summaryrefslogtreecommitdiffstats
path: root/browser/app/winlauncher/LauncherProcessWin.cpp
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /browser/app/winlauncher/LauncherProcessWin.cpp
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'browser/app/winlauncher/LauncherProcessWin.cpp')
-rw-r--r--browser/app/winlauncher/LauncherProcessWin.cpp536
1 files changed, 536 insertions, 0 deletions
diff --git a/browser/app/winlauncher/LauncherProcessWin.cpp b/browser/app/winlauncher/LauncherProcessWin.cpp
new file mode 100644
index 0000000000..082ada9ea7
--- /dev/null
+++ b/browser/app/winlauncher/LauncherProcessWin.cpp
@@ -0,0 +1,536 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
+
+#include "LauncherProcessWin.h"
+
+#include <string.h>
+
+#include "mozilla/Attributes.h"
+#include "mozilla/CmdLineAndEnvUtils.h"
+#include "mozilla/DebugOnly.h"
+#include "mozilla/DynamicallyLinkedFunctionPtr.h"
+#include "mozilla/glue/Debug.h"
+#include "mozilla/GeckoArgs.h"
+#include "mozilla/Maybe.h"
+#include "mozilla/SafeMode.h"
+#include "mozilla/UniquePtr.h"
+#include "mozilla/WindowsConsole.h"
+#include "mozilla/WindowsVersion.h"
+#include "mozilla/WinHeaderOnlyUtils.h"
+#include "nsWindowsHelpers.h"
+
+#include <windows.h>
+#include <processthreadsapi.h>
+
+#include "DllBlocklistInit.h"
+#include "ErrorHandler.h"
+#include "LaunchUnelevated.h"
+#include "ProcThreadAttributes.h"
+#include "../BrowserDefines.h"
+
+#if defined(MOZ_LAUNCHER_PROCESS)
+# include "mozilla/LauncherRegistryInfo.h"
+# include "SameBinary.h"
+#endif // defined(MOZ_LAUNCHER_PROCESS)
+
+#if defined(MOZ_SANDBOX)
+# include "mozilla/sandboxing/SandboxInitialization.h"
+#endif
+
+namespace mozilla {
+// "const" because nothing in this process modifies it.
+// "volatile" because something in another process may.
+const volatile DeelevationStatus gDeelevationStatus =
+ DeelevationStatus::DefaultStaticValue;
+} // namespace mozilla
+
+/**
+ * At this point the child process has been created in a suspended state. Any
+ * additional startup work (eg, blocklist setup) should go here.
+ *
+ * @return Ok if browser startup should proceed
+ */
+static mozilla::LauncherVoidResult PostCreationSetup(
+ const wchar_t* aFullImagePath, HANDLE aChildProcess,
+ HANDLE aChildMainThread, mozilla::DeelevationStatus aDStatus,
+ const bool aIsSafeMode, const bool aDisableDynamicBlocklist,
+ mozilla::Maybe<std::wstring> aBlocklistFileName) {
+ /* scope for txManager */ {
+ mozilla::nt::CrossExecTransferManager txManager(aChildProcess);
+ if (!txManager) {
+ return LAUNCHER_ERROR_FROM_WIN32(ERROR_BAD_EXE_FORMAT);
+ }
+
+ using mozilla::gDeelevationStatus;
+
+ void* targetAddress = (LPVOID)&gDeelevationStatus;
+
+ auto const guard = txManager.Protect(
+ targetAddress, sizeof(gDeelevationStatus), PAGE_READWRITE);
+
+ mozilla::LauncherVoidResult result =
+ txManager.Transfer(targetAddress, &aDStatus, sizeof(aDStatus));
+ if (result.isErr()) {
+ return result;
+ }
+ }
+
+ return mozilla::InitializeDllBlocklistOOPFromLauncher(
+ aFullImagePath, aChildProcess, aDisableDynamicBlocklist,
+ aBlocklistFileName);
+}
+
+/**
+ * Create a new Job object and assign |aProcess| to it. If something fails
+ * in this function, we return nullptr but continue without recording
+ * a launcher failure because it's not a critical problem to launch
+ * the browser process.
+ */
+static nsReturnRef<HANDLE> CreateJobAndAssignProcess(HANDLE aProcess) {
+ nsAutoHandle empty;
+ nsAutoHandle job(::CreateJobObjectW(nullptr, nullptr));
+
+ // Set JOB_OBJECT_LIMIT_BREAKAWAY_OK to allow the browser process
+ // to put child processes into a job on Win7, which does not support
+ // nested jobs. See CanUseJob() in sandboxBroker.cpp.
+ JOBOBJECT_EXTENDED_LIMIT_INFORMATION jobInfo = {};
+ jobInfo.BasicLimitInformation.LimitFlags =
+ JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE | JOB_OBJECT_LIMIT_BREAKAWAY_OK;
+ if (!::SetInformationJobObject(job.get(), JobObjectExtendedLimitInformation,
+ &jobInfo, sizeof(jobInfo))) {
+ return empty.out();
+ }
+
+ if (!::AssignProcessToJobObject(job.get(), aProcess)) {
+ return empty.out();
+ }
+
+ return job.out();
+}
+
+#if !defined( \
+ PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_ALWAYS_ON)
+# define PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_ALWAYS_ON \
+ (0x00000001ULL << 60)
+#endif // !defined(PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_ALWAYS_ON)
+
+#if !defined(PROCESS_CREATION_MITIGATION_POLICY_CONTROL_FLOW_GUARD_ALWAYS_OFF)
+# define PROCESS_CREATION_MITIGATION_POLICY_CONTROL_FLOW_GUARD_ALWAYS_OFF \
+ (0x00000002ULL << 40)
+#endif // !defined(PROCESS_CREATION_MITIGATION_POLICY_CONTROL_FLOW_GUARD_ALWAYS_OFF)
+
+#if (_WIN32_WINNT < 0x0602)
+BOOL WINAPI
+SetProcessMitigationPolicy(PROCESS_MITIGATION_POLICY aMitigationPolicy,
+ PVOID aBuffer, SIZE_T aBufferLen);
+#endif // (_WIN32_WINNT >= 0x0602)
+
+/**
+ * Any mitigation policies that should be set on the browser process should go
+ * here.
+ */
+static void SetMitigationPolicies(mozilla::ProcThreadAttributes& aAttrs,
+ const bool aIsSafeMode) {
+ if (mozilla::IsWin10AnniversaryUpdateOrLater()) {
+ aAttrs.AddMitigationPolicy(
+ PROCESS_CREATION_MITIGATION_POLICY_IMAGE_LOAD_PREFER_SYSTEM32_ALWAYS_ON);
+ }
+
+#if defined(_M_ARM64)
+ // Disable CFG on older versions of ARM64 Windows to avoid a crash in COM.
+ if (!mozilla::IsWin10Sep2018UpdateOrLater()) {
+ aAttrs.AddMitigationPolicy(
+ PROCESS_CREATION_MITIGATION_POLICY_CONTROL_FLOW_GUARD_ALWAYS_OFF);
+ }
+#endif // defined(_M_ARM64)
+}
+
+static mozilla::LauncherFlags ProcessCmdLine(int& aArgc, wchar_t* aArgv[]) {
+ mozilla::LauncherFlags result = mozilla::LauncherFlags::eNone;
+
+ if (mozilla::CheckArg(aArgc, aArgv, "wait-for-browser", nullptr,
+ mozilla::CheckArgFlag::RemoveArg) ==
+ mozilla::ARG_FOUND ||
+ mozilla::CheckArg(aArgc, aArgv, "marionette", nullptr,
+ mozilla::CheckArgFlag::None) == mozilla::ARG_FOUND ||
+ mozilla::CheckArg(aArgc, aArgv, "backgroundtask", nullptr,
+ mozilla::CheckArgFlag::None) == mozilla::ARG_FOUND ||
+ mozilla::CheckArg(aArgc, aArgv, "headless", nullptr,
+ mozilla::CheckArgFlag::None) == mozilla::ARG_FOUND ||
+ mozilla::CheckArg(aArgc, aArgv, "remote-debugging-port", nullptr,
+ mozilla::CheckArgFlag::None) == mozilla::ARG_FOUND ||
+ mozilla::EnvHasValue("MOZ_AUTOMATION") ||
+ mozilla::EnvHasValue("MOZ_HEADLESS")) {
+ result |= mozilla::LauncherFlags::eWaitForBrowser;
+ }
+
+ if (mozilla::CheckArg(aArgc, aArgv, "no-deelevate") == mozilla::ARG_FOUND) {
+ result |= mozilla::LauncherFlags::eNoDeelevate;
+ }
+
+ if (mozilla::CheckArg(aArgc, aArgv, ATTEMPTING_DEELEVATION_FLAG) ==
+ mozilla::ARG_FOUND) {
+ result |= mozilla::LauncherFlags::eDeelevating;
+ }
+
+ return result;
+}
+
+static void MaybeBreakForBrowserDebugging() {
+ if (mozilla::EnvHasValue("MOZ_DEBUG_BROWSER_PROCESS")) {
+ ::DebugBreak();
+ return;
+ }
+
+ const wchar_t* pauseLenS = _wgetenv(L"MOZ_DEBUG_BROWSER_PAUSE");
+ if (!pauseLenS || !(*pauseLenS)) {
+ return;
+ }
+
+ DWORD pauseLenMs = wcstoul(pauseLenS, nullptr, 10) * 1000;
+ printf_stderr("\n\nBROWSERBROWSERBROWSERBROWSER\n debug me @ %lu\n\n",
+ ::GetCurrentProcessId());
+ ::Sleep(pauseLenMs);
+}
+
+static bool DoLauncherProcessChecks(int& argc, wchar_t** argv) {
+ // NB: We run all tests in this function instead of returning early in order
+ // to ensure that all side effects take place, such as clearing environment
+ // variables.
+ bool result = false;
+
+#if defined(MOZ_LAUNCHER_PROCESS)
+ // We still prefer to compare file ids. Comparing NT paths i.e. passing
+ // CompareNtPathsOnly to IsSameBinaryAsParentProcess is much faster, but
+ // we're not 100% sure that NT path comparison perfectly prevents the
+ // launching loop of the launcher process.
+ mozilla::LauncherResult<bool> isSame = mozilla::IsSameBinaryAsParentProcess();
+ if (isSame.isOk()) {
+ result = !isSame.unwrap();
+ } else {
+ HandleLauncherError(isSame.unwrapErr());
+ }
+#endif // defined(MOZ_LAUNCHER_PROCESS)
+
+ if (mozilla::EnvHasValue("MOZ_LAUNCHER_PROCESS")) {
+ mozilla::SaveToEnv("MOZ_LAUNCHER_PROCESS=");
+ result = true;
+ }
+
+ result |=
+ mozilla::CheckArg(argc, argv, "launcher", nullptr,
+ mozilla::CheckArgFlag::RemoveArg) == mozilla::ARG_FOUND;
+
+ return result;
+}
+
+#if defined(MOZ_LAUNCHER_PROCESS)
+static mozilla::Maybe<bool> RunAsLauncherProcess(
+ mozilla::LauncherRegistryInfo& aRegInfo, int& argc, wchar_t** argv) {
+#else
+static mozilla::Maybe<bool> RunAsLauncherProcess(int& argc, wchar_t** argv) {
+#endif // defined(MOZ_LAUNCHER_PROCESS)
+ bool runAsLauncher = DoLauncherProcessChecks(argc, argv);
+
+#if defined(MOZ_LAUNCHER_PROCESS)
+ bool forceLauncher =
+ runAsLauncher &&
+ mozilla::CheckArg(argc, argv, "force-launcher", nullptr,
+ mozilla::CheckArgFlag::RemoveArg) == mozilla::ARG_FOUND;
+
+ mozilla::LauncherRegistryInfo::ProcessType desiredType =
+ runAsLauncher ? mozilla::LauncherRegistryInfo::ProcessType::Launcher
+ : mozilla::LauncherRegistryInfo::ProcessType::Browser;
+
+ mozilla::LauncherRegistryInfo::CheckOption checkOption =
+ forceLauncher ? mozilla::LauncherRegistryInfo::CheckOption::Force
+ : mozilla::LauncherRegistryInfo::CheckOption::Default;
+
+ mozilla::LauncherResult<mozilla::LauncherRegistryInfo::ProcessType>
+ runAsType = aRegInfo.Check(desiredType, checkOption);
+
+ if (runAsType.isErr()) {
+ mozilla::HandleLauncherError(runAsType);
+ return mozilla::Nothing();
+ }
+
+ runAsLauncher = runAsType.unwrap() ==
+ mozilla::LauncherRegistryInfo::ProcessType::Launcher;
+#endif // defined(MOZ_LAUNCHER_PROCESS)
+
+ if (!runAsLauncher) {
+ // In this case, we will be proceeding to run as the browser.
+ // We should check MOZ_DEBUG_BROWSER_* env vars.
+ MaybeBreakForBrowserDebugging();
+ }
+
+ return mozilla::Some(runAsLauncher);
+}
+
+namespace mozilla {
+
+Maybe<int> LauncherMain(int& argc, wchar_t* argv[],
+ const StaticXREAppData& aAppData) {
+ EnsureBrowserCommandlineSafe(argc, argv);
+
+ SetLauncherErrorAppData(aAppData);
+
+ if (CheckArg(argc, argv, "log-launcher-error", nullptr,
+ mozilla::CheckArgFlag::RemoveArg) == ARG_FOUND) {
+ SetLauncherErrorForceEventLog();
+ }
+
+ // return fast when we're a child process.
+ // (The remainder of this function has some side effects that are
+ // undesirable for content processes)
+ if (mozilla::CheckArg(argc, argv, "contentproc", nullptr,
+ mozilla::CheckArgFlag::None) == mozilla::ARG_FOUND) {
+ // A child process should not instantiate LauncherRegistryInfo.
+ return Nothing();
+ }
+
+#if defined(MOZ_LAUNCHER_PROCESS)
+ LauncherRegistryInfo regInfo;
+ Maybe<bool> runAsLauncher = RunAsLauncherProcess(regInfo, argc, argv);
+ LauncherResult<std::wstring> blocklistFileNameResult =
+ regInfo.GetBlocklistFileName();
+ Maybe<std::wstring> blocklistFileName =
+ blocklistFileNameResult.isOk() ? Some(blocklistFileNameResult.unwrap())
+ : Nothing();
+#else
+ Maybe<bool> runAsLauncher = RunAsLauncherProcess(argc, argv);
+ Maybe<std::wstring> blocklistFileName = Nothing();
+#endif // defined(MOZ_LAUNCHER_PROCESS)
+ if (!runAsLauncher || !runAsLauncher.value()) {
+#if defined(MOZ_LAUNCHER_PROCESS)
+ // Update the registry as Browser
+ LauncherVoidResult commitResult = regInfo.Commit();
+ if (commitResult.isErr()) {
+ mozilla::HandleLauncherError(commitResult);
+ }
+#endif // defined(MOZ_LAUNCHER_PROCESS)
+ return Nothing();
+ }
+
+ // Make sure that the launcher process itself has image load policies set
+ if (IsWin10AnniversaryUpdateOrLater()) {
+ static const StaticDynamicallyLinkedFunctionPtr<
+ decltype(&SetProcessMitigationPolicy)>
+ pSetProcessMitigationPolicy(L"kernel32.dll",
+ "SetProcessMitigationPolicy");
+ if (pSetProcessMitigationPolicy) {
+ PROCESS_MITIGATION_IMAGE_LOAD_POLICY imgLoadPol = {};
+ imgLoadPol.PreferSystem32Images = 1;
+
+ DebugOnly<BOOL> setOk = pSetProcessMitigationPolicy(
+ ProcessImageLoadPolicy, &imgLoadPol, sizeof(imgLoadPol));
+ MOZ_ASSERT(setOk);
+ }
+ }
+
+#if defined(MOZ_SANDBOX)
+ // Ensure the relevant mitigations are enforced.
+ mozilla::sandboxing::ApplyParentProcessMitigations();
+#endif
+
+ mozilla::UseParentConsole();
+
+ if (!SetArgv0ToFullBinaryPath(argv)) {
+ HandleLauncherError(LAUNCHER_ERROR_GENERIC());
+ return Nothing();
+ }
+
+ LauncherFlags flags = ProcessCmdLine(argc, argv);
+
+ nsAutoHandle mediumIlToken;
+ LauncherResult<ElevationState> elevationState =
+ GetElevationState(argv[0], flags, mediumIlToken);
+ if (elevationState.isErr()) {
+ HandleLauncherError(elevationState);
+ return Nothing();
+ }
+
+ // Distill deelevation status, and/or attempt to perform launcher deelevation
+ // via an indirect relaunch.
+ DeelevationStatus deelevationStatus = DeelevationStatus::Unknown;
+ if (mediumIlToken.get()) {
+ // Rather than indirectly relaunch the launcher, we'll attempt to directly
+ // launch the main process with a reduced-privilege security token.
+ deelevationStatus = DeelevationStatus::PartiallyDeelevated;
+ } else if (elevationState.unwrap() == ElevationState::eElevated) {
+ if (flags & LauncherFlags::eWaitForBrowser) {
+ // An indirect relaunch won't provide a process-handle to block on,
+ // so we have to continue onwards with this process.
+ deelevationStatus = DeelevationStatus::DeelevationProhibited;
+ } else if (flags & LauncherFlags::eNoDeelevate) {
+ // Our invoker (hopefully, the user) has explicitly requested that the
+ // launcher not deelevate itself.
+ deelevationStatus = DeelevationStatus::DeelevationProhibited;
+ } else if (flags & LauncherFlags::eDeelevating) {
+ // We've already tried to deelevate, to no effect. Continue onward.
+ deelevationStatus = DeelevationStatus::UnsuccessfullyDeelevated;
+ } else {
+ // Otherwise, attempt to relaunch the launcher process itself via the
+ // shell, which hopefully will not be elevated. (But see bug 1733821.)
+ LauncherVoidResult launchedUnelevated = LaunchUnelevated(argc, argv);
+ if (launchedUnelevated.isErr()) {
+ // On failure, don't even try for a launcher process. Continue onwards
+ // in this one. (TODO: why? This isn't technically fatal...)
+ HandleLauncherError(launchedUnelevated);
+ return Nothing();
+ }
+ // Otherwise, tell our caller to exit with a success code.
+ return Some(0);
+ }
+ } else if (elevationState.unwrap() == ElevationState::eNormalUser) {
+ if (flags & LauncherFlags::eDeelevating) {
+ // Deelevation appears to have been successful!
+ deelevationStatus = DeelevationStatus::SuccessfullyDeelevated;
+ } else {
+ // We haven't done anything and we don't need to.
+ deelevationStatus = DeelevationStatus::StartedUnprivileged;
+ }
+ } else {
+ // Some other elevation state with no medium-integrity token.
+ // (This should probably not happen.)
+ deelevationStatus = DeelevationStatus::Unknown;
+ }
+
+#if defined(MOZ_LAUNCHER_PROCESS)
+ // Update the registry as Launcher
+ LauncherVoidResult commitResult = regInfo.Commit();
+ if (commitResult.isErr()) {
+ mozilla::HandleLauncherError(commitResult);
+ return Nothing();
+ }
+#endif // defined(MOZ_LAUNCHER_PROCESS)
+
+ // Now proceed with setting up the parameters for process creation
+ UniquePtr<wchar_t[]> cmdLine(MakeCommandLine(argc, argv));
+ if (!cmdLine) {
+ HandleLauncherError(LAUNCHER_ERROR_GENERIC());
+ return Nothing();
+ }
+
+ const Maybe<bool> isSafeMode =
+ IsSafeModeRequested(argc, argv, SafeModeFlag::NoKeyPressCheck);
+ if (!isSafeMode) {
+ HandleLauncherError(LAUNCHER_ERROR_FROM_WIN32(ERROR_INVALID_PARAMETER));
+ return Nothing();
+ }
+
+ ProcThreadAttributes attrs;
+ SetMitigationPolicies(attrs, isSafeMode.value());
+
+ HANDLE stdHandles[] = {::GetStdHandle(STD_INPUT_HANDLE),
+ ::GetStdHandle(STD_OUTPUT_HANDLE),
+ ::GetStdHandle(STD_ERROR_HANDLE)};
+
+ attrs.AddInheritableHandles(stdHandles);
+
+ DWORD creationFlags = CREATE_SUSPENDED | CREATE_UNICODE_ENVIRONMENT;
+
+ STARTUPINFOEXW siex;
+ LauncherResult<bool> attrsOk = attrs.AssignTo(siex);
+ if (attrsOk.isErr()) {
+ HandleLauncherError(attrsOk);
+ return Nothing();
+ }
+
+ BOOL inheritHandles = FALSE;
+
+ if (attrsOk.unwrap()) {
+ creationFlags |= EXTENDED_STARTUPINFO_PRESENT;
+
+ if (attrs.HasInheritableHandles()) {
+ siex.StartupInfo.dwFlags |= STARTF_USESTDHANDLES;
+ siex.StartupInfo.hStdInput = stdHandles[0];
+ siex.StartupInfo.hStdOutput = stdHandles[1];
+ siex.StartupInfo.hStdError = stdHandles[2];
+
+ // Since attrsOk == true, we have successfully set the handle inheritance
+ // whitelist policy, so only the handles added to attrs will be inherited.
+ inheritHandles = TRUE;
+ }
+ }
+
+ // Pass on the path of the shortcut used to launch this process, if any.
+ STARTUPINFOW currentStartupInfo = {.cb = sizeof(STARTUPINFOW)};
+ GetStartupInfoW(&currentStartupInfo);
+ if ((currentStartupInfo.dwFlags & STARTF_TITLEISLINKNAME) &&
+ currentStartupInfo.lpTitle) {
+ siex.StartupInfo.dwFlags |= STARTF_TITLEISLINKNAME;
+ siex.StartupInfo.lpTitle = currentStartupInfo.lpTitle;
+ }
+
+ PROCESS_INFORMATION pi = {};
+ BOOL createOk;
+
+ if (mediumIlToken.get()) {
+ createOk =
+ ::CreateProcessAsUserW(mediumIlToken.get(), argv[0], cmdLine.get(),
+ nullptr, nullptr, inheritHandles, creationFlags,
+ nullptr, nullptr, &siex.StartupInfo, &pi);
+ } else {
+ createOk = ::CreateProcessW(argv[0], cmdLine.get(), nullptr, nullptr,
+ inheritHandles, creationFlags, nullptr, nullptr,
+ &siex.StartupInfo, &pi);
+ }
+
+ if (!createOk) {
+ HandleLauncherError(LAUNCHER_ERROR_FROM_LAST());
+ return Nothing();
+ }
+
+ nsAutoHandle process(pi.hProcess);
+ nsAutoHandle mainThread(pi.hThread);
+
+ nsAutoHandle job;
+ if (flags & LauncherFlags::eWaitForBrowser) {
+ job = CreateJobAndAssignProcess(process.get());
+ }
+
+ bool disableDynamicBlocklist = IsDynamicBlocklistDisabled(
+ isSafeMode.value(),
+ mozilla::CheckArg(
+ argc, argv, mozilla::geckoargs::sDisableDynamicDllBlocklist.sMatch,
+ nullptr, mozilla::CheckArgFlag::None) == mozilla::ARG_FOUND);
+ LauncherVoidResult setupResult = PostCreationSetup(
+ argv[0], process.get(), mainThread.get(), deelevationStatus,
+ isSafeMode.value(), disableDynamicBlocklist, blocklistFileName);
+ if (setupResult.isErr()) {
+ HandleLauncherError(setupResult);
+ ::TerminateProcess(process.get(), 1);
+ return Nothing();
+ }
+
+ if (::ResumeThread(mainThread.get()) == static_cast<DWORD>(-1)) {
+ HandleLauncherError(LAUNCHER_ERROR_FROM_LAST());
+ ::TerminateProcess(process.get(), 1);
+ return Nothing();
+ }
+
+ if (flags & LauncherFlags::eWaitForBrowser) {
+ DWORD exitCode;
+ if (::WaitForSingleObject(process.get(), INFINITE) == WAIT_OBJECT_0 &&
+ ::GetExitCodeProcess(process.get(), &exitCode)) {
+ // Propagate the browser process's exit code as our exit code.
+ return Some(static_cast<int>(exitCode));
+ }
+ } else {
+ const DWORD timeout =
+ ::IsDebuggerPresent() ? INFINITE : kWaitForInputIdleTimeoutMS;
+
+ // Keep the current process around until the callback process has created
+ // its message queue, to avoid the launched process's windows being forced
+ // into the background.
+ mozilla::WaitForInputIdle(process.get(), timeout);
+ }
+
+ return Some(0);
+}
+
+} // namespace mozilla