wslcsession: use DuplicateHandle idiom for self-process handle in GetProcessHandle

[benhillis]

Summary of the Pull Request

Replace the self-OpenProcess(GetCurrentProcessId()) calls in IWSLCSessionFactory::GetProcessHandle and IWSLCSession::GetProcessHandle with a duplicate of the current-process pseudo-handle via the existing wslutil::DuplicateHandle helper.

This is a cleanup/hardening change, not a behavioral one. A process should not need to OpenProcess itself by PID to obtain a handle to itself — duplicating the GetCurrentProcess() pseudo-handle is the canonical idiom. The new call requests the same access rights (PROCESS_SET_QUOTA | PROCESS_TERMINATE), so the marshaled handle and all downstream usage are unchanged.

Note

This does not fix the reported 0x80070005 (E_ACCESSDENIED) seen after hibernate/resume. Debugging shows that failure originates from AssignProcessToJobObject in wslservice.exe (WSLCSessionManager::AddSessionProcessToJobObject, WSLCSessionManager.cpp:454), not from GetProcessHandle. Both call sites surface the identical HRESULT, which is why it was initially misattributed. The job-assignment failure is being tracked separately.

PR Checklist

• Closes: Link to issue #xxx
• Communication: I've discussed this with core contributors already
• Tests: N/A — no behavioral change (handle access rights are identical)
• Localization: No end-user-facing strings
• Dev docs: N/A

Detailed Description of the Pull Request / Additional comments

GetProcessHandle previously did:

wil::unique_handle process{OpenProcess(PROCESS_SET_QUOTA | PROCESS_TERMINATE, FALSE, GetCurrentProcessId())};

OpenProcess performs an access check against the calling thread's effective token. Using it to open your own process is unnecessary and fragile — there is no reason a process should need an access check to obtain a handle to itself.

The replacement duplicates the current-process pseudo-handle:

*ProcessHandle = wslutil::DuplicateHandle(GetCurrentProcess(), PROCESS_SET_QUOTA | PROCESS_TERMINATE);

DuplicateHandle from the pseudo-handle performs no object DACL access check (it only requires PROCESS_DUP_HANDLE on the GetCurrentProcess() pseudo-handle, which is always granted), so it is the correct, robust idiom. Because an explicit desired-access mask is passed, the resulting handle carries exactly PROCESS_SET_QUOTA | PROCESS_TERMINATE — identical to the previous handle.

Validation Steps Performed

• Build.
• Verified the duplicated handle carries the same access rights (PROCESS_SET_QUOTA | PROCESS_TERMINATE), so AssignProcessToJobObject consumption is unchanged.

[Copilot]

Pull request overview

Fixes intermittent E_ACCESSDENIED when WSLC exposes a handle to its own COM server process under COM impersonation by avoiding OpenProcess() (which performs an access check against the thread’s effective token) and instead duplicating the current-process pseudo-handle.

Changes:

• Replace OpenProcess(PROCESS_SET_QUOTA | PROCESS_TERMINATE, ...) with wslutil::DuplicateHandle(GetCurrentProcess(), ...) in WSLC session and factory GetProcessHandle implementations.
• Add an explicit E_POINTER guard in WSLCSessionFactory::GetProcessHandle.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
src/windows/wslcsession/WSLCSessionFactory.cpp	Switch self-process handle creation to wslutil::DuplicateHandle to avoid impersonation-related access checks.
src/windows/wslcsession/WSLCSession.cpp	Switch self-process handle creation to wslutil::DuplicateHandle to avoid impersonation-related access checks.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

[OneBlue]

FYI debugging showed that the error wasn't returned from OpenProcess(), but from AssignProcessToJobObject() in wslservice.exe, so I'm not sure that this will solve the issue