Implement sandbox hooks to forward OPM related GDI system calls.

sandbox/win/src/sandbox_policy.h

Index: sandbox/win/src/sandbox_policy.h
diff --git a/sandbox/win/src/sandbox_policy.h b/sandbox/win/src/sandbox_policy.h
index edac55ec91e6e6c8cc1bba7644617cbb10c0e2a9..6b44e0eb64cb1d522e2c37e4f52b100c3cbb3a74 100644
--- a/sandbox/win/src/sandbox_policy.h
+++ b/sandbox/win/src/sandbox_policy.h
@@ -54,9 +54,12 @@ class TargetPolicy {
     EVENTS_ALLOW_READONLY,  // Allows opening an even with synchronize access.
     REG_ALLOW_READONLY,     // Allows readonly access to a registry key.
     REG_ALLOW_ANY,          // Allows read and write access to a registry key.
-    FAKE_USER_GDI_INIT      // Fakes user32 and gdi32 initialization. This can
+    FAKE_USER_GDI_INIT,     // Fakes user32 and gdi32 initialization. This can
                             // be used to allow the DLLs to load and initialize
                             // even if the process cannot access that subsystem.
+    IMPLEMENT_OPM_APIS      // Implements FAKE_USER_GDI_INIT and also exposes
+                            // IPC calls to handle Output Protection Manager
+                            // APIs.
   };
 
   // Increments the reference count of this object. The reference count must
@@ -259,6 +262,11 @@ class TargetPolicy {
   // to restrict what other processes are allowed to access a process' kernel
   // resources.
   virtual void SetLockdownDefaultDacl() = 0;
+
+  // Enable OPM API redirection when in Win32k lockdown.
+  virtual void SetEnableOPMRedirection() = 0;
+  // Enable OPM API emulation when in Win32k lockdown.
+  virtual bool GetEnableOPMRedirection() = 0;
 };
 
 }  // namespace sandbox