From aa568597b0d19195587a5aa1665b1acd25b806f6 Mon Sep 17 00:00:00 2001
From: Sandboxed API Team <sandboxed-api@google.com>
Date: Thu, 27 May 2021 04:40:02 -0700
Subject: [PATCH] Add `rt_sigprocmask` to `AllowLogForwarding`

PiperOrigin-RevId: 376142747
Change-Id: I6470a6eea8a4e85b0921de6dc332097a6c9440a4
---
 sandboxed_api/sandbox2/policybuilder.cc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sandboxed_api/sandbox2/policybuilder.cc b/sandboxed_api/sandbox2/policybuilder.cc
index 0f301c4..8e44229 100644
--- a/sandboxed_api/sandbox2/policybuilder.cc
+++ b/sandboxed_api/sandbox2/policybuilder.cc
@@ -522,6 +522,11 @@ PolicyBuilder& PolicyBuilder::AllowLogForwarding() {
                  // From comms
                  __NR_gettid, __NR_close});
 
+  // For generating stacktraces in logging (e.g. `LOG(FATAL)`)
+  AddPolicyOnSyscall(__NR_rt_sigprocmask, {
+                                              ARG_32(0),
+                                              JEQ32(SIG_BLOCK, ALLOW),
+                                          });
   // For LOG(FATAL)
   return AddPolicyOnSyscall(__NR_kill,
                             [](bpf_labels& labels) -> std::vector<sock_filter> {