Implement sandbox hooks to forward OPM related GDI system calls.

sandbox/win/src/sandbox_policy.h

Index: sandbox/win/src/sandbox_policy.h
diff --git a/sandbox/win/src/sandbox_policy.h b/sandbox/win/src/sandbox_policy.h
index e032444e7f18d5539186229eea4c8376ff5bc877..c0916ea6dec5b19c0c24481ccd182f59516e3a64 100644
--- a/sandbox/win/src/sandbox_policy.h
+++ b/sandbox/win/src/sandbox_policy.h
@@ -50,9 +50,12 @@ class TargetPolicy {
     EVENTS_ALLOW_READONLY,  // Allows opening an even with synchronize access.
     REG_ALLOW_READONLY,     // Allows readonly access to a registry key.
     REG_ALLOW_ANY,          // Allows read and write access to a registry key.
-    FAKE_USER_GDI_INIT      // Fakes user32 and gdi32 initialization. This can
+    FAKE_USER_GDI_INIT,     // Fakes user32 and gdi32 initialization. This can
                             // be used to allow the DLLs to load and initialize
                             // even if the process cannot access that subsystem.
+    IMPLEMENT_OPM_APIS      // Implements FAKE_USER_GDI_INIT and also exposes
+                            // IPC calls to handle Output Protection Manager
+                            // APIs.
   };
 
   // Increments the reference count of this object. The reference count must
@@ -244,6 +247,11 @@ class TargetPolicy {
   // to restrict what other processes are allowed to access a process' kernel
   // resources.
   virtual void SetLockdownDefaultDacl() = 0;
+
+  // Enable OPM API redirection when in Win32k lockdown.
+  virtual void SetEnableOPMRedirection() = 0;
+  // Enable OPM API emulation when in Win32k lockdown.
+  virtual bool GetEnableOPMRedirection() = 0;
 };
 
 }  // namespace sandbox