Add policies to allow events named Dwm* in the gpu sandbox.

These events are created/opened by dwmapi.dll and are needed for the XP presentation path to work in the restricted gpu
sandbox. The other change is to run this in the restricted sandbox.

BUG=299047
R=cpu,jbauman

Review URL: https://codereview.chromium.org/24911002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@226074 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 8 insertions, 2 deletions

diff --git a/content/browser/gpu/gpu_process_host.cc b/content/browser/gpu/gpu_process_host.cc
index 0482b347e8..8b3cd3a 100644
--- a/content/browser/gpu/gpu_process_host.cc
+++ b/content/browser/gpu/gpu_process_host.cc
@@ -202,8 +202,7 @@ class GpuSandboxedProcessLauncherDelegate
       } else {
         if (cmd_line_->GetSwitchValueASCII(switches::kUseGL) ==
                 gfx::kGLImplementationSwiftShaderName ||
-            cmd_line_->HasSwitch(switches::kReduceGpuSandbox) ||
-            cmd_line_->HasSwitch(switches::kDisableImageTransportSurface)) {
+            cmd_line_->HasSwitch(switches::kReduceGpuSandbox)) {
           // Swiftshader path.
           policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
                                 sandbox::USER_LIMITED);
@@ -250,6 +249,13 @@ class GpuSandboxedProcessLauncherDelegate
       return;
     }
 
+    result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_SYNC,
+                             sandbox::TargetPolicy::EVENTS_ALLOW_ANY,
+                             L"Dwm*");
+    if (result != sandbox::SBOX_ALL_OK) {
+      *success = false;
+      return;
+    }
     // Block this DLL even if it is not loaded by the browser process.
     policy->AddDllToUnload(L"cmsetac.dll");