NaCl: Supply Windows handle-passing function

content/common/sandbox_policy.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/sandbox_policy.h"
 
 #include <string>
 
 #include "base/command_line.h"
 #include "base/debug/debugger.h"
@@ skipping 365 matching lines @@
   AddGenericDllEvictionPolicy(policy);
 #endif
   return true;
 }
 
 bool AddPolicyForRenderer(sandbox::TargetPolicy* policy) {
   // Renderers need to copy sections for plugin DIBs.
   sandbox::ResultCode result;
   result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
                            sandbox::TargetPolicy::HANDLES_DUP_ANY,
-                           L"Section");
+                           L"*");

[jschuh, 2012/04/12 22:42:03]

Does this really need to be "*"?

[Mark Seaborn, 2012/04/13 00:50:28]

OK, I wasn't sure if listing handle types bought us much, but I suppose it's
worth it as a sanity check.  It turns out all of NaCl's handle use should be
covered by whitelisting the File type (for named pipe handles and shared
memory).  Changed.

   if (result != sandbox::SBOX_ALL_OK) {
     NOTREACHED();
     return false;
   }
 
   policy->SetJobLevel(sandbox::JOB_LOCKDOWN, 0);
 
   sandbox::TokenLevel initial_token = sandbox::USER_UNPROTECTED;
   if (base::win::GetVersion() > base::win::VERSION_XP) {
     // On 2003/Vista the initial token has to be restricted if the main
@@ skipping 72 matching lines @@
   }
 
   ResultCode result = g_target_services->DuplicateHandle(source_handle,
                                                          target_process_id,
                                                          target_handle,
                                                          desired_access,
                                                          options);
   return SBOX_ALL_OK == result;
 }
 
+bool BrokerAddTargetPeer(HANDLE peer_process) {
+  ResultCode result = g_broker_services->AddTargetPeer(peer_process);
+  return SBOX_ALL_OK == result;
+}
+
 
 base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
                                            const FilePath& exposed_dir) {
   const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess();
   content::ProcessType type;
   std::string type_str = cmd_line->GetSwitchValueASCII(switches::kProcessType);
   if (type_str == switches::kRendererProcess) {
     type = content::PROCESS_TYPE_RENDERER;
   } else if (type_str == switches::kPluginProcess) {
     type = content::PROCESS_TYPE_PLUGIN;
@@ skipping 175 matching lines @@
 
   // Help the process a little. It can't start the debugger by itself if
   // the process is in a sandbox.
   if (child_needs_help)
     base::debug::SpawnDebuggerOnProcess(target.process_id());
 
   return target.TakeProcessHandle();
 }
 
 }  // namespace sandbox