Adding method to create process using LowBox token in sandbox code.

sandbox/win/src/sid.cc

Index: sandbox/win/src/sid.cc
diff --git a/sandbox/win/src/sid.cc b/sandbox/win/src/sid.cc
index 261605d547b99cf303913e72943125f71991dee6..8bd817320cb3bc7e3454630bc19ea10d6d4d1a77 100644
--- a/sandbox/win/src/sid.cc
+++ b/sandbox/win/src/sid.cc
@@ -4,15 +4,20 @@
 
 #include "sandbox/win/src/sid.h"
 
+#include <objbase.h>
+#include <sddl.h>
+
 #include "base/logging.h"
 
 namespace sandbox {
 
-Sid::Sid(const SID *sid) {
+Sid::Sid(const SID *sid)
+    : unique_sub_auth_sid_(NULL) {
   ::CopySid(SECURITY_MAX_SID_SIZE, sid_, const_cast<SID*>(sid));
 };
 
-Sid::Sid(WELL_KNOWN_SID_TYPE type) {
+Sid::Sid(WELL_KNOWN_SID_TYPE type)
+    : unique_sub_auth_sid_(NULL) {
   DWORD size_sid = SECURITY_MAX_SID_SIZE;
   BOOL result = ::CreateWellKnownSid(type, NULL, sid_, &size_sid);
   DCHECK(result);
@@ -23,4 +28,29 @@ const SID *Sid::GetPSID() const {
   return reinterpret_cast<SID*>(const_cast<BYTE*>(sid_));
 }
 
+void Sid::GenerateUniqueSubAuthoritySid(std::wstring* unique_sid) {
+  SID_IDENTIFIER_AUTHORITY authority = SECURITY_APP_PACKAGE_AUTHORITY;
+  GUID guid = { 0 };
+  ::CoCreateGuid(&guid);
+  unsigned long* guid_long = reinterpret_cast<unsigned long*>(&guid);
+  PSID sid = NULL;
+  DWORD sub_auth = *GetSidSubAuthority(reinterpret_cast<SID*>(sid_), 0);
+  ::AllocateAndInitializeSid(&authority,
+                             8,
+                             sub_auth,
+                             guid_long[0],
+                             guid_long[1],
+                             guid_long[2],
+                             guid_long[3],
+                             1,
+                             1,
+                             1,
+                             &sid);
+  LPWSTR sid_string = NULL;
+  ::ConvertSidToStringSid(sid, &sid_string);
+  *unique_sid = sid_string;
+  ::FreeSid(sid);
+  ::LocalFree(sid_string);
+}
+
 }  // namespace sandbox