Remove sandbox on Windows.

sandbox/win/src/handle_policy.cc

-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "sandbox/win/src/handle_policy.h"
-
-#include <string>
-
-#include "base/win/scoped_handle.h"
-#include "sandbox/win/src/broker_services.h"
-#include "sandbox/win/src/ipc_tags.h"
-#include "sandbox/win/src/policy_engine_opcodes.h"
-#include "sandbox/win/src/policy_params.h"
-#include "sandbox/win/src/sandbox_types.h"
-#include "sandbox/win/src/sandbox_utils.h"
-
-namespace sandbox {
-
-bool HandlePolicy::GenerateRules(const wchar_t* type_name,
-                                 TargetPolicy::Semantics semantics,
-                                 LowLevelPolicy* policy) {
-  PolicyRule duplicate_rule(ASK_BROKER);
-
-  switch (semantics) {
-    case TargetPolicy::HANDLES_DUP_ANY: {
-      if (!duplicate_rule.AddNumberMatch(IF_NOT, HandleTarget::TARGET,
-                                         ::GetCurrentProcessId(), EQUAL)) {
-        return false;
-      }
-      break;
-    }
-
-    case TargetPolicy::HANDLES_DUP_BROKER: {
-      if (!duplicate_rule.AddNumberMatch(IF, HandleTarget::TARGET,
-                                         ::GetCurrentProcessId(), EQUAL)) {
-        return false;
-      }
-      break;
-    }
-
-    default:
-     return false;
-  }
-  if (!duplicate_rule.AddStringMatch(IF, HandleTarget::NAME, type_name,
-                                     CASE_INSENSITIVE)) {
-    return false;
-  }
-  if (!policy->AddRule(IPC_DUPLICATEHANDLEPROXY_TAG, &duplicate_rule)) {
-    return false;
-  }
-  return true;
-}
-
-DWORD HandlePolicy::DuplicateHandleProxyAction(EvalResult eval_result,
-                                               HANDLE source_handle,
-                                               DWORD target_process_id,
-                                               HANDLE* target_handle,
-                                               DWORD desired_access,
-                                               DWORD options) {
-  // The only action supported is ASK_BROKER which means duplicate the handle.
-  if (ASK_BROKER != eval_result) {
-    return ERROR_ACCESS_DENIED;
-  }
-
-  base::win::ScopedHandle remote_target_process;
-  if (target_process_id != ::GetCurrentProcessId()) {
-    // Sandboxed children are dynamic, so we check that manually.
-    if (!BrokerServicesBase::GetInstance()->IsActiveTarget(target_process_id)) {
-      return ERROR_ACCESS_DENIED;
-    }
-
-    remote_target_process.Set(::OpenProcess(PROCESS_DUP_HANDLE, FALSE,
-                                            target_process_id));
-    if (!remote_target_process.IsValid())
-      return ::GetLastError();
-  }
-
-  // If the policy didn't block us and we have no valid target, then the broker
-  // (this process) is the valid target.
-  HANDLE target_process = remote_target_process.IsValid() ?
-                          remote_target_process.Get() : ::GetCurrentProcess();
-  if (!::DuplicateHandle(::GetCurrentProcess(), source_handle, target_process,
-                         target_handle, desired_access, FALSE,
-                         options)) {
-    return ::GetLastError();
-  }
-
-  return ERROR_SUCCESS;
-}
-
-}  // namespace sandbox
-