Implement SharedMemory::NewAnonymousReadOnly(contents).

base/memory/shared_memory_nacl.cc

Index: base/memory/shared_memory_nacl.cc
diff --git a/base/memory/shared_memory_nacl.cc b/base/memory/shared_memory_nacl.cc
index bc2a98dfdf65551e5ab3abd507aabaefd8f72502..93c1002619189634177bc72d2194c2ace658a049 100644
--- a/base/memory/shared_memory_nacl.cc
+++ b/base/memory/shared_memory_nacl.cc
@@ -140,7 +140,13 @@ void SharedMemory::Unlock() {
 
 bool SharedMemory::ShareToProcessCommon(ProcessHandle process,
                                         SharedMemoryHandle *new_handle,
-                                        bool close_self) {
+                                        bool close_self,
+                                        ShareMode share_mode) {
+  if (share_mode == SHARE_READONLY) {
+    // Untrusted code can't create descriptors or handles, which is needed to
+    // drop permissions.
+    return false;
+  }
   const int new_fd = dup(mapped_file_);
   if (new_fd < 0) {
     DPLOG(ERROR) << "dup() failed.";