Windows: Allow subprocesses to inherit non-console stdout/stderr

Before this change, the renderer and other subprocesses never inherit
stdout and stderr when they are pipe handles.  Stdout/stderr will be
pipe handles when chrome.exe/browser_tests.exe is running under
Buildbot or under Cygwin's default terminal, mintty.

We fix this by specifying PROC_THREAD_ATTRIBUTE_HANDLE_LIST in the
arguments to CreateProcess().

The fix only applies on Windows >=Vista.

Although it's probably safe for stdout/stderr to be inherited when it
is a pipe handle or file handle, we put this behind the flag
"--enable-logging".  (This flag already makes stderr work when
chrome.exe/browser_tests.exe is running under a Windows console -- a
case which is not handled by the code path we're adding here because a
Windows console is not an inheritable kernel handle.)

Note that this relies on the fix committed in http://crrev.com/178656.

BUG=171836
TEST=manually add logging to renderer process and check that it appears
  when running chrome.exe or browser_tests.exe


Review URL: https://chromiumcodereview.appspot.com/12033045

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@180303 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 38 insertions, 0 deletions

diff --git a/sandbox/win/src/sandbox_policy_base.cc b/sandbox/win/src/sandbox_policy_base.cc
index 10ac642..aaff0a1 100644
--- a/sandbox/win/src/sandbox_policy_base.cc
+++ b/sandbox/win/src/sandbox_policy_base.cc
@@ -33,6 +33,7 @@
 #include "sandbox/win/src/window.h"
 
 namespace {
+
 // The standard windows size for one memory page.
 const size_t kOneMemPage = 4096;
 // The IPC and Policy shared memory sizes.
@@ -49,6 +50,19 @@ sandbox::PolicyGlobal* MakeBrokerPolicyMemory() {
   policy->data_size = kTotalPolicySz - sizeof(sandbox::PolicyGlobal);
   return policy;
 }
+
+bool IsInheritableHandle(HANDLE handle) {
+  if (!handle)
+    return false;
+  if (handle == INVALID_HANDLE_VALUE)
+    return false;
+  // File handles (FILE_TYPE_DISK) and pipe handles are known to be
+  // inheritable.  Console handles (FILE_TYPE_CHAR) are not
+  // inheritable via PROC_THREAD_ATTRIBUTE_HANDLE_LIST.
+  DWORD handle_type = GetFileType(handle);
+  return handle_type == FILE_TYPE_DISK || handle_type == FILE_TYPE_PIPE;
+}
+
 }
 
 namespace sandbox {
@@ -70,6 +84,8 @@ PolicyBase::PolicyBase()
       use_alternate_winstation_(false),
       file_system_init_(false),
       relaxed_interceptions_(true),
+      stdout_handle_(INVALID_HANDLE_VALUE),
+      stderr_handle_(INVALID_HANDLE_VALUE),
       integrity_level_(INTEGRITY_LEVEL_LAST),
       delayed_integrity_level_(INTEGRITY_LEVEL_LAST),
       mitigations_(0),
@@ -308,6 +324,20 @@ void PolicyBase::SetStrictInterceptions() {
   relaxed_interceptions_ = false;
 }
 
+ResultCode PolicyBase::SetStdoutHandle(HANDLE handle) {
+  if (!IsInheritableHandle(handle))
+    return SBOX_ERROR_BAD_PARAMS;
+  stdout_handle_ = handle;
+  return SBOX_ALL_OK;
+}
+
+ResultCode PolicyBase::SetStderrHandle(HANDLE handle) {
+  if (!IsInheritableHandle(handle))
+    return SBOX_ERROR_BAD_PARAMS;
+  stderr_handle_ = handle;
+  return SBOX_ALL_OK;
+}
+
 ResultCode PolicyBase::AddRule(SubSystem subsystem, Semantics semantics,
                                const wchar_t* pattern) {
   if (NULL == policy_) {
@@ -567,6 +597,14 @@ EvalResult PolicyBase::EvalPolicy(int service,
   return DENY_ACCESS;
 }
 
+HANDLE PolicyBase::GetStdoutHandle() {
+  return stdout_handle_;
+}
+
+HANDLE PolicyBase::GetStderrHandle() {
+  return stderr_handle_;
+}
+
 // We service IPC_PING_TAG message which is a way to test a round trip of the
 // IPC subsystem. We receive a integer cookie and we are expected to return the
 // cookie times two (or three) and the current tick count.