From 00b55b0620be36b90cf5f16bba424b1a349ebf4c Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 27 Oct 2011 16:15:29 -0400 Subject: [PATCH] Allow chrome to interact with passed in stream sockets --- policy/modules/apps/chrome.if | 2 ++ policy/modules/apps/chrome.te | 2 ++ 2 files changed, 4 insertions(+) diff --git a/policy/modules/apps/chrome.if b/policy/modules/apps/chrome.if index 7cbe3a7f..15533561 100644 --- a/policy/modules/apps/chrome.if +++ b/policy/modules/apps/chrome.if @@ -85,6 +85,8 @@ interface(`chrome_role_notrans',` allow chrome_sandbox_t $2:unix_dgram_socket { read write }; allow $2 chrome_sandbox_t:unix_dgram_socket { read write }; allow chrome_sandbox_t $2:unix_stream_socket { getattr read write }; + allow chrome_sandbox_nacl_t $2:unix_stream_socket { getattr read write }; + allow $2 chrome_sandbox_nacl_t:unix_stream_socket { getattr read write }; allow $2 chrome_sandbox_t:unix_stream_socket { getattr read write }; allow $2 chrome_sandbox_t:shm rw_shm_perms; diff --git a/policy/modules/apps/chrome.te b/policy/modules/apps/chrome.te index 0eb3c235..89b5d478 100644 --- a/policy/modules/apps/chrome.te +++ b/policy/modules/apps/chrome.te @@ -143,6 +143,8 @@ allow chrome_sandbox_nacl_t self:fifo_file manage_fifo_file_perms; allow chrome_sandbox_nacl_t self:unix_stream_socket create_stream_socket_perms; allow chrome_sandbox_nacl_t self:shm create_shm_perms; allow chrome_sandbox_nacl_t self:unix_dgram_socket { create_socket_perms sendto }; +allow chrome_sandbox_nacl_t chrome_sandbox_t:unix_stream_socket { getattr write read }; +allow chrome_sandbox_t chrome_sandbox_nacl_t:unix_stream_socket { getattr write read }; allow chrome_sandbox_nacl_t chrome_sandbox_t:shm rw_shm_perms; allow chrome_sandbox_nacl_t chrome_sandbox_tmpfs_t:file rw_inherited_file_perms; -- 2.47.3