Make sure the endpoints of the SandboxIPC mechanism cannot be misused.

content/browser/renderer_host/render_sandbox_host_linux.cc

Index: content/browser/renderer_host/render_sandbox_host_linux.cc
diff --git a/content/browser/renderer_host/render_sandbox_host_linux.cc b/content/browser/renderer_host/render_sandbox_host_linux.cc
index ff0b1af589caeb32d2583bc4481251c1418f7d27..38eb887636ab15ea54aee9c4b335d94cedabfc1e 100644
--- a/content/browser/renderer_host/render_sandbox_host_linux.cc
+++ b/content/browser/renderer_host/render_sandbox_host_linux.cc
@@ -39,7 +39,14 @@ void RenderSandboxHostLinux::Init(const std::string& sandbox_path) {
   CHECK(socketpair(AF_UNIX, SOCK_SEQPACKET, 0, fds) == 0);
 
   renderer_socket_ = fds[0];
+  // The SandboxIPC client is not expected to read from |renderer_socket_|.
+  // Instead, it reads from a temporary socket sent with the request.
+  shutdown(renderer_socket_, SHUT_RD);

[jln (very slow on Chromium), 2014/04/29 23:23:20]

Please, PCHECK(0 == ...);

[piman, 2014/04/29 23:39:19]

Actually, do we need HANDLE_EINTR? (and below)

[jln (very slow on Chromium), 2014/04/29 23:41:46]

No, shutdown() doesn't require HANDLE_EINTR. It's also not considered a
cancellation point for threading.

[Jorge Lucangeli Obes, 2014/04/30 00:26:02]

Done.

+
   const int browser_socket = fds[1];
+  // The SandboxIPC handler is not expected to write to |browser_socket|.
+  // Instead, it replies on a temporary socket provided by the caller.
+  shutdown(browser_socket, SHUT_WR);

[jln (very slow on Chromium), 2014/04/29 23:23:20]

Same remark, please PCHECK().

[Jorge Lucangeli Obes, 2014/04/30 00:26:02]

Done.

 
   int pipefds[2];
   CHECK(0 == pipe(pipefds));