Make the NaCl windows 64 bit binaries not depend on chrome targets.

content/common/sandbox_policy.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/sandbox_policy.h"
 
 #include <string>
 
 #include "base/command_line.h"
 #include "base/debug/debugger.h"
@@ skipping 276 matching lines @@
   return true;
 }
 
 // For the GPU process we gotten as far as USER_LIMITED. The next level
 // which is USER_RESTRICTED breaks both the DirectX backend and the OpenGL
 // backend. Note that the GPU process is connected to the interactive
 // desktop.
 // TODO(cpu): Lock down the sandbox more if possible.
 // TODO(apatrick): Use D3D9Ex to render windowless.
 bool AddPolicyForGPU(CommandLine* cmd_line, sandbox::TargetPolicy* policy) {
+#if !defined(NACL_WIN64)  // We don't need this code on win nacl64.
   if (base::win::GetVersion() > base::win::VERSION_XP) {
     policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
                           sandbox::USER_LIMITED);
     if (cmd_line->GetSwitchValueASCII(switches::kUseGL) ==
         gfx::kGLImplementationDesktopName) {
       policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);
       policy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
     } else {
       // UI restrictions break when we access Windows from outside our job.
       // However, we don't want a proxy window in this process because it can
       // introduce deadlocks where the renderer blocks on the gpu, which in
       // turn blocks on the browser UI thread. So, instead we forgo a window
       // message pump entirely and just add job restrictions to prevent child
       // processes.
       policy->SetJobLevel(sandbox::JOB_LIMITED_USER,
                           JOB_OBJECT_UILIMIT_SYSTEMPARAMETERS |
                           JOB_OBJECT_UILIMIT_DESKTOP |
                           JOB_OBJECT_UILIMIT_EXITWINDOWS |
                           JOB_OBJECT_UILIMIT_DISPLAYSETTINGS);
       policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
     }
   } else {
     policy->SetJobLevel(sandbox::JOB_UNPROTECTED, 0);
     policy->SetTokenLevel(sandbox::USER_UNPROTECTED,
                           sandbox::USER_LIMITED);
   }
 
   AddGenericDllEvictionPolicy(policy);
+#endif
   return true;
 }
 
 void AddPolicyForRenderer(sandbox::TargetPolicy* policy) {
   policy->SetJobLevel(sandbox::JOB_LOCKDOWN, 0);
 
   sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED;
   if (base::win::GetVersion() > base::win::VERSION_XP) {
     // On 2003/Vista the initial token has to be restricted if the main
     // token is restricted.
@@ skipping 117 matching lines @@
 
   // Prefetch hints on windows:
   // Using a different prefetch profile per process type will allow Windows
   // to create separate pretetch settings for browser, renderer etc.
   cmd_line->AppendArg(base::StringPrintf("/prefetch:%d", type));
 
   sandbox::ResultCode result;
   PROCESS_INFORMATION target = {0};
   sandbox::TargetPolicy* policy = g_broker_services->CreatePolicy();
 
+#if !defined(NACL_WIN64)  // We don't need this code on win nacl64.
   if (type == ChildProcessInfo::PLUGIN_PROCESS &&
       !browser_command_line.HasSwitch(switches::kNoSandbox) &&
       content::GetContentClient()->SandboxPlugin(cmd_line, policy)) {
     in_sandbox = true;
   }
+#endif
 
   if (!in_sandbox) {
     policy->Release();
     base::LaunchProcess(*cmd_line, base::LaunchOptions(), &process);
     return process;
   }
 
   if (type == ChildProcessInfo::PLUGIN_PROCESS) {
     AddGenericDllEvictionPolicy(policy);
     AddPluginDllEvictionPolicy(policy);
@@ skipping 79 matching lines @@
 
   // Help the process a little. It can't start the debugger by itself if
   // the process is in a sandbox.
   if (child_needs_help)
     base::debug::SpawnDebuggerOnProcess(target.dwProcessId);
 
   return process;
 }
 
 }  // namespace sandbox