Do not close handles in target process on Windows 10.

content/common/sandbox_win.cc

Index: content/common/sandbox_win.cc
diff --git a/content/common/sandbox_win.cc b/content/common/sandbox_win.cc
index 82e56366058bddb6484f2f36cff07b00f09b605b..17893ffa6fd399677431f2a16d8019002308ad03 100644
--- a/content/common/sandbox_win.cc
+++ b/content/common/sandbox_win.cc
@@ -356,8 +356,7 @@ bool AddGenericPolicy(sandbox::TargetPolicy* policy) {
   return true;
 }
 
-bool AddPolicyForSandboxedProcess(sandbox::TargetPolicy* policy,
-                                  std::string& type_str) {
+bool AddPolicyForSandboxedProcess(sandbox::TargetPolicy* policy) {
   sandbox::ResultCode result;
   // Renderers need to share events with plugins.
   result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
@@ -367,11 +366,8 @@ bool AddPolicyForSandboxedProcess(sandbox::TargetPolicy* policy,
     return false;
 
   // Win8+ adds a device DeviceApi that we don't need.
-  // Only close this handle on renderer processes.  See crbug.com/452613.
-  if (base::win::GetVersion() > base::win::VERSION_WIN7 &&
-      type_str == switches::kRendererProcess) {
+  if (base::win::GetVersion() > base::win::VERSION_WIN7)
     result = policy->AddKernelObjectToClose(L"File", L"\\Device\\DeviceApi");
-  }
   if (result != sandbox::SBOX_ALL_OK)
     return false;
 
@@ -666,8 +662,7 @@ base::Process StartSandboxedProcess(
   if (delegate)
     delegate->PreSandbox(&disable_default_policy, &exposed_dir);
 
-  if (!disable_default_policy &&
-      !AddPolicyForSandboxedProcess(policy, type_str))
+  if (!disable_default_policy && !AddPolicyForSandboxedProcess(policy))
     return base::Process();
 
   if (type_str == switches::kRendererProcess) {