Add sandbox support (issue #524).

- The sandbox is now enabled by default on all platforms. Use the CefSettings.no_sandbox option or the "no-sandbox" command-line flag to disable sandbox support. - Windows: See cef_sandbox_win.h for requirements to enable sandbox support. - Windows: If Visual Studio isn't installed in the standard location set the CEF_VCVARS environment variable before running make_distrib.py or automate.py (see msvs_env.bat). - Linux: For binary distributions a new chrome-sandbox executable with SUID permissions must be placed next to the CEF executable. See https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment for details on setting up the development environment when building CEF from source code. git-svn-id: https://chromiumembedded.googlecode.com/svn/trunk@1518 5089003a-bbd8-11dd-ad1f-f1f9622dbc98
2025-06-05 21:39:12 +02:00 · 2013-11-15 18:47:02 +00:00
parent 395f443215
commit f5bc72b234
24 changed files with 485 additions and 52 deletions
--- a/include/capi/cef_app_capi.h
+++ b/include/capi/cef_app_capi.h
@@ -53,19 +53,23 @@ extern "C" {
 // called for the browser process (identified by no "type" command-line value)
 // it will return immediately with a value of -1. If called for a recognized
 // secondary process it will block until the process should exit and then return
-// the process exit code. The |application| parameter may be NULL.
+// the process exit code. The |application| parameter may be NULL. The
+// |windows_sandbox_info| parameter is only used on Windows and may be NULL (see
+// cef_sandbox_win.h for details).
 ///
 CEF_EXPORT int cef_execute_process(const struct _cef_main_args_t* args,
-    struct _cef_app_t* application);
+    struct _cef_app_t* application, void* windows_sandbox_info);

 ///
 // This function should be called on the main application thread to initialize
 // the CEF browser process. The |application| parameter may be NULL. A return
 // value of true (1) indicates that it succeeded and false (0) indicates that it
-// failed.
+// failed. The |windows_sandbox_info| parameter is only used on Windows and may
+// be NULL (see cef_sandbox_win.h for details).
 ///
 CEF_EXPORT int cef_initialize(const struct _cef_main_args_t* args,
-    const struct _cef_settings_t* settings, struct _cef_app_t* application);
+    const struct _cef_settings_t* settings, struct _cef_app_t* application,
+    void* windows_sandbox_info);

 ///
 // This function should be called on the main application thread to shut down
--- a/include/cef_app.h
+++ b/include/cef_app.h
@@ -56,19 +56,29 @@ class CefApp;
 // called for the browser process (identified by no "type" command-line value)
 // it will return immediately with a value of -1. If called for a recognized
 // secondary process it will block until the process should exit and then return
-// the process exit code. The |application| parameter may be empty.
+// the process exit code. The |application| parameter may be empty. The
+// |windows_sandbox_info| parameter is only used on Windows and may be NULL (see
+// cef_sandbox_win.h for details).
 ///
-/*--cef(api_hash_check,optional_param=application)--*/
-int CefExecuteProcess(const CefMainArgs& args, CefRefPtr<CefApp> application);
+/*--cef(api_hash_check,optional_param=application,
+        optional_param=windows_sandbox_info)--*/
+int CefExecuteProcess(const CefMainArgs& args,
+                      CefRefPtr<CefApp> application,
+                      void* windows_sandbox_info);

 ///
 // This function should be called on the main application thread to initialize
 // the CEF browser process. The |application| parameter may be empty. A return
 // value of true indicates that it succeeded and false indicates that it failed.
+// The |windows_sandbox_info| parameter is only used on Windows and may be NULL
+// (see cef_sandbox_win.h for details).
 ///
-/*--cef(api_hash_check,optional_param=application)--*/
-bool CefInitialize(const CefMainArgs& args, const CefSettings& settings,
-                   CefRefPtr<CefApp> application);
+/*--cef(api_hash_check,optional_param=application,
+        optional_param=windows_sandbox_info)--*/
+bool CefInitialize(const CefMainArgs& args,
+                   const CefSettings& settings,
+                   CefRefPtr<CefApp> application,
+                   void* windows_sandbox_info);

 ///
 // This function should be called on the main application thread to shut down
--- a/include/cef_sandbox_win.h
+++ b/include/cef_sandbox_win.h
@@ -0,0 +1,92 @@
+// Copyright (c) 2013 Marshall A. Greenblatt. All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//    * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//    * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//    * Neither the name of Google Inc. nor the name Chromium Embedded
+// Framework nor the names of its contributors may be used to endorse
+// or promote products derived from this software without specific prior
+// written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#ifndef CEF_INCLUDE_CEF_SANDBOX_WIN_H_
+#define CEF_INCLUDE_CEF_SANDBOX_WIN_H_
+#pragma once
+
+#include "include/cef_base.h"
+
+#if defined(OS_WIN)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+// The sandbox is used to restrict sub-processes (renderer, plugin, GPU, etc)
+// from directly accessing system resources. This helps to protect the user
+// from untrusted and potentially malicious Web content.
+// See http://www.chromium.org/developers/design-documents/sandbox for
+// complete details.
+//
+// To enable the sandbox on Windows the following requirements must be met:
+// 1. Use the same executable for the browser process and all sub-processes.
+// 2. Link the executable with the cef_sandbox static library.
+// 3. Call the cef_sandbox_info_create() function from within the executable
+//    (not from a separate DLL) and pass the resulting pointer into both the
+//    CefExecutProcess() and CefInitialize() functions via the
+//    |windows_sandbox_info| parameter.
+
+///
+// Create the sandbox information object for this process. It is safe to create
+// multiple of this object and to destroy the object immediately after passing
+// into the CefExecutProcess() and/or CefInitialize() functions.
+///
+void* cef_sandbox_info_create();
+
+///
+// Destroy the specified sandbox information object.
+///
+void cef_sandbox_info_destroy(void* sandbox_info);
+
+#ifdef __cplusplus
+}
+
+///
+// Manages the life span of a sandbox information object.
+///
+class CefScopedSandboxInfo {
+ public:
+  CefScopedSandboxInfo() {
+    sandbox_info_ = cef_sandbox_info_create();
+  }
+  ~CefScopedSandboxInfo() {
+    cef_sandbox_info_destroy(sandbox_info_);
+  }
+
+  void* sandbox_info() const { return sandbox_info_; }
+
+ private:
+  void* sandbox_info_;
+};
+#endif  // __cplusplus
+
+#endif  // defined(OS_WIN)
+
+#endif  // CEF_INCLUDE_CEF_SANDBOX_WIN_H_
--- a/include/internal/cef_types.h
+++ b/include/internal/cef_types.h
@@ -167,6 +167,13 @@ typedef struct _cef_settings_t {
  ///
  bool single_process;

+  ///
+  // Set to true (1) to disable the sandbox for sub-processes. See
+  // cef_sandbox_win.h for requirements to enable the sandbox on Windows. Also
+  // configurable using the "no-sandbox" command-line switch.
+  ///
+  bool no_sandbox;
+
  ///
  // The path to a separate executable that will be launched for sub-processes.
  // By default the browser process executable is used. See the comments on
--- a/include/internal/cef_types_wrappers.h
+++ b/include/internal/cef_types_wrappers.h
@@ -344,6 +344,7 @@ struct CefSettingsTraits {
  static inline void set(const struct_type* src, struct_type* target,
      bool copy) {
    target->single_process = src->single_process;
+    target->no_sandbox = src->no_sandbox;
    cef_string_set(src->browser_subprocess_path.str,
        src->browser_subprocess_path.length,
        &target->browser_subprocess_path, copy);