Adding method to create process using LowBox token in sandbox code.

sandbox/win/src/nt_internals.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file holds definitions related to the ntdll API.
 
 #ifndef SANDBOX_WIN_SRC_NT_INTERNALS_H__
 #define SANDBOX_WIN_SRC_NT_INTERNALS_H__
 
 #include <windows.h>
@@ skipping 638 matching lines @@
     PHANDLE LinkHandle,
     ACCESS_MASK DesiredAccess,
     POBJECT_ATTRIBUTES ObjectAttributes);
 
 #define DIRECTORY_QUERY               0x0001
 #define DIRECTORY_TRAVERSE            0x0002
 #define DIRECTORY_CREATE_OBJECT       0x0004
 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
 #define DIRECTORY_ALL_ACCESS          0x000F
 
+typedef NTSTATUS (WINAPI* NtCreateLowBoxToken)(
+    OUT PHANDLE token,
+    IN HANDLE original_handle,
+    IN ACCESS_MASK access,
+    IN POBJECT_ATTRIBUTES object_attribute,
+    IN PSID appcontainer_sid,
+    IN DWORD capabilityCount,
+    IN PSID_AND_ATTRIBUTES capabilities,
+    IN DWORD handle_count,
+    IN PHANDLE handles);
+
+typedef NTSTATUS(WINAPI *NtSetInformationProcess)(
+    IN HANDLE process_handle,
+    IN ULONG info_class,
+    IN PVOID process_information,
+    IN ULONG information_length);
+
+typedef NTSTATUS(WINAPI *NtQueryInformationProcess)(

[rvargas (doing something else), 2015/02/21 01:01:22]

I don't see this being used

[Shrikant Kelkar, 2015/02/21 02:32:40]

removed

+    IN  HANDLE process_handle,
+    IN  ULONG  info_class,
+    OUT PVOID  process_information,
+    IN  ULONG  information_length,
+    OUT PULONG return_length);
+
+struct PROCESS_ACCESS_TOKEN {
+  HANDLE token;
+  HANDLE thread;
+};
+
+const unsigned int NtProcessInformationAccessToken = 9;
+
 #endif  // SANDBOX_WIN_SRC_NT_INTERNALS_H__