Rewrite all BPF policies to use DSL API

content/common/sandbox_linux/bpf_gpu_policy_linux.cc

Index: content/common/sandbox_linux/bpf_gpu_policy_linux.cc
diff --git a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
index e54cb210909d11b6ec2ee8cc3a3cbbe8564d4de8..0893627f29e04712e473dc76c099f9229648cd49 100644
--- a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
@@ -30,9 +30,8 @@
 #include "sandbox/linux/services/broker_process.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 
+using namespace sandbox::bpf_dsl;
 using sandbox::BrokerProcess;
-using sandbox::ErrorCode;
-using sandbox::SandboxBPF;
 using sandbox::SyscallSets;
 using sandbox::arch_seccomp_data;
 
@@ -115,8 +114,8 @@ class GpuBrokerProcessPolicy : public GpuProcessPolicy {
   }
   virtual ~GpuBrokerProcessPolicy() {}
 
-  virtual ErrorCode EvaluateSyscall(SandboxBPF* sandbox_compiler,
-                                    int system_call_number) const OVERRIDE;
+  virtual sandbox::bpf_dsl::ResultExpr EvaluateSyscall(
+      int sysno) const OVERRIDE;
 
  private:
   GpuBrokerProcessPolicy() {}
@@ -126,15 +125,14 @@ class GpuBrokerProcessPolicy : public GpuProcessPolicy {
 // x86_64/i386 or desktop ARM.
 // A GPU broker policy is the same as a GPU policy with open and
 // openat allowed.
-ErrorCode GpuBrokerProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
-                                                  int sysno) const {
+ResultExpr GpuBrokerProcessPolicy::EvaluateSyscall(int sysno) const {
   switch (sysno) {
     case __NR_access:
     case __NR_open:
     case __NR_openat:
-      return ErrorCode(ErrorCode::ERR_ALLOWED);
+      return Allow();
     default:
-      return GpuProcessPolicy::EvaluateSyscall(sandbox, sysno);
+      return GpuProcessPolicy::EvaluateSyscall(sysno);
   }
 }
 
@@ -167,8 +165,7 @@ GpuProcessPolicy::GpuProcessPolicy() : broker_process_(NULL) {}
 GpuProcessPolicy::~GpuProcessPolicy() {}
 
 // Main policy for x86_64/i386. Extended by CrosArmGpuProcessPolicy.
-ErrorCode GpuProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
-                                            int sysno) const {
+ResultExpr GpuProcessPolicy::EvaluateSyscall(int sysno) const {
   switch (sysno) {
     case __NR_ioctl:
 #if defined(__i386__) || defined(__x86_64__)
@@ -182,18 +179,18 @@ ErrorCode GpuProcessPolicy::EvaluateSyscall(SandboxBPF* sandbox,
     case __NR_sched_getaffinity:
     case __NR_sched_setaffinity:
     case __NR_setpriority:
-      return ErrorCode(ErrorCode::ERR_ALLOWED);
+      return Allow();
     case __NR_access:
     case __NR_open:
     case __NR_openat:
       DCHECK(broker_process_);
-      return sandbox->Trap(GpuSIGSYS_Handler, broker_process_);
+      return Trap(GpuSIGSYS_Handler, broker_process_);
     default:
       if (SyscallSets::IsEventFd(sysno))
-        return ErrorCode(ErrorCode::ERR_ALLOWED);
+        return Allow();
 
       // Default on the baseline policy.
-      return SandboxBPFBasePolicy::EvaluateSyscall(sandbox, sysno);
+      return SandboxBPFBasePolicy::EvaluateSyscall(sysno);
   }
 }