Add sandbox support for Windows process mitigations

sandbox/win/src/sandbox_policy_base.h

Index: sandbox/win/src/sandbox_policy_base.h
===================================================================
--- sandbox/win/src/sandbox_policy_base.h	(revision 155197)
+++ sandbox/win/src/sandbox_policy_base.h	(working copy)
@@ -52,6 +52,10 @@
       IntegrityLevel integrity_level) OVERRIDE;
   virtual ResultCode SetAppContainer(const wchar_t* sid) OVERRIDE;
   virtual ResultCode SetCapability(const wchar_t* sid) OVERRIDE;
+  virtual ResultCode SetProcessMitigations(uint64 flags) OVERRIDE;

[rvargas (doing something else), 2012/09/08 02:23:32]

There is a little something between calling this method SetProcesblah (and I
think the name is correct), and also calling the function that actually applies
the settings SetProcessBlah... Maybe change the other one to ApplyFoo?

[jschuh, 2012/09/10 23:58:48]

Done.

+  virtual uint64 GetProcessMitigations() OVERRIDE;
+  virtual ResultCode SetDelayedProcessMitigations(uint64 flags) OVERRIDE;
+  virtual uint64 GetDelayedProcessMitigations() OVERRIDE;
   virtual void SetStrictInterceptions() OVERRIDE;
   virtual ResultCode AddRule(SubSystem subsystem, Semantics semantics,
                              const wchar_t* pattern) OVERRIDE;
@@ -120,6 +124,8 @@
   bool relaxed_interceptions_;
   IntegrityLevel integrity_level_;
   IntegrityLevel delayed_integrity_level_;
+  uint64 mitigations_;
+  uint64 delayed_mitigations_;
   // The array of objects that will answer IPC calls.
   Dispatcher* ipc_targets_[IPC_LAST_TAG];
   // Object in charge of generating the low level policy.