Update from https://crrev.com/315085

sandbox/linux/seccomp-bpf/syscall_iterator.h

-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__
-#define SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__
-
-#include <stdint.h>
-
-#include <iterator>
-
-#include "base/macros.h"
-#include "sandbox/sandbox_export.h"
-
-namespace sandbox {
-
-// TODO(mdempsky): Rename this header to syscall_set.h.
-
-// Iterates over the entire system call range from 0..0xFFFFFFFFu. This
-// iterator is aware of how system calls look like and will skip quickly
-// over ranges that can't contain system calls. It iterates more slowly
-// whenever it reaches a range that is potentially problematic, returning
-// the last invalid value before a valid range of system calls, and the
-// first invalid value after a valid range of syscalls. It iterates over
-// individual values whenever it is in the normal range for system calls
-// (typically MIN_SYSCALL..MAX_SYSCALL).
-//
-// Example usage:
-//   for (uint32_t sysnum : SyscallSet::All()) {
-//     // Do something with sysnum.
-//   }
-class SANDBOX_EXPORT SyscallSet {
- public:
-  class Iterator;
-
-  SyscallSet(const SyscallSet& ss) : set_(ss.set_) {}
-  ~SyscallSet() {}
-
-  Iterator begin() const;
-  Iterator end() const;
-
-  // All returns a SyscallSet that contains both valid and invalid
-  // system call numbers.
-  static SyscallSet All() { return SyscallSet(Set::ALL); }
-
-  // ValidOnly returns a SyscallSet that contains only valid system
-  // call numbers.
-  static SyscallSet ValidOnly() { return SyscallSet(Set::VALID_ONLY); }
-
-  // InvalidOnly returns a SyscallSet that contains only invalid
-  // system call numbers, but still omits numbers in the middle of a
-  // range of invalid system call numbers.
-  static SyscallSet InvalidOnly() { return SyscallSet(Set::INVALID_ONLY); }
-
-  // IsValid returns whether |num| specifies a valid system call
-  // number.
-  static bool IsValid(uint32_t num);
-
- private:
-  enum class Set { ALL, VALID_ONLY, INVALID_ONLY };
-
-  explicit SyscallSet(Set set) : set_(set) {}
-
-  Set set_;
-
-  friend bool operator==(const SyscallSet&, const SyscallSet&);
-  DISALLOW_ASSIGN(SyscallSet);
-};
-
-SANDBOX_EXPORT bool operator==(const SyscallSet& lhs, const SyscallSet& rhs);
-
-// Iterator provides C++ input iterator semantics for traversing a
-// SyscallSet.
-class SyscallSet::Iterator
-    : public std::iterator<std::input_iterator_tag, uint32_t> {
- public:
-  Iterator(const Iterator& it)
-      : set_(it.set_), done_(it.done_), num_(it.num_) {}
-  ~Iterator() {}
-
-  uint32_t operator*() const;
-  Iterator& operator++();
-
- private:
-  Iterator(Set set, bool done);
-
-  uint32_t NextSyscall() const;
-
-  Set set_;
-  bool done_;
-  uint32_t num_;
-
-  friend SyscallSet;
-  friend bool operator==(const Iterator&, const Iterator&);
-  DISALLOW_ASSIGN(Iterator);
-};
-
-SANDBOX_EXPORT bool operator==(const SyscallSet::Iterator& lhs,
-                               const SyscallSet::Iterator& rhs);
-SANDBOX_EXPORT bool operator!=(const SyscallSet::Iterator& lhs,
-                               const SyscallSet::Iterator& rhs);
-
-}  // namespace sandbox
-
-#endif  // SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__