Update from https://crrev.com/320343

sandbox/linux/bpf_dsl/policy_compiler.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef SANDBOX_LINUX_BPF_DSL_POLICY_COMPILER_H_
 #define SANDBOX_LINUX_BPF_DSL_POLICY_COMPILER_H_
 
 #include <stdint.h>
 
 #include <map>
@@ skipping 14 matching lines @@
 // PolicyCompiler implements the bpf_dsl compiler, allowing users to
 // transform bpf_dsl policies into BPF programs to be executed by the
 // Linux kernel.
 class SANDBOX_EXPORT PolicyCompiler {
  public:
   PolicyCompiler(const Policy* policy, TrapRegistry* registry);
   ~PolicyCompiler();
 
   // Compile registers any trap handlers needed by the policy and
   // compiles the policy to a BPF program, which it returns.
-  scoped_ptr<CodeGen::Program> Compile();
+  scoped_ptr<CodeGen::Program> Compile(bool verify);
+
+  // DangerousSetEscapePC sets the "escape PC" that is allowed to issue any
+  // system calls, regardless of policy.
+  void DangerousSetEscapePC(uint64_t escapepc);
 
   // Error returns an ErrorCode to indicate the system call should fail with
   // the specified error number.
   ErrorCode Error(int err);
 
   // Trap returns an ErrorCode to indicate the system call should
   // instead invoke a trap handler.
   ErrorCode Trap(TrapRegistry::TrapFnc fnc, const void* aux, bool safe);
 
   // UnsafeTraps require some syscalls to always be allowed.
@@ skipping 35 matching lines @@
 
   // Compile the configured policy into a complete instruction sequence.
   CodeGen::Node AssemblePolicy();
 
   // Return an instruction sequence that checks the
   // arch_seccomp_data's "arch" field is valid, and then passes
   // control to |passed| if so.
   CodeGen::Node CheckArch(CodeGen::Node passed);
 
   // If |has_unsafe_traps_| is true, returns an instruction sequence
-  // that allows all system calls from Syscall::Call(), and otherwise
+  // that allows all system calls from |escapepc_|, and otherwise
   // passes control to |rest|. Otherwise, simply returns |rest|.
   CodeGen::Node MaybeAddEscapeHatch(CodeGen::Node rest);
 
   // Return an instruction sequence that loads and checks the system
   // call number, performs a binary search, and then dispatches to an
   // appropriate instruction sequence compiled from the current
   // policy.
   CodeGen::Node DispatchSyscall();
 
   // Return an instruction sequence that checks the system call number
@@ skipping 31 matching lines @@
 
   // Returns a BPF program that evaluates half of a conditional expression;
   // it should only ever be called from CondExpression().
   CodeGen::Node CondExpressionHalf(const ErrorCode& cond,
                                    ArgHalf half,
                                    CodeGen::Node passed,
                                    CodeGen::Node failed);
 
   const Policy* policy_;
   TrapRegistry* registry_;
+  uint64_t escapepc_;
 
   Conds conds_;
   CodeGen gen_;
   bool has_unsafe_traps_;
 
   DISALLOW_COPY_AND_ASSIGN(PolicyCompiler);
 };
 
 }  // namespace bpf_dsl
 }  // namespace sandbox
 
 #endif  // SANDBOX_LINUX_BPF_DSL_POLICY_COMPILER_H_