Add sandbox support for process memory limits

sandbox/win/src/job.cc

Index: sandbox/win/src/job.cc
diff --git a/sandbox/win/src/job.cc b/sandbox/win/src/job.cc
index 62b8d5c3c4b294844970f84cad94b207fc9cb38e..b62f8a588e3be8da6f63bba1f059d1779c1ac997 100644
--- a/sandbox/win/src/job.cc
+++ b/sandbox/win/src/job.cc
@@ -52,11 +52,11 @@ DWORD Job::Init(JobLevel security_level,
       jbur.UIRestrictionsClass |= JOB_OBJECT_UILIMIT_EXITWINDOWS;
     }
     case JOB_UNPROTECTED: {
-      // The JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE flag is not supported on
-      // Windows 2000. We need a mechanism on Windows 2000 to ensure
-      // that processes in the job are terminated when the job is closed
-      if (base::win::GetVersion() == base::win::VERSION_PRE_XP)
-        break;
+      if (process_memory_limit_) {
+        jeli.BasicLimitInformation.LimitFlags |=
+            JOB_OBJECT_LIMIT_PROCESS_MEMORY;
+        jeli.ProcessMemoryLimit = process_memory_limit_;
+      }
 
       jeli.BasicLimitInformation.LimitFlags |=
           JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE;
@@ -85,6 +85,14 @@ DWORD Job::Init(JobLevel security_level,
   return ERROR_SUCCESS;
 }
 
+DWORD Job::SetProcessMemoryLimit(size_t limit) {
+  if (job_handle_)
+    return ERROR_ALREADY_INITIALIZED;
+
+  process_memory_limit_ = limit;
+  return ERROR_SUCCESS;
+}
+
 DWORD Job::UserHandleGrantAccess(HANDLE handle) {
   if (!job_handle_)
     return ERROR_NO_DATA;