BASELINE: Update Chromium to 72.0.3626.110 and Ninja to 1.9.0

Change-Id: Ic57220b00ecc929a893c91f5cc552f5d3e99e922
Reviewed-by: Michael Brüning <michael.bruning@qt.io>

15 files changed, 171 insertions, 129 deletions

diff --git a/chromium/sandbox/linux/PRESUBMIT.py b/chromium/sandbox/linux/PRESUBMIT.py
deleted file mode 100644
index d23105a01a1..00000000000
--- a/chromium/sandbox/linux/PRESUBMIT.py
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright 2017 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-def PostUploadHook(cl, change, output_api):
-  """git cl upload will call this hook after the issue is created/modified.
-
-  This will add extra trybot coverage for non-default Android architectures
-  that have a history of breaking with Seccomp changes.
-  """
-  def affects_seccomp(f):
-    seccomp_paths = [
-        'bpf_dsl/',
-        'seccomp-bpf/',
-        'seccomp-bpf-helpers/',
-        'system_headers/',
-        'tests/'
-        ]
-    # If the file path contains any of the above fragments, it affects
-    # the Seccomp implementation.
-    affected_any = map(lambda sp: sp in f.LocalPath(), seccomp_paths)
-    return reduce(lambda a, b: a or b, affected_any)
-
-  if not change.AffectedFiles(file_filter=affects_seccomp):
-    return []
-
-  return output_api.EnsureCQIncludeTrybotsAreAdded(
-      cl,
-      [
-        'luci.chromium.try:android_arm64_dbg_recipe',
-        'master.tryserver.chromium.android:android_compile_x64_dbg',
-        'master.tryserver.chromium.android:android_compile_x86_dbg',
-      ],
-      'Automatically added Android multi-arch compile bots to run on CQ.')
diff --git a/chromium/sandbox/linux/integration_tests/bpf_dsl_seccomp_unittest.cc b/chromium/sandbox/linux/integration_tests/bpf_dsl_seccomp_unittest.cc
index a984de1a781..b4b64d6aa8c 100644
--- a/chromium/sandbox/linux/integration_tests/bpf_dsl_seccomp_unittest.cc
+++ b/chromium/sandbox/linux/integration_tests/bpf_dsl_seccomp_unittest.cc
@@ -29,7 +29,7 @@
 #include "base/macros.h"
 #include "base/posix/eintr_wrapper.h"
 #include "base/synchronization/waitable_event.h"
-#include "base/sys_info.h"
+#include "base/system/sys_info.h"
 #include "base/threading/thread.h"
 #include "build/build_config.h"
 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
@@ -689,7 +689,7 @@ BPF_TEST_C(SandboxBPF, SigBus, RedirectAllSyscallsPolicy) {
   sa.sa_sigaction = SigBusHandler;
   sa.sa_flags = SA_SIGINFO;
   BPF_ASSERT(sigaction(SIGBUS, &sa, NULL) == 0);
-  raise(SIGBUS);
+  kill(getpid(), SIGBUS);
   char c = '\000';
   BPF_ASSERT(read(fds[0], &c, 1) == 1);
   BPF_ASSERT(close(fds[0]) == 0);
diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
index 793be730250..327da2bea41 100644
--- a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+++ b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
@@ -15,7 +15,7 @@
 #include "base/bind.h"
 #include "base/single_thread_task_runner.h"
 #include "base/synchronization/waitable_event.h"
-#include "base/sys_info.h"
+#include "base/system/sys_info.h"
 #include "base/threading/thread.h"
 #include "base/time/time.h"
 #include "build/build_config.h"
diff --git a/chromium/sandbox/linux/services/yama_unittests.cc b/chromium/sandbox/linux/services/yama_unittests.cc
index aaa2cb07569..0b3817e8dcc 100644
--- a/chromium/sandbox/linux/services/yama_unittests.cc
+++ b/chromium/sandbox/linux/services/yama_unittests.cc
@@ -14,7 +14,7 @@
 #include "base/compiler_specific.h"
 #include "base/posix/eintr_wrapper.h"
 #include "base/strings/string_util.h"
-#include "base/sys_info.h"
+#include "base/system/sys_info.h"
 #include "sandbox/linux/services/scoped_process.h"
 #include "sandbox/linux/services/yama.h"
 #include "sandbox/linux/tests/unit_tests.h"
diff --git a/chromium/sandbox/linux/syscall_broker/broker_simple_message.cc b/chromium/sandbox/linux/syscall_broker/broker_simple_message.cc
index dd504da5d3c..970cac3768d 100644
--- a/chromium/sandbox/linux/syscall_broker/broker_simple_message.cc
+++ b/chromium/sandbox/linux/syscall_broker/broker_simple_message.cc
@@ -72,7 +72,7 @@ bool BrokerSimpleMessage::SendMsg(int fd, int send_fd) {
   msg.msg_iov = &iov;
   msg.msg_iovlen = 1;
 
-  const unsigned control_len = CMSG_SPACE(sizeof(int));
+  const unsigned control_len = CMSG_SPACE(sizeof(send_fd));
   char control_buffer[control_len];
   if (send_fd >= 0) {
     struct cmsghdr* cmsg;
@@ -81,8 +81,8 @@ bool BrokerSimpleMessage::SendMsg(int fd, int send_fd) {
     cmsg = CMSG_FIRSTHDR(&msg);
     cmsg->cmsg_level = SOL_SOCKET;
     cmsg->cmsg_type = SCM_RIGHTS;
-    cmsg->cmsg_len = CMSG_LEN(sizeof(int));
-    memcpy(CMSG_DATA(cmsg), &send_fd, sizeof(int));
+    cmsg->cmsg_len = CMSG_LEN(sizeof(send_fd));
+    memcpy(CMSG_DATA(cmsg), &send_fd, sizeof(send_fd));
     msg.msg_controllen = cmsg->cmsg_len;
   }
 
@@ -108,10 +108,10 @@ ssize_t BrokerSimpleMessage::RecvMsgWithFlags(int fd,
 
 #if defined(OS_NACL_NONSFI)
   const size_t kControlBufferSize =
-      CMSG_SPACE(sizeof(int) * base::UnixDomainSocket::kMaxFileDescriptors);
+      CMSG_SPACE(sizeof(fd) * base::UnixDomainSocket::kMaxFileDescriptors);
 #else
   const size_t kControlBufferSize =
-      CMSG_SPACE(sizeof(int) * base::UnixDomainSocket::kMaxFileDescriptors) +
+      CMSG_SPACE(sizeof(fd) * base::UnixDomainSocket::kMaxFileDescriptors) +
       // The PNaCl toolchain for Non-SFI binary build does not support ucred.
       CMSG_SPACE(sizeof(struct ucred));
 #endif  // defined(OS_NACL_NONSFI)
@@ -133,10 +133,10 @@ ssize_t BrokerSimpleMessage::RecvMsgWithFlags(int fd,
     for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
       const size_t payload_len = cmsg->cmsg_len - CMSG_LEN(0);
       if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
-        DCHECK_EQ(payload_len % sizeof(int), 0u);
+        DCHECK_EQ(payload_len % sizeof(fd), 0u);
         DCHECK_EQ(wire_fds, static_cast<void*>(nullptr));
         wire_fds = reinterpret_cast<int*>(CMSG_DATA(cmsg));
-        wire_fds_len = payload_len / sizeof(int);
+        wire_fds_len = payload_len / sizeof(fd);
       }
 #if !defined(OS_NACL_NONSFI)
       // The PNaCl toolchain for Non-SFI binary build does not support
@@ -222,7 +222,7 @@ bool BrokerSimpleMessage::AddIntToMessage(int data) {
   write_only_ = true;  // Message should only be written to going forward.
 
   base::CheckedNumeric<size_t> safe_length(length_);
-  safe_length += sizeof(int);
+  safe_length += sizeof(data);
   safe_length += sizeof(EntryType);
 
   if (!safe_length.IsValid() || safe_length.ValueOrDie() > kMaxMessageLength) {
@@ -234,8 +234,8 @@ bool BrokerSimpleMessage::AddIntToMessage(int data) {
 
   memcpy(write_next_, &type, sizeof(EntryType));
   write_next_ += sizeof(EntryType);
-  memcpy(write_next_, &data, sizeof(int));
-  write_next_ += sizeof(int);
+  memcpy(write_next_, &data, sizeof(data));
+  write_next_ += sizeof(data);
   length_ = write_next_ - message_;
 
   return true;
@@ -295,12 +295,12 @@ bool BrokerSimpleMessage::ReadInt(int* result) {
     return false;
   }
 
-  if ((read_next_ + sizeof(int)) > (message_ + length_)) {
+  if ((read_next_ + sizeof(*result)) > (message_ + length_)) {
     broken_ = true;
     return false;
   }
-  memcpy(result, read_next_, sizeof(int));
-  read_next_ = read_next_ + sizeof(int);
+  memcpy(result, read_next_, sizeof(*result));
+  read_next_ = read_next_ + sizeof(*result);
   return true;
 }
 
diff --git a/chromium/sandbox/mac/sandbox_logging.cc b/chromium/sandbox/mac/sandbox_logging.cc
index 933776a2b34..4eebcea13d1 100644
--- a/chromium/sandbox/mac/sandbox_logging.cc
+++ b/chromium/sandbox/mac/sandbox_logging.cc
@@ -93,6 +93,12 @@ void SendAslLog(Level level, const char* message) {
   asl_set(asl_message.get(), ASL_KEY_LEVEL, asl_level_string.c_str());
   asl_set(asl_message.get(), ASL_KEY_MSG, message);
   asl_send(asl_client.get(), asl_message.get());
+
+  if (__builtin_available(macOS 10.11, *)) {
+    if (level == Level::FATAL) {
+      abort_report_np(message);
+    }
+  }
 }
 
 // |error| is strerror(errno) when a P* logging function is called. Pass
@@ -122,17 +128,6 @@ void DoLogging(Level level,
     SendAslLog(level, "warning: previous log message truncated");
 }
 
-void AnnotateCrash(const char* fmt, va_list args) {
-  if (__builtin_available(macOS 10.11, *)) {
-    char message[4096];
-    int ret = vsnprintf(message, sizeof(message), fmt, args);
-
-    if (ret >= 0) {
-      abort_report_np(message);
-    }
-  }
-}
-
 }  // namespace
 
 void Info(const char* fmt, ...) {
@@ -162,10 +157,6 @@ void Fatal(const char* fmt, ...) {
   DoLogging(Level::FATAL, fmt, args, nullptr);
   va_end(args);
 
-  va_start(args, fmt);
-  AnnotateCrash(fmt, args);
-  va_end(args);
-
   ABORT();
 }
 
@@ -184,10 +175,6 @@ void PFatal(const char* fmt, ...) {
   DoLogging(Level::FATAL, fmt, args, &error);
   va_end(args);
 
-  va_start(args, fmt);
-  AnnotateCrash(fmt, args);
-  va_end(args);
-
   ABORT();
 }
 
diff --git a/chromium/sandbox/win/BUILD.gn b/chromium/sandbox/win/BUILD.gn
index 5b41184003c..2acc1c9a2f7 100644
--- a/chromium/sandbox/win/BUILD.gn
+++ b/chromium/sandbox/win/BUILD.gn
@@ -140,7 +140,7 @@ static_library("sandbox") {
     "src/window.h",
   ]
 
-  if (current_cpu == "x64") {
+  if (current_cpu == "x64" || current_cpu == "arm64") {
     sources += [
       "src/interceptors_64.cc",
       "src/interceptors_64.h",
diff --git a/chromium/sandbox/win/src/lpc_policy_test.cc b/chromium/sandbox/win/src/lpc_policy_test.cc
index 224add7db86..3b3269708c7 100644
--- a/chromium/sandbox/win/src/lpc_policy_test.cc
+++ b/chromium/sandbox/win/src/lpc_policy_test.cc
@@ -12,6 +12,7 @@
 #include <winioctl.h>
 
 #include "base/win/windows_version.h"
+#include "build/build_config.h"
 #include "sandbox/win/src/heap_helper.h"
 #include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/sandbox_factory.h"
@@ -208,7 +209,14 @@ TEST(LpcPolicyTest, TestCanFindCsrPortHeap) {
   EXPECT_NE(nullptr, csr_port_handle);
 }
 
-TEST(LpcPolicyTest, TestHeapFlags) {
+// Fails on Windows ARM64: https://crbug.com/905328
+#if defined(ARCH_CPU_ARM64)
+#define MAYBE_TestHeapFlags DISABLED_TestHeapFlags
+#else
+#define MAYBE_TestHeapFlags TestHeapFlags
+#endif
+
+TEST(LpcPolicyTest, MAYBE_TestHeapFlags) {
   if (!CsrssDisconnectSupported()) {
     // This functionality has not been verified on versions before Win10.
     return;
diff --git a/chromium/sandbox/win/src/process_policy_test.cc b/chromium/sandbox/win/src/process_policy_test.cc
index 46e739873d2..8d5dcbe3fbe 100644
--- a/chromium/sandbox/win/src/process_policy_test.cc
+++ b/chromium/sandbox/win/src/process_policy_test.cc
@@ -11,6 +11,7 @@
 #include "base/win/scoped_handle.h"
 #include "base/win/scoped_process_information.h"
 #include "base/win/windows_version.h"
+#include "build/build_config.h"
 #include "sandbox/win/src/process_thread_interception.h"
 #include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/sandbox_factory.h"
@@ -419,7 +420,13 @@ TEST(ProcessPolicyTest, CreateProcessAW) {
 }
 
 // Tests that the broker correctly handles a process crashing within the job.
-TEST(ProcessPolicyTest, CreateProcessCrashy) {
+// Fails on Windows ARM64: https://crbug.com/905526
+#if defined(ARCH_CPU_ARM64)
+#define MAYBE_CreateProcessCrashy DISABLED_CreateProcessCrashy
+#else
+#define MAYBE_CreateProcessCrashy CreateProcessCrashy
+#endif
+TEST(ProcessPolicyTest, MAYBE_CreateProcessCrashy) {
   TestRunner runner;
   EXPECT_EQ(static_cast<int>(STATUS_BREAKPOINT),
             runner.RunTest(L"Process_Crash"));
diff --git a/chromium/sandbox/win/src/registry_interception.cc b/chromium/sandbox/win/src/registry_interception.cc
index 11a77817e81..4d381a948b0 100644
--- a/chromium/sandbox/win/src/registry_interception.cc
+++ b/chromium/sandbox/win/src/registry_interception.cc
@@ -67,24 +67,26 @@ NTSTATUS WINAPI TargetNtCreateKey(NtCreateKeyFunction orig_CreateKey,
     CountedParameterSet<OpenKey> params;
     params[OpenKey::ACCESS] = ParamPickerMake(desired_access_uint32);
 
-    wchar_t* full_name = nullptr;
-    const wchar_t* name_ptr = name.get();
-
-    if (root_directory) {
-      ret =
-          sandbox::AllocAndGetFullPath(root_directory, name.get(), &full_name);
-      if (!NT_SUCCESS(ret) || !full_name)
-        break;
-      params[OpenKey::NAME] = ParamPickerMake(full_name);
-    } else {
-      params[OpenKey::NAME] = ParamPickerMake(name_ptr);
+    bool query_broker = false;
+    {
+      std::unique_ptr<wchar_t, NtAllocDeleter> full_name;
+      const wchar_t* name_ptr = name.get();
+      const wchar_t* full_name_ptr = nullptr;
+
+      if (root_directory) {
+        ret = sandbox::AllocAndGetFullPath(root_directory, name.get(),
+                                           &full_name);
+        if (!NT_SUCCESS(ret) || !full_name)
+          break;
+        full_name_ptr = full_name.get();
+        params[OpenKey::NAME] = ParamPickerMake(full_name_ptr);
+      } else {
+        params[OpenKey::NAME] = ParamPickerMake(name_ptr);
+      }
+
+      query_broker = QueryBroker(IPC_NTCREATEKEY_TAG, params.GetBase());
     }
 
-    bool query_broker = QueryBroker(IPC_NTCREATEKEY_TAG, params.GetBase());
-
-    if (full_name)
-      operator delete(full_name, NT_ALLOC);
-
     if (!query_broker)
       break;
 
@@ -150,24 +152,26 @@ NTSTATUS WINAPI CommonNtOpenKey(NTSTATUS status,
     CountedParameterSet<OpenKey> params;
     params[OpenKey::ACCESS] = ParamPickerMake(desired_access_uint32);
 
-    wchar_t* full_name = nullptr;
-    const wchar_t* name_ptr = name.get();
-
-    if (root_directory) {
-      ret =
-          sandbox::AllocAndGetFullPath(root_directory, name.get(), &full_name);
-      if (!NT_SUCCESS(ret) || !full_name)
-        break;
-      params[OpenKey::NAME] = ParamPickerMake(full_name);
-    } else {
-      params[OpenKey::NAME] = ParamPickerMake(name_ptr);
+    bool query_broker = false;
+    {
+      std::unique_ptr<wchar_t, NtAllocDeleter> full_name;
+      const wchar_t* name_ptr = name.get();
+      const wchar_t* full_name_ptr = nullptr;
+
+      if (root_directory) {
+        ret = sandbox::AllocAndGetFullPath(root_directory, name.get(),
+                                           &full_name);
+        if (!NT_SUCCESS(ret) || !full_name)
+          break;
+        full_name_ptr = full_name.get();
+        params[OpenKey::NAME] = ParamPickerMake(full_name_ptr);
+      } else {
+        params[OpenKey::NAME] = ParamPickerMake(name_ptr);
+      }
+
+      query_broker = QueryBroker(IPC_NTOPENKEY_TAG, params.GetBase());
     }
 
-    bool query_broker = QueryBroker(IPC_NTOPENKEY_TAG, params.GetBase());
-
-    if (full_name)
-      operator delete(full_name, NT_ALLOC);
-
     if (!query_broker)
       break;
 
diff --git a/chromium/sandbox/win/src/resolver_64.cc b/chromium/sandbox/win/src/resolver_64.cc
index 19c4ec7604d..c6c8868832f 100644
--- a/chromium/sandbox/win/src/resolver_64.cc
+++ b/chromium/sandbox/win/src/resolver_64.cc
@@ -14,6 +14,8 @@
 
 namespace {
 
+#if defined(_M_X64)
+
 const USHORT kMovRax = 0xB848;
 const USHORT kJmpRax = 0xe0ff;
 
@@ -36,6 +38,32 @@ struct InternalThunk {
 };
 #pragma pack(pop)
 
+#elif defined(_M_ARM64)
+
+const ULONG kLdrX16Pc4 = 0x58000050;
+const ULONG kBrX16 = 0xD61F0200;
+
+#pragma pack(push, 4)
+struct InternalThunk {
+  // This struct contains roughly the following code:
+  // 00 58000050 ldr x16, pc+4
+  // 04 D61F0200 br x16
+  // 08 123456789ABCDEF0H
+
+  InternalThunk() {
+    ldr_x16_pc4 = kLdrX16Pc4;
+    br_x16 = kBrX16;
+    interceptor_function = 0;
+  };
+  ULONG ldr_x16_pc4;
+  ULONG br_x16;
+  ULONG_PTR interceptor_function;
+};
+#pragma pack(pop)
+#else
+#error "Unsupported Windows 64-bit Arch"
+#endif
+
 }  // namespace.
 
 namespace sandbox {
diff --git a/chromium/sandbox/win/src/sandbox_nt_util.cc b/chromium/sandbox/win/src/sandbox_nt_util.cc
index b4f6ab973db..f71177fd7a9 100644
--- a/chromium/sandbox/win/src/sandbox_nt_util.cc
+++ b/chromium/sandbox/win/src/sandbox_nt_util.cc
@@ -228,14 +228,15 @@ NTSTATUS CopyData(void* destination, const void* source, size_t bytes) {
   return ret;
 }
 
-NTSTATUS AllocAndGetFullPath(HANDLE root, wchar_t* path, wchar_t** full_path) {
+NTSTATUS AllocAndGetFullPath(
+    HANDLE root,
+    const wchar_t* path,
+    std::unique_ptr<wchar_t, NtAllocDeleter>* full_path) {
   if (!InitHeap())
     return STATUS_NO_MEMORY;
 
   DCHECK_NT(full_path);
   DCHECK_NT(path);
-  *full_path = nullptr;
-  OBJECT_NAME_INFORMATION* handle_name = nullptr;
   NTSTATUS ret = STATUS_UNSUCCESSFUL;
   __try {
     do {
@@ -247,14 +248,15 @@ NTSTATUS AllocAndGetFullPath(HANDLE root, wchar_t* path, wchar_t** full_path) {
       // Query the name information a first time to get the size of the name.
       ret = NtQueryObject(root, ObjectNameInformation, nullptr, 0, &size);
 
+      std::unique_ptr<OBJECT_NAME_INFORMATION, NtAllocDeleter> handle_name;
       if (size) {
-        handle_name = reinterpret_cast<OBJECT_NAME_INFORMATION*>(
-            new (NT_ALLOC) BYTE[size]);
+        handle_name.reset(reinterpret_cast<OBJECT_NAME_INFORMATION*>(
+            new (NT_ALLOC) BYTE[size]));
 
         // Query the name information a second time to get the name of the
         // object referenced by the handle.
-        ret = NtQueryObject(root, ObjectNameInformation, handle_name, size,
-                            &size);
+        ret = NtQueryObject(root, ObjectNameInformation, handle_name.get(),
+                            size, &size);
       }
 
       if (STATUS_SUCCESS != ret)
@@ -263,10 +265,10 @@ NTSTATUS AllocAndGetFullPath(HANDLE root, wchar_t* path, wchar_t** full_path) {
       // Space for path + '\' + name + '\0'.
       size_t name_length =
           handle_name->ObjectName.Length + (wcslen(path) + 2) * sizeof(wchar_t);
-      *full_path = new (NT_ALLOC) wchar_t[name_length / sizeof(wchar_t)];
+      full_path->reset(new (NT_ALLOC) wchar_t[name_length / sizeof(wchar_t)]);
       if (!*full_path)
         break;
-      wchar_t* off = *full_path;
+      wchar_t* off = full_path->get();
       ret = CopyData(off, handle_name->ObjectName.Buffer,
                      handle_name->ObjectName.Length);
       if (!NT_SUCCESS(ret))
@@ -284,16 +286,8 @@ NTSTATUS AllocAndGetFullPath(HANDLE root, wchar_t* path, wchar_t** full_path) {
     ret = GetExceptionCode();
   }
 
-  if (!NT_SUCCESS(ret)) {
-    if (*full_path) {
-      operator delete(*full_path, NT_ALLOC);
-      *full_path = nullptr;
-    }
-    if (handle_name) {
-      operator delete(handle_name, NT_ALLOC);
-      handle_name = nullptr;
-    }
-  }
+  if (!NT_SUCCESS(ret) && *full_path)
+    full_path->reset(nullptr);
 
   return ret;
 }
diff --git a/chromium/sandbox/win/src/sandbox_nt_util.h b/chromium/sandbox/win/src/sandbox_nt_util.h
index 1e777c75f5c..08880d19299 100644
--- a/chromium/sandbox/win/src/sandbox_nt_util.h
+++ b/chromium/sandbox/win/src/sandbox_nt_util.h
@@ -60,7 +60,7 @@ void __cdecl operator delete(void* memory,
 
 namespace sandbox {
 
-#if defined(_M_X64)
+#if defined(_M_X64) || defined(_M_ARM64)
 #pragma intrinsic(_InterlockedCompareExchange)
 #pragma intrinsic(_InterlockedCompareExchangePointer)
 
@@ -119,7 +119,10 @@ NTSTATUS AllocAndCopyName(const OBJECT_ATTRIBUTES* in_object,
                           HANDLE* root);
 
 // Determine full path name from object root and path.
-NTSTATUS AllocAndGetFullPath(HANDLE root, wchar_t* path, wchar_t** full_path);
+NTSTATUS AllocAndGetFullPath(
+    HANDLE root,
+    const wchar_t* path,
+    std::unique_ptr<wchar_t, NtAllocDeleter>* full_path);
 
 // Initializes our ntdll level heap
 bool InitHeap();
diff --git a/chromium/sandbox/win/src/service_resolver_64.cc b/chromium/sandbox/win/src/service_resolver_64.cc
index 56af8ba8e01..23aaed8d9c1 100644
--- a/chromium/sandbox/win/src/service_resolver_64.cc
+++ b/chromium/sandbox/win/src/service_resolver_64.cc
@@ -12,6 +12,7 @@
 #include "sandbox/win/src/win_utils.h"
 
 namespace {
+#if defined(_M_X64)
 #pragma pack(push, 1)
 
 const ULONG kMmovR10EcxMovEax = 0xB8D18B4C;
@@ -129,6 +130,44 @@ bool IsServiceWithInt2E(const void* source) {
           kRet == service->ret && kRet == service->ret2);
 }
 
+bool IsAnyService(const void* source) {
+  return IsService(source) || IsServiceW8(source) || IsServiceWithInt2E(source);
+}
+
+#elif defined(_M_ARM64)
+#pragma pack(push, 4)
+
+const ULONG kSvc = 0xD4000001;
+const ULONG kRetNp = 0xD65F03C0;
+const ULONG kServiceIdMask = 0x001FFFE0;
+
+struct ServiceEntry {
+  ULONG svc;
+  ULONG ret;
+  ULONG64 unused;
+};
+
+struct ServiceFullThunk {
+  ServiceEntry original;
+};
+
+#pragma pack(pop)
+
+bool IsService(const void* source) {
+  const ServiceEntry* service = reinterpret_cast<const ServiceEntry*>(source);
+
+  return (kSvc == (service->svc & ~kServiceIdMask) && kRetNp == service->ret &&
+          0 == service->unused);
+}
+
+bool IsAnyService(const void* source) {
+  return IsService(source);
+}
+
+#else
+#error "Unsupported Windows 64-bit Arch"
+#endif
+
 };  // namespace
 
 namespace sandbox {
@@ -201,8 +240,7 @@ bool ServiceResolverThunk::IsFunctionAService(void* local_thunk) const {
   if (sizeof(function_code) != read)
     return false;
 
-  if (!IsService(&function_code) && !IsServiceW8(&function_code) &&
-      !IsServiceWithInt2E(&function_code))
+  if (!IsAnyService(&function_code))
     return false;
 
   // Save the verified code.
diff --git a/chromium/sandbox/win/src/unload_dll_test.cc b/chromium/sandbox/win/src/unload_dll_test.cc
index dbb876fba1e..0acb178987f 100644
--- a/chromium/sandbox/win/src/unload_dll_test.cc
+++ b/chromium/sandbox/win/src/unload_dll_test.cc
@@ -3,6 +3,7 @@
 // found in the LICENSE file.
 
 #include "base/win/scoped_handle.h"
+#include "build/build_config.h"
 #include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/sandbox_factory.h"
 #include "sandbox/win/src/target_services.h"
@@ -40,7 +41,13 @@ SBOX_TESTS_COMMAND int SimpleOpenEvent(int argc, wchar_t** argv) {
   return event_open.Get() ? SBOX_TEST_SUCCEEDED : SBOX_TEST_FAILED;
 }
 
-TEST(UnloadDllTest, BaselineAvicapDll) {
+// Fails on Windows ARM64: https://crbug.com/905526
+#if defined(ARCH_CPU_ARM64)
+#define MAYBE_BaselineAvicapDll DISABLED_BaselineAvicapDll
+#else
+#define MAYBE_BaselineAvicapDll BaselineAvicapDll
+#endif
+TEST(UnloadDllTest, MAYBE_BaselineAvicapDll) {
   TestRunner runner;
   runner.SetTestState(BEFORE_REVERT);
   runner.SetTimeout(2000);