NaCl: Supply Windows handle-passing function

content/common/sandbox_policy.cc

Index: content/common/sandbox_policy.cc
diff --git a/content/common/sandbox_policy.cc b/content/common/sandbox_policy.cc
index dd20e6bdf24da6ad84cb477d503cf125f045feea..a4349dd4d3c4304eb24f10efc334b256c2c4215d 100644
--- a/content/common/sandbox_policy.cc
+++ b/content/common/sandbox_policy.cc
@@ -383,7 +383,7 @@ bool AddPolicyForRenderer(sandbox::TargetPolicy* policy) {
   sandbox::ResultCode result;
   result = policy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
                            sandbox::TargetPolicy::HANDLES_DUP_ANY,
-                           L"Section");
+                           L"*");

[jschuh, 2012/04/12 22:42:03]

Does this really need to be "*"?

[Mark Seaborn, 2012/04/13 00:50:28]

OK, I wasn't sure if listing handle types bought us much, but I suppose it's
worth it as a sanity check.  It turns out all of NaCl's handle use should be
covered by whitelisting the File type (for named pipe handles and shared
memory).  Changed.

   if (result != sandbox::SBOX_ALL_OK) {
     NOTREACHED();
     return false;
@@ -476,6 +476,11 @@ bool BrokerDuplicateHandle(HANDLE source_handle,
   return SBOX_ALL_OK == result;
 }
 
+bool BrokerAddTargetPeer(HANDLE peer_process) {
+  ResultCode result = g_broker_services->AddTargetPeer(peer_process);
+  return SBOX_ALL_OK == result;
+}
+
 
 base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
                                            const FilePath& exposed_dir) {