Chromium Embedded Framework (CEF)  117.1.0+ga287baf+chromium-117.0.5938.62
cef_sandbox_mac.h File Reference

The sandbox is used to restrict sub-processes (renderer, GPU, etc) from directly accessing system resources. More...

Classes

class  CefScopedSandboxContext
 Scoped helper for managing the life span of a sandbox context handle. More...
 

Functions

CEF_EXPORT void * cef_sandbox_initialize (int argc, char **argv)
 Initialize the sandbox for this process. More...
 
CEF_EXPORT void cef_sandbox_destroy (void *sandbox_context)
 Destroy the specified sandbox context handle. More...
 

Detailed Description

The sandbox is used to restrict sub-processes (renderer, GPU, etc) from directly accessing system resources.

This helps to protect the user from untrusted and potentially malicious Web content. See http://www.chromium.org/developers/design-documents/sandbox for complete details.

To enable the sandbox on macOS the following requirements must be met:

  1. Link the helper process executable with the cef_sandbox static library.
  2. Call the cef_sandbox_initialize() function at the beginning of the helper executable main() function and before loading the CEF framework library. See include/wrapper/cef_library_loader.h for example usage.

Function Documentation

◆ cef_sandbox_destroy()

CEF_EXPORT void cef_sandbox_destroy ( void *  sandbox_context)

Destroy the specified sandbox context handle.

◆ cef_sandbox_initialize()

CEF_EXPORT void* cef_sandbox_initialize ( int  argc,
char **  argv 
)

Initialize the sandbox for this process.

Returns the sandbox context handle on success or NULL on failure. The returned handle should be passed to cef_sandbox_destroy() immediately before process termination.