SyscallSet: add ValidOnly

sandbox/linux/seccomp-bpf/syscall_iterator.h

Index: sandbox/linux/seccomp-bpf/syscall_iterator.h
diff --git a/sandbox/linux/seccomp-bpf/syscall_iterator.h b/sandbox/linux/seccomp-bpf/syscall_iterator.h
index d89b981cee4b6a12537f35971ea7669557486aed..5080fcc09a21070ae0d81881d9e0f37733d9e852 100644
--- a/sandbox/linux/seccomp-bpf/syscall_iterator.h
+++ b/sandbox/linux/seccomp-bpf/syscall_iterator.h
@@ -7,6 +7,8 @@
 
 #include <stdint.h>
 
+#include <iterator>
+
 #include "base/macros.h"
 #include "sandbox/sandbox_export.h"
 
@@ -41,6 +43,10 @@ class SANDBOX_EXPORT SyscallSet {
   // system call numbers.
   static SyscallSet All() { return SyscallSet(Set::ALL); }
 
+  // ValidOnly returns a SyscallSet that contains only valid system
+  // call numbers.
+  static SyscallSet ValidOnly() { return SyscallSet(Set::VALID_ONLY); }
+
   // InvalidOnly returns a SyscallSet that contains only invalid
   // system call numbers, but still omits numbers in the middle of a
   // range of invalid system call numbers.
@@ -51,7 +57,7 @@ class SANDBOX_EXPORT SyscallSet {
   static bool IsValid(uint32_t num);
 
  private:
-  enum class Set { ALL, INVALID_ONLY };
+  enum class Set { ALL, VALID_ONLY, INVALID_ONLY };
 
   explicit SyscallSet(Set set) : set_(set) {}
 
@@ -65,7 +71,8 @@ SANDBOX_EXPORT bool operator==(const SyscallSet& lhs, const SyscallSet& rhs);
 
 // Iterator provides C++ input iterator semantics for traversing a
 // SyscallSet.
-class SyscallSet::Iterator {
+class SyscallSet::Iterator
+    : public std::iterator<std::input_iterator_tag, uint32_t> {
  public:
   Iterator(const Iterator& it)
       : set_(it.set_), done_(it.done_), num_(it.num_) {}
@@ -77,6 +84,8 @@ class SyscallSet::Iterator {
  private:
   Iterator(Set set, bool done);
 
+  uint32_t NextSyscall() const;
+
   Set set_;
   bool done_;
   uint32_t num_;