Initialize NSS in the PPAPI process for ClearKey CDM.

crypto/nss_util.h

Index: crypto/nss_util.h
diff --git a/crypto/nss_util.h b/crypto/nss_util.h
index 9e09d6db47eb390c2246ed2f3c81d13f3820bab8..a83ac4482bab23a5d50999a73203ad5d744982d3 100644
--- a/crypto/nss_util.h
+++ b/crypto/nss_util.h
@@ -36,6 +36,16 @@ CRYPTO_EXPORT void EarlySetupForNSSInit();
 // thread-safe, and NSPR will only ever be initialized once.
 CRYPTO_EXPORT void EnsureNSPRInit();
 
+// Initialize NSS safely for strict sandboxing.  This function makes sure that
+// NSS is initialized safely and will have proper entropy in a restricted,
+// sandboxed environment.
+//
+// As a defense in depth measure, this function should be called in a sandboxed
+// environment to make sure NSS will not load security modules that could
+// expose private data and keys.  Make sure to get an LGTM from security
+// if you use this.
+CRYPTO_EXPORT void WarmUpNSSSafely();
+
 // Initialize NSS if it isn't already initialized.  This must be called before
 // any other NSS functions.  This function is thread-safe, and NSS will only
 // ever be initialized once.
@@ -58,7 +68,7 @@ CRYPTO_EXPORT void EnsureNSSInit();
 // WARNING: Use this with caution.
 CRYPTO_EXPORT void ForceNSSNoDBInit();
 
-// This methods is used to disable checks in NSS when used in a forked process.
+// This method is used to disable checks in NSS when used in a forked process.
 // NSS checks whether it is running a forked process to avoid problems when
 // using user security modules in a forked process.  However if we are sure
 // there are no modules loaded before the process is forked then there is no