Do not close handles in target process on Windows 10.

This reverts commit 787196b9 and disables the handle closer on Windows 10. BUG=452613 Review URL: https://codereview.chromium.org/891973005 Cr-Commit-Position: refs/heads/master@{#315162}

Do not close handles in target process on Windows 10.
This reverts commit 787196b9 and disables the handle closer on Windows 10. BUG=452613 Review URL: https://codereview.chromium.org/891973005 Cr-Commit-Position: refs/heads/master@{#315162}
19746c56 · wfh · Commit bot · ac702dad · 19746c56 · 19746c56
Commit 19746c56 authored Feb 06, 2015 by wfh Committed by Commit bot Feb 07, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 8 deletions

content/common/sandbox_win.cc content/common/sandbox_win.cc +3 -8

sandbox/win/src/target_services.cc sandbox/win/src/target_services.cc +8 -0

No files found.
--- a/content/common/sandbox_win.cc
+++ b/content/common/sandbox_win.cc
@@ -356,8 +356,7 @@ bool AddGenericPolicy(sandbox::TargetPolicy* policy) {
  return true;
 }

-bool AddPolicyForSandboxedProcess(sandbox::TargetPolicy* policy,
-                                  std::string& type_str) {
+bool AddPolicyForSandboxedProcess(sandbox::TargetPolicy* policy) {
  sandbox::ResultCode result;
  // Renderers need to share events with plugins.
  result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
@@ -367,11 +366,8 @@ bool AddPolicyForSandboxedProcess(sandbox::TargetPolicy* policy,
    return false;

  // Win8+ adds a device DeviceApi that we don't need.
-  // Only close this handle on renderer processes.  See crbug.com/452613.
-  if (base::win::GetVersion() > base::win::VERSION_WIN7 &&
-      type_str == switches::kRendererProcess) {
+  if (base::win::GetVersion() > base::win::VERSION_WIN7)
    result = policy->AddKernelObjectToClose(L"File", L"\\Device\\DeviceApi");
-  }
  if (result != sandbox::SBOX_ALL_OK)
    return false;

@@ -666,8 +662,7 @@ base::Process StartSandboxedProcess(
  if (delegate)
    delegate->PreSandbox(&disable_default_policy, &exposed_dir);

-  if (!disable_default_policy &&
-      !AddPolicyForSandboxedProcess(policy, type_str))
+  if (!disable_default_policy && !AddPolicyForSandboxedProcess(policy))
    return base::Process();

  if (type_str == switches::kRendererProcess) {

--- a/sandbox/win/src/target_services.cc
+++ b/sandbox/win/src/target_services.cc
@@ -7,6 +7,7 @@
 #include <process.h>

 #include "base/basictypes.h"
+#include "base/win/windows_version.h"
 #include "sandbox/win/src/crosscall_client.h"
 #include "sandbox/win/src/handle_closer_agent.h"
 #include "sandbox/win/src/handle_interception.h"
@@ -45,6 +46,13 @@ bool FlushCachedRegHandles() {

 // Checks if we have handle entries pending and runs the closer.
 bool CloseOpenHandles() {
+  // Windows 10 has FLG_ENABLE_HANDLE_EXCEPTIONS enabled by default so causes
+  // exceptions to be raised if target process attempts to close a handle that
+  // has already been closed by HandleCloser.  Therefore, do not close any
+  // handles on Windows 10 until this flag is removed by MS.
+  // See crbug.com/452613.
+  if (base::win::GetVersion() == base::win::VERSION_WIN10)
+    return true;
  if (sandbox::HandleCloserAgent::NeedsHandlesClosed()) {
    sandbox::HandleCloserAgent handle_closer;