[Flash]: Remove support for OPM redirection from Windows sandbox.

This CL removes the support for redirecting the OPM APIs when running under Win32K lockdown. These were added to allow Flash to enable HDCP and with Widevine moving to a utility process are no longer required. Bug: 1148912 Change-Id: Ia5ec0cd54d9ae6fec28b5603693ffde7c725f194 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2536847Reviewed-by: Scott Violet <sky@chromium.org> Reviewed-by: Will Harris <wfh@chromium.org> Commit-Queue: James Forshaw <forshaw@chromium.org> Cr-Commit-Position: refs/heads/master@{#827960}

[Flash]: Remove support for OPM redirection from Windows sandbox.
This CL removes the support for redirecting the OPM APIs when running under Win32K lockdown. These were added to allow Flash to enable HDCP and with Widevine moving to a utility process are no longer required. Bug: 1148912 Change-Id: Ia5ec0cd54d9ae6fec28b5603693ffde7c725f194 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2536847Reviewed-by: Scott Violet <sky@chromium.org> Reviewed-by: Will Harris <wfh@chromium.org> Commit-Queue: James Forshaw <forshaw@chromium.org> Cr-Commit-Position: refs/heads/master@{#827960}
4d5a809b · James Forshaw · Commit Bot · b64c1dee · 4d5a809b · 4d5a809b
Commit 4d5a809b authored Nov 16, 2020 by James Forshaw Committed by Commit Bot Nov 16, 2020
23 changed files
--- a/content/browser/ppapi_plugin_process_host.cc
+++ b/content/browser/ppapi_plugin_process_host.cc
@@ -87,8 +87,7 @@ class PpapiPluginSandboxedProcessLauncherDelegate
 #if !defined(NACL_WIN64)
    // We don't support PPAPI win32k lockdown prior to Windows 10.
    if (base::win::GetVersion() >= base::win::Version::WIN10) {
-      result =
+      result = sandbox::policy::SandboxWin::AddWin32kLockdownPolicy(policy);
-          sandbox::policy::SandboxWin::AddWin32kLockdownPolicy(policy, true);
      if (result != sandbox::SBOX_ALL_OK)
        return false;
    }

--- a/content/browser/utility_sandbox_delegate_win.cc
+++ b/content/browser/utility_sandbox_delegate_win.cc
@@ -189,8 +189,7 @@ bool UtilitySandboxedProcessLauncherDelegate::PreSpawnTarget(
  }
  if (sandbox_type_ == sandbox::policy::SandboxType::kSharingService) {
-    auto result =
+    auto result = sandbox::policy::SandboxWin::AddWin32kLockdownPolicy(policy);
-        sandbox::policy::SandboxWin::AddWin32kLockdownPolicy(policy, false);
    if (result != sandbox::SBOX_ALL_OK)
      return false;

--- a/sandbox/policy/win/sandbox_win.cc
+++ b/sandbox/policy/win/sandbox_win.cc
@@ -791,8 +791,7 @@ ResultCode SandboxWin::AddAppContainerPolicy(TargetPolicy* policy,
 }
 // static
-ResultCode SandboxWin::AddWin32kLockdownPolicy(TargetPolicy* policy,
+ResultCode SandboxWin::AddWin32kLockdownPolicy(TargetPolicy* policy) {
-                                               bool enable_opm) {
 #if !defined(NACL_WIN64)
  // Win32k Lockdown is supported on Windows 8+.
  if (base::win::GetVersion() < base::win::Version::WIN8)
@@ -807,16 +806,8 @@ ResultCode SandboxWin::AddWin32kLockdownPolicy(TargetPolicy* policy,
  if (result != SBOX_ALL_OK)
    return result;
-  result = policy->AddRule(TargetPolicy::SUBSYS_WIN32K_LOCKDOWN,
+  return policy->AddRule(TargetPolicy::SUBSYS_WIN32K_LOCKDOWN,
-                           enable_opm ? TargetPolicy::IMPLEMENT_OPM_APIS
+                         TargetPolicy::FAKE_USER_GDI_INIT, nullptr);
-                                      : TargetPolicy::FAKE_USER_GDI_INIT,
-                           nullptr);
-  if (result != SBOX_ALL_OK)
-    return result;
-  if (enable_opm)
-    policy->SetEnableOPMRedirection();
-  return result;
 #else
  return SBOX_ALL_OK;
 #endif
@@ -984,7 +975,7 @@ ResultCode SandboxWin::StartSandboxedProcess(
    return result;
  if (process_type == switches::kRendererProcess) {
-    result = SandboxWin::AddWin32kLockdownPolicy(policy.get(), false);
+    result = SandboxWin::AddWin32kLockdownPolicy(policy.get());
    if (result != SBOX_ALL_OK)
      return result;
  }

--- a/sandbox/policy/win/sandbox_win.h
+++ b/sandbox/policy/win/sandbox_win.h
@@ -57,8 +57,7 @@ class SANDBOX_POLICY_EXPORT SandboxWin {
                                          const wchar_t* sid);
  // Add the win32k lockdown policy on supported OS.
-  static ResultCode AddWin32kLockdownPolicy(TargetPolicy* policy,
+  static ResultCode AddWin32kLockdownPolicy(TargetPolicy* policy);
-                                            bool enable_opm);
  // Add the AppContainer sandbox profile to the policy. |sandbox_type|
  // determines what policy is enabled. |appcontainer_id| is used to create

--- a/sandbox/policy/win/sandbox_win_unittest.cc
+++ b/sandbox/policy/win/sandbox_win_unittest.cc
@@ -113,8 +113,6 @@ class TestTargetPolicy : public TargetPolicy {
  void AddHandleToShare(HANDLE handle) override {}
  void SetLockdownDefaultDacl() override {}
  void AddRestrictingRandomSid() override {}
-  void SetEnableOPMRedirection() override {}
-  bool GetEnableOPMRedirection() override { return false; }
  ResultCode AddAppContainerProfile(const wchar_t* package_name,
                                    bool create_profile) override {

--- a/sandbox/win/BUILD.gn
+++ b/sandbox/win/BUILD.gn
@@ -238,8 +238,6 @@ test("sbox_integration_tests") {
    ":sbox_integration_test_hooking_dll",
    ":sbox_integration_test_win_proc",
  ]
-  libs = [ "dxva2.lib" ]
 }
 shared_library("sbox_integration_test_hijack_dll") {

--- a/sandbox/win/src/interceptors.h
+++ b/sandbox/win/src/interceptors.h
@@ -46,21 +46,6 @@ enum InterceptorId {
  GDIINITIALIZE_ID,
  GETSTOCKOBJECT_ID,
  REGISTERCLASSW_ID,
-  ENUMDISPLAYMONITORS_ID,
-  ENUMDISPLAYDEVICESA_ID,
-  GETMONITORINFOA_ID,
-  GETMONITORINFOW_ID,
-  CREATEOPMPROTECTEDOUTPUTS_ID,
-  GETCERTIFICATE_ID,
-  GETCERTIFICATESIZE_ID,
-  GETCERTIFICATEBYHANDLE_ID,
-  GETCERTIFICATESIZEBYHANDLE_ID,
-  DESTROYOPMPROTECTEDOUTPUT_ID,
-  CONFIGUREOPMPROTECTEDOUTPUT_ID,
-  GETOPMINFORMATION_ID,
-  GETOPMRANDOMNUMBER_ID,
-  GETSUGGESTEDOPMPROTECTEDOUTPUTARRAYSIZE_ID,
-  SETOPMSIGNINGKEYANDSEQUENCENUMBERS_ID,
  // Signed dispatcher:
  CREATE_SECTION_ID,
  INTERCEPTOR_MAX_ID

--- a/sandbox/win/src/interceptors_64.cc
+++ b/sandbox/win/src/interceptors_64.cc
@@ -353,166 +353,6 @@ TargetRegisterClassW64(const WNDCLASS* wnd_class) {
  return TargetRegisterClassW(orig_fn, wnd_class);
 }
-SANDBOX_INTERCEPT BOOL WINAPI
-TargetEnumDisplayMonitors64(HDC hdc,
-                            LPCRECT clip_rect,
-                            MONITORENUMPROC enum_function,
-                            LPARAM data_pointer) {
-  EnumDisplayMonitorsFunction orig_fn =
-      reinterpret_cast<EnumDisplayMonitorsFunction>(
-          g_originals[ENUMDISPLAYMONITORS_ID]);
-  return TargetEnumDisplayMonitors(orig_fn, hdc, clip_rect, enum_function,
-                                   data_pointer);
-}
-SANDBOX_INTERCEPT BOOL WINAPI
-TargetEnumDisplayDevicesA64(LPCSTR device,
-                            DWORD device_num,
-                            PDISPLAY_DEVICEA display_device,
-                            DWORD flags) {
-  EnumDisplayDevicesAFunction orig_fn =
-      reinterpret_cast<EnumDisplayDevicesAFunction>(
-          g_originals[ENUMDISPLAYDEVICESA_ID]);
-  return TargetEnumDisplayDevicesA(orig_fn, device, device_num, display_device,
-                                   flags);
-}
-SANDBOX_INTERCEPT BOOL WINAPI
-TargetGetMonitorInfoA64(HMONITOR monitor, LPMONITORINFO monitor_info) {
-  GetMonitorInfoAFunction orig_fn = reinterpret_cast<GetMonitorInfoAFunction>(
-      g_originals[GETMONITORINFOA_ID]);
-  return TargetGetMonitorInfoA(orig_fn, monitor, monitor_info);
-}
-SANDBOX_INTERCEPT BOOL WINAPI
-TargetGetMonitorInfoW64(HMONITOR monitor, LPMONITORINFO monitor_info) {
-  GetMonitorInfoWFunction orig_fn = reinterpret_cast<GetMonitorInfoWFunction>(
-      g_originals[GETMONITORINFOW_ID]);
-  return TargetGetMonitorInfoW(orig_fn, monitor, monitor_info);
-}
-SANDBOX_INTERCEPT NTSTATUS WINAPI
-TargetGetSuggestedOPMProtectedOutputArraySize64(
-    PUNICODE_STRING device_name,
-    DWORD* suggested_output_array_size) {
-  GetSuggestedOPMProtectedOutputArraySizeFunction orig_fn =
-      reinterpret_cast<GetSuggestedOPMProtectedOutputArraySizeFunction>(
-          g_originals[GETSUGGESTEDOPMPROTECTEDOUTPUTARRAYSIZE_ID]);
-  return TargetGetSuggestedOPMProtectedOutputArraySize(
-      orig_fn, device_name, suggested_output_array_size);
-}
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetCreateOPMProtectedOutputs64(
-    PUNICODE_STRING device_name,
-    DXGKMDT_OPM_VIDEO_OUTPUT_SEMANTICS vos,
-    DWORD protected_output_array_size,
-    DWORD* num_output_handles,
-    OPM_PROTECTED_OUTPUT_HANDLE* protected_output_array) {
-  CreateOPMProtectedOutputsFunction orig_fn =
-      reinterpret_cast<CreateOPMProtectedOutputsFunction>(
-          g_originals[CREATEOPMPROTECTEDOUTPUTS_ID]);
-  return TargetCreateOPMProtectedOutputs(
-      orig_fn, device_name, vos, protected_output_array_size,
-      num_output_handles, protected_output_array);
-}
-SANDBOX_INTERCEPT NTSTATUS WINAPI
-TargetGetCertificate64(PUNICODE_STRING device_name,
-                       DXGKMDT_CERTIFICATE_TYPE certificate_type,
-                       BYTE* certificate,
-                       ULONG certificate_length) {
-  GetCertificateFunction orig_fn =
-      reinterpret_cast<GetCertificateFunction>(g_originals[GETCERTIFICATE_ID]);
-  return TargetGetCertificate(orig_fn, device_name, certificate_type,
-                              certificate, certificate_length);
-}
-SANDBOX_INTERCEPT NTSTATUS WINAPI
-TargetGetCertificateSize64(PUNICODE_STRING device_name,
-                           DXGKMDT_CERTIFICATE_TYPE certificate_type,
-                           ULONG* certificate_length) {
-  GetCertificateSizeFunction orig_fn =
-      reinterpret_cast<GetCertificateSizeFunction>(
-          g_originals[GETCERTIFICATESIZE_ID]);
-  return TargetGetCertificateSize(orig_fn, device_name, certificate_type,
-                                  certificate_length);
-}
-SANDBOX_INTERCEPT NTSTATUS WINAPI
-TargetGetCertificateByHandle64(OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-                               DXGKMDT_CERTIFICATE_TYPE certificate_type,
-                               BYTE* certificate,
-                               ULONG certificate_length) {
-  GetCertificateByHandleFunction orig_fn =
-      reinterpret_cast<GetCertificateByHandleFunction>(
-          g_originals[GETCERTIFICATE_ID]);
-  return TargetGetCertificateByHandle(orig_fn, protected_output,
-                                      certificate_type, certificate,
-                                      certificate_length);
-}
-SANDBOX_INTERCEPT NTSTATUS WINAPI
-TargetGetCertificateSizeByHandle64(OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-                                   DXGKMDT_CERTIFICATE_TYPE certificate_type,
-                                   ULONG* certificate_length) {
-  GetCertificateSizeByHandleFunction orig_fn =
-      reinterpret_cast<GetCertificateSizeByHandleFunction>(
-          g_originals[GETCERTIFICATESIZE_ID]);
-  return TargetGetCertificateSizeByHandle(orig_fn, protected_output,
-                                          certificate_type, certificate_length);
-}
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetDestroyOPMProtectedOutput64(
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output) {
-  DestroyOPMProtectedOutputFunction orig_fn =
-      reinterpret_cast<DestroyOPMProtectedOutputFunction>(
-          g_originals[DESTROYOPMPROTECTEDOUTPUT_ID]);
-  return TargetDestroyOPMProtectedOutput(orig_fn, protected_output);
-}
-SANDBOX_INTERCEPT NTSTATUS WINAPI
-TargetGetOPMInformation64(OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-                          const DXGKMDT_OPM_GET_INFO_PARAMETERS* parameters,
-                          DXGKMDT_OPM_REQUESTED_INFORMATION* requested_info) {
-  GetOPMInformationFunction orig_fn =
-      reinterpret_cast<GetOPMInformationFunction>(
-          g_originals[GETOPMINFORMATION_ID]);
-  return TargetGetOPMInformation(orig_fn, protected_output, parameters,
-                                 requested_info);
-}
-SANDBOX_INTERCEPT NTSTATUS WINAPI
-TargetGetOPMRandomNumber64(OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-                           DXGKMDT_OPM_RANDOM_NUMBER* random_number) {
-  GetOPMRandomNumberFunction orig_fn =
-      reinterpret_cast<GetOPMRandomNumberFunction>(
-          g_originals[GETOPMRANDOMNUMBER_ID]);
-  return TargetGetOPMRandomNumber(orig_fn, protected_output, random_number);
-}
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetSetOPMSigningKeyAndSequenceNumbers64(
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-    const DXGKMDT_OPM_ENCRYPTED_PARAMETERS* parameters) {
-  SetOPMSigningKeyAndSequenceNumbersFunction orig_fn =
-      reinterpret_cast<SetOPMSigningKeyAndSequenceNumbersFunction>(
-          g_originals[SETOPMSIGNINGKEYANDSEQUENCENUMBERS_ID]);
-  return TargetSetOPMSigningKeyAndSequenceNumbers(orig_fn, protected_output,
-                                                  parameters);
-}
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetConfigureOPMProtectedOutput64(
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-    const DXGKMDT_OPM_CONFIGURE_PARAMETERS* parameters,
-    ULONG additional_parameters_size,
-    const BYTE* additional_parameters) {
-  ConfigureOPMProtectedOutputFunction orig_fn =
-      reinterpret_cast<ConfigureOPMProtectedOutputFunction>(
-          g_originals[CONFIGUREOPMPROTECTEDOUTPUT_ID]);
-  return TargetConfigureOPMProtectedOutput(
-      orig_fn, protected_output, parameters, additional_parameters_size,
-      additional_parameters);
-}
 SANDBOX_INTERCEPT NTSTATUS WINAPI
 TargetNtCreateSection64(PHANDLE section_handle,
                        ACCESS_MASK desired_access,

--- a/sandbox/win/src/interceptors_64.h
+++ b/sandbox/win/src/interceptors_64.h
@@ -236,80 +236,6 @@ SANDBOX_INTERCEPT HGDIOBJ WINAPI TargetGetStockObject64(int object);
 // Interceptor for the RegisterClassW function.
 SANDBOX_INTERCEPT ATOM WINAPI TargetRegisterClassW64(const WNDCLASS* wnd_class);
-SANDBOX_INTERCEPT BOOL WINAPI
-TargetEnumDisplayMonitors64(HDC hdc,
-                            LPCRECT lprcClip,
-                            MONITORENUMPROC lpfnEnum,
-                            LPARAM dwData);
-SANDBOX_INTERCEPT BOOL WINAPI
-TargetEnumDisplayDevicesA64(LPCSTR lpDevice,
-                            DWORD iDevNum,
-                            PDISPLAY_DEVICEA lpDisplayDevice,
-                            DWORD dwFlags);
-SANDBOX_INTERCEPT BOOL WINAPI TargetGetMonitorInfoA64(HMONITOR hMonitor,
-                                                      LPMONITORINFO lpmi);
-SANDBOX_INTERCEPT BOOL WINAPI TargetGetMonitorInfoW64(HMONITOR hMonitor,
-                                                      LPMONITORINFO lpmi);
-SANDBOX_INTERCEPT NTSTATUS WINAPI
-TargetGetSuggestedOPMProtectedOutputArraySize64(
-    PUNICODE_STRING device_name,
-    DWORD* suggested_output_array_size);
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetCreateOPMProtectedOutputs64(
-    PUNICODE_STRING device_name,
-    DXGKMDT_OPM_VIDEO_OUTPUT_SEMANTICS vos,
-    DWORD protected_output_array_size,
-    DWORD* num_output_handles,
-    OPM_PROTECTED_OUTPUT_HANDLE* protected_output_array);
-SANDBOX_INTERCEPT NTSTATUS WINAPI
-TargetGetCertificate64(PUNICODE_STRING device_name,
-                       DXGKMDT_CERTIFICATE_TYPE certificate_type,
-                       BYTE* certificate,
-                       ULONG certificate_length);
-SANDBOX_INTERCEPT NTSTATUS WINAPI
-TargetGetCertificateSize64(PUNICODE_STRING device_name,
-                           DXGKMDT_CERTIFICATE_TYPE certificate_type,
-                           ULONG* certificate_length);
-SANDBOX_INTERCEPT NTSTATUS WINAPI
-TargetGetCertificateByHandle64(OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-                               DXGKMDT_CERTIFICATE_TYPE certificate_type,
-                               BYTE* certificate,
-                               ULONG certificate_length);
-SANDBOX_INTERCEPT NTSTATUS WINAPI
-TargetGetCertificateSizeByHandle64(OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-                                   DXGKMDT_CERTIFICATE_TYPE certificate_type,
-                                   ULONG* certificate_length);
-SANDBOX_INTERCEPT NTSTATUS WINAPI
-TargetDestroyOPMProtectedOutput64(OPM_PROTECTED_OUTPUT_HANDLE protected_output);
-SANDBOX_INTERCEPT NTSTATUS WINAPI
-TargetGetOPMInformation64(OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-                          const DXGKMDT_OPM_GET_INFO_PARAMETERS* parameters,
-                          DXGKMDT_OPM_REQUESTED_INFORMATION* requested_info);
-SANDBOX_INTERCEPT NTSTATUS WINAPI
-TargetGetOPMRandomNumber64(OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-                           DXGKMDT_OPM_RANDOM_NUMBER* random_number);
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetSetOPMSigningKeyAndSequenceNumbers64(
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-    const DXGKMDT_OPM_ENCRYPTED_PARAMETERS* parameters);
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetConfigureOPMProtectedOutput64(
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-    const DXGKMDT_OPM_CONFIGURE_PARAMETERS* parameters,
-    ULONG additional_parameters_size,
-    const BYTE* additional_parameters);
 // -----------------------------------------------------------------------
 // Interceptors handled by the signed process code.

--- a/sandbox/win/src/ipc_tags.h
+++ b/sandbox/win/src/ipc_tags.h
@@ -32,18 +32,6 @@ enum class IpcTag {
  GDI_GETSTOCKOBJECT,
  USER_REGISTERCLASSW,
  CREATETHREAD,
-  USER_ENUMDISPLAYMONITORS,
-  USER_ENUMDISPLAYDEVICES,
-  USER_GETMONITORINFO,
-  GDI_CREATEOPMPROTECTEDOUTPUTS,
-  GDI_GETCERTIFICATE,
-  GDI_GETCERTIFICATESIZE,
-  GDI_DESTROYOPMPROTECTEDOUTPUT,
-  GDI_CONFIGUREOPMPROTECTEDOUTPUT,
-  GDI_GETOPMINFORMATION,
-  GDI_GETOPMRANDOMNUMBER,
-  GDI_GETSUGGESTEDOPMPROTECTEDOUTPUTARRAYSIZE,
-  GDI_SETOPMSIGNINGKEYANDSEQUENCENUMBERS,
  NTCREATESECTION,
  LAST
 };

--- a/sandbox/win/src/nt_internals.h
+++ b/sandbox/win/src/nt_internals.h
@@ -821,163 +821,4 @@ typedef NTSTATUS(WINAPI* RtlDeriveCapabilitySidsFromNameFunction)(
    PSID CapabilityGroupSid,
    PSID CapabilitySid);
-// -----------------------------------------------------------------------
-// GDI OPM API and Supported Calls
-#define DXGKMDT_OPM_OMAC_SIZE 16
-#define DXGKMDT_OPM_128_BIT_RANDOM_NUMBER_SIZE 16
-#define DXGKMDT_OPM_ENCRYPTED_PARAMETERS_SIZE 256
-#define DXGKMDT_OPM_CONFIGURE_SETTING_DATA_SIZE 4056
-#define DXGKMDT_OPM_GET_INFORMATION_PARAMETERS_SIZE 4056
-#define DXGKMDT_OPM_REQUESTED_INFORMATION_SIZE 4076
-#define DXGKMDT_OPM_HDCP_KEY_SELECTION_VECTOR_SIZE 5
-#define DXGKMDT_OPM_PROTECTION_TYPE_SIZE 4
-enum DXGKMDT_CERTIFICATE_TYPE {
-  DXGKMDT_OPM_CERTIFICATE = 0,
-  DXGKMDT_COPP_CERTIFICATE = 1,
-  DXGKMDT_UAB_CERTIFICATE = 2,
-  DXGKMDT_FORCE_ULONG = 0xFFFFFFFF
-};
-enum DXGKMDT_OPM_VIDEO_OUTPUT_SEMANTICS {
-  DXGKMDT_OPM_VOS_COPP_SEMANTICS = 0,
-  DXGKMDT_OPM_VOS_OPM_SEMANTICS = 1
-};
-enum DXGKMDT_DPCP_PROTECTION_LEVEL {
-  DXGKMDT_OPM_DPCP_OFF = 0,
-  DXGKMDT_OPM_DPCP_ON = 1,
-  DXGKMDT_OPM_DPCP_FORCE_ULONG = 0x7fffffff
-};
-enum DXGKMDT_OPM_HDCP_PROTECTION_LEVEL {
-  DXGKMDT_OPM_HDCP_OFF = 0,
-  DXGKMDT_OPM_HDCP_ON = 1,
-  DXGKMDT_OPM_HDCP_FORCE_ULONG = 0x7fffffff
-};
-enum DXGKMDT_OPM_HDCP_FLAG {
-  DXGKMDT_OPM_HDCP_FLAG_NONE = 0x00,
-  DXGKMDT_OPM_HDCP_FLAG_REPEATER = 0x01
-};
-enum DXGKMDT_OPM_PROTECTION_TYPE {
-  DXGKMDT_OPM_PROTECTION_TYPE_OTHER = 0x80000000,
-  DXGKMDT_OPM_PROTECTION_TYPE_NONE = 0x00000000,
-  DXGKMDT_OPM_PROTECTION_TYPE_COPP_COMPATIBLE_HDCP = 0x00000001,
-  DXGKMDT_OPM_PROTECTION_TYPE_ACP = 0x00000002,
-  DXGKMDT_OPM_PROTECTION_TYPE_CGMSA = 0x00000004,
-  DXGKMDT_OPM_PROTECTION_TYPE_HDCP = 0x00000008,
-  DXGKMDT_OPM_PROTECTION_TYPE_DPCP = 0x00000010,
-  DXGKMDT_OPM_PROTECTION_TYPE_MASK = 0x8000001F
-};
-typedef void* OPM_PROTECTED_OUTPUT_HANDLE;
-struct DXGKMDT_OPM_ENCRYPTED_PARAMETERS {
-  BYTE abEncryptedParameters[DXGKMDT_OPM_ENCRYPTED_PARAMETERS_SIZE];
-};
-struct DXGKMDT_OPM_OMAC {
-  BYTE abOMAC[DXGKMDT_OPM_OMAC_SIZE];
-};
-struct DXGKMDT_OPM_CONFIGURE_PARAMETERS {
-  DXGKMDT_OPM_OMAC omac;
-  GUID guidSetting;
-  ULONG ulSequenceNumber;
-  ULONG cbParametersSize;
-  BYTE abParameters[DXGKMDT_OPM_CONFIGURE_SETTING_DATA_SIZE];
-};
-struct DXGKMDT_OPM_RANDOM_NUMBER {
-  BYTE abRandomNumber[DXGKMDT_OPM_128_BIT_RANDOM_NUMBER_SIZE];
-};
-struct DXGKMDT_OPM_GET_INFO_PARAMETERS {
-  DXGKMDT_OPM_OMAC omac;
-  DXGKMDT_OPM_RANDOM_NUMBER rnRandomNumber;
-  GUID guidInformation;
-  ULONG ulSequenceNumber;
-  ULONG cbParametersSize;
-  BYTE abParameters[DXGKMDT_OPM_GET_INFORMATION_PARAMETERS_SIZE];
-};
-struct DXGKMDT_OPM_REQUESTED_INFORMATION {
-  DXGKMDT_OPM_OMAC omac;
-  ULONG cbRequestedInformationSize;
-  BYTE abRequestedInformation[DXGKMDT_OPM_REQUESTED_INFORMATION_SIZE];
-};
-struct DXGKMDT_OPM_SET_PROTECTION_LEVEL_PARAMETERS {
-  ULONG ulProtectionType;
-  ULONG ulProtectionLevel;
-  ULONG Reserved;
-  ULONG Reserved2;
-};
-struct DXGKMDT_OPM_STANDARD_INFORMATION {
-  DXGKMDT_OPM_RANDOM_NUMBER rnRandomNumber;
-  ULONG ulStatusFlags;
-  ULONG ulInformation;
-  ULONG ulReserved;
-  ULONG ulReserved2;
-};
-typedef NTSTATUS(WINAPI* GetSuggestedOPMProtectedOutputArraySizeFunction)(
-    PUNICODE_STRING device_name,
-    DWORD* suggested_output_array_size);
-typedef NTSTATUS(WINAPI* CreateOPMProtectedOutputsFunction)(
-    PUNICODE_STRING device_name,
-    DXGKMDT_OPM_VIDEO_OUTPUT_SEMANTICS vos,
-    DWORD output_array_size,
-    DWORD* num_in_output_array,
-    OPM_PROTECTED_OUTPUT_HANDLE* output_array);
-typedef NTSTATUS(WINAPI* GetCertificateFunction)(
-    PUNICODE_STRING device_name,
-    DXGKMDT_CERTIFICATE_TYPE certificate_type,
-    BYTE* certificate,
-    ULONG certificate_length);
-typedef NTSTATUS(WINAPI* GetCertificateSizeFunction)(
-    PUNICODE_STRING device_name,
-    DXGKMDT_CERTIFICATE_TYPE certificate_type,
-    ULONG* certificate_length);
-typedef NTSTATUS(WINAPI* GetCertificateByHandleFunction)(
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-    DXGKMDT_CERTIFICATE_TYPE certificate_type,
-    BYTE* certificate,
-    ULONG certificate_length);
-typedef NTSTATUS(WINAPI* GetCertificateSizeByHandleFunction)(
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-    DXGKMDT_CERTIFICATE_TYPE certificate_type,
-    ULONG* certificate_length);
-typedef NTSTATUS(WINAPI* DestroyOPMProtectedOutputFunction)(
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output);
-typedef NTSTATUS(WINAPI* ConfigureOPMProtectedOutputFunction)(
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-    const DXGKMDT_OPM_CONFIGURE_PARAMETERS* parameters,
-    ULONG additional_parameters_size,
-    const BYTE* additional_parameters);
-typedef NTSTATUS(WINAPI* GetOPMInformationFunction)(
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-    const DXGKMDT_OPM_GET_INFO_PARAMETERS* parameters,
-    DXGKMDT_OPM_REQUESTED_INFORMATION* requested_information);
-typedef NTSTATUS(WINAPI* GetOPMRandomNumberFunction)(
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-    DXGKMDT_OPM_RANDOM_NUMBER* random_number);
-typedef NTSTATUS(WINAPI* SetOPMSigningKeyAndSequenceNumbersFunction)(
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-    const DXGKMDT_OPM_ENCRYPTED_PARAMETERS* parameters);
 #endif  // SANDBOX_WIN_SRC_NT_INTERNALS_H__
--- a/sandbox/win/src/process_mitigations_win32k_dispatcher.cc
+++ b/sandbox/win/src/process_mitigations_win32k_dispatcher.cc
--- a/sandbox/win/src/process_mitigations_win32k_dispatcher.h
+++ b/sandbox/win/src/process_mitigations_win32k_dispatcher.h
@@ -17,22 +17,6 @@
 namespace sandbox {
-// Class to maintain a reference to a OPM protected output handle.
-class ProtectedVideoOutput
-    : public base::RefCountedThreadSafe<ProtectedVideoOutput> {
- public:
-  ProtectedVideoOutput(HANDLE handle) : handle_(handle) {}
-  HANDLE handle() { return handle_; }
- private:
-  friend class base::RefCountedThreadSafe<ProtectedVideoOutput>;
-  ~ProtectedVideoOutput();
-  HANDLE handle_;
-  DISALLOW_COPY_AND_ASSIGN(ProtectedVideoOutput);
-};
 // This class sets up intercepts for the Win32K lockdown policy which is set
 // on Windows 8 and beyond.
 class ProcessMitigationsWin32KDispatcher : public Dispatcher {
@@ -43,43 +27,8 @@ class ProcessMitigationsWin32KDispatcher : public Dispatcher {
  // Dispatcher interface.
  bool SetupService(InterceptionManager* manager, IpcTag service) override;
-  bool EnumDisplayMonitors(IPCInfo* ipc, CountedBuffer* buffer);
-  bool GetMonitorInfo(IPCInfo* ipc, void* monitor, CountedBuffer* buffer);
-  bool GetSuggestedOPMProtectedOutputArraySize(IPCInfo* ipc,
-                                               std::wstring* device_name);
-  bool CreateOPMProtectedOutputs(IPCInfo* ipc,
-                                 std::wstring* device_name,
-                                 CountedBuffer* protected_outputs);
-  bool GetCertificateSize(IPCInfo* ipc,
-                          std::wstring* device_name,
-                          void* protected_output);
-  bool GetCertificate(IPCInfo* ipc,
-                      std::wstring* device_name,
-                      void* protected_output,
-                      void* shared_buffer_handle,
-                      uint32_t shared_buffer_size);
-  bool DestroyOPMProtectedOutput(IPCInfo* ipc, void* protected_output);
-  bool GetOPMRandomNumber(IPCInfo* ipc,
-                          void* protected_output,
-                          CountedBuffer* random_number);
-  bool SetOPMSigningKeyAndSequenceNumbers(IPCInfo* ipc,
-                                          void* protected_output,
-                                          CountedBuffer* parameters);
-  bool ConfigureOPMProtectedOutput(IPCInfo* ipc,
-                                   void* protected_output,
-                                   void* shared_buffer_handle);
-  bool GetOPMInformation(IPCInfo* ipc,
-                         void* protected_output,
-                         void* shared_buffer_handle);
 private:
-  scoped_refptr<ProtectedVideoOutput> GetProtectedVideoOutput(
-      HANDLE handle,
-      bool destroy_output);
  PolicyBase* policy_base_;
-  std::map<HANDLE, scoped_refptr<ProtectedVideoOutput>> protected_outputs_;
-  base::Lock protected_outputs_lock_;
  DISALLOW_COPY_AND_ASSIGN(ProcessMitigationsWin32KDispatcher);
 };

--- a/sandbox/win/src/process_mitigations_win32k_interception.cc
+++ b/sandbox/win/src/process_mitigations_win32k_interception.cc
--- a/sandbox/win/src/process_mitigations_win32k_interception.h
+++ b/sandbox/win/src/process_mitigations_win32k_interception.h
@@ -12,14 +12,6 @@
 namespace sandbox {
-const DWORD kProtectedVideoOutputSectionSize = 16 * 1024;
-const DWORD kMaxEnumMonitors = 32;
-struct EnumMonitorsResult {
-  DWORD monitor_count;
-  HMONITOR monitors[kMaxEnumMonitors];
-};
 typedef BOOL(WINAPI* GdiDllInitializeFunction)(HANDLE dll,
                                               DWORD reason,
                                               LPVOID reserved);
@@ -28,13 +20,6 @@ using GetStockObjectFunction = decltype(&::GetStockObject);
 using RegisterClassWFunction = decltype(&::RegisterClassW);
-using EnumDisplayMonitorsFunction = decltype(&::EnumDisplayMonitors);
-using EnumDisplayDevicesAFunction = decltype(&::EnumDisplayDevicesA);
-using GetMonitorInfoWFunction = decltype(&::GetMonitorInfoW);
-using GetMonitorInfoAFunction = decltype(&::GetMonitorInfoA);
 extern "C" {
 // Interceptor for the  GdiDllInitialize function.
@@ -52,98 +37,6 @@ SANDBOX_INTERCEPT ATOM WINAPI
 TargetRegisterClassW(RegisterClassWFunction orig_register_class_function,
                     const WNDCLASS* wnd_class);
-SANDBOX_INTERCEPT BOOL WINAPI TargetEnumDisplayMonitors(
-    EnumDisplayMonitorsFunction orig_enum_display_monitors_function,
-    HDC hdc,
-    LPCRECT clip_rect,
-    MONITORENUMPROC enum_function,
-    LPARAM data);
-SANDBOX_INTERCEPT BOOL WINAPI TargetEnumDisplayDevicesA(
-    EnumDisplayDevicesAFunction orig_enum_display_devices_function,
-    LPCSTR device,
-    DWORD device_number,
-    PDISPLAY_DEVICEA display_device,
-    DWORD flags);
-SANDBOX_INTERCEPT BOOL WINAPI
-TargetGetMonitorInfoA(GetMonitorInfoAFunction orig_get_monitor_info_function,
-                      HMONITOR monitor,
-                      LPMONITORINFO monitor_info);
-SANDBOX_INTERCEPT BOOL WINAPI
-TargetGetMonitorInfoW(GetMonitorInfoWFunction orig_get_monitor_info_function,
-                      HMONITOR monitor,
-                      LPMONITORINFO monitor_info);
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetCreateOPMProtectedOutputs(
-    CreateOPMProtectedOutputsFunction orig_create_proceted_outputs_function,
-    PUNICODE_STRING device_name,
-    DXGKMDT_OPM_VIDEO_OUTPUT_SEMANTICS vos,
-    DWORD protected_output_array_size,
-    DWORD* output_array_size,
-    OPM_PROTECTED_OUTPUT_HANDLE* protected_outputs);
-SANDBOX_INTERCEPT NTSTATUS WINAPI
-TargetGetCertificate(GetCertificateFunction orig_get_certificate_function,
-                     PUNICODE_STRING device_name,
-                     DXGKMDT_CERTIFICATE_TYPE certificate_type,
-                     BYTE* certificate,
-                     ULONG certificate_length);
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetGetCertificateSize(
-    GetCertificateSizeFunction orig_get_certificate_size_function,
-    PUNICODE_STRING device_name,
-    DXGKMDT_CERTIFICATE_TYPE certificate_type,
-    ULONG* certificate_length);
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetGetCertificateByHandle(
-    GetCertificateByHandleFunction orig_get_certificate_function,
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-    DXGKMDT_CERTIFICATE_TYPE certificate_type,
-    BYTE* certificate,
-    ULONG certificate_length);
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetGetCertificateSizeByHandle(
-    GetCertificateSizeByHandleFunction orig_get_certificate_size_function,
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-    DXGKMDT_CERTIFICATE_TYPE certificate_type,
-    ULONG* certificate_length);
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetDestroyOPMProtectedOutput(
-    DestroyOPMProtectedOutputFunction orig_destroy_protected_output_function,
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output);
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetConfigureOPMProtectedOutput(
-    ConfigureOPMProtectedOutputFunction
-        origin_configure_protected_output_function,
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-    const DXGKMDT_OPM_CONFIGURE_PARAMETERS* parameters,
-    ULONG additional_parameters_size,
-    const BYTE* additional_parameters);
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetGetOPMInformation(
-    GetOPMInformationFunction origin_get_information_function,
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-    const DXGKMDT_OPM_GET_INFO_PARAMETERS* parameters,
-    DXGKMDT_OPM_REQUESTED_INFORMATION* requested_information);
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetGetOPMRandomNumber(
-    GetOPMRandomNumberFunction orig_get_random_number_function,
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-    DXGKMDT_OPM_RANDOM_NUMBER* random_number);
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetGetSuggestedOPMProtectedOutputArraySize(
-    GetSuggestedOPMProtectedOutputArraySizeFunction
-        orig_get_suggested_size_function,
-    PUNICODE_STRING device_name,
-    DWORD* suggested_output_array_size);
-SANDBOX_INTERCEPT NTSTATUS WINAPI TargetSetOPMSigningKeyAndSequenceNumbers(
-    SetOPMSigningKeyAndSequenceNumbersFunction orig_set_signing_keys_function,
-    OPM_PROTECTED_OUTPUT_HANDLE protected_output,
-    const DXGKMDT_OPM_ENCRYPTED_PARAMETERS* parameters);
 }  // extern "C"
 }  // namespace sandbox

--- a/sandbox/win/src/process_mitigations_win32k_policy.cc
+++ b/sandbox/win/src/process_mitigations_win32k_policy.cc
--- a/sandbox/win/src/process_mitigations_win32k_policy.h
+++ b/sandbox/win/src/process_mitigations_win32k_policy.h
@@ -13,9 +13,6 @@
 namespace sandbox {
-// A callback function type to get a function for testing.
-typedef void* (*OverrideForTestFunction)(const char* name);
 // This class centralizes most of the knowledge related to the process
 // mitigations Win32K lockdown policy.
 class ProcessMitigationsWin32KLockdownPolicy {
@@ -28,62 +25,6 @@ class ProcessMitigationsWin32KLockdownPolicy {
  static bool GenerateRules(const wchar_t* name,
                            TargetPolicy::Semantics semantics,
                            LowLevelPolicy* policy);
-  static uint32_t EnumDisplayMonitorsAction(const ClientInfo& client_info,
-                                            HMONITOR* monitor_list,
-                                            uint32_t monitor_list_size);
-  static bool GetMonitorInfoAction(const ClientInfo& client_info,
-                                   HMONITOR monitor,
-                                   MONITORINFO* monitor_info);
-  static NTSTATUS GetSuggestedOPMProtectedOutputArraySizeAction(
-      const ClientInfo& client_info,
-      const std::wstring& device_name,
-      uint32_t* suggested_array_size);
-  static NTSTATUS CreateOPMProtectedOutputsAction(
-      const ClientInfo& client_info,
-      const std::wstring& device_name,
-      HANDLE* protected_outputs,
-      uint32_t array_input_size,
-      uint32_t* array_output_size);
-  static NTSTATUS GetCertificateSizeAction(const ClientInfo& client_info,
-                                           const std::wstring& device_name,
-                                           uint32_t* cert_size);
-  static NTSTATUS GetCertificateAction(const ClientInfo& client_info,
-                                       const std::wstring& device_name,
-                                       BYTE* cert_data,
-                                       uint32_t cert_size);
-  static NTSTATUS GetCertificateSizeByHandleAction(
-      const ClientInfo& client_info,
-      HANDLE protected_output,
-      uint32_t* cert_size);
-  static NTSTATUS GetCertificateByHandleAction(const ClientInfo& client_info,
-                                               HANDLE protected_output,
-                                               BYTE* cert_data,
-                                               uint32_t cert_size);
-  static NTSTATUS GetOPMRandomNumberAction(const ClientInfo& client_info,
-                                           HANDLE protected_output,
-                                           void* random_number);
-  static NTSTATUS SetOPMSigningKeyAndSequenceNumbersAction(
-      const ClientInfo& client_info,
-      HANDLE protected_output,
-      void* parameters);
-  static NTSTATUS ConfigureOPMProtectedOutputAction(
-      const ClientInfo& client_info,
-      HANDLE protected_output,
-      void* parameters_ptr);
-  static NTSTATUS GetOPMInformationAction(const ClientInfo& client_info,
-                                          HANDLE protected_output,
-                                          void* parameters_ptr,
-                                          void* requested_information_ptr);
-  static NTSTATUS DestroyOPMProtectedOutputAction(HANDLE protected_output);
-  static void SetOverrideForTestCallback(OverrideForTestFunction callback);
-  static OverrideForTestFunction GetOverrideForTestCallback();
- private:
-  static OverrideForTestFunction override_callback_;
 };
 }  // namespace sandbox

--- a/sandbox/win/src/process_mitigations_win32k_unittest.cc
+++ b/sandbox/win/src/process_mitigations_win32k_unittest.cc
--- a/sandbox/win/src/sandbox_policy.h
+++ b/sandbox/win/src/sandbox_policy.h
@@ -59,9 +59,6 @@ class TargetPolicy {
    FAKE_USER_GDI_INIT,     // Fakes user32 and gdi32 initialization. This can
                            // be used to allow the DLLs to load and initialize
                            // even if the process cannot access that subsystem.
-    IMPLEMENT_OPM_APIS,     // Implements FAKE_USER_GDI_INIT and also exposes
-                            // IPC calls to handle Output Protection Manager
-                            // APIs.
    SIGNED_ALLOW_LOAD       // Allows loading the module when CIG is enabled.
  };
@@ -257,11 +254,6 @@ class TargetPolicy {
  // the default DACL.
  virtual void AddRestrictingRandomSid() = 0;
-  // Enable OPM API redirection when in Win32k lockdown.
-  virtual void SetEnableOPMRedirection() = 0;
-  // Enable OPM API emulation when in Win32k lockdown.
-  virtual bool GetEnableOPMRedirection() = 0;
  // Configure policy to use an AppContainer profile. |package_name| is the
  // name of the profile to use. Specifying True for |create_profile| ensures
  // the profile exists, if set to False process creation will fail if the

--- a/sandbox/win/src/sandbox_policy_base.cc
+++ b/sandbox/win/src/sandbox_policy_base.cc
@@ -111,7 +111,6 @@ PolicyBase::PolicyBase()
      lowbox_sid_(nullptr),
      lockdown_default_dacl_(false),
      add_restricting_random_sid_(false),
-      enable_opm_redirection_(false),
      effective_token_(nullptr) {
  ::InitializeCriticalSection(&lock_);
  dispatcher_.reset(new TopLevelDispatcher(this));
@@ -636,14 +635,6 @@ HANDLE PolicyBase::GetStderrHandle() {
  return stderr_handle_;
 }
-void PolicyBase::SetEnableOPMRedirection() {
-  enable_opm_redirection_ = true;
-}
-bool PolicyBase::GetEnableOPMRedirection() {
-  return enable_opm_redirection_;
-}
 ResultCode PolicyBase::AddAppContainerProfile(const wchar_t* package_name,
                                              bool create_profile) {
  if (base::win::GetVersion() < base::win::Version::WIN8)

--- a/sandbox/win/src/sandbox_policy_base.h
+++ b/sandbox/win/src/sandbox_policy_base.h
@@ -75,8 +75,6 @@ class PolicyBase final : public TargetPolicy {
  void AddHandleToShare(HANDLE handle) override;
  void SetLockdownDefaultDacl() override;
  void AddRestrictingRandomSid() override;
-  void SetEnableOPMRedirection() override;
-  bool GetEnableOPMRedirection() override;
  ResultCode AddAppContainerProfile(const wchar_t* package_name,
                                    bool create_profile) override;
  scoped_refptr<AppContainerProfile> GetAppContainerProfile() override;
@@ -192,7 +190,6 @@ class PolicyBase final : public TargetPolicy {
  // This list contains handles other than the stderr/stdout handles which are
  // shared with the target at times.
  base::HandlesToInheritVector handles_to_share_;
-  bool enable_opm_redirection_;
  scoped_refptr<AppContainerProfileBase> app_container_profile_;

--- a/sandbox/win/src/sandbox_policy_diagnostic.cc
+++ b/sandbox/win/src/sandbox_policy_diagnostic.cc
@@ -172,30 +172,6 @@ std::string GetIpcTagAsString(IpcTag service) {
      return "RegisterClassW";
    case IpcTag::CREATETHREAD:
      return "CreateThread";
-    case IpcTag::USER_ENUMDISPLAYMONITORS:
-      return "EnumDisplayMonitors";
-    case IpcTag::USER_ENUMDISPLAYDEVICES:
-      return "EnumDisplayDevices";
-    case IpcTag::USER_GETMONITORINFO:
-      return "GetMonitorInfo";
-    case IpcTag::GDI_CREATEOPMPROTECTEDOUTPUTS:
-      return "CreateOPMProtectedOutputs";
-    case IpcTag::GDI_GETCERTIFICATE:
-      return "GetCertificate";
-    case IpcTag::GDI_GETCERTIFICATESIZE:
-      return "GetCertificateSize";
-    case IpcTag::GDI_DESTROYOPMPROTECTEDOUTPUT:
-      return "DestroyOPMProtectedOutput";
-    case IpcTag::GDI_CONFIGUREOPMPROTECTEDOUTPUT:
-      return "ConfigureOPMProtectedOutput";
-    case IpcTag::GDI_GETOPMINFORMATION:
-      return "GetOPMInformation";
-    case IpcTag::GDI_GETOPMRANDOMNUMBER:
-      return "GetOPMRandomNumber";
-    case IpcTag::GDI_GETSUGGESTEDOPMPROTECTEDOUTPUTARRAYSIZE:
-      return "GetSuggestedOPMProtectedOutputArraySize";
-    case IpcTag::GDI_SETOPMSIGNINGKEYANDSEQUENCENUMBERS:
-      return "SetOPMSigningKeyAndSequenceNumbers";
    case IpcTag::NTCREATESECTION:
      return "NtCreateSection";
    case IpcTag::LAST:

--- a/sandbox/win/src/top_level_dispatcher.cc
+++ b/sandbox/win/src/top_level_dispatcher.cc
@@ -65,27 +65,6 @@ TopLevelDispatcher::TopLevelDispatcher(PolicyBase* policy) : policy_(policy) {
  ipc_targets_[static_cast<size_t>(IpcTag::GDI_GDIDLLINITIALIZE)] = dispatcher;
  ipc_targets_[static_cast<size_t>(IpcTag::GDI_GETSTOCKOBJECT)] = dispatcher;
  ipc_targets_[static_cast<size_t>(IpcTag::USER_REGISTERCLASSW)] = dispatcher;
-  ipc_targets_[static_cast<size_t>(IpcTag::USER_ENUMDISPLAYMONITORS)] =
-      dispatcher;
-  ipc_targets_[static_cast<size_t>(IpcTag::USER_ENUMDISPLAYDEVICES)] =
-      dispatcher;
-  ipc_targets_[static_cast<size_t>(IpcTag::USER_GETMONITORINFO)] = dispatcher;
-  ipc_targets_[static_cast<size_t>(IpcTag::GDI_CREATEOPMPROTECTEDOUTPUTS)] =
-      dispatcher;
-  ipc_targets_[static_cast<size_t>(IpcTag::GDI_GETCERTIFICATE)] = dispatcher;
-  ipc_targets_[static_cast<size_t>(IpcTag::GDI_GETCERTIFICATESIZE)] =
-      dispatcher;
-  ipc_targets_[static_cast<size_t>(IpcTag::GDI_DESTROYOPMPROTECTEDOUTPUT)] =
-      dispatcher;
-  ipc_targets_[static_cast<size_t>(IpcTag::GDI_CONFIGUREOPMPROTECTEDOUTPUT)] =
-      dispatcher;
-  ipc_targets_[static_cast<size_t>(IpcTag::GDI_GETOPMINFORMATION)] = dispatcher;
-  ipc_targets_[static_cast<size_t>(IpcTag::GDI_GETOPMRANDOMNUMBER)] =
-      dispatcher;
-  ipc_targets_[static_cast<size_t>(
-      IpcTag::GDI_GETSUGGESTEDOPMPROTECTEDOUTPUTARRAYSIZE)] = dispatcher;
-  ipc_targets_[static_cast<size_t>(
-      IpcTag::GDI_SETOPMSIGNINGKEYANDSEQUENCENUMBERS)] = dispatcher;
  process_mitigations_win32k_dispatcher_.reset(dispatcher);
  dispatcher = new SignedDispatcher(policy_);