Fix __NR_membarrier sandboxing on arm64.

https://chromium-review.googlesource.com/c/chromium/src/+/1658231 is't
enough for arm64, because __NR_membarrier (which code is 283) is greater
than MAX_PUBLIC_SYSCALL (which is 279) -> rules was not applied.
Increase MAX_PUBLIC_SYSCALL && add test.

Bug: 966433.
Change-Id: I99ed038dea7b2a332dd70fb75b97d908f5d2ca9d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1856160
Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#705572}

sandbox/linux/bpf_dsl/linux_syscall_ranges.h

@@ -51,8 +51,9 @@
 
 #elif defined(__aarch64__)
 
+#include <asm-generic/unistd.h>
 #define MIN_SYSCALL 0u
-#define MAX_PUBLIC_SYSCALL 279u
+#define MAX_PUBLIC_SYSCALL __NR_syscalls
 #define MAX_SYSCALL MAX_PUBLIC_SYSCALL
 
 #else

sandbox/linux/seccomp-bpf-helpers/baseline_policy_android_unittest.cc

@@ -33,5 +33,10 @@ BPF_TEST_C(BaselinePolicyAndroid, CanOpenProcCpuinfo, BaselinePolicyAndroid) {
   BPF_ASSERT_NE(-1, open("/proc/cpuinfo", O_RDONLY));
 }
 
+BPF_TEST_C(BaselinePolicyAndroid, Membarrier, BaselinePolicyAndroid) {
+  // Should not crash.
+  syscall(__NR_membarrier, 32 /* cmd */, 0 /* flags */);
+}
+
 }  // namespace
 }  // namespace sandbox