Add a platform-specific syscall number iterator.

sandbox/linux/seccomp-bpf/syscall_iterator.h

Index: sandbox/linux/seccomp-bpf/syscall_iterator.h
diff --git a/sandbox/linux/seccomp-bpf/syscall_iterator.h b/sandbox/linux/seccomp-bpf/syscall_iterator.h
new file mode 100644
index 0000000000000000000000000000000000000000..4fbc5ffcfc2452eb3a7fb8b38939496d83f08b71
--- /dev/null
+++ b/sandbox/linux/seccomp-bpf/syscall_iterator.h
@@ -0,0 +1,42 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__
+#define SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__
+
+#include <stdint.h>
+
+namespace playground2 {
+
+class SyscallIterator {
+ public:
+  // Iterates over the entire system call range from 0..0xFFFFFFFFu. This
+  // iterator is aware of how system calls look like and will skip quickly
+  // over ranges that can't contain system calls. It iterates more slowly
+  // whenever it reaches a range that is potentially problematic. And it
+  // iterates over individual values whenever it is in the normal range for
+  // system calls (typically MIN_SYSCALL..MAX_SYSCALL).
+  // If "invalid_only" is "true", the iterator still iterates from
+  // 0..0xFFFFFFFFu, but it never returns values from the range of valid
+  // system call numbers. This feature can be used when verifying that all
+  // "impossible" system call values are treated the same.
+  explicit SyscallIterator(bool invalid_only)
+      : invalid_only_(invalid_only),
+        done_(false),
+        num_(0) {
+  }
+
+  bool Done() const { return done_; }
+  uint32_t Next();
+  static bool IsValid(uint32_t num);
+
+ private:
+  bool     invalid_only_;
+  bool     done_;
+  uint32_t num_;
+};
+
+}  // namespace
+
+#endif  // SANDBOX_LINUX_SECCOMP_BPF_SYSCALL_ITERATOR_H__