1 // Copyright (c) 2018 Marshall A. Greenblatt. All rights reserved. 2 // 3 // Redistribution and use in source and binary forms, with or without 4 // modification, are permitted provided that the following conditions are 5 // met: 6 // 7 // * Redistributions of source code must retain the above copyright 8 // notice, this list of conditions and the following disclaimer. 9 // * Redistributions in binary form must reproduce the above 10 // copyright notice, this list of conditions and the following disclaimer 11 // in the documentation and/or other materials provided with the 12 // distribution. 13 // * Neither the name of Google Inc. nor the name Chromium Embedded 14 // Framework nor the names of its contributors may be used to endorse 15 // or promote products derived from this software without specific prior 16 // written permission. 17 // 18 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 30 #ifndef CEF_INCLUDE_CEF_SANDBOX_MAC_H_ 31 #define CEF_INCLUDE_CEF_SANDBOX_MAC_H_ 32 #pragma once 33 34 #include "include/base/cef_build.h" 35 #include "include/internal/cef_export.h" 36 37 #if defined(OS_MAC) 38 39 #ifdef __cplusplus 40 extern "C" { 41 #endif 42 43 // The sandbox is used to restrict sub-processes (renderer, plugin, GPU, etc) 44 // from directly accessing system resources. This helps to protect the user 45 // from untrusted and potentially malicious Web content. 46 // See http://www.chromium.org/developers/design-documents/sandbox for 47 // complete details. 48 // 49 // To enable the sandbox on macOS the following requirements must be met: 50 // 1. Link the helper process executable with the cef_sandbox static library. 51 // 2. Call the cef_sandbox_initialize() function at the beginning of the 52 // helper executable main() function and before loading the CEF framework 53 // library. See include/wrapper/cef_library_loader.h for example usage. 54 55 /// 56 // Initialize the sandbox for this process. Returns the sandbox context 57 // handle on success or NULL on failure. The returned handle should be 58 // passed to cef_sandbox_destroy() immediately before process termination. 59 /// 60 CEF_EXPORT void* cef_sandbox_initialize(int argc, char** argv); 61 62 /// 63 // Destroy the specified sandbox context handle. 64 /// 65 CEF_EXPORT void cef_sandbox_destroy(void* sandbox_context); 66 67 #ifdef __cplusplus 68 } 69 70 /// 71 // Scoped helper for managing the life span of a sandbox context handle. 72 /// 73 class CEF_EXPORT CefScopedSandboxContext { 74 public: 75 CefScopedSandboxContext(); 76 ~CefScopedSandboxContext(); 77 78 // Load the sandbox for this process. Returns true on success. 79 bool Initialize(int argc, char** argv); 80 81 private: 82 void* sandbox_context_; 83 }; 84 #endif // __cplusplus 85 86 #endif // defined(OS_MAC) 87 88 #endif // CEF_INCLUDE_CEF_SANDBOX_MAC_H_ 89