sandbox: Extend BrokerPolicy to support file creation

sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc

Index: sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc
diff --git a/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc b/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc
index c56c81911fa83936e8c2e8b4fd383d5c99080ec9..d40dde21d27a782b7f19407dc9fcca0788ccc962 100644
--- a/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc
+++ b/sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc
@@ -56,6 +56,7 @@
 #endif
 
 namespace sandbox {
+using syscall_broker::BrokerPermission;
 namespace bpf_dsl {
 
 namespace {
@@ -755,12 +756,11 @@ bool NoOpCallback() {
 class InitializedOpenBroker {
  public:
   InitializedOpenBroker() : initialized_(false) {
-    std::vector<std::string> allowed_files;
-    allowed_files.push_back("/proc/allowed");
-    allowed_files.push_back("/proc/cpuinfo");
+    std::vector<syscall_broker::BrokerPermission> permissions;
+    permissions.push_back(BROKER_PERM_READ_ONLY("/proc/allowed"));
+    permissions.push_back(BROKER_PERM_READ_ONLY("/proc/cpuinfo"));
 
-    broker_process_.reset(
-        new BrokerProcess(EPERM, allowed_files, std::vector<std::string>()));
+    broker_process_.reset(new BrokerProcess(EPERM, permissions));
     BPF_ASSERT(broker_process() != NULL);
     BPF_ASSERT(broker_process_->Init(base::Bind(&NoOpCallback)));