Implement SharedMemory::NewAnonymousReadOnly(contents).

base/memory/shared_memory_nacl.cc

Index: base/memory/shared_memory_nacl.cc
diff --git a/base/memory/shared_memory_nacl.cc b/base/memory/shared_memory_nacl.cc
index bc2a98dfdf65551e5ab3abd507aabaefd8f72502..fbb0b87b32b9d29dde08f2fdca1e3fd1989976ba 100644
--- a/base/memory/shared_memory_nacl.cc
+++ b/base/memory/shared_memory_nacl.cc
@@ -139,8 +139,14 @@ void SharedMemory::Unlock() {
 }
 
 bool SharedMemory::ShareToProcessCommon(ProcessHandle process,
-                                        SharedMemoryHandle *new_handle,
-                                        bool close_self) {
+                                        SharedMemoryHandle* new_handle,
+                                        bool close_self,
+                                        ShareMode share_mode) {
+  if (share_mode == SHARE_READONLY) {
+    // Untrusted code can't create descriptors or handles, which is needed to
+    // drop permissions.
+    return false;
+  }
   const int new_fd = dup(mapped_file_);
   if (new_fd < 0) {
     DPLOG(ERROR) << "dup() failed.";