bpf_dsl: decouple PolicyCompiler from Syscall

sandbox/linux/seccomp-bpf/sandbox_bpf.cc

Index: sandbox/linux/seccomp-bpf/sandbox_bpf.cc
diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
index 31975a1b98e33539d60a977cf70e789d09ecd6d5..dc29f2252a21e28773816d39996376914dceec14 100644
--- a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
+++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
@@ -79,6 +79,14 @@ bool KernelSupportsSeccompTsync() {
   }
 }
 
+uint64_t EscapePC() {
+  intptr_t rv = Syscall::Call(-1);
+  if (rv == -1 && errno == ENOSYS) {
+    return 0;
+  }
+  return static_cast<uint64_t>(static_cast<uintptr_t>(rv));
+}
+
 }  // namespace
 
 SandboxBPF::SandboxBPF(bpf_dsl::Policy* policy)
@@ -185,6 +193,9 @@ scoped_ptr<CodeGen::Program> SandboxBPF::AssembleFilter(
 #endif
   DCHECK(policy_);
   bpf_dsl::PolicyCompiler compiler(policy_.get(), Trap::Registry());
+  if (Trap::SandboxDebuggingAllowedByUser()) {
+    compiler.DangerousSetEscapePC(EscapePC());
+  }
   scoped_ptr<CodeGen::Program> program = compiler.Compile();
 
   // Make sure compilation resulted in a BPF program that executes