1 files changed, 15 insertions, 8 deletions

diff --git a/chromium/sandbox/win/src/broker_services.cc b/chromium/sandbox/win/src/broker_services.cc
index ae7d15de30e..7c7c53397ba 100644
--- a/chromium/sandbox/win/src/broker_services.cc
+++ b/chromium/sandbox/win/src/broker_services.cc
@@ -282,15 +282,27 @@ ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path,
     return SBOX_ERROR_BAD_PARAMS;
 
   // Even though the resources touched by SpawnTarget can be accessed in
-  // multiple threads, the method itself cannot be called from more than
-  // 1 thread. This is to protect the global variables used while setting up
-  // the child process.
+  // multiple threads, the method itself cannot be called from more than one
+  // thread. This is to protect the global variables used while setting up the
+  // child process, and to make sure launcher thread mitigations are applied
+  // correctly.
   static DWORD thread_id = ::GetCurrentThreadId();
   DCHECK(thread_id == ::GetCurrentThreadId());
   *last_warning = SBOX_ALL_OK;
 
   AutoLock lock(&lock_);
 
+  // Launcher thread only needs to be opted out of ACG once. Do this on the
+  // first child process being spawned.
+  static bool launcher_thread_opted_out = false;
+
+  if (!launcher_thread_opted_out) {
+    // Soft fail this call. It will fail if ACG is not enabled for this process.
+    sandbox::ApplyMitigationsToCurrentThread(
+        sandbox::MITIGATION_DYNAMIC_CODE_OPT_OUT_THIS_THREAD);
+    launcher_thread_opted_out = true;
+  }
+
   // This downcast is safe as long as we control CreatePolicy()
   scoped_refptr<PolicyBase> policy_base(static_cast<PolicyBase*>(policy.get()));
 
@@ -518,9 +530,4 @@ ResultCode BrokerServicesBase::WaitForAllTargets() {
   return SBOX_ALL_OK;
 }
 
-bool BrokerServicesBase::IsActiveTarget(DWORD process_id) {
-  AutoLock lock(&lock_);
-  return child_process_ids_.find(process_id) != child_process_ids_.end();
-}
-
 }  // namespace sandbox