Add new exit code for when browser process is incorrectly running sandboxed.

This should never happen, except if the command line of child processes is incorrectly truncated by 3rd party software.

BUG=453541,385714

Review URL: https://codereview.chromium.org/1073393002

Cr-Commit-Position: refs/heads/master@{#324769}

1 files changed, 19 insertions, 0 deletions

diff --git a/chrome/app/chrome_main_delegate.cc b/chrome/app/chrome_main_delegate.cc
index c9578a9..8b2c6dc 100644
--- a/chrome/app/chrome_main_delegate.cc
+++ b/chrome/app/chrome_main_delegate.cc
@@ -23,6 +23,7 @@
 #include "chrome/common/chrome_content_client.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_paths_internal.h"
+#include "chrome/common/chrome_result_codes.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/chrome_version_info.h"
 #include "chrome/common/crash_keys.h"
@@ -171,6 +172,14 @@ void SuppressWindowsErrorDialogs() {
   SetErrorMode(existing_flags | new_flags);
 }
 
+bool IsSandboxedProcess() {
+  typedef bool (*IsSandboxedProcessFunc)();
+  IsSandboxedProcessFunc is_sandboxed_process_func =
+      reinterpret_cast<IsSandboxedProcessFunc>(
+          GetProcAddress(GetModuleHandle(NULL), "IsSandboxedProcess"));
+  return is_sandboxed_process_func && is_sandboxed_process_func();
+}
+
 #endif  // defined(OS_WIN)
 
 #if defined(OS_LINUX)
@@ -406,6 +415,16 @@ bool ChromeMainDelegate::BasicStartupComplete(int* exit_code) {
   const base::CommandLine& command_line =
       *base::CommandLine::ForCurrentProcess();
 
+
+#if defined(OS_WIN)
+  // Browser should not be sandboxed.
+  const bool is_browser = !command_line.HasSwitch(switches::kProcessType);
+  if (is_browser && IsSandboxedProcess()) {
+    *exit_code = chrome::RESULT_CODE_INVALID_SANDBOX_STATE;
+    return true;
+  }
+#endif
+
 #if defined(OS_MACOSX)
   // Give the browser process a longer treadmill, since crashes
   // there have more impact.