Large IWYU cleanup for seccomp-bpf

I'm reasonably confident that all of the seccomp-bpf/*.h files are now
IWYU clean. There might still be some missing/superfluous #include lines
in some of the .cc files, but it should overall be much better than
before.

Two particular changes to note:

1. "base/basictypes.h" is deprecated in favor of <stdint.h> (for standard
*int*_t types) and/or "base/macros.h" for DISALLOW_*() macros.

2. This also moves the #include "foo.h" lines to the top of each foo.cc
file, per style guide.

BUG=408845

Review URL: https://codereview.chromium.org/570163003

Cr-Commit-Position: refs/heads/master@{#295161}

components/nacl/loader/nonsfi/nonsfi_sandbox_sigsys_unittest.cc

@@ -8,6 +8,9 @@
 
 #include "components/nacl/loader/nonsfi/nonsfi_sandbox.h"
 
+#include <sys/syscall.h>
+#include <unistd.h>
+
 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
 

content/common/sandbox_linux/bpf_gpu_policy_linux.cc

@@ -26,7 +26,7 @@
 #include "content/common/set_process_title.h"
 #include "content/public/common/content_switches.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"  // for arch_seccomp_data
+#include "sandbox/linux/seccomp-bpf/trap.h"
 #include "sandbox/linux/services/broker_process.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 

sandbox/linux/bpf_dsl/bpf_dsl_more_unittest.cc

@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
+
 #include <errno.h>
 #include <pthread.h>
 #include <sched.h>
@@ -21,8 +23,6 @@
 #endif
 #include <linux/futex.h>
 
-#include <ostream>
-
 #include "base/bind.h"
 #include "base/logging.h"
 #include "base/macros.h"
@@ -31,11 +31,11 @@
 #include "base/synchronization/waitable_event.h"
 #include "base/threading/thread.h"
 #include "build/build_config.h"
-#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
+#include "sandbox/linux/seccomp-bpf/die.h"
+#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
 #include "sandbox/linux/seccomp-bpf/syscall.h"
 #include "sandbox/linux/seccomp-bpf/trap.h"
-#include "sandbox/linux/seccomp-bpf/verifier.h"
 #include "sandbox/linux/services/broker_process.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 #include "sandbox/linux/tests/scoped_temporary_file.h"

sandbox/linux/bpf_dsl/bpf_dsl_unittest.cc

@@ -7,14 +7,15 @@
 #include <errno.h>
 #include <netinet/in.h>
 #include <sys/socket.h>
+#include <sys/syscall.h>
 #include <sys/utsname.h>
+#include <unistd.h>
 
 #include "base/files/scoped_file.h"
 #include "base/macros.h"
 #include "build/build_config.h"
 #include "sandbox/linux/seccomp-bpf/bpf_tests.h"
 #include "sandbox/linux/seccomp-bpf/errorcode.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
 #include "sandbox/linux/seccomp-bpf/syscall.h"
 
 #define CASES SANDBOX_BPF_DSL_CASES

sandbox/linux/seccomp-bpf/bpf_tests.h

@@ -5,7 +5,7 @@
 #ifndef SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__
 #define SANDBOX_LINUX_SECCOMP_BPF_BPF_TESTS_H__
 
-#include "base/basictypes.h"
+#include "base/macros.h"
 #include "build/build_config.h"
 #include "sandbox/linux/seccomp-bpf/bpf_tester_compatibility_delegate.h"
 #include "sandbox/linux/tests/unit_tests.h"

sandbox/linux/seccomp-bpf/codegen.cc

@@ -2,10 +2,17 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "sandbox/linux/seccomp-bpf/codegen.h"
+
 #include <stdio.h>
 
+#include <set>
+
 #include "base/logging.h"
-#include "sandbox/linux/seccomp-bpf/codegen.h"
+#include "sandbox/linux/seccomp-bpf/basicblock.h"
+#include "sandbox/linux/seccomp-bpf/die.h"
+#include "sandbox/linux/seccomp-bpf/instruction.h"
+#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
 
 namespace {
 

sandbox/linux/seccomp-bpf/codegen.h

@@ -6,15 +6,15 @@
 #define SANDBOX_LINUX_SECCOMP_BPF_CODEGEN_H__
 
 #include <map>
-#include <set>
 #include <vector>
 
-#include "sandbox/linux/seccomp-bpf/basicblock.h"
-#include "sandbox/linux/seccomp-bpf/instruction.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/sandbox_export.h"
 
 namespace sandbox {
+struct BasicBlock;
+class ErrorCode;
+struct Instruction;
 
 typedef std::vector<Instruction*> Instructions;
 typedef std::vector<BasicBlock*> BasicBlocks;

sandbox/linux/seccomp-bpf/codegen_unittest.cc

@@ -2,13 +2,18 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "sandbox/linux/seccomp-bpf/codegen.h"
+
 #include <errno.h>
+#include <linux/filter.h>
 
-#include <algorithm>
 #include <set>
+#include <string>
 #include <vector>
 
-#include "sandbox/linux/seccomp-bpf/codegen.h"
+#include "sandbox/linux/seccomp-bpf/basicblock.h"
+#include "sandbox/linux/seccomp-bpf/errorcode.h"
+#include "sandbox/linux/seccomp-bpf/instruction.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/tests/unit_tests.h"
 

sandbox/linux/seccomp-bpf/die.cc

@@ -2,16 +2,19 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "sandbox/linux/seccomp-bpf/die.h"
+
 #include <errno.h>
-#include <linux/unistd.h>
+#include <signal.h>
 #include <stdio.h>
 #include <sys/prctl.h>
+#include <sys/syscall.h>
+#include <unistd.h>
 
 #include <string>
 
 #include "base/logging.h"
 #include "base/posix/eintr_wrapper.h"
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/seccomp-bpf/syscall.h"
 
 namespace sandbox {

sandbox/linux/seccomp-bpf/die.h

@@ -5,7 +5,7 @@
 #ifndef SANDBOX_LINUX_SECCOMP_BPF_DIE_H__
 #define SANDBOX_LINUX_SECCOMP_BPF_DIE_H__
 
-#include "base/basictypes.h"
+#include "base/macros.h"
 #include "sandbox/sandbox_export.h"
 
 namespace sandbox {

sandbox/linux/seccomp-bpf/errorcode.cc

@@ -2,11 +2,16 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "sandbox/linux/seccomp-bpf/die.h"
 #include "sandbox/linux/seccomp-bpf/errorcode.h"
 
+#include "sandbox/linux/seccomp-bpf/die.h"
+#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
+
 namespace sandbox {
 
+ErrorCode::ErrorCode() : error_type_(ET_INVALID), err_(SECCOMP_RET_INVALID) {
+}
+
 ErrorCode::ErrorCode(int err) {
   switch (err) {
     case ERR_ALLOWED:

sandbox/linux/seccomp-bpf/errorcode.h

@@ -5,14 +5,11 @@
 #ifndef SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__
 #define SANDBOX_LINUX_SECCOMP_BPF_ERRORCODE_H__
 
-#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
 #include "sandbox/linux/seccomp-bpf/trap.h"
 #include "sandbox/sandbox_export.h"
 
 namespace sandbox {
 
-struct arch_seccomp_data;
-
 // This class holds all the possible values that can be returned by a sandbox
 // policy.
 // We can either wrap a symbolic ErrorCode (i.e. ERR_XXX enum values), an
@@ -113,7 +110,7 @@ class SANDBOX_EXPORT ErrorCode {
   // when compiling a BPF filter, we deliberately generate an invalid
   // program that will get flagged both by our Verifier class and by
   // the Linux kernel.
-  ErrorCode() : error_type_(ET_INVALID), err_(SECCOMP_RET_INVALID) {}
+  ErrorCode();
   explicit ErrorCode(int err);
 
   // For all practical purposes, ErrorCodes are treated as if they were

sandbox/linux/seccomp-bpf/errorcode_unittest.cc

@@ -2,8 +2,11 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "sandbox/linux/seccomp-bpf/errorcode.h"
+
 #include <errno.h>
 
+#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/tests/unit_tests.h"
 

sandbox/linux/seccomp-bpf/sandbox_bpf.cc

@@ -12,6 +12,7 @@
 
 #include <errno.h>
 #include <fcntl.h>
+#include <linux/filter.h>
 #include <signal.h>
 #include <string.h>
 #include <sys/prctl.h>
@@ -30,7 +31,10 @@
 #include "base/memory/scoped_ptr.h"
 #include "base/posix/eintr_wrapper.h"
 #include "sandbox/linux/seccomp-bpf/codegen.h"
+#include "sandbox/linux/seccomp-bpf/die.h"
 #include "sandbox/linux/seccomp-bpf/errorcode.h"
+#include "sandbox/linux/seccomp-bpf/instruction.h"
+#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
 #include "sandbox/linux/seccomp-bpf/syscall.h"
 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h"

sandbox/linux/seccomp-bpf/sandbox_bpf.h

@@ -5,27 +5,21 @@
 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__
 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_H__
 
-#include <stddef.h>
-#include <sys/types.h>
-#include <sys/wait.h>
+#include <stdint.h>
 
-#include <algorithm>
-#include <limits>
 #include <map>
 #include <set>
-#include <utility>
 #include <vector>
 
 #include "base/compiler_specific.h"
 #include "base/memory/scoped_ptr.h"
-#include "sandbox/linux/seccomp-bpf/die.h"
 #include "sandbox/linux/seccomp-bpf/errorcode.h"
-#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
 #include "sandbox/linux/seccomp-bpf/trap.h"
 #include "sandbox/sandbox_export.h"
 
-namespace sandbox {
+struct sock_filter;
 
+namespace sandbox {
 class CodeGen;
 class SandboxBPFPolicy;
 class SandboxUnittestHelper;

sandbox/linux/seccomp-bpf/sandbox_bpf_compatibility_policy.h

@@ -5,7 +5,6 @@
 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_COMPATIBILITY_POLICY_H_
 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_COMPATIBILITY_POLICY_H_
 
-#include "base/basictypes.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"

sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h

@@ -5,7 +5,7 @@
 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_
 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_POLICY_H_
 
-#include "base/basictypes.h"
+#include "base/macros.h"
 #include "sandbox/sandbox_export.h"
 
 namespace sandbox {

sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.cc

@@ -5,12 +5,11 @@
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h"
 
 #include <fcntl.h>
-#include <sys/stat.h>
-#include <sys/types.h>
+#include <linux/filter.h>
 
-#include "base/basictypes.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
+#include "sandbox/linux/seccomp-bpf/die.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/tests/unit_tests.h"
 

sandbox/linux/seccomp-bpf/sandbox_bpf_test_runner.h

@@ -5,7 +5,7 @@
 #ifndef SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_TEST_RUNNER_H_
 #define SANDBOX_LINUX_SECCOMP_BPF_SANDBOX_BPF_TEST_RUNNER_H_
 
-#include "base/basictypes.h"
+#include "base/macros.h"
 #include "base/memory/scoped_ptr.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
 #include "sandbox/linux/tests/sandbox_test_runner.h"

sandbox/linux/seccomp-bpf/syscall_iterator.h

@@ -7,7 +7,7 @@
 
 #include <stdint.h>
 
-#include "base/basictypes.h"
+#include "base/macros.h"
 #include "sandbox/sandbox_export.h"
 
 namespace sandbox {

sandbox/linux/seccomp-bpf/syscall_iterator_unittest.cc

@@ -2,8 +2,11 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h"
+
+#include <stdint.h>
+
+#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
 #include "sandbox/linux/tests/unit_tests.h"
 
 namespace sandbox {

sandbox/linux/seccomp-bpf/verifier.cc

@@ -2,14 +2,16 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "sandbox/linux/seccomp-bpf/verifier.h"
+
 #include <string.h>
 
 #include <limits>
 
+#include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
 #include "sandbox/linux/seccomp-bpf/sandbox_bpf_policy.h"
 #include "sandbox/linux/seccomp-bpf/syscall_iterator.h"
-#include "sandbox/linux/seccomp-bpf/verifier.h"
 
 namespace sandbox {
 

sandbox/linux/seccomp-bpf/verifier.h

@@ -5,13 +5,17 @@
 #ifndef SANDBOX_LINUX_SECCOMP_BPF_VERIFIER_H__
 #define SANDBOX_LINUX_SECCOMP_BPF_VERIFIER_H__
 
-#include <linux/filter.h>
+#include <stdint.h>
 
-#include <utility>
 #include <vector>
 
-namespace sandbox {
+#include "base/macros.h"
+
+struct sock_filter;
 
+namespace sandbox {
+struct arch_seccomp_data;
+class SandboxBPF;
 class SandboxBPFPolicy;
 
 class Verifier {