Removing unnecessary process ACL'ing for the remoting_desktop process

remoting/host/win/wts_session_process_delegate.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This file implements the Windows service controlling Me2Me host processes
 // running within user sessions.
 
 #include "remoting/host/win/wts_session_process_delegate.h"
 
 #include <utility>
@@ skipping 38 matching lines @@
 // |WtsSessionProcessDelegate|. This class is ref-counted and implements
 // asynchronous fire-and-forget shutdown.
 class WtsSessionProcessDelegate::Core
     : public base::RefCountedThreadSafe<Core>,
       public base::MessagePumpForIO::IOHandler,
       public IPC::Listener {
  public:
   Core(scoped_refptr<base::SingleThreadTaskRunner> io_task_runner,
        std::unique_ptr<base::CommandLine> target,
        bool launch_elevated,
-       const std::string& channel_security,
-       const std::string& new_process_security);
+       const std::string& channel_security);
 
   // Initializes the object returning true on success.
   bool Initialize(uint32_t session_id);
 
   // Stops the object asynchronously.
   void Stop();
 
   // Mirrors WorkerProcessLauncher::Delegate.
   void LaunchProcess(WorkerProcessLauncher* event_handler);
   void Send(IPC::Message* message);
@@ skipping 47 matching lines @@
   // The task runner serving job object notifications.
   scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_;
 
   // The server end of the IPC channel used to communicate to the worker
   // process.
   std::unique_ptr<IPC::ChannelProxy> channel_;
 
   // Security descriptor (as SDDL) to be applied to |channel_|.
   std::string channel_security_;
 
-  // Security descriptor (as SDDL) to be applied to the newly created process.
-  std::string new_process_security_;
-
   WorkerProcessLauncher* event_handler_;
 
   // The job object used to control the lifetime of child processes.
   base::win::ScopedHandle job_;
 
   // True if the worker process should be launched elevated.
   bool launch_elevated_;
 
   // True if a laucnh attemp is pending.
   bool launch_pending_;
@@ skipping 20 matching lines @@
   // The mojo child token for the process being launched.
   std::string mojo_child_token_;
 
   DISALLOW_COPY_AND_ASSIGN(Core);
 };
 
 WtsSessionProcessDelegate::Core::Core(
     scoped_refptr<base::SingleThreadTaskRunner> io_task_runner,
     std::unique_ptr<base::CommandLine> target_command,
     bool launch_elevated,
-    const std::string& channel_security,
-    const std::string& new_process_security)
+    const std::string& channel_security)
     : caller_task_runner_(base::ThreadTaskRunnerHandle::Get()),
       io_task_runner_(io_task_runner),
       channel_security_(channel_security),
-      new_process_security_(new_process_security),
       event_handler_(nullptr),
       launch_elevated_(launch_elevated),
       launch_pending_(false),
       target_command_(std::move(target_command)) {}
 
 bool WtsSessionProcessDelegate::Core::Initialize(uint32_t session_id) {
   DCHECK(caller_task_runner_->BelongsToCurrentThread());
 
   if (launch_elevated_) {
     // GetNamedPipeClientProcessId() is available starting from Vista.
@@ skipping 228 matching lines @@
     elevated_mojo_channel =
         base::MakeUnique<mojo::edk::NamedPlatformChannelPair>(options);
     elevated_mojo_channel->PrepareToPassClientHandleToChildProcess(
         &command_line);
   } else {
     normal_mojo_channel = base::MakeUnique<mojo::edk::PlatformChannelPair>();
     normal_mojo_channel->PrepareToPassClientHandleToChildProcess(
         &command_line, &handles_to_inherit);
   }
 
-  ScopedSd security_descriptor;
-  std::unique_ptr<SECURITY_ATTRIBUTES> security_attributes;
-  if (!new_process_security_.empty()) {
-    security_descriptor = ConvertSddlToSd(new_process_security_);
-    if (!security_descriptor) {
-      PLOG(ERROR) << "ConvertSddlToSd() failed.";
-      ReportFatalError();
-      return;
-    }
-
-    security_attributes.reset(new SECURITY_ATTRIBUTES());
-    security_attributes->nLength = sizeof(SECURITY_ATTRIBUTES);
-    security_attributes->lpSecurityDescriptor = security_descriptor.get();
-    security_attributes->bInheritHandle = FALSE;
-  }
-
   // Try to launch the process.
   ScopedHandle worker_process;
   ScopedHandle worker_thread;
   if (!LaunchProcessWithToken(
           command_line.GetProgram(), command_line.GetCommandLineString(),
-          session_token_.Get(), security_attributes.get(),
+          session_token_.Get(), /*security_attributes=*/nullptr,
           /* thread_attributes= */ nullptr, handles_to_inherit,
           /* creation_flags= */ CREATE_SUSPENDED | CREATE_BREAKAWAY_FROM_JOB,
           base::UTF8ToUTF16(kDefaultDesktopName).c_str(), &worker_process,
           &worker_thread)) {
     ReportFatalError();
     return;
   }
 
   if (launch_elevated_) {
     if (!AssignProcessToJobObject(job_.Get(), worker_process.Get())) {
@@ skipping 142 matching lines @@
   }
   ScopedHandle limited_handle(temp_handle);
 
   event_handler_->OnProcessLaunched(std::move(limited_handle));
 }
 
 WtsSessionProcessDelegate::WtsSessionProcessDelegate(
     scoped_refptr<base::SingleThreadTaskRunner> io_task_runner,
     std::unique_ptr<base::CommandLine> target_command,
     bool launch_elevated,
-    const std::string& channel_security,
-    const std::string& new_process_security_descriptor) {
+    const std::string& channel_security) {
   core_ = new Core(io_task_runner, std::move(target_command), launch_elevated,
-                   channel_security, new_process_security_descriptor);
+                   channel_security);
 }
 
 WtsSessionProcessDelegate::~WtsSessionProcessDelegate() {
   core_->Stop();
 }
 
 bool WtsSessionProcessDelegate::Initialize(uint32_t session_id) {
   return core_->Initialize(session_id);
 }
 
 void WtsSessionProcessDelegate::LaunchProcess(
     WorkerProcessLauncher* event_handler) {
   core_->LaunchProcess(event_handler);
 }
 
 void WtsSessionProcessDelegate::Send(IPC::Message* message) {
   core_->Send(message);
 }
 
 void WtsSessionProcessDelegate::CloseChannel() {
   core_->CloseChannel();
 }
 
 void WtsSessionProcessDelegate::KillProcess() {
   core_->KillProcess();
 }
 
 }  // namespace remoting