sandbox/linux: move ErrorCode into bpf_dsl

sandbox/linux/bpf_dsl/errorcode.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__
-#define SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__
+#ifndef SANDBOX_LINUX_BPF_DSL_ERRORCODE_H__
+#define SANDBOX_LINUX_BPF_DSL_ERRORCODE_H__
 
-#include "sandbox/linux/seccomp-bpf/trap.h"
+#include "sandbox/linux/bpf_dsl/trap_registry.h"
 #include "sandbox/sandbox_export.h"
 
 namespace sandbox {
 namespace bpf_dsl {
-class PolicyCompiler;
-}
 
 // This class holds all the possible values that can be returned by a sandbox
 // policy.
 // We can either wrap a symbolic ErrorCode (i.e. ERR_XXX enum values), an
 // errno value (in the range 0..4095), a pointer to a TrapFnc callback
 // handling a SECCOMP_RET_TRAP trap, or a complex constraint.
 // All of the commonly used values are stored in the "err_" field. So, code
 // that is using the ErrorCode class typically operates on a single 32bit
 // field.
 //
@@ skipping 123 matching lines @@
   const ErrorCode* passed() const { return passed_; }
   const ErrorCode* failed() const { return failed_; }
 
   struct LessThan {
     bool operator()(const ErrorCode& a, const ErrorCode& b) const {
       return a.LessThan(b);
     }
   };
 
  private:
-  friend bpf_dsl::PolicyCompiler;
-  friend class CodeGen;
-  friend class SandboxBPF;
-  friend class Trap;
+  friend class PolicyCompiler;
 
   // If we are wrapping a callback, we must assign a unique id. This id is
   // how the kernel tells us which one of our different SECCOMP_RET_TRAP
   // cases has been triggered.
-  ErrorCode(uint16_t trap_id, Trap::TrapFnc fnc, const void* aux, bool safe);
+  ErrorCode(uint16_t trap_id,
+            TrapRegistry::TrapFnc fnc,
+            const void* aux,
+            bool safe);
 
   // Some system calls require inspection of arguments. This constructor
   // allows us to specify additional constraints.
   ErrorCode(int argno,
             ArgType width,
             uint64_t mask,
             uint64_t value,
             const ErrorCode* passed,
             const ErrorCode* failed);
 
   ErrorType error_type_;
 
   union {
     // Fields needed for SECCOMP_RET_TRAP callbacks
     struct {
-      Trap::TrapFnc fnc_;  // Callback function and arg, if trap was
-      void* aux_;          //   triggered by the kernel's BPF filter.
-      bool safe_;          // Keep sandbox active while calling fnc_()
+      TrapRegistry::TrapFnc fnc_;  // Callback function and arg, if trap was
+      void* aux_;                  //   triggered by the kernel's BPF filter.
+      bool safe_;                  // Keep sandbox active while calling fnc_()
     };
 
     // Fields needed when inspecting additional arguments.
     struct {
       uint64_t mask_;            // Mask that we are comparing under.
       uint64_t value_;           // Value that we are comparing with.
       int argno_;                // Syscall arg number that we are inspecting.
       ArgType width_;            // Whether we are looking at a 32/64bit value.
       const ErrorCode* passed_;  // Value to be returned if comparison passed,
       const ErrorCode* failed_;  //   or if it failed.
     };
   };
 
   // 32bit field used for all possible types of ErrorCode values. This is
   // the value that uniquely identifies any ErrorCode and it (typically) can
   // be emitted directly into a BPF filter program.
   uint32_t err_;
 };
 
+}  // namespace bpf_dsl
 }  // namespace sandbox
 
-#endif  // SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__
+#endif  // SANDBOX_LINUX_BPF_DSL_ERRORCODE_H__