From 764aeb996f6f82ed5958dc4cb5e295b11208462d Mon Sep 17 00:00:00 2001 From: wfh Date: Tue, 30 Jun 2015 11:41:33 -0700 Subject: [PATCH] Add child processes created outside Job object as peer processes. This tracks non-job object processes (e.g. those created under --allow-no-sandbox-job on Citrix and RDP RemoteApp) so policy decisions can be made correctly by the broker. BUG=480716,505813 TEST=sbox_integration_tests --gtest_filter=HandlePolicyTest.DuplicateHandle running an a RemoteApp on Win2k8r2 TEST=make sure printing and flash both work from Win2k8r2 as RemoteApp or Citrix XenApp 6.5 running Chrome as published application. Review URL: https://codereview.chromium.org/1214933005 Cr-Commit-Position: refs/heads/master@{#336825} --- sandbox/win/src/broker_services.cc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sandbox/win/src/broker_services.cc b/sandbox/win/src/broker_services.cc index 57aa51a52d72..3057cc62d3ae 100644 --- a/sandbox/win/src/broker_services.cc +++ b/sandbox/win/src/broker_services.cc @@ -538,6 +538,9 @@ ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path, // We can not track the life time of such processes and it is responsibility // of the host application to make sure that spawned targets without jobs // are terminated when the main application don't need them anymore. + // Sandbox policy engine needs to know that these processes are valid + // targets for e.g. BrokerDuplicateHandle so track them as peer processes. + AddTargetPeer(process_info.process_handle()); } *target_info = process_info.Take(); -- 2.11.4.GIT