-
joedow authored
I've root caused this and the problem was introduced in this CL: https://codereview.chromium.org/2446053002 That CL moved the logic which reported the worker process launch from the IPC Channel Connected method to an IO completion port listener. This works fine on un-official builds, however it breaks on official builds. The reason for the failure is that the remoting_desktop process on official builds are signed and include 'UiAccess' in their manifest. When the launcher process uses ShellExecuteEx to launch the worker process in this scenario, we actually see two processes get launched sequentially. The first starts and exists with error code 'STATUS_ELEVATION_REQUIRED' and the second launches with the correct permissions. This behavior worked fine before as we listened for the connection to the IPC channel which was done by the second, successful process launch. With the new code, we observed the first process launch, set up the Mojo channel for it, and tried waiting on its process handle which exits immediately. The second process then starts and fails to connect to the Mojo channel. I investigated whether UiAccess is truly required for the desktop binary and I think that it is. For the Ctrl+Alt+Del scenario, there are registry keys that can be set which will require that flag. For Alt+Tab, it is possible that some windows might not be accessible if they have a high high enough integrity level (+ UiAccess themselves). So instead of removing the UiAccess flag, my approach is to listen for the worker process creation and exit events. I store the value of the last seen worker process id and use that in our process launch detection code once the launcher process exits. This allows both un-official builds (which do not require the extra permissions hop) and official builds will work consistently. BUG=666992 Review-Url: https://codereview.chromium.org/2568983004 Cr-Commit-Position: refs/heads/master@{#438077}
1cdb0481
