Use ScopedProcessInformation and other RAII types in sandbox.

sandbox/src/sandbox.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // Sandbox is a sandbox library for windows processes. Use when you want a
 // 'privileged' process and a 'locked down process' to interact with.
 // The privileged process is called the broker and it is started by external
 // means (such as the user starting it). The 'sandboxed' process is called the
 // target and it is started by the broker. There can be many target processes
 // started by a single broker process. This library provides facilities
 // for both the broker and the target.
 //
 // The design rationale and relevant documents can be found at http://go/sbox.
 //
 // Note: this header does not include the SandboxFactory definitions because
 // there are cases where the Sandbox library is linked against the main .exe
 // while its API needs to be used in a DLL.
 
 #ifndef SANDBOX_SRC_SANDBOX_H__
 #define SANDBOX_SRC_SANDBOX_H__
 
 #include <windows.h>
 
 #include "base/basictypes.h"
 #include "sandbox/src/sandbox_policy.h"
 #include "sandbox/src/sandbox_types.h"
 
+namespace base {
+namespace win {
+
+class ScopedProcessInformation;
+
+}  // namespace win
+}  // namespace namespace
+
 // sandbox: Google User-Land Application Sandbox
 namespace sandbox {
 
 class BrokerServices;
 class ProcessState;
 class TargetPolicy;
 class TargetServices;
 
 // BrokerServices exposes all the broker API.
 // The basic use is to start the target(s) and wait for them to end.
@@ skipping 24 matching lines @@
   // Creates a new target (child process) in a suspended state.
   // Parameters:
   //   exe_path: This is the full path to the target binary. This parameter
   //   can be null and in this case the exe path must be the first argument
   //   of the command_line.
   //   command_line: The arguments to be passed as command line to the new
   //   process. This can be null if the exe_path parameter is not null.
   //   policy: This is the pointer to the policy object for the sandbox to
   //   be created.
   //   target: returns the resulting target process information such as process
-  //   handle and PID just as if CreateProcess() had been called. The caller is
-  //   responsible for closing the handles returned in this structure.
+  //   handle and PID just as if CreateProcess() had been called.
   // Returns:
   //   ALL_OK if successful. All other return values imply failure.
-  virtual ResultCode SpawnTarget(const wchar_t* exe_path,
-                                 const wchar_t* command_line,
-                                 TargetPolicy* policy,
-                                 PROCESS_INFORMATION* target) = 0;
+  virtual ResultCode SpawnTarget(
+      const wchar_t* exe_path,
+      const wchar_t* command_line,
+      TargetPolicy* policy,
+      base::win::ScopedProcessInformation* target) = 0;

[cpu_(ooo_6.6-7.5), 2012/04/02 21:11:50]

I rather keep this interface, in fact this whole file free of base:: objects.
There are several reasons, including 3rd party users of this code.

But it is fine in other headers, I mean in inner classes. The classes here (plus
TargetPolicy) are the only external surface.

 
   // This call blocks (waits) for all the targets to terminate.
   // Returns:
   //   ALL_OK if successful. All other return values imply failure.
   //   If the return is ERROR_GENERIC, you can call ::GetLastError() to get
   //   more information.
   virtual ResultCode WaitForAllTargets() = 0;
 };
 
 // TargetServices models the current process from the perspective
@@ skipping 35 matching lines @@
   // Returns the ProcessState object. Through that object it's possible to have
   // information about the current state of the process, such as whether
   // LowerToken has been called or not.
   virtual ProcessState* GetState() = 0;
 };
 
 }  // namespace sandbox
 
 
 #endif  // SANDBOX_SRC_SANDBOX_H__