diff --git a/private/runas_app.te b/private/runas_app.te
index 638702c7e..525aea1dd 100644
--- a/private/runas_app.te
+++ b/private/runas_app.te
@@ -14,4 +14,4 @@ allow runas_app app_data_file:file execute_no_trans;
 r_dir_file(runas_app, untrusted_app_all)
 
 # Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes.
-allow runas_app untrusted_app_all:process ptrace;
+allow runas_app untrusted_app_all:process { ptrace signal sigstop };
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 712a3607a..2c44627c4 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -112,6 +112,10 @@ allow untrusted_app_all self:process ptrace;
 # b/123297648
 allow untrusted_app_all runas_app:unix_stream_socket connectto;
 
+# Untrusted apps need to be able to send a SIGCHLD to runas_app
+# when running under a debugger (b/123612207)
+allow untrusted_app_all runas_app:process sigchld;
+
 # Cts: HwRngTest
 allow untrusted_app_all sysfs_hwrandom:dir search;
 allow untrusted_app_all sysfs_hwrandom:file r_file_perms;