Update from chromium https://crrev.com/301315

sandbox/linux/bpf_dsl/policy.h

Index: sandbox/linux/bpf_dsl/policy.h
diff --git a/sandbox/linux/bpf_dsl/policy.h b/sandbox/linux/bpf_dsl/policy.h
new file mode 100644
index 0000000000000000000000000000000000000000..6c67589456af342d175aeb04b16f6f715bd6fec2
--- /dev/null
+++ b/sandbox/linux/bpf_dsl/policy.h
@@ -0,0 +1,37 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_LINUX_BPF_DSL_POLICY_H_
+#define SANDBOX_LINUX_BPF_DSL_POLICY_H_
+
+#include "base/macros.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl_forward.h"
+#include "sandbox/sandbox_export.h"
+
+namespace sandbox {
+namespace bpf_dsl {
+
+// Interface to implement to define a BPF sandbox policy.
+class SANDBOX_EXPORT Policy {
+ public:
+  Policy() {}
+  virtual ~Policy() {}
+
+  // User extension point for writing custom sandbox policies.
+  // The returned ResultExpr will control how the kernel responds to the
+  // specified system call number.
+  virtual ResultExpr EvaluateSyscall(int sysno) const = 0;
+
+  // Optional overload for specifying alternate behavior for invalid
+  // system calls.  The default is to return ENOSYS.
+  virtual ResultExpr InvalidSyscall() const;
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(Policy);
+};
+
+}  // namespace bpf_dsl
+}  // namespace sandbox
+
+#endif  // SANDBOX_LINUX_BPF_DSL_POLICY_H_