Enable log forwarding from sandboxee if enabled by the supervisor.

If the sandboxer calls `IPC::EnableLogServer()` (and modifies the sandbox policy
accordingly), sandbox logs will be sent back to the sandboxer.

PiperOrigin-RevId: 340663308
Change-Id: I5e8d89314178dfd1b49fc25b8cd2dd02642be43a

sandboxed_api/BUILD.bazel

@@ -173,6 +173,7 @@ cc_library(
         "//sandboxed_api/sandbox2:client",
         "//sandboxed_api/sandbox2:comms",
         "//sandboxed_api/sandbox2:forkingclient",
+        "//sandboxed_api/sandbox2:logsink",
         "//sandboxed_api/util:flags",
         "@com_google_absl//absl/strings",
         "@com_google_glog//:glog",

sandboxed_api/CMakeLists.txt

@@ -168,6 +168,7 @@ target_link_libraries(sapi_client PRIVATE
   sandbox2::client
   sandbox2::comms
   sandbox2::forkingclient
+  sandbox2::logsink
   sapi::base
   sapi::call
   sapi::flags

sandboxed_api/client.cc

@@ -32,6 +32,7 @@
 #include "sandboxed_api/proto_arg.pb.h"
 #include "sandboxed_api/sandbox2/comms.h"
 #include "sandboxed_api/sandbox2/forkingclient.h"
+#include "sandboxed_api/sandbox2/logsink.h"
 #include "sandboxed_api/vars.h"
 
 #ifdef MEMORY_SANITIZER
@@ -451,6 +452,11 @@ extern "C" ABSL_ATTRIBUTE_WEAK int main(int argc, char** argv) {
   // Child thread.
   s2client.SandboxMeHere();
 
+  // Enable log forwarding if enabled by the sandboxer.
+  if (s2client.HasMappedFD(sandbox2::LogSink::kLogFDName)) {
+    s2client.SendLogsToSupervisor();
+  }
+
   // Run SAPI stub.
   while (true) {
     sapi::client::ServeRequest(&comms);