In preparation for adding appcontainer token to renderer, these are content side changes.

In this CL, we add appcontainer related attributes in PreSpawnTarget for renderer. Though we modify policy here, it is still not being honored, that will happen in next CL.

BUG=455496
R=cpu, jschuh, rvargas

Review URL: https://codereview.chromium.org/949943003

Cr-Commit-Position: refs/heads/master@{#319208}

content/browser/renderer_host/render_process_host_impl.cc

@@ -167,8 +167,10 @@
 
 #if defined(OS_WIN)
 #include "base/win/scoped_com_initializer.h"
+#include "base/win/windows_version.h"
 #include "content/common/font_cache_dispatcher_win.h"
 #include "content/common/sandbox_win.h"
+#include "sandbox/win/src/sandbox_policy.h"
 #include "ui/gfx/win/dpi.h"
 #endif
 
@@ -327,6 +329,20 @@ class RendererSandboxedProcessLauncherDelegate
   virtual void PreSpawnTarget(sandbox::TargetPolicy* policy,
                               bool* success) {
     AddBaseHandleClosePolicy(policy);
+
+    if (base::win::GetVersion() >= base::win::VERSION_WIN8) {
+      // TODO(shrikant): Check if these constants should be different across
+      // various versions of Chromium code base or could be same.
+      // If there should be different SID per channel then move this code
+      // in chrome rather than content and assign SID based on
+      // VersionInfo::GetChannel().
+      const wchar_t kAppContainerSid[] =
+          L"S-1-15-2-3251537155-1984446955-2931258699-841473695-1938553385-"
+          L"924012148-129201922";
+
+      policy->SetLowBox(kAppContainerSid);
+    }
+
     GetContentClient()->browser()->PreSpawnRenderer(policy, success);
   }