Manage job and process lifetimes in sandbox tracker thread

During process creation, a job tracker (JobTracker as before) or a
process tracker (ProcessTracker) is created in the process launching
thread. These are then posted to the tracking thread
(TargetEventsThread) (before the job is associated with the
thread). New control keys are provided for the tracking thread to
receive these objects and take ownership.

For jobs, they are stored in a job tracking list (jobs)
and job notifications are used to determine if a job has
finished. Now, when finished, the tracking is removed from the job
tracking list and destroyed, freeing the related target policy.

For processes, these are now stored in a process tracking list
(processes) and a wait registered on the default thread
pool for a duplicated copy of the process’s handle to signal process
exit. The wait’s callback simply posts a message to the tracking
thread indicating that the process is done. When a process is done,
the process tracker is removed from the process tracking list and
freed. The related target policy is freed. As there may be more than
MAXIMUM_WAIT_OBJECTS(=64) children we use RegisterWaitForSingleObject
and a lightweight callback to post back to the tracking thread.

No manipulation of these lists is done outside of the tracking thread.
Policies used to be destroyed in the BrokerServices dtor so this may
move some crashes around, especially if there are many processes
and shutdown is stalled by a busy host.

child_process_ids can now be manipulated entirely within the tracking
thread so does not need locking. The working of WaitForAllTargets()
could be improved but is not addressed in this effort.

The lock is no longer required.

This CL prepares for chrome://sandbox on Windows by moving access
to stored policy objects to a single thread.

I have manually tested by simulating a job-free chrome.

Notes for this CL https://docs.google.com/document/d/1_9lde2MOX96VxE6k7IYtQFb5Zwpom5ZLFhCsfI7xXIc/edit#heading=h.3jv39q2gpdkw

Change-Id: I35d7970fc285d80bd6ea2143cdab7d82b42d57cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1743294
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#695315}

sandbox/win/src/broker_services.h

@@ -22,12 +22,6 @@
 #include "sandbox/win/src/win2k_threadpool.h"
 #include "sandbox/win/src/win_utils.h"
 
-namespace {
-
-struct JobTracker;
-
-}  // namespace
-
 namespace sandbox {
 
 // BrokerServicesBase ---------------------------------------------------------
@@ -71,20 +65,9 @@ class BrokerServicesBase final : public BrokerServices,
   // Handle to the worker thread that reacts to job notifications.
   base::win::ScopedHandle job_thread_;
 
-  // Lock used to protect the list of targets from being modified by 2
-  // threads at the same time.
-  CRITICAL_SECTION lock_;
-
   // Provides a pool of threads that are used to wait on the IPC calls.
   std::unique_ptr<ThreadProvider> thread_pool_;
 
-  // List of the trackers for closing and cleanup purposes.
-  std::list<std::unique_ptr<JobTracker>> tracker_list_;
-
-  // Provides a fast lookup to identify sandboxed processes that belong to a
-  // job.
-  std::set<DWORD> child_process_ids_;
-
   DISALLOW_COPY_AND_ASSIGN(BrokerServicesBase);
 };