only persist across sessions if a cache path is
-  // specified. Can be overridden for individual CefRequestContext instances via
-  // the CefRequestContextSettings.cache_path value.
+  // The location where data for the global browser cache will be stored on
+  // disk. In non-empty this must be either equal to or a child directory of
+  // CefSettings.root_cache_path. If empty then browsers will be created in
+  // "incognito mode" where in-memory caches are used for storage and no data is
+  // persisted to disk. HTML5 databases such as localStorage will only persist
+  // across sessions if a cache path is specified. Can be overridden for
+  // individual CefRequestContext instances via the
+  // CefRequestContextSettings.cache_path value.
   ///
   cef_string_t cache_path;
 
+  ///
+  // The root directory that all CefSettings.cache_path and
+  // CefRequestContextSettings.cache_path values must have in common. If this
+  // value is empty and CefSettings.cache_path is non-empty then this value will
+  // default to the CefSettings.cache_path value. Failure to set this value
+  // correctly may result in the sandbox blocking read/write access to the
+  // cache_path directory.
+  ///
+  cef_string_t root_cache_path;
+
   ///
   // The location where user data such as spell checking dictionary files will
   // be stored on disk. If empty then the default platform-specific user data
@@ -413,12 +425,14 @@ typedef struct _cef_request_context_settings_t {
   size_t size;
 
   ///
-  // The location where cache data will be stored on disk. If empty then
-  // browsers will be created in "incognito mode" where in-memory caches are
-  // used for storage and no data is persisted to disk. HTML5 databases such as
-  // localStorage will only persist across sessions if a cache path is
-  // specified. To share the global browser cache and related configuration set
-  // this value to match the CefSettings.cache_path value.
+  // The location where cache data for this request context will be stored on
+  // disk. If non-empty this must be either equal to or a child directory of
+  // CefSettings.root_cache_path. If empty then browsers will be created in
+  // "incognito mode" where in-memory caches are used for storage and no data is
+  // persisted to disk. HTML5 databases such as localStorage will only persist
+  // across sessions if a cache path is specified. To share the global browser
+  // cache and related configuration set this value to match the
+  // CefSettings.cache_path value.
   ///
   cef_string_t cache_path;