Address WSLC policy review follow-ups from #40466#40529
Merged
Conversation
Three items @OneBlue flagged in the merged PR were tagged "follow-up"; this change addresses all of them. 1. Refactor EnumerateRegistryAllowlist to use shared registry helpers - Add wsl::windows::common::registry::EnumStringValues(HKEY) returning a name->value map for REG_SZ/REG_EXPAND_SZ values (skipping other types). Mirrors the suggestion to centralise the EnumValues+ReadString pattern used by PluginManager::LoadPlugins. - wslpolicies.h's EnumerateRegistryAllowlist now calls EnumStringValues instead of hand-rolling RegQueryInfoKeyW + RegEnumValueW. Empty-entry filter and fail-open catch are preserved. - wslpolicies.h now explicitly includes registry.hpp instead of relying on precomp include order. 2. Reclassify the new HRESULTs as WSLC_E_* and surface them in wslcsdk.h - Move WSL_E_CONTAINER_DISABLED / WSL_E_REGISTRY_BLOCKED_BY_POLICY out of wslservice.idl and redefine them as WSLC_E_CONTAINER_DISABLED (0x8004060C) and WSLC_E_REGISTRY_BLOCKED_BY_POLICY (0x8004060D) in wslc.idl alongside the rest of the WSLC_E_* block. - Mirror the definitions in wslcsdk.h so SDK consumers can reference them by name without depending on the generated wslservice_h.h. - Update the service factory, wslcsession, wslutil error-code map, and PolicyTests to use the new names. 3. Tighten WSLContainerDisabledCli test - Validate stdoutText is empty (locks down which HANDLE the disabled message goes to). - Validate stderrText equals exactly MessageWSLContainerDisabled() + "\r\nError code: WSLC_E_CONTAINER_DISABLED\r\n" using the localization helper, so the message text and the error-code mapping are both locked in. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
OneBlue
approved these changes
May 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to #40466 addressing OneBlue's review feedback.
Changes
Refactor
EnumerateRegistryAllowlistto use a newregistry::EnumStringValueshelper instead of hand-rollingRegQueryInfoKeyW/RegEnumValueW. The helper returns astd::map<std::wstring, std::wstring>of name→value pairs forREG_SZ/REG_EXPAND_SZvalues.Introduce dedicated error codes for policy-blocked operations:
WSLC_E_CONTAINER_DISABLED(0x8004060C) — thrown when WSLC is disabled via group policy.WSLC_E_REGISTRY_BLOCKED_BY_POLICY(0x8004060D) — thrown when a registry is blocked by the allowlist policy.Defined in
wslc.idl(alongside otherWSLC_E_*codes) and mirrored into the publicwslcsdk.hSDK header, with entries ing_commonErrorsandGetErrorStringso the renderedError code:line uses the symbolic name.Tighten
WSLContainerDisabledClitest to verify stdout is empty and stderr matches the exact localized message +Error code: WSLC_E_CONTAINER_DISABLEDline, instead of just substring-matching.Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com