[Windows Sandbox] MITIGATION_EXTENSION_POINT_DISABLE support for children.
This CL is part of a chain of CLs:
-> THIS
2) "MITIGATION_EXTENSION_POINT_DISABLE emergency off finch" (https://codereview.chromium.org/1836523004/)
3) "New NT registry API" (https://codereview.chromium.org/1841573002)
4) "Early browser security support" (https://codereview.chromium.org/1656453002)
5) "Turn on MITIGATION_EXTENSION_POINT_DISABLE" (https://codereview.chromium.org/1854323002)
Added support for this mitigation on child processes.
Not turning on in this CL - will add in a tiny follow-up CL that is
easy to revert if necessary.
6 out of 7 of the tests added to sbox_integration_tests
(ProcessMitigationsTest.CheckWin8ExtensionPoint*) are DISABLED and should be run manually
(will not auto run on bots).
The following extension points are blocked by this policy:
o AppInit DLLs
o Winsock Layered Service Providers (LSPs)
o Global Windows Hooks (not thread-targeted hooks)
o Legacy Input Method Editors (IMEs) - note Chrome supports IMEs via extension (https://developer.chrome.com/extensions/input_ime).
TEST=Manually run against Win8.1 x64, Win10 x64, Win10 x86.
BUG=557798
CQ_INCLUDE_TRYBOTS=tryserver.chromium.win:win10_chromium_x64_rel_ng
Review-Url: https://codereview.chromium.org/1835003003
Cr-Commit-Position: refs/heads/master@{#400422}
8 files changed