Use extended process attributes to associate job at startup.

On Windows 10 we can ask Windows to associate a process with a job at startup. This reduces the time during which the process handle can be used to launch more processes. Prior to Windows 10 we retain the existing call to AssignProcessToJobObject. Existing tests should cover this change. I have manually verified that processes are associated with Jobs using SysInternals ProcExp. Bug: 1050359 Change-Id: I339e42be7f30cf0e59554e89f4855dcd3af4d499 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2308916Reviewed-by: Will Harris <wfh@chromium.org> Commit-Queue: Alex Gough <ajgo@chromium.org> Cr-Commit-Position: refs/heads/master@{#791320}

Use extended process attributes to associate job at startup.
On Windows 10 we can ask Windows to associate a process with a job at startup. This reduces the time during which the process handle can be used to launch more processes. Prior to Windows 10 we retain the existing call to AssignProcessToJobObject. Existing tests should cover this change. I have manually verified that processes are associated with Jobs using SysInternals ProcExp. Bug: 1050359 Change-Id: I339e42be7f30cf0e59554e89f4855dcd3af4d499 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2308916Reviewed-by: Will Harris <wfh@chromium.org> Commit-Queue: Alex Gough <ajgo@chromium.org> Cr-Commit-Position: refs/heads/master@{#791320}
6e36ad2a · Alex Gough · Commit Bot · be77d98e · 6e36ad2a · 6e36ad2a
Commit 6e36ad2a authored Jul 25, 2020 by Alex Gough Committed by Commit Bot Jul 25, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 2 deletions

sandbox/win/src/broker_services.cc sandbox/win/src/broker_services.cc +16 -0

sandbox/win/src/target_process.cc sandbox/win/src/target_process.cc +3 -2

No files found.
--- a/sandbox/win/src/broker_services.cc
+++ b/sandbox/win/src/broker_services.cc
@@ -507,6 +507,14 @@ ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path,
    }
  }

+  // On Win10, associate the process with these jobs at startup.
+  // Job handles must remain valid until TargetProcess::Create() completes.
+  std::vector<HANDLE> job_handle_list;
+  if (base::win::GetVersion() >= base::win::Version::WIN10 && job.IsValid()) {
+    job_handle_list.push_back(job.Get());
+    ++attribute_count;
+  }
+
  if (!startup_info.InitializeProcThreadAttributeList(attribute_count))
    return SBOX_ERROR_PROC_THREAD_ATTRIBUTES;

@@ -541,6 +549,14 @@ ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path,
    inherit_handles = true;
  }

+  if (!job_handle_list.empty()) {
+    if (!startup_info.UpdateProcThreadAttribute(
+            PROC_THREAD_ATTRIBUTE_JOB_LIST, &job_handle_list[0],
+            sizeof(HANDLE) * job_handle_list.size())) {
+      return SBOX_ERROR_PROC_THREAD_ATTRIBUTES;
+    }
+  }
+
  // Declared here to ensure they stay in scope until after process creation.
  std::unique_ptr<SecurityCapabilities> security_capabilities;
  DWORD all_applications_package_policy =

--- a/sandbox/win/src/target_process.cc
+++ b/sandbox/win/src/target_process.cc
@@ -175,8 +175,9 @@ ResultCode TargetProcess::Create(
  }
  base::win::ScopedProcessInformation process_info(temp_process_info);

-  if (job_) {
-    // Assign the suspended target to the windows job object.
+  if (job_ && base::win::GetVersion() < base::win::Version::WIN10) {
+    // Assign the suspended target to the windows job object. On Win 10
+    // this happens through PROC_THREAD_ATTRIBUTE_JOB_LIST.
    if (!::AssignProcessToJobObject(job_, process_info.process_handle())) {
      *win_error = ::GetLastError();
      ::TerminateProcess(process_info.process_handle(), 0);