Update from chromium https://crrev.com/301315

sandbox/linux/seccomp-bpf/verifier.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/linux/seccomp-bpf/verifier.h"
 
 #include <string.h>
 
 #include <limits>
 
 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h"
+#include "sandbox/linux/bpf_dsl/policy.h"
 #include "sandbox/linux/bpf_dsl/policy_compiler.h"
 #include "sandbox/linux/seccomp-bpf/errorcode.h"
 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h"
 
 namespace sandbox {
 
 namespace {
 
@@ skipping 285 matching lines @@
         *err = "Invalid operator in arithmetic operation";
         break;
     }
   }
 }
 
 }  // namespace
 
 bool Verifier::VerifyBPF(bpf_dsl::PolicyCompiler* compiler,
                          const std::vector<struct sock_filter>& program,
-                         const bpf_dsl::SandboxBPFDSLPolicy& policy,
+                         const bpf_dsl::Policy& policy,
                          const char** err) {
   *err = NULL;
   for (uint32_t sysnum : SyscallSet::All()) {
     // We ideally want to iterate over the full system call range and values
     // just above and just below this range. This gives us the full result set
     // of the "evaluators".
     // On Intel systems, this can fail in a surprising way, as a cleared bit 30
     // indicates either i386 or x86-64; and a set bit 30 indicates x32. And
     // unless we pay attention to setting this bit correctly, an early check in
     // our BPF program will make us fail with a misleading error code.
@@ skipping 62 matching lines @@
         break;
       default:
         *err = "Unexpected instruction in BPF program";
         break;
     }
   }
   return 0;
 }
 
 }  // namespace sandbox