Linux sandbox: restrict clock_gettime() and clock_getres()

In the baseline policy, we restrict the |clk_id| parameter allowed in
clock_gettime(). This applies to all sandboxed process types.

In the renderer policy, we similarly restrict the |clk_id| parameter for
clock_getres().

BUG=413469, 413855

Review URL: https://codereview.chromium.org/566083002

Cr-Commit-Position: refs/heads/master@{#294751}
4 files changed