Move STARTUPINFO manipulation into SpawnTarget

sandbox/win/src/broker_services.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/win/src/broker_services.h"
 
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/threading/platform_thread.h"
 #include "base/win/scoped_handle.h"
 #include "base/win/scoped_process_information.h"
+#include "base/win/startup_information.h"
 #include "sandbox/win/src/sandbox_policy_base.h"
 #include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/target_process.h"
 #include "sandbox/win/src/win2k_threadpool.h"
 #include "sandbox/win/src/win_utils.h"
 
 namespace {
 
 // Utility function to associate a completion port to a job object.
 bool AssociateCompletionPort(HANDLE job, HANDLE port, void* key) {
@@ skipping 283 matching lines @@
 
   HANDLE job_temp;
   win_result = policy_base->MakeJobObject(&job_temp);
   base::win::ScopedHandle job(job_temp);
   if (ERROR_SUCCESS != win_result)
     return SBOX_ERROR_GENERIC;
 
   if (ERROR_ALREADY_EXISTS == ::GetLastError())
     return SBOX_ERROR_GENERIC;
 
+  // Initialize the startup information from the policy.
+  base::win::StartupInformation startup_info;
+  string16 desktop = policy_base->GetAlternateDesktop();
+  if (!desktop.empty()) {
+    startup_info.startup_info()->lpDesktop =

[rvargas (doing something else), 2012/08/27 17:56:22]

This is not really related with this CL, but I think we should not use this
pattern (provide a general purpose writable accessor for an object).

We should have a dedicated setter.

[jschuh, 2012/08/27 19:10:19]

You're right; I was lazy the first time around. I'll write the accessors in a
follow-up and then remove the non-const startup_info accessor.

+        const_cast<wchar_t*>(desktop.c_str());
+  }
+
   // Construct the thread pool here in case it is expensive.
   // The thread pool is shared by all the targets
   if (NULL == thread_pool_)
     thread_pool_ = new Win2kThreadPool();
 
   // Create the TargetProces object and spawn the target suspended. Note that
   // Brokerservices does not own the target object. It is owned by the Policy.
   base::win::ScopedProcessInformation process_info;
   TargetProcess* target = new TargetProcess(initial_token.Take(),
                                             lockdown_token.Take(),
                                             job,
                                             thread_pool_);
 
-  std::wstring desktop = policy_base->GetAlternateDesktop();
-
   win_result = target->Create(exe_path, command_line,
-                              desktop.empty() ? NULL : desktop.c_str(),
-                              &process_info);
+                              &startup_info, &process_info);
   if (ERROR_SUCCESS != win_result)
     return SpawnCleanup(target, win_result);
 
   // Now the policy is the owner of the target.
   if (!policy_base->AddTarget(target)) {
     return SpawnCleanup(target, 0);
   }
 
   // We are going to keep a pointer to the policy because we'll call it when
   // the job object generates notifications using the completion port.
@@ skipping 53 matching lines @@
     peer_map_.erase(peer->id);
     return SBOX_ERROR_GENERIC;
   }
 
   // Release the pointer since it will be cleaned up by the callback.
   peer.release();
   return SBOX_ALL_OK;
 }
 
 }  // namespace sandbox