[Problem/Bug]: Unable to launch application using a webview2 component in process running under a restricted token

[davte-beijer]

What happened?

I have an application (app launcher) that needs to launch other applications. The app launcher starts the other application with a restricted token in order to protect certain directories that are only intended for the app launcher. When a launched application contains a webview2 component it is rendered blank since the renderer process seem to fail.

Importance

Blocking. My app's basic functions are not working due to this issue.

Runtime Channel

Stable release (WebView2 Runtime)

Runtime Version

127.0.2651.86

SDK Version

1.0.2792.45

Framework

WPF

Operating System

Windows 10

OS Version

10.0.19045 Build 19045

Repro steps

Reproduction Steps

Create two applications, one representing the "app launcher" and one representing the "app to launch" with a webview2 component.

1. In the implementation of the app launcher call method CreateRestrictedToken in order to create a restricted token.

CreateRestrictedToken(
                    Token, // <-- current token
                    0,
                    0, IntPtr.Zero,
                    0, IntPtr.Zero,
                    (uint)restrictedSidStrings.Count, restrictedSidsPtr,  // <-- Provide some valid SID data to these two parameters
                    out SafeTokenHandle restrictedToken))

2. Then call method CreateProcessAsUser providing the restricted token from step 1

CreateProcessAsUser(
                    restrictedToken,
                    appToRun, // <--- path to application to launch with a restricted token
                    IntPtr.Zero,
                    IntPtr.Zero,
                    false,
                    0,
                    IntPtr.Zero,
                    startupFolder, 
                    ref startupInfo,
                    out PROCESS_INFORMATION processInfo))

3. Execute the app launcher to start the application to launch. No webview2 component is rendered.

Repros in Edge Browser

Yes, issue can be reproduced in the corresponding Edge version

Regression

No, this never worked

Last working version (if regression)

No response

[victorhuangwq]

you stated this

Yes, issue can be reproduced in the corresponding Edge version

Is this by accident, else could you elaborate?

[davte-beijer]

I might have interpreted that field wrong in the template... however i did the same scenario, but instead of launching an application hosting a webview2 component I instead launched msedge.exe in similar fashion with a restricted token, which seem to end up with the same result, i.e. nothing is rendered in the browser.

[davidterins]

@victorhuangwq what is the status of this issue?

[victorhuangwq]

I am assuming this is the same result if you launch a Chrome browser as well?

[LiangTheDev]

This is currently a limitation of WebView2. Chromium code will try to setup sandbox for renderer process and to setup the sandbox, it requires a lot of privilege and would not work if the process is with a restricted token.
WebView2 works in AppContainer for supporting of UWP apps. If you create the sandboxed app in an AppContainer, then it would work.

[davte-beijer]

Okay will look into appcontainers to work around this limitation.