Implement sandbox hooks to forward OPM related GDI system calls.

sandbox/win/src/process_mitigations_win32k_dispatcher.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_DISPATCHER_H_
 #define SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_DISPATCHER_H_
 
+#include <map>
+
 #include "base/macros.h"
+#include "base/memory/ref_counted.h"
+#include "base/strings/string16.h"
+#include "base/synchronization/lock.h"
 #include "sandbox/win/src/sandbox_policy_base.h"
 
 namespace sandbox {
 
+// Class to maintain a reference to a OPM protected output handle.
+class ProtectedVideoOutput
+    : public base::RefCountedThreadSafe<ProtectedVideoOutput> {
+ public:
+  ProtectedVideoOutput(HANDLE handle) : handle_(handle) {}
+  HANDLE handle() { return handle_; }
+
+ private:
+  friend class base::RefCountedThreadSafe<ProtectedVideoOutput>;
+  ~ProtectedVideoOutput();
+
+  HANDLE handle_;
+
+  DISALLOW_COPY_AND_ASSIGN(ProtectedVideoOutput);
+};
+
 // This class sets up intercepts for the Win32K lockdown policy which is set
 // on Windows 8 and beyond.
 class ProcessMitigationsWin32KDispatcher : public Dispatcher {
  public:
   explicit ProcessMitigationsWin32KDispatcher(PolicyBase* policy_base);
-  ~ProcessMitigationsWin32KDispatcher() override {}
+  ~ProcessMitigationsWin32KDispatcher() override;
 
   // Dispatcher interface.
   bool SetupService(InterceptionManager* manager, int service) override;
 
+  bool EnumDisplayMonitors(IPCInfo* ipc, CountedBuffer* buffer);
+  bool GetMonitorInfo(IPCInfo* ipc, void* monitor, CountedBuffer* buffer);
+  bool GetSuggestedOPMProtectedOutputArraySize(IPCInfo* ipc,
+                                               base::string16* device_name);
+  bool CreateOPMProtectedOutputs(IPCInfo* ipc,
+                                 base::string16* device_name,
+                                 CountedBuffer* protected_outputs);
+  bool GetCertificateSize(IPCInfo* ipc,
+                          base::string16* device_name,
+                          void* protected_output);
+  bool GetCertificate(IPCInfo* ipc,
+                      base::string16* device_name,
+                      void* protected_output,
+                      void* shared_buffer_handle,
+                      uint32_t shared_buffer_size);
+  bool DestroyOPMProtectedOutput(IPCInfo* ipc, void* protected_output);
+  bool GetOPMRandomNumber(IPCInfo* ipc,
+                          void* protected_output,
+                          CountedBuffer* random_number);
+  bool SetOPMSigningKeyAndSequenceNumbers(IPCInfo* ipc,
+                                          void* protected_output,
+                                          CountedBuffer* parameters);
+  bool ConfigureOPMProtectedOutput(IPCInfo* ipc,
+                                   void* protected_output,
+                                   void* shared_buffer_handle);
+  bool GetOPMInformation(IPCInfo* ipc,
+                         void* protected_output,
+                         void* shared_buffer_handle);
+
  private:
+  scoped_refptr<ProtectedVideoOutput> GetProtectedVideoOutput(
+      HANDLE handle,
+      bool destroy_output);
+
   PolicyBase* policy_base_;
+  std::map<HANDLE, scoped_refptr<ProtectedVideoOutput>> protected_outputs_;
+  base::Lock protected_outputs_lock_;
 
   DISALLOW_COPY_AND_ASSIGN(ProcessMitigationsWin32KDispatcher);
 };
 
 }  // namespace sandbox
 
 #endif  // SANDBOX_SRC_PROCESS_MITIGATIONS_WIN32K_DISPATCHER_H_