Further restrict access on the alternate winstation and desktop

sandbox/win/src/window.cc

Index: sandbox/win/src/window.cc
diff --git a/sandbox/win/src/window.cc b/sandbox/win/src/window.cc
index ed5a6626338203014cc21a00f4da860c68cdf738..cfbf280d9cf2d563f7840765668f99a1a6ad0264 100644
--- a/sandbox/win/src/window.cc
+++ b/sandbox/win/src/window.cc
@@ -44,8 +44,8 @@ ResultCode CreateAltWindowStation(HWINSTA* winsta) {
 
   // Create the window station using NULL for the name to ask the os to
   // generate it.
-  // TODO(nsylvain): don't ask for WINSTA_ALL_ACCESS if we don't need to.
-  *winsta = ::CreateWindowStationW(NULL, 0, WINSTA_ALL_ACCESS, &attributes);
+  *winsta = ::CreateWindowStationW(
+      NULL, 0, GENERIC_READ | WINSTA_CREATEDESKTOP, &attributes);
   LocalFree(attributes.lpSecurityDescriptor);
 
   if (*winsta)
@@ -84,8 +84,12 @@ ResultCode CreateAltDesktop(HWINSTA winsta, HDESK* desktop) {
   }
 
   // Create the destkop.
-  // TODO(nsylvain): don't ask for GENERIC_ALL if we don't need to.
-  *desktop = ::CreateDesktop(desktop_name.c_str(), NULL, NULL, 0, GENERIC_ALL,
+  *desktop = ::CreateDesktop(desktop_name.c_str(),
+                             NULL,
+                             NULL,
+                             0,
+                             DESKTOP_CREATEWINDOW | DESKTOP_READOBJECTS |
+                                 READ_CONTROL | WRITE_DAC | WRITE_OWNER,
                              &attributes);
   ::LocalFree(attributes.lpSecurityDescriptor);