Adding method to create process using LowBox token in sandbox code.

sandbox/win/src/sid.cc

Index: sandbox/win/src/sid.cc
diff --git a/sandbox/win/src/sid.cc b/sandbox/win/src/sid.cc
index 261605d547b99cf303913e72943125f71991dee6..279074e61305cbca2dd0f283bf4aa80347c7cfee 100644
--- a/sandbox/win/src/sid.cc
+++ b/sandbox/win/src/sid.cc
@@ -4,12 +4,16 @@
 
 #include "sandbox/win/src/sid.h"
 
+#include <objbase.h>

[rvargas (doing something else), 2015/02/24 01:01:49]

?

+#include <sddl.h>
+
 #include "base/logging.h"
 
 namespace sandbox {
 
 Sid::Sid(const SID *sid) {
-  ::CopySid(SECURITY_MAX_SID_SIZE, sid_, const_cast<SID*>(sid));
+  BOOL result = ::CopySid(SECURITY_MAX_SID_SIZE, sid_, const_cast<SID*>(sid));
+  DCHECK(result);
 };
 
 Sid::Sid(WELL_KNOWN_SID_TYPE type) {
@@ -23,4 +27,30 @@ const SID *Sid::GetPSID() const {
   return reinterpret_cast<SID*>(const_cast<BYTE*>(sid_));
 }
 
+std::wstring Sid::GenerateUniqueSubAuthoritySid() {

[rvargas (doing something else), 2015/02/24 01:01:49]

I don't think this code belongs here

+  SID_IDENTIFIER_AUTHORITY authority = SECURITY_APP_PACKAGE_AUTHORITY;
+  GUID guid = { 0 };
+  ::CoCreateGuid(&guid);
+  unsigned long* guid_long = reinterpret_cast<unsigned long*>(&guid);
+  PSID sid = NULL;
+  DWORD sub_auth = *GetSidSubAuthority(reinterpret_cast<SID*>(sid_), 0);
+  ::AllocateAndInitializeSid(&authority,
+                             8,
+                             sub_auth,
+                             guid_long[0],
+                             guid_long[1],
+                             guid_long[2],
+                             guid_long[3],
+                             1,
+                             1,
+                             1,
+                             &sid);
+  LPWSTR sid_string = NULL;
+  ::ConvertSidToStringSid(sid, &sid_string);
+  std::wstring unique_sid = sid_string;
+  ::FreeSid(sid);
+  ::LocalFree(sid_string);
+  return unique_sid;
+}
+
 }  // namespace sandbox