Allow chrome to interact with passed in stream sockets

diff --git a/policy/modules/apps/chrome.if b/policy/modules/apps/chrome.if
index 7cbe3a7f27173b994542a96fe10deb3b0a51d2a5..15533561f326f303d0b64310459eba093ffedd2b 100644 (file)
--- a/policy/modules/apps/chrome.if
+++ b/policy/modules/apps/chrome.if
@@ -85,6 +85,8 @@ interface(`chrome_role_notrans',`
        allow chrome_sandbox_t $2:unix_dgram_socket { read write };
        allow $2 chrome_sandbox_t:unix_dgram_socket { read write };
        allow chrome_sandbox_t $2:unix_stream_socket { getattr read write };
+       allow chrome_sandbox_nacl_t $2:unix_stream_socket { getattr read write };
+       allow $2 chrome_sandbox_nacl_t:unix_stream_socket { getattr read write };
        allow $2 chrome_sandbox_t:unix_stream_socket { getattr read write };
 
        allow $2 chrome_sandbox_t:shm rw_shm_perms;

diff --git a/policy/modules/apps/chrome.te b/policy/modules/apps/chrome.te
index 0eb3c2353cf5e7abf73bb8bbd659a9c8a6db8182..89b5d47865ed94bd8b6c2b3b733d649e5a4e744c 100644 (file)
--- a/policy/modules/apps/chrome.te
+++ b/policy/modules/apps/chrome.te
@@ -143,6 +143,8 @@ allow chrome_sandbox_nacl_t self:fifo_file manage_fifo_file_perms;
 allow chrome_sandbox_nacl_t self:unix_stream_socket create_stream_socket_perms;
 allow chrome_sandbox_nacl_t self:shm create_shm_perms;
 allow chrome_sandbox_nacl_t self:unix_dgram_socket { create_socket_perms sendto };
+allow chrome_sandbox_nacl_t chrome_sandbox_t:unix_stream_socket { getattr write read };
+allow chrome_sandbox_t chrome_sandbox_nacl_t:unix_stream_socket { getattr write read };
 
 allow chrome_sandbox_nacl_t chrome_sandbox_t:shm rw_shm_perms;
 allow chrome_sandbox_nacl_t chrome_sandbox_tmpfs_t:file rw_inherited_file_perms;