Update sandbox/linux from upstream

sandbox/linux/bpf_dsl/bpf_dsl.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_
 #define SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_
 
 #include <stdint.h>
 
 #include <utility>
@@ skipping 37 matching lines @@
 //            return Allow();
 //          }
 //        }
 //
 //       private:
 //        DISALLOW_COPY_AND_ASSIGN(SillyPolicy);
 //      };
 //
 // More generally, the DSL currently supports the following grammar:
 //
-//   result = Allow() | Error(errno) | Kill(msg) | Trace(aux)
+//   result = Allow() | Error(errno) | Kill() | Trace(aux)
 //          | Trap(trap_func, aux) | UnsafeTrap(trap_func, aux)
 //          | If(bool, result)[.ElseIf(bool, result)].Else(result)
 //          | Switch(arg)[.Case(val, result)].Default(result)
 //   bool   = BoolConst(boolean) | !bool | bool && bool | bool || bool
 //          | arg == val | arg != val
 //   arg    = Arg<T>(num) | arg & mask
 //
 // The semantics of each function and operator are intended to be
 // intuitive, but are described in more detail below.
 //
@@ skipping 13 matching lines @@
 // Allow specifies a result that the system call should be allowed to
 // execute normally.
 SANDBOX_EXPORT ResultExpr Allow();
 
 // Error specifies a result that the system call should fail with
 // error number |err|.  As a special case, Error(0) will result in the
 // system call appearing to have succeeded, but without having any
 // side effects.
 SANDBOX_EXPORT ResultExpr Error(int err);
 
-// Kill specifies a result to kill the program and print an error message.
-SANDBOX_EXPORT ResultExpr Kill(const char* msg);
+// Kill specifies a result to kill the process (task) immediately.
+SANDBOX_EXPORT ResultExpr Kill();
 
 // Trace specifies a result to notify a tracing process via the
 // PTRACE_EVENT_SECCOMP event and allow it to change or skip the system call.
 // The value of |aux| will be available to the tracer via PTRACE_GETEVENTMSG.
 SANDBOX_EXPORT ResultExpr Trace(uint16_t aux);
 
 // Trap specifies a result that the system call should be handled by
 // trapping back into userspace and invoking |trap_func|, passing
 // |aux| as the second parameter.
 SANDBOX_EXPORT ResultExpr
@@ skipping 167 matching lines @@
 
 // Definition requires ArgEq to have been declared.  Moved out-of-line
 // to minimize how much internal clutter users have to ignore while
 // reading the header documentation.
 //
 // Additionally, we use this helper member function to avoid linker errors
 // caused by defining operator== out-of-line.  For a more detailed explanation,
 // see http://www.parashift.com/c++-faq-lite/template-friends.html.
 template <typename T>
 BoolExpr Arg<T>::EqualTo(T val) const {
+  if (sizeof(T) == 4) {
+    // Prevent sign-extension of negative int32_t values.
+    return internal::ArgEq(num_, sizeof(T), mask_, static_cast<uint32_t>(val));
+  }
   return internal::ArgEq(num_, sizeof(T), mask_, static_cast<uint64_t>(val));
 }
 
 template <typename T>
 SANDBOX_EXPORT Caser<T> Switch(const Arg<T>& arg) {
   return Caser<T>(arg, Elser(nullptr));
 }
 
 template <typename T>
 Caser<T> Caser<T>::Case(T value, ResultExpr result) const {
@@ skipping 17 matching lines @@
 
 template <typename T>
 ResultExpr Caser<T>::Default(ResultExpr result) const {
   return elser_.Else(result);
 }
 
 }  // namespace bpf_dsl
 }  // namespace sandbox
 
 #endif  // SANDBOX_LINUX_BPF_DSL_BPF_DSL_H_