Ignore desktop creation errors in the sandbox.

content/common/sandbox_win.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/sandbox_win.h"
 
 #include <stddef.h>
 
 #include <string>
 
@@ skipping 353 matching lines @@
                              sancov_path.value().c_str());
     if (result != sandbox::SBOX_ALL_OK)
       return result;
   }
 #endif
 
   AddGenericDllEvictionPolicy(policy);
   return sandbox::SBOX_ALL_OK;
 }
 
+void LogLaunchWarning(sandbox::ResultCode last_warning, DWORD last_error) {
+  UMA_HISTOGRAM_SPARSE_SLOWLY("Process.Sandbox.Launch.WarningResultCode",
+                              last_warning);
+  UMA_HISTOGRAM_SPARSE_SLOWLY("Process.Sandbox.Launch.Warning", last_error);
+}
+
 sandbox::ResultCode AddPolicyForSandboxedProcess(
     sandbox::TargetPolicy* policy) {
   sandbox::ResultCode result = sandbox::SBOX_ALL_OK;
 
   // Win8+ adds a device DeviceApi that we don't need.
   if (base::win::GetVersion() > base::win::VERSION_WIN7)
     result = policy->AddKernelObjectToClose(L"File", L"\\Device\\DeviceApi");
   if (result != sandbox::SBOX_ALL_OK)
     return result;
 
@@ skipping 19 matching lines @@
   result = policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_UNTRUSTED);
   if (result != sandbox::SBOX_ALL_OK)
     return result;
   result = policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
   if (result != sandbox::SBOX_ALL_OK)
     return result;
   policy->SetLockdownDefaultDacl();
 
   result = policy->SetAlternateDesktop(true);
   if (result != sandbox::SBOX_ALL_OK) {
+    // We ignore the result of setting the alternate desktop, however log
+    // a launch warning.
+    LogLaunchWarning(result, ::GetLastError());
     DLOG(WARNING) << "Failed to apply desktop security to the renderer";
-    return result;
+    result = sandbox::SBOX_ALL_OK;
   }
 
   return result;
 }
 
 // Updates the command line arguments with debug-related flags. If debug flags
 // have been used with this process, they will be filtered and added to
 // command_line as needed.
 void ProcessDebugFlags(base::CommandLine* command_line) {
   const base::CommandLine& current_cmd_line =
@@ skipping 387 matching lines @@
     UMA_HISTOGRAM_SPARSE_SLOWLY("Process.Sandbox.Launch.Error", last_error);
     if (result == sandbox::SBOX_ERROR_GENERIC)
       DPLOG(ERROR) << "Failed to launch process";
     else
       DLOG(ERROR) << "Failed to launch process. Error: " << result;
 
     return result;
   }
 
   if (sandbox::SBOX_ALL_OK != last_warning) {
-    UMA_HISTOGRAM_SPARSE_SLOWLY("Process.Sandbox.Launch.WarningResultCode",
-                                last_warning);
-    UMA_HISTOGRAM_SPARSE_SLOWLY("Process.Sandbox.Launch.Warning", last_error);
+    LogLaunchWarning(last_warning, last_error);
   }
 
   delegate->PostSpawnTarget(target.process_handle());
 
   CHECK(ResumeThread(target.thread_handle()) != static_cast<DWORD>(-1));
   *process = base::Process(target.TakeProcessHandle());
   return sandbox::SBOX_ALL_OK;
 }
 
 }  // namespace content