NaCl: Add sanity check for number of open FDs at startup

components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_NACL_LOADER_SANDBOX_LINUX_NACL_SANDBOX_LINUX_H_
 #define COMPONENTS_NACL_LOADER_SANDBOX_LINUX_NACL_SANDBOX_LINUX_H_
 
 #include "base/files/scoped_file.h"
 #include "base/macros.h"
+#include "base/memory/scoped_ptr.h"
+
+namespace sandbox {
+class SetuidSandboxClient;
+}
 
 namespace nacl {
 
 // NaClSandbox supports two independent layers of sandboxing.
 // layer-1 uses a chroot. It requires both InitializeLayerOneSandbox() and
 // SealLayerOneSandbox() to have been called to be enforcing.
 // layer-2 uses seccomp-bpf. It requires the layer-1 sandbox to not yet be
 // sealed when being engaged.
 // For the layer-1 sandbox to work, the current process must be a child of
 // the setuid sandbox. InitializeLayerOneSandbox() can only be called once
@@ skipping 34 matching lines @@
   // Seal the layer-1 sandbox, making it enforcing.
   void SealLayerOneSandbox();
   // Check that the current sandboxing state matches the level of sandboxing
   // expected for NaCl in the current configuration. Crash if it does not.
   void CheckSandboxingStateWithPolicy();
 
   bool layer_one_enabled() { return layer_one_enabled_; }
   bool layer_two_enabled() { return layer_two_enabled_; }
 
  private:
+  void CheckForExpectedNumberOfOpenFds();
+
   bool layer_one_enabled_;
   bool layer_one_sealed_;
   bool layer_two_enabled_;
   bool layer_two_is_nonsfi_;
   // |proc_fd_| must be released before the layer-1 sandbox is considered
   // enforcing.
   base::ScopedFD proc_fd_;
+  scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_;
   DISALLOW_COPY_AND_ASSIGN(NaClSandbox);
 };
 
 }  // namespace nacl
 
 #endif  // COMPONENTS_NACL_LOADER_SANDBOX_LINUX_NACL_SANDBOX_LINUX_H_