Sandbox policy and intercepts for the MITIGATION_WIN32K_DISABLE policy for renderer processes.

This policy when set will prevent the renderer process from making Win32K.sys calls via user32/gdi32 on
Windows 8 and beyond.

The following intercepts are needed for getting basic renderer functionality.
1. gdi32!GdiDllInitialize:
2. gdi32!GetStockObject.
3. user32!RegisterClassW.

The above functions are called during renderer process initialization. We intercept these APIS by
EAT patching the corresponding dlls and return fake success values from those.

The intercepts live in the process_mitigations_win32k_interception.cc/.h files. The rest of the changes
are plumbing with the sandbox policy framework.

While basic renderers work well now on Windows 8, pepper flash does not as it sends an IPC to the renderer
to creating the transport DIB. Justin is aware of this problem and thinks we can workaround this.

BUG=365160

Added gdi and user32 interceptors for the win32k lockdown project.

Review URL: https://codereview.chromium.org/318603003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@276407 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 6 insertions, 0 deletions

diff --git a/sandbox/win/sandbox_win.gypi b/sandbox/win/sandbox_win.gypi
index 01d3f12..7d9cf94 100644
--- a/sandbox/win/sandbox_win.gypi
+++ b/sandbox/win/sandbox_win.gypi
@@ -74,6 +74,12 @@
             'src/policy_target.h',
             'src/process_mitigations.cc',
             'src/process_mitigations.h',
+            'src/process_mitigations_win32k_dispatcher.cc',
+            'src/process_mitigations_win32k_dispatcher.h',
+            'src/process_mitigations_win32k_interception.cc',
+            'src/process_mitigations_win32k_interception.h',
+            'src/process_mitigations_win32k_policy.cc',
+            'src/process_mitigations_win32k_policy.h',
             'src/process_thread_dispatcher.cc',
             'src/process_thread_dispatcher.h',
             'src/process_thread_interception.cc',