Add PolicyBuilder::AllowKill() convenience function

cblichmann · copybara-github · commit a7d14a766915 · 2026-05-05T05:20:39.000-07:00
Allows the `kill`, `tgkill`, and `tkill` syscalls, enabling sandboxees to send
signals to other processes or threads.

PiperOrigin-RevId: 910613950
Change-Id: I01919b471abcfa360dc93c1f379f99eb91be4f63
diff --git a/sandboxed_api/sandbox2/policybuilder.cc b/sandboxed_api/sandbox2/policybuilder.cc
@@ -1050,6 +1050,16 @@ PolicyBuilder& PolicyBuilder::AllowHandleSignals() {
   });
 }
 
+PolicyBuilder& PolicyBuilder::AllowKill() {
+  return AllowSyscalls({
+      __NR_kill,
+      __NR_tgkill,
+#ifdef __NR_tkill
+      __NR_tkill,  // Deprecated in favor of tgkill.
+#endif
+  });
+}
+
 PolicyBuilder& PolicyBuilder::AllowTCGETS() {
   if (allowed_complex_.tcgets) {
     return *this;
diff --git a/sandboxed_api/sandbox2/policybuilder.h b/sandboxed_api/sandbox2/policybuilder.h
@@ -549,7 +549,15 @@ class PolicyBuilder final {
   // - sigprocmask (on architectures where it exists)
   PolicyBuilder& AllowHandleSignals();
 
-  // Appends code to allow doing the TCGETS ioctl.
+  // Appends code to allow sending signals to processes/threads.
+  //
+  // Allows these syscalls:
+  // - kill
+  // - tgkill
+  // - tkill (discouraged, but still used by some binaries)
+  PolicyBuilder& AllowKill();
+
+  // Appends code to allow the TCGETS ioctl.
   //
   // Allows these syscalls:
   // - ioctl (when the first argument is TCGETS)
