Non-SFI NaCl: Disallow epoll family and allow poll instead

components/nacl/loader/nonsfi/nonsfi_sandbox.cc

Index: components/nacl/loader/nonsfi/nonsfi_sandbox.cc
diff --git a/components/nacl/loader/nonsfi/nonsfi_sandbox.cc b/components/nacl/loader/nonsfi/nonsfi_sandbox.cc
index 260dd7509331d5ecbc5431f6bb24386f8e8c5cd7..f66e5cbb92a940a94a7299f67f2830a49131c44b 100644
--- a/components/nacl/loader/nonsfi/nonsfi_sandbox.cc
+++ b/components/nacl/loader/nonsfi/nonsfi_sandbox.cc
@@ -143,6 +143,9 @@ ErrorCode RestrictSocketpair(SandboxBPF* sb) {
 
 bool IsGracefullyDenied(int sysno) {
   switch (sysno) {
+    // libevent tries this first and then falls back to poll if
+    // epoll_create fails.
+    case __NR_epoll_create:
     // third_party/libevent uses them, but we can just return -1 from
     // them as it is just checking getuid() != geteuid() and
     // getgid() != getegid()
@@ -216,9 +219,6 @@ ErrorCode NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl(
     case __NR_close:
     case __NR_dup:
     case __NR_dup2:
-    case __NR_epoll_create:
-    case __NR_epoll_ctl:
-    case __NR_epoll_wait:
     case __NR_exit:
     case __NR_exit_group:
 #if defined(__i386__) || defined(__arm__)
@@ -237,6 +237,7 @@ ErrorCode NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl(
     // TODO(hamaji): Remove the need of pipe. Currently, this is
     // called from base::MessagePumpLibevent::Init().
     case __NR_pipe:
+    case __NR_poll:
     case __NR_pread64:
     case __NR_pwrite64:
     case __NR_read: