From 86f8ba4dc435e9be2e5c6700396b7f325dd0d81c Mon Sep 17 00:00:00 2001
From: Bob Owen <bobowencode@gmail.com>
Date: Wed, 25 Aug 2021 11:43:46 +0000
Subject: [PATCH] Bug 1652463: Add rule to allow socket process to create
 server side of our IPC pipes. r=handyman

Differential Revision: https://phabricator.services.mozilla.com/D83976
---
 security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
index e67343243d80..4aa6f099df34 100644
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -1065,6 +1065,14 @@ bool SandboxBroker::SetSecurityLevelForRDDProcess() {
       result,
       "With these static arguments AddRule should never fail, what happened?");
 
+  // Add rule to allow process to create the server side of our IPC pipes.
+  result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
+                            sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY,
+                            L"\\\\.\\pipe\\chrome.*");
+  MOZ_RELEASE_ASSERT(
+      sandbox::SBOX_ALL_OK == result,
+      "With these static arguments AddRule should never fail, what happened?");
+
   // Add the policy for the client side of the crash server pipe.
   result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                             sandbox::TargetPolicy::FILES_ALLOW_ANY,