Make LaunchProcess able to inherit only specified handles on Vista+.

R=brettw@chromium.org, cpu@chromium.org

Review URL: https://codereview.chromium.org/109763005

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@240372 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 15 insertions, 5 deletions

diff --git a/base/process/launch.h b/base/process/launch.h
index a924812..336bfba 100644
--- a/base/process/launch.h
+++ b/base/process/launch.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -29,6 +29,10 @@ class CommandLine;
 
 namespace base {
 
+#if defined(OS_WIN)
+typedef std::vector<HANDLE> HandlesToInheritVector;
+#endif
+// TODO(viettrungluu): Only define this on POSIX?
 typedef std::vector<std::pair<int, int> > FileHandleMappingVector;
 
 // Options for launching a subprocess that are passed to LaunchProcess().
@@ -43,13 +47,19 @@ struct BASE_EXPORT LaunchOptions {
 #if defined(OS_WIN)
   bool start_hidden;
 
+  // If non-null, inherit exactly the list of handles in this vector (these
+  // handles must be inheritable). This is only supported on Vista and higher.
+  HandlesToInheritVector* handles_to_inherit;
+
   // If true, the new process inherits handles from the parent. In production
   // code this flag should be used only when running short-lived, trusted
   // binaries, because open handles from other libraries and subsystems will
   // leak to the child process, causing errors such as open socket hangs.
+  // Note: If |handles_to_inherit| is non-null, this flag is ignored and only
+  // those handles will be inherited (on Vista and higher).
   bool inherit_handles;
 
-  // If non-NULL, runs as if the user represented by the token had launched it.
+  // If non-null, runs as if the user represented by the token had launched it.
   // Whether the application is visible on the interactive desktop depends on
   // the token belonging to an interactive logon session.
   //
@@ -61,7 +71,7 @@ struct BASE_EXPORT LaunchOptions {
   // If true, use an empty string for the desktop name.
   bool empty_desktop_name;
 
-  // If non-NULL, launches the application in that job object. The process will
+  // If non-null, launches the application in that job object. The process will
   // be terminated immediately and LaunchProcess() will fail if assignment to
   // the job object fails.
   HANDLE job_handle;
@@ -83,7 +93,7 @@ struct BASE_EXPORT LaunchOptions {
   // the same environment. See AlterEnvironment().
   EnvironmentMap environ;
 
-  // If non-NULL, remap file descriptors according to the mapping of
+  // If non-null, remap file descriptors according to the mapping of
   // src fd->dest fd to propagate FDs into the child process.
   // This pointer is owned by the caller and must live through the
   // call to LaunchProcess().
@@ -118,7 +128,7 @@ struct BASE_EXPORT LaunchOptions {
 //
 // Returns true upon success.
 //
-// Upon success, if |process_handle| is non-NULL, it will be filled in with the
+// Upon success, if |process_handle| is non-null, it will be filled in with the
 // handle of the launched process.  NOTE: In this case, the caller is
 // responsible for closing the handle so that it doesn't leak!
 // Otherwise, the process handle will be implicitly closed.