[Android] Allow __NR_sysinfo and __NR_clock_getres under seccomp.

content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc

Index: content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
diff --git a/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc b/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
index a2384c9c440c54dbdaa6b12a78fd88decea23034..bf3560173592d82585643b0bc89b9a126acb59c7 100644
--- a/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
+++ b/content/common/sandbox_linux/android/sandbox_bpf_base_policy_android.cc
@@ -13,6 +13,7 @@
 
 #include "build/build_config.h"
 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+#include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
 
 using sandbox::bpf_dsl::AllOf;
 using sandbox::bpf_dsl::Allow;
@@ -103,6 +104,7 @@ ResultExpr SandboxBPFBasePolicyAndroid::EvaluateSyscall(int sysno) const {
 #else
     case __NR_getrlimit:
 #endif
+    case __NR_sysinfo:  // https://crbug.com/655277
     case __NR_uname:
 
     // Permit socket operations so that renderers can connect to logd and
@@ -130,6 +132,11 @@ ResultExpr SandboxBPFBasePolicyAndroid::EvaluateSyscall(int sysno) const {
            .Else(Error(EPERM));
   }
 
+  // https://crbug.com/655299
+  if (sysno == __NR_clock_getres) {
+    return sandbox::RestrictClockID();
+  }
+
 #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || \
       defined(__mips__)
   if (sysno == __NR_socket) {