In preparation for adding appcontainer token to renderer, these are content side changes.

In this CL, we add appcontainer related attributes in PreSpawnTarget for renderer. Though we modify policy here, it is still not being honored, that will happen in next CL.

BUG=455496
R=cpu, jschuh, rvargas

Review URL: https://codereview.chromium.org/949943003

Cr-Commit-Position: refs/heads/master@{#319208}

1 files changed, 16 insertions, 0 deletions

diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc
index ca08bfc..7f5c54d 100644
--- a/content/browser/renderer_host/render_process_host_impl.cc
+++ b/content/browser/renderer_host/render_process_host_impl.cc
@@ -167,8 +167,10 @@
 
 #if defined(OS_WIN)
 #include "base/win/scoped_com_initializer.h"
+#include "base/win/windows_version.h"
 #include "content/common/font_cache_dispatcher_win.h"
 #include "content/common/sandbox_win.h"
+#include "sandbox/win/src/sandbox_policy.h"
 #include "ui/gfx/win/dpi.h"
 #endif
 
@@ -327,6 +329,20 @@ class RendererSandboxedProcessLauncherDelegate
   virtual void PreSpawnTarget(sandbox::TargetPolicy* policy,
                               bool* success) {
     AddBaseHandleClosePolicy(policy);
+
+    if (base::win::GetVersion() >= base::win::VERSION_WIN8) {
+      // TODO(shrikant): Check if these constants should be different across
+      // various versions of Chromium code base or could be same.
+      // If there should be different SID per channel then move this code
+      // in chrome rather than content and assign SID based on
+      // VersionInfo::GetChannel().
+      const wchar_t kAppContainerSid[] =
+          L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"
+          L"924012148-129201922";
+
+      policy->SetLowBox(kAppContainerSid);
+    }
+
     GetContentClient()->browser()->PreSpawnRenderer(policy, success);
   }