Initialize NSS in the PPAPI process for ClearKey CDM.

crypto/nss_util.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CRYPTO_NSS_UTIL_H_
 #define CRYPTO_NSS_UTIL_H_
 
 #include <string>
 #include "base/basictypes.h"
 #include "crypto/crypto_export.h"
@@ skipping 18 matching lines @@
 // EarlySetupForNSSInit performs lightweight setup which must occur before the
 // process goes multithreaded. This does not initialise NSS. For test, see
 // EnsureNSSInit.
 CRYPTO_EXPORT void EarlySetupForNSSInit();
 #endif
 
 // Initialize NRPR if it isn't already initialized.  This function is
 // thread-safe, and NSPR will only ever be initialized once.
 CRYPTO_EXPORT void EnsureNSPRInit();
 
+// Initialize NSS safely for strict sandboxing.  This function makes sure that
+// NSS is initialized safely and will have proper entropy in a restricted,
+// sandboxed environment.

[wtc, 2012/11/21 00:28:21]

Why do you call this "WarmUp" as opposed to "Init"?

It's not clear what you meant by "safely". The second paragraph
seems to say this means not loading any security modules,
but still doesn't give a direct definition of "safely".
I only fully understand what "safely" means after reading
the .cc file.

+//
+// As a defense in depth measure, this function should be called in a sandboxed
+// environment to make sure NSS will not load security modules that could
+// expose private data and keys.  Make sure to get an LGTM from Security
+// if you use this.

[wtc, 2012/11/21 00:28:21]

"Make sure to get an LGTM from Security if you use this"
isn't clear. I guess "Security" means the Chrome Security
Team?

+CRYPTO_EXPORT void WarmUpNSSSafely();
+
 // Initialize NSS if it isn't already initialized.  This must be called before
 // any other NSS functions.  This function is thread-safe, and NSS will only
 // ever be initialized once.
 CRYPTO_EXPORT void EnsureNSSInit();
 
 // Call this before calling EnsureNSSInit() will force NSS to initialize
 // without a persistent DB.  This is used for the special case where access of
 // persistent DB is prohibited.
 //
 // TODO(hclam): Isolate loading default root certs.
 //
 // NSS will be initialized without loading any user security modules, including
 // the built-in root certificates module. User security modules need to be
 // loaded manually after NSS initialization.
 //
 // If EnsureNSSInit() is called before then this function has no effect.
 //
 // Calling this method only has effect on Linux.
 //
 // WARNING: Use this with caution.
 CRYPTO_EXPORT void ForceNSSNoDBInit();
 
-// This methods is used to disable checks in NSS when used in a forked process.
+// This method is used to disable checks in NSS when used in a forked process.
 // NSS checks whether it is running a forked process to avoid problems when
 // using user security modules in a forked process.  However if we are sure
 // there are no modules loaded before the process is forked then there is no
 // harm disabling the check.
 //
 // This method must be called before EnsureNSSInit() to take effect.
 //
 // WARNING: Use this with caution.
 CRYPTO_EXPORT void DisableNSSForkCheck();
 
@@ skipping 91 matching lines @@
  private:
   base::Lock *lock_;
   DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock);
 };
 
 #endif  // defined(USE_NSS)
 
 }  // namespace crypto
 
 #endif  // CRYPTO_NSS_UTIL_H_