Cleanup/Remove Windows XP/Vista version checks from Windows sandbox code

sandbox/win/src/process_mitigations.cc

Index: sandbox/win/src/process_mitigations.cc
diff --git a/sandbox/win/src/process_mitigations.cc b/sandbox/win/src/process_mitigations.cc
index ba191d6ba6f86113a9efee080466dd7bf827b1df..26decf77e340193d52cf0bf54a2f1df805f5361b 100644
--- a/sandbox/win/src/process_mitigations.cc
+++ b/sandbox/win/src/process_mitigations.cc
@@ -38,8 +38,7 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) {
   base::win::Version version = base::win::GetVersion();
   HMODULE module = ::GetModuleHandleA("kernel32.dll");
 
-  if (version >= base::win::VERSION_VISTA &&
-      (flags & MITIGATION_DLL_SEARCH_ORDER)) {
+  if (flags & MITIGATION_DLL_SEARCH_ORDER) {
     SetDefaultDllDirectoriesFunction set_default_dll_directories =
         reinterpret_cast<SetDefaultDllDirectoriesFunction>(
             ::GetProcAddress(module, "SetDefaultDllDirectories"));
@@ -54,8 +53,7 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) {
   }
 
   // Set the heap to terminate on corruption
-  if (version >= base::win::VERSION_VISTA &&
-      (flags & MITIGATION_HEAP_TERMINATE)) {
+  if (flags & MITIGATION_HEAP_TERMINATE) {
     if (!::HeapSetInformation(NULL, HeapEnableTerminationOnCorruption,
                               NULL, 0) &&
         ERROR_ACCESS_DENIED != ::GetLastError()) {
@@ -63,8 +61,7 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) {
     }
   }
 
-  if (version >= base::win::VERSION_WIN7 &&
-      (flags & MITIGATION_HARDEN_TOKEN_IL_POLICY)) {
+  if (flags & MITIGATION_HARDEN_TOKEN_IL_POLICY) {
       DWORD error = HardenProcessIntegrityLevelPolicy();
       if ((error != ERROR_SUCCESS) && (error != ERROR_ACCESS_DENIED))
         return false;
@@ -73,8 +70,6 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) {
 #if !defined(_WIN64)  // DEP is always enabled on 64-bit.
   if (flags & MITIGATION_DEP) {
     DWORD dep_flags = PROCESS_DEP_ENABLE;
-    // DEP support is quirky on XP, so don't force a failure in that case.
-    const bool return_on_fail = version >= base::win::VERSION_VISTA;
 
     if (flags & MITIGATION_DEP_NO_ATL_THUNK)
       dep_flags |= PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION;
@@ -84,28 +79,7 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) {
             ::GetProcAddress(module, "SetProcessDEPPolicy"));
     if (set_process_dep_policy) {
       if (!set_process_dep_policy(dep_flags) &&
-          ERROR_ACCESS_DENIED != ::GetLastError() && return_on_fail) {
-        return false;
-      }
-    } else {
-      // We're on XP sp2, so use the less standard approach.
-      // For reference: http://www.uninformed.org/?v=2&a=4
-      static const int MEM_EXECUTE_OPTION_DISABLE = 2;
-      static const int MEM_EXECUTE_OPTION_ATL7_THUNK_EMULATION = 4;
-      static const int MEM_EXECUTE_OPTION_PERMANENT = 8;
-
-      NtSetInformationProcessFunction set_information_process = NULL;
-      ResolveNTFunctionPtr("NtSetInformationProcess",
-                           &set_information_process);
-      if (!set_information_process)
-        return false;
-      ULONG dep = MEM_EXECUTE_OPTION_DISABLE | MEM_EXECUTE_OPTION_PERMANENT;
-      if (!(dep_flags & PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION))
-        dep |= MEM_EXECUTE_OPTION_ATL7_THUNK_EMULATION;
-      if (!SUCCEEDED(set_information_process(GetCurrentProcess(),
-                                             ProcessExecuteFlags,
-                                             &dep, sizeof(dep))) &&
-          ERROR_ACCESS_DENIED != ::GetLastError() && return_on_fail) {
+          ERROR_ACCESS_DENIED != ::GetLastError()) {
         return false;

[Will Harris, 2016/03/17 23:05:59]

I think this needs more return false for more failure cases

[kylix_rd, 2016/03/21 19:09:09]

Done.

       }
     }
@@ -229,10 +203,6 @@ void ConvertProcessMitigationsToPolicy(MitigationFlags flags,
 #error This platform is not supported.
 #endif
 
-  // Nothing for Win XP or Vista.
-  if (version <= base::win::VERSION_VISTA)
-    return;
-
   // DEP and SEHOP are not valid for 64-bit Windows
 #if !defined(_WIN64)
   if (flags & MITIGATION_DEP) {
@@ -312,19 +282,6 @@ void ConvertProcessMitigationsToPolicy(MitigationFlags flags,
 MitigationFlags FilterPostStartupProcessMitigations(MitigationFlags flags) {
   base::win::Version version = base::win::GetVersion();
 
-  // Windows XP SP2+.
-  if (version < base::win::VERSION_VISTA) {
-    return flags & (MITIGATION_DEP |
-                    MITIGATION_DEP_NO_ATL_THUNK);
-  }
-
-  // Windows Vista
-  if (version < base::win::VERSION_WIN7) {
-    return flags & (MITIGATION_BOTTOM_UP_ASLR |
-                    MITIGATION_DLL_SEARCH_ORDER |
-                    MITIGATION_HEAP_TERMINATE);
-  }
-
   // Windows 7.
   if (version < base::win::VERSION_WIN8) {
     return flags & (MITIGATION_BOTTOM_UP_ASLR |