Linux sandbox: upgrade to new shared memory API.

The linux sandbox creates shared memory segments in
SandboxIPCHandler::HandleMakeSharedMemorySegment. The wrinkle is
that these segments may be created executable, which is done
nowhere else in chrome. NaCl appears to be the only consumer of
this feature, via NaClAppLoadModule / NaClAppLoadFile. The
platform file descriptor backing the shared memory is extracted
and shared via sendmsg() manually, rather than via a mojo or
legacy IPC mechanism.

This CL introduces a linux-only executable create for
base::subtle::PlatformSharedMemoryRegion to be used for this
purpose. The new create method has a stern comment, and is only
exposed through the base::subtle API, in order to discourage wide

Bug: 795291
Change-Id: I9753c74b74c30d9873eb13415f4084ccf9b3fa35
Commit-Queue: Matthew Cary (CET) <>
Reviewed-by: Robert Sesek <>
Reviewed-by: Alex Ilin <>
Cr-Commit-Position: refs/heads/master@{#676803}
3 files changed