Improve process launch handle sharing API.

services/service_manager/runner/host/service_process_launcher.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "services/service_manager/runner/host/service_process_launcher.h"
 
 #include <utility>
 
 #include "base/base_paths.h"
 #include "base/bind.h"
@@ skipping 112 matching lines @@
 
 void ServiceProcessLauncher::DoLaunch(
     std::unique_ptr<base::CommandLine> child_command_line) {
   if (delegate_) {
     delegate_->AdjustCommandLineArgumentsForTarget(target_,
                                                    child_command_line.get());
   }
 
   base::LaunchOptions options;
 #if defined(OS_WIN)
-  options.handles_to_inherit = &handle_passing_info_;
-#if defined(OFFICIAL_BUILD)
-  CHECK(false) << "Launching mojo process with inherit_handles is insecure!";
-#endif
-  options.inherit_handles = true;
+  options.handles_to_inherit = handle_passing_info_;
   options.stdin_handle = INVALID_HANDLE_VALUE;
   options.stdout_handle = GetStdHandle(STD_OUTPUT_HANDLE);
   options.stderr_handle = GetStdHandle(STD_ERROR_HANDLE);
   // Always inherit stdout/stderr as a pair.
   if (!options.stdout_handle || !options.stdin_handle)
     options.stdin_handle = options.stdout_handle = nullptr;
 
   // Pseudo handles are used when stdout and stderr redirect to the console. In
   // that case, they're automatically inherited by child processes. See
   // https://msdn.microsoft.com/en-us/library/windows/desktop/ms682075.aspx
   // Trying to add them to the list of handles to inherit causes CreateProcess
   // to fail. When this process is launched from Python then a real handle is
   // used. In that case, we do want to add it to the list of handles that is
   // inherited.
   if (options.stdout_handle &&
       GetFileType(options.stdout_handle) != FILE_TYPE_CHAR) {
-    handle_passing_info_.push_back(options.stdout_handle);
+    options.handles_to_inherit.push_back(options.stdout_handle);
   }
   if (options.stderr_handle &&
       GetFileType(options.stderr_handle) != FILE_TYPE_CHAR &&
       options.stdout_handle != options.stderr_handle) {
-    handle_passing_info_.push_back(options.stderr_handle);
+    options.handles_to_inherit.push_back(options.stderr_handle);
   }
 #elif defined(OS_POSIX)
   handle_passing_info_.push_back(std::make_pair(STDIN_FILENO, STDIN_FILENO));
   handle_passing_info_.push_back(std::make_pair(STDOUT_FILENO, STDOUT_FILENO));
   handle_passing_info_.push_back(std::make_pair(STDERR_FILENO, STDERR_FILENO));
-  options.fds_to_remap = &handle_passing_info_;
+  options.fds_to_remap = handle_passing_info_;
 #endif
   DVLOG(2) << "Launching child with command line: "
            << child_command_line->GetCommandLineString();
 #if defined(OS_LINUX)
   if (start_sandboxed_) {
     child_process_ =
         sandbox::NamespaceSandbox::LaunchProcess(*child_command_line, options);
     if (!child_process_.IsValid()) {
       LOG(ERROR) << "Starting the process with a sandbox failed. Missing kernel"
                  << " support.";
@@ skipping 29 matching lines @@
       broker_client_invitation_.Send(
           child_process_.Handle(),
           mojo::edk::ConnectionParams(mojo::edk::TransportProtocol::kLegacy,
                                       mojo_ipc_channel_->PassServerHandle()));
     }
   }
   start_child_process_event_.Signal();
 }
 
 }  // namespace service_manager